Linksys DES-3028/DES-3028P/DES-3052/DES-3052P 用户手册
DES-3028 DES-3028P DES-3052 DES-3052P Layer 2 Fast Ethernet Switch CLI Reference Manual
22
A
CCESS
C
ONTROL
L
IST
(ACL) C
OMMANDS
The DES-3028/28P/52/52P implements Access Control Lists that enable the Switch to deny network access to specific devices or
device groups based on IP settings and MAC address.
The access profile commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
device groups based on IP settings and MAC address.
The access profile commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command Parameters
create access_profile
[ethernet {vlan | source_mac <macmask> | destination_mac <macmask> | 802.1p |
ethernet_type} | ip {vlan | source_ip_mask <netmask> | destination_ip_mask <netmask> |
dscp | [icmp | igmp | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>
| flag_mask [ all | {urg | ack | psh | rst | syn | fin}] } | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff>} | packet_content_mask
{offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> }]
profile_id <value 1-256>
ethernet_type} | ip {vlan | source_ip_mask <netmask> | destination_ip_mask <netmask> |
dscp | [icmp | igmp | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>
| flag_mask [ all | {urg | ack | psh | rst | syn | fin}] } | udp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff>} | packet_content_mask
{offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> |
offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> }]
profile_id <value 1-256>
delete access_profile profile_id <value 1-256>
config access_profile <value 1-256> [add access_id [auto_assign | <value 1-256>] [ethernet {vlan <vlan_name
32> | source_mac <macaddr> | destination_mac <macaddr> | 802.1p <value 0-7> |
ethernet_type <hex 0x0-0xffff>} | ip {vlan <vlan_name 32> | source_ip <ipaddr> |
destination_ip <ipaddr> | dscp <value 0-63> | [icmp | igmp | tcp {src_port <value 0-65535> |
dst_port <value 0-65535> | urg | ack | psh | rst | syn | fin} | udp {src_port <value 0-65535> |
dst_port <value 0-65535>} | protocol_id <value 0 - 255>]} | packet_content offset <value 0-
76> <hex0x0-0xffffffff> {offset <value 0-76> <hex 0x0-0xffffffff> {offset <value 0-76> <hex
0x0-0xffffffff> {offset <value 0-76> <hex 0x0-0xffffffff> {offset <value 0-76> <hex 0x0-
0xffffffff>}}}}] port [<portlist> | all] [ permit {priority <value 0-7> | rx_rate [ no_limit |<value 64-
1024000>]} | deny] {time_range <range_name 32>} | delete access_id <value 1-256>]
ethernet_type <hex 0x0-0xffff>} | ip {vlan <vlan_name 32> | source_ip <ipaddr> |
destination_ip <ipaddr> | dscp <value 0-63> | [icmp | igmp | tcp {src_port <value 0-65535> |
dst_port <value 0-65535> | urg | ack | psh | rst | syn | fin} | udp {src_port <value 0-65535> |
dst_port <value 0-65535>} | protocol_id <value 0 - 255>]} | packet_content offset <value 0-
76> <hex0x0-0xffffffff> {offset <value 0-76> <hex 0x0-0xffffffff> {offset <value 0-76> <hex
0x0-0xffffffff> {offset <value 0-76> <hex 0x0-0xffffffff> {offset <value 0-76> <hex 0x0-
0xffffffff>}}}}] port [<portlist> | all] [ permit {priority <value 0-7> | rx_rate [ no_limit |<value 64-
1024000>]} | deny] {time_range <range_name 32>} | delete access_id <value 1-256>]
show access_profile
profile_id <value 1-256>
enable
cpu_interface_filtering
cpu_interface_filtering
disable
cpu_interface_filtering
cpu_interface_filtering
create cpu
access_profile
profile_id
access_profile
profile_id
<value 1-3> [ethernet {vlan | source_mac <macmask> | destination_mac <macmask> |
802.1p | ethernet_type} | ip {vlan | source_ip_mask <netmask> | destination_ip_mask
<netmask> | dscp | [icmp { type | code } | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff> | flag_mask [ all | {urg | ack | psh | rst | syn | fin}] } | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex
0x0-0xff> {user_define <hex 0x0-0xffffffff>}]} | packet_content_mask {offset_0-15 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31<hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff><hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}]
802.1p | ethernet_type} | ip {vlan | source_ip_mask <netmask> | destination_ip_mask
<netmask> | dscp | [icmp { type | code } | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> |
dst_port_mask <hex 0x0-0xffff> | flag_mask [ all | {urg | ack | psh | rst | syn | fin}] } | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex
0x0-0xff> {user_define <hex 0x0-0xffffffff>}]} | packet_content_mask {offset_0-15 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31<hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff><hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}]
delete cpu
access_profile
access_profile
profile_id <value 1-3>
config cpu
access_profile
access_profile
<value 1-3> [add access_id <value 1-5> [ethernet {vlan <vlan_name 32> | source_mac
<macaddr> | destination_mac <macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-
0xffff> } | ip {vlan <vlan_name 32> | source_ip <ipaddr> | destination_ip <ipaddr> | dscp
<value 0-63> | [icmp {type <value 0-255> |code <value 0-255>} | igmp {type <value 0-255>}
| tcp {src_port <value 0-65535> | dst_port <value 0-65535> | urg | ack | psh | rst | syn | fin} |
udp {src port <value 0-65535> | dst port <value 0-65535>} | protocol id <value 0-255>
<macaddr> | destination_mac <macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-
0xffff> } | ip