DES-1210-52/ME L2 Metro Ethernet Switch CLI Reference Guide
394
55
ACCESS CONTROL LIST COMMANDS
The Access Control List commands in the Command Line Interface (CLI) are listed (along with the
appropriate parameters) in the following table.
[ ethernet {vlan | source_mac <macmask> | destination_mac <macmask> |
802.1p | ethernet_type} | ip { source_ip_mask <netmask> | destination_ip_mask
<netmask> | dscp | [ icmp { type | code } | igmp { type } | tcp { src_port_mask
<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask} | udp
{ src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> } |
protocol_id_mask <0x0-0xff> ]} | packet_content_mask {offset1 [ l2 | l3 | l4 ]
<value (0-31)> <hex (0x0-0xffff)> | offset2 [ l2 | l3 | l4 ] <value (0-31)> <hex (0x0-
0xffff)>| offset3 [ l2 | l3 | l4 ] <value (0-31)> <hex (0x0-0xffff)>| offset4 [ l2 | l3 | l4 ]
<value (0-31)> <hex (0x0-0xffff)>} | ipv6 { class | source_ipv6_mask <ipv6mask>
| destination_ipv6_mask <ipv6mask> | [tcp { src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | udp { src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | icmp { type | code } ]} profile_id <value 1-10> ]
profile_id <value (1-10)> [add access_id [auto_assign | <value 1-128>] [ ethernet
{vlan <vlanid (1-4094)> | source_mac <macaddr> | destination_mac <macaddr> |
802.1p <value (0-7)> | ethernet_type <hex (0x0-0xffff)> } | ip {source_ip <ipaddr>
| destination_ip <ipaddr> | dscp <value (0-63)> | icmp {type <value (0-255)> code
<value (0-255)>} | igmp {type <value (0-255)>} | tcp {src_port <value (0-65535)> |
dst_port <value (0-65535)> | urg | ack | psh | rst | syn | fin} | udp {src_port <value
(0-65535)> | dst_port <value (0-65535)>} | protocol_id <value(0-255)>]} |
packet_content [offset1 <hex (0x0-0xffffffff)> | offset2 <hex (0x0-0xffffffff)> |
offset3 <hex (0x0-0xffffffff)> | offset4 <hex (0x0-0xffffffff)>] | ipv6 [class <value 0-
255> | source_ipv6 <ipv6addr> | destination_ipv6 <ipv6addr> | tcp [src_port <
value 0-65535> | dst_port < value 0-65535>] | udp [src_port < value 0-65535> |
dst_port < value 0-65535>] | icmp [type<value 0-255> | code <value 0-255>] ]
[port [<portlist> | all] [permit {replace_priority_with <value (0-7)> |
replace_dscp_with <value (0-63)> | rx_rate {no_limit | <value (64-1024000)>}} |
mirror | deny]] | delete access_id <value (1-128)>]
{profile_id <value 1-10>}
create
cpu_access_profile
[ ethernet {vlan | source_mac <macmask> | destination_mac <macmask> |
802.1p | ethernet_type} | ip {source_ip_mask <netmask> | destination_ip_mask
<netmask> | dscp | [ icmp {type | code} | igmp {type} | tcp {src_port_mask <hex
(0x0-0xffff)> | dst_port_mask <hex (0x0-0xffff)> | flag_mask} | udp
{src_port_mask <hex (0x0-0xffff)> | dst_port_mask <hex (0x0-0xffff)>} |
protocol_id_mask <hex (0x0-0xff)>]} | ipv6 {class | source_ipv6_mask
<ipv6mask> | destination_ipv6_mask <ipv6mask>} ] profile_id <value 1-3>
config
cpu_access_profile
[profile_id <value (1-3)] [add access_id [ auto_assign | <value (1-5)>]] [ ethernet
{vlan <vlanid (1-4094)> | source_mac <macaddr> | destination_mac <macaddr> |
802.1p <value (0-7)> | ethernet_type <hex (0x0-0xffff)>} | ip {source_ip <ipaddr> |
destination_ip <ipaddr> | dscp <value (0-63)> | [icmp {type <value (0-255)> code
<value (0-255)> } | igmp {type <value (0-255)>} | tcp {src_port <value (0-65535)>
| dst_port <value (0-65535)> | urg | ack | psh | rst | syn | fin} | udp {src_port
<value (0-65535)> | dst_port <value (0-65535)> | protocol_id <value(0-255)>] |
ipv6 {class | source_ipv6 <ipv6addr> | destination_ipv6 <ipv6addr>} [port
To Next Page
Loading...
