xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
74
The Access Control List (ACL) commands in the Command Line Interface (CLI) are listed (along with the appropriate
parameters) in the following table.
Command
Parameters
create access_profile
[ethernet {vlan | source_mac <macmask 000000000000-ffffffffffff> |
destination_mac <macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type} |
ip {vlan | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp |
[icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff> | flag_mask [ all | {urg | ack | psh | rst | syn |
fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} |
protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex 0x0-0xffffffff>}]}|
packet_content_mask { offset_chunk_1 <value 0-31> <hex 0x0-0xffffffff> |
offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31>
<hex 0x0-0xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>}| ipv6
{class | flowlabel | source_ipv6_mask <ipv6mask> | destination_ipv6_mask
<ipv6mask> | [ tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-
0xffff>} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-
0xffff>}]}] profile_id <value 1-14>
delete access_profile
[profile_id <value 1-14> |all]
config access_profile
profile_id <value 1-14> [add access_id [auto_assign | <value 1-128>] [ethernet
{vlan <vlan_name 32> | source_mac <macaddr 000000000000-ffffffffffff> |
destination_mac <macaddr 000000000000-ffffffffffff> | 802.1p <value 0-7> |
ethernet_type <hex 0x0-0xffff>} port [<portlist> | all] [permit {priority <value 0-7>
{replace_priority} | rx_rate [no_limit | <value 1-156249>] | replace_dscp <value
0-63> | counter [enable | disable]} | mirror {group_id <value 1-4>} | deny] | ip
{vlan <vlan_name 32> | source_ip <ipaddr> | destination_ip <ipaddr> | dscp
<value 0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type
<value 0-255>} | tcp {src_port <value 0-65535> | dst_port <value 0-65535> | urg
| ack | psh | rst | syn | fin} | udp {src_port <value 0-65535> | dst_port <value 0-
65535>} | protocol_id <value 0 - 255> {user_define <hex 0x0-0xffffffff>}]} port
[<portlist> | all] [permit {priority <value 0-7> {replace_priority} | rx_rate [ no_limit |
<value 1-156249>] | replace_dscp <value 0-63> | counter [enable | disable]} |
mirror {group_id <value 1-4>} | deny] | packet_content {offset_chunk_1 <hex
0x0-0xffffffff> | offset_chunk_2 <hex 0x0-0xffffffff> | offset_chunk_3 <hex 0x0-
0xffffffff> | offset_chunk_4 <hex 0x0-0xffffffff>} port [<portlist> | all] [permit
{priority <value 0-7> {replace_priority} | rx_rate [no_limit | <value 1-156249>] |
replace_dscp <value 0-63> | counter [enable | disable]} | mirror {group_id <value
1-4>} | deny] | ipv6 {class <value 0-255> | flowlabel <hex 0x0-0xfffff> |
source_ipv6 <ipv6addr> | destination_ipv6 <ipv6addr> | [ tcp {src_port <value 0-
65535> | dst_port <value 0-65535>} | udp {src_port <value 0-65535> | dst_port
<value 0-65535>}]} port [<portlist> | all] [permit {priority <value 0-7>
{replace_priority} | rx_rate [no_limit | <value 1-156249>] | counter [enable |
disable]} | mirror {group_id <value 1-4>} | deny]]{time_range <range_name 32>}
| delete access_id <value 1-128>]
config flow_meter
profile_id <value 1-14> access_id <value 1-128>[ [ tr_tcm
cir <value 0-156249>
{cbs <value 0-16384>} pir <value 0-156249> {pbs <value 0-16384>} |
sr_tcm
cir <value 0-156249> cbs <value 0-16384> ebs <value 0-16384> ] {conform
[permit | replace_dscp <value 0-63>] {counter [enable |disable]}} exceed [permit
| replace_dscp <value 0-63> | drop] {counter [enable |disable]} violate [permit |
replace_dscp <value 0-63> | drop] {counter [enable |disable]} | delete]
show flow_meter
{profile_id <value 1-14> {access_id <value 1-128>}}
config time_range
<range_name 32> [hours start_time <time hh:mm:ss> end_time <time
hh:mm:ss> weekdays <daylist> |delete]
show time_range
Each command is listed, in detail, in the following sections.