D-Link DGS-3612 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

D-Link

DGS-3612

Page 81 / 757 Scroll up to view Page 76 - 80

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

config access_profile

Syntax

config access_profile profile_id <value 1-14> [add access_id [auto_assign | <value 1-

128>] [ethernet {vlan <vlan_name 32> | source_mac <macaddr 000000000000-

ffffffffffff> | destination_mac <macaddr 000000000000-ffffffffffff> | 802.1p <value 0-7> |

ethernet_type <hex 0x0-0xffff>} port [<portlist> | all] [permit {priority <value 0-7>

{replace_priority} | rx_rate [no_limit | <value 1-156249>] | replace_dscp <value 0-63> |

counter [enable | disable]} | mirror {group_id <value 1-4>} | deny] | ip {vlan <vlan_name

32> | source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type

<value 0-255> | code <value 0-255>} | igmp {type <value 0-255>} | tcp {src_port <value

0-65535> | dst_port <value 0-65535> | urg | ack | psh | rst | syn | fin} | udp {src_port

<value 0-65535> | dst_port <value 0-65535>} | protocol_id <value 0 - 255> {user_define

<hex 0x0-0xffffffff>}]} port [<portlist> | all] [permit {priority <value 0-7>

{replace_priority} | rx_rate [ no_limit | <value 1-156249>] | replace_dscp <value 0-63> |

counter [enable | disable]} | mirror {group_id <value 1-4>} | deny] | packet_content

{offset_chunk_1 <hex 0x0-0xffffffff> | offset_chunk_2 <hex 0x0-0xffffffff> |

offset_chunk_3 <hex 0x0-0xffffffff> | offset_chunk_4 <hex 0x0-0xffffffff>} port

[<portlist> | all] [permit {priority <value 0-7> {replace_priority} | rx_rate [no_limit |

<value 1-156249>] | replace_dscp <value 0-63> | counter [enable | disable]} | mirror

{group_id <value 1-4>} | deny] | ipv6 {class <value 0-255> | flowlabel <hex 0x0-0xfffff> |

source_ipv6 <ipv6addr> | destination_ipv6 <ipv6addr> | [ tcp {src_port <value 0-

65535> | dst_port <value 0-65535>} | udp {src_port <value 0-65535> | dst_port <value 0-

65535>}]} port [<portlist> | all] [permit {priority <value 0-7> {replace_priority} | rx_rate

[no_limit | <value 1-156249>] | counter [enable | disable]} | mirror {group_id <value 1-

4>} | deny]]{time_range <range_name 32>} | delete access_id <value 1-128>]

Description

The config access_profile command configures access list entry.

ACL mirror function will be worked after mirror enabled and mirror port has been configured

by mirror command.

When apply a access rule to a target, if the target is VLAN, then the setting for value the

VLAN field will not take effect.

Parameters

profile_id

- Specifies the index of access list profile. The range is depend on project.

access_id

- Specifies the index of access list entry. The range of this value is 1-65535, but

the supported max entry number is depend on project.

auto_assign

- while add to multiple ports , the access id will be auto assigned.

vlan

- Specifies a vlan name

source_mac

- Specifies the source mac

destination_mac

- Specifies the destination mac

802.1p

- Specifies the value of 802.1p priority tag, the vaule can be configured

between 1 to 7

ethernet_type

- Specifies the Ethernet type

vlan

- Specifies a vlan name

source_ip

- Specifies an IP source address

destination_ip

- Specifies an IP destination address

dscp

- Specifies the value of dscp, the value can be configured 0 to 63

icmp

– See below:

type

- Specifies that the rule applies to the value of

icmp type traffic

code

- Specifies that the rule applies to the value of icmp code traffic

igmp

– See below:

type

- Specifies that the rule applies to the value of igmp type traffic

tcp

– See below:

src_port

- Specifies that the rule applies the range of tcp source port

dst_port

- Specifies the range of tcp destination port range

flag

- Specifies the TCP flag fields .

