D-Link xStack DES-3200 Series

To Next Page

To Previous Page

xStack® DES-3200 Series Layer 2 Ethernet Managed Switch CLI Reference Manual

ACCESS CONTROL LIST (ACL) COMMANDS

The Switch implements Access Control Lists that enable the Switch to deny network access to specific devices or device groups

based on IP settings and MAC address.

The Access Control commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the

following table.

Command Parameters

create access_profile

[ ethernet {vlan {<hex 0x0-0x0fff>} | source_mac <macmask> | destination_mac

<macmask> | 802.1p | ethernet_type} (1) | ip {vlan {<hex 0x0-0x0fff>} | source_ip_mask

<netmask> | destination_ip_mask <netmask> | dscp | [ icmp {type | code} | igmp {type} |

tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [ all | {urg

| ack | psh | rst | syn | fin} (1) ] } | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex

0x0-0xffff> } | protocol_id_mask<0x0-0xff> ] } (1) | packet_content_mask {destination_mac

<macmask> | source_mac <macmask> | c_tag <hex 0x0-0xffff> | s_tag <hex 0x0-0xffff> |

31> <hex 0x0-0xffff> | offset5 [l2 | l3 | l4] <value 0-31> <hex 0x0-0xffff> | offset6 [l2 | l3 | l4]

<value 0-31> <hex 0x0-0xffff> | offset7 [l2 | l3 | l4] <value 0-31> <hex 0x0-0xffff> | offset8 [l2

0x0-0xffff> } (1) ] | ipv6 { class | flowlabel | source_ipv6_mask< ipv6mask ::-

::FFF:FFFF:FFFF> [ tcp { src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>}

| udp { src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> } ] } ] profile_id

delete access_profile [profile_id <value 1-512> | all]

config access_profile [profile_id <value 1-512>] [add access_id [auto_assign | <value 1-65535>] [ethernet {[vlan

<vlan_name 32> | vlan_id <vid> ] {mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask

<macmask>} | destination_mac <macaddr> {mask <macmask>} | 802.1p <value 0-7> |

ethernet_type <hex 0x0-0xffff>} (1) | ip {[vlan <vlan_name 32> | vlan_id <vid>] {mask <hex

0x0-0x0fff>} | source_ip <ipaddr> {mask <netmask> } | destination_ip <ipaddr> {mask

<netmask>} | dscp <value 0-63> | [ icmp {type <value 0-255> code <value 0-255>} | igmp

{type <value 0-255>} | tcp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port

<value 0-65535> {mask <hex 0x0-0xffff>} | flag [all | { urg | ack | psh | rst | syn | fin } (1) ] } |

udp {src_port <value 0-65535> | dst_port <value 0-65535> } | protocol_id <value 0-255> }

(1) ] } | packet_content {destination_mac <macaddr>{mask<macmask>} | source_mac

<macaddr> {mask <macmask>} | c_tag <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | s_tag

<hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset1 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} |

offset2 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset3 <hex 0x0-0xffff> {mask <hex 0x0-

0xffff>} | offset4 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset5 <hex 0x0-0xffff> {mask

<hex 0x0-0xffff>} | offset6 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset7 <hex 0x0-

0xffff> {mask <hex 0x0-0xffff>} | offset8 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset9

<hex 0x0-0xffff> {mask <hex 0x0-0xffff>} | offset10 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>}

| offset11 <hex 0x0-0xffff> {mask <hex 0x0-0xffff>} } | ipv6 {class <value 0-255> | flowlabel

<hex 0x0-0xfffff> | source_ipv6 <ipv6addr> {mask <ipv6mask>} | [ tcp {src_port < value 0-

65535> {mask <hex 0x0-0xffff> } | dst_port < value 0-65535>{ mask <hex 0x0-0xffff>}} udp

{src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex

0x0-0xffff>}} (1) ]}] [port [<portlist>|all]] [permit {priority<value 0-7> {replace_priority} |

replace_dscp_with <value0-63>| counter [enable | disable] } | deny | mirror ] { time_range

<range_name 32>} | delete access_id <value 1-65535>]

show access_profile {profile_id <value 1-512>}

Main Page

Table of Contents

Other manuals for D-Link xStack DES-3200 Series

Related product manuals