D-Link DAS-3626 Guida Al Software
DAS-3600 Series Ethernet over VDSL Switch CLI Reference Manual
config access_profile
Parameters
port <portlist>
−
Specifies the port number on the Switch to permit or deny access for the
rule.
vlanbased [vlan <vlan_name> | vlan_id <value 1-4094>]
vlanbased [vlan <vlan_name> | vlan_id <value 1-4094>]
−
Specifies that the access profile
will apply to only to this VLAN.
permit
permit
−
Specifies the rule permit access for incoming packets on the previously specified
port.
priority <value 0-7>
priority <value 0-7>
−
Specifies that the access profile will apply to packets that contain this
value in their 802.1p priority field of their header for incoming packets on the previously
specified port.
{replace_priority}
specified port.
{replace_priority}
−
Allows users to specify a new value to be written to the priority field of an
incoming packet on the previously specified port.
replace_dscp_with <value 0-63>
replace_dscp_with <value 0-63>
−
Allows users to specify a new value to be written to the
DSCP field of an incoming packet on the previously specified port.
replace_tos_precedence_with <value 0-7> – Specifies the packets that match the access
profile and that tos-precedence values will be changed by the switch.
rx_rate
replace_tos_precedence_with <value 0-7> – Specifies the packets that match the access
profile and that tos-precedence values will be changed by the switch.
rx_rate
−
Specifies that one of the parameters below (no_limit or <value 1-15624>) will be
applied to the rate at which the above specified ports will be allowed to receive packets
•
no_limit
−
Specifies that there will be no limit on the rate of packets received by the
above specified ports.
•
<value 1-15624>
−
Specifies the packet limit, in 64Kbps, that the above ports will be
allowed to receive.
deny
−
Specifies the rule will deny access for incoming packets on the previously specified
port.
mirror – Specifies the packets that match the access profile, copies it and sends the copied
one to the mirror port.
time_range – Specifies the time_range profile that has been associated with the ACL entries.
delete access_id <value 1-1024>
mirror – Specifies the packets that match the access profile, copies it and sends the copied
one to the mirror port.
time_range – Specifies the time_range profile that has been associated with the ACL entries.
delete access_id <value 1-1024>
−
Use this to remove a previously created access rule of a
profile ID. For information on number of rules that can be created for a given port, lease see
the introduction to this chapter.
the introduction to this chapter.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure the access profile with the profile ID of 1 to filter frames on port 7 that have IP addresses in the range
between 10.42.73.0 to 10.42.73.255:
between 10.42.73.0 to 10.42.73.255:
DAS-3626:admin#config access_profile profile_id 1 add access_id 1 ip source_ip
10.42.73.1 port 7 deny
Command: config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1
Command: config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1
port 7 deny
Success.
DAS-3626:admin#
NOTE: Address Resolution Protocol (ARP) is the standard for finding a host's hardware address (MAC
Address). However, ARP is vulnerable as it can be easily spoofed and utilized to attack a LAN (known as
ARP spoofing attack). For a more detailed explaination on how ARP protocol works and how to employ D-
Link’s advanced unique Packet Content ACL to prevent an ARP spoofing attack, please see Appendix B,
at the end of this manual.
Address). However, ARP is vulnerable as it can be easily spoofed and utilized to attack a LAN (known as
ARP spoofing attack). For a more detailed explaination on how ARP protocol works and how to employ D-
Link’s advanced unique Packet Content ACL to prevent an ARP spoofing attack, please see Appendix B,
at the end of this manual.
show access_profile
Purpose
Used to display the currently configured access profiles on the Switch.
405