udp

– See below:

src_port

- Specifies the range of tcp source port range

Page 82 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

config access_profile

dst_port

- Specifies the range of tcp destination port mask

protocod_id

- Specifies that the rule applies to the value of ip protocol id traffic

user_define

- Specifies that the rule applies to the ip protocol id and the

mask options behind the IP header length is 20 bytes.

packet_content

- Specifies the packet content for the user defined mask.

ipv6

- Specifies the rule applies to ipv6 fields . The field is optional by project.

class

- Specifies the value of ipv6 class.

flowlabel

- Specifies the value of ipv6 flowlabel.

source_ipv6

- Specifies the value of ipv6 source address.

destination_ipv6

- Specifies the value of ipv6 destination address.

src_port

- Specifies the value of ipv6 L4(TCP/UDP) source port

dst_port

- Specifies the value of ipv6 L4(TCP/UDP) destination port

port

- Specifies a list of port to apply the rule.

permit

- Specifies the packets that match the access profile are permit by the switch

priority

- Specifies that priority of the packet will be changed if the packet match the access

rule.

replace_priority

- Specifies 802.1p priority of the outgoing packet will be marked too.

replace_dscp

- Specifies that DSCP of the outgoing packet will be marked by the new value.

counter

- Specifies whether counter feature will be enabled / disabled. If the rule is binded

with flow_meter, then “counter” here will be overrided.

deny

- Specifies the packets that match the access profile are filtered by the switch

mirror

- Specifies the packets that match the access profile are sent the copied one to the

mirror port.

time_range

- Specifies name of this time range entry.

offset_chunk_1, offset_chunk_2, offset_chunk_3, offset_chunk_4

- Specifies the content of

the trunk to be monitored.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To configure an access list rule entry:

DGS-3627:admin# config access_profile profile_id 1 add access_id 1 ip vlan default

source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp type 11 code 32 port 1 mirror

group_id 1 time_range testdaily

Command: config access_profile profile_id 1 add access_id 1 ip vlan default source_ip

20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp type 11 code 32 port 1 mirror group_id 1

time_range testdaily

Mirror function must be enabled and mirror port must be configured.

Success.

DGS-3627:admin#

To configure an rule entry for packet content mask profile:

Page 83 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

DGS-3627:admin# config access_profile profile_id 5 add access_id auto_assign

packet_content offset_chunk_1 0xAAAAAAAA offset_chunk_2 0xBBBBBBBB offset_chunk_3

0xFFFFFFFF offset_chunk_4 0xEEEEEEEE port all permit

Command: config access_profile profile_id 5 add access_id auto_assign packet_content

offset_chunk_1 0xAAAAAAAA offset_chunk_2 0xBBBBBBBB offset_chunk_3 0xFFFFFFFF

offset_chunk_4 0xEEEEEEEE port all permit

Success.

DGS-3627:admin#

show access_profile

Purpose

Used to display current access list table.

Syntax

show access_profile {profile_id <value 1-14>}

Description

The show access_profile command displays current access list table.

Parameters

profile_id

- Specifies the index of access list profile. The range is depend on project.

Restrictions

None.

Example usage:

To display current access list table:

DGS-3627:admin# show access_profile

Command: show access_profile

Access Profile Table

Total Unused Rule Entries: 1769

Total Used Rule Entries

: 3

Access Profile ID: 1

TYPE : Packet Content

================================================================================

Owner

: ACL

MASK Option :

-------------------------------------

Offset_chunk_1:

value:FFFFFFFF

Offset_chunk_2:

value:EEEEEEEE

Offset_chunk_3:

value:DDDDDDDD

Offset_chunk_4:

value:CCCCCCCC

Access ID : 1

Mode: Permit

priority: 3

Port: 1:1

-------------------------------------

Offset_chunk_1:

value:11111111

Offset_chunk_2:

value:22222222

Offset_chunk_3:

value:11111111

Offset_chunk_4:

value:44444444

================================================================================

Unused rule entries: 127

DGS-3627:admin#

Page 84 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

config flow_meter profile_id

Purpose

To configure packet flow-based metering based on an access profile and rule.

Syntax

config flow_meter profile_id <value 1-14> access_id <value 1-128>[ [ tr_tcm

cir <value

0-156249> {cbs <value 0-16384>} pir <value 0-156249> {pbs <value 0-16384>} |

sr_tcm

cir <value 0-156249> cbs <value 0-16384> ebs <value 0-16384> ] {conform [permit |

replace_dscp <value 0-63>] {counter [enable |disable]}} exceed [permit | replace_dscp

<value 0-63> | drop] {counter [enable |disable]} violate [permit | replace_dscp <value 0-

63> | drop] {counter [enable |disable]} | delete]

Description

This command is used to configure the flow-based metering function. The metering function

support three modes, single rate two colors, single rate three color, and two rate three color.

The access rule must first be created before the parameters of this function can be applied.

For the single rate two color mode, users may set the preferred bandwidth for this rule, in

Kbps and once the bandwidth has been exceeded, overflow packets will be either dropped or

be set to a drop precedence, depending on user configuration.

The drop precedence will be

used by RED. With RED, the packet with higher drop precedence will be dropped with higher

probability.

For the single rate three color mode, users need to specify the committed rate in Kbps, the

commited burst size and the excess burst size.

For the two rate three color mode, users need to specify the committed rate in Kbps, the

commited burst size, the peak rate and the peak burst size.

There can be two cases to map the color of packet, color blind mode and color aware mode.

In the color-blind case, the determination for the color of packet is based on metering result.

In the color-aware case, the determination for the color of packet is based metering result

and the ingress DSCP.

When the color blind or color aware is not specified, color blind is the default mode.

The green color packet will be treated the conforming action, the yellow color packet will be

treated the exceeding action, and the red color packet will be treated the violating action.

Parameters

profile_id

- Specifies the profile_ID.

access_id

- Specifies the access_ID.

tr_tcm

- Specify the “two rate three color mode”.

cir

- Specify the “committed information rate”.

The unit is 64Kbps.

The max rate 156249*64Kbps

cbs

- Specify the “committed burst size”.

The unit is Kbytes. That is to say, 1 means 1Kbytes.

This parameter is an optional parameter. The default value is 4*1024.

The max set value is 16*1024.

pir

- Specify the “Peak Information Rate”.

The unit is 64Kbits.

The max rate is 156249*64Kbps

pbs

- Specify the “peak burst size”.

The unit is Kbytes.

This parameter is an optional parameter.The default value is 4*1024.

The max set value is 16*1024.

sr_tcm

- Specify the “single rate three color mode”.

cir

- Specify the “committed information rate”.

The unit is 64Kbps.

The max rate is 156249*64Kbps

cbs

- Specify the “committed burst size”.

The unit is Kbytes.

The max set value is 16*1024.

ebs

- Specify the “Excess Burst Size”.

Page 85 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

config flow_meter profile_id

The unit is Kbytes.

The max set value is 16*1024.

conform

- Specify the action when packet is in “green color”.

permit

- Permit the packet.

replace_dscp

- Change the dscp of packet.

exceed

- Specify the action when packet is in “yellow color”.

permit

- Permit the packet.

replace_dscp

- Change the dscp of packet.

drop

- Drop the packet.

violate

- Specify the action when packet is in “red color”.

permit

- Permit the packet.

replace_dscp

- Change the dscp of packet.

counter

- Specify the counter.

This is optional. The default is “disable”.

The resource may be limited such that counter can not be turned on. The limitation is project

dependent.

counter

will be cleared when the function is disabled.

delete

- Delete the specified flow_meter.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To configure a two rates thress color flow meter:

DGS-3627:admin# config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir

2000 pbs 200 exceed replace_dscp 21 violate drop

Command: config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir 2000 pbs

200 exceed replace_dscp 21 violate drop

Success.

DGS-3627:admin#

show flow_meter

Purpose

To configure packet flow-based metering based on an access profile and rule.

Syntax

show flow_meter {profile_id <value 1-14> {access_id <value 1-128>}}

Description

This command displays the flow meter configuration.

Parameters

profile_id

- Specifies the profile_ID.

access_id

- Specifies the access_ID.

Restrictions

None.

Example usage:

To display the flow meter configuration:

Rate

Popular D-Link Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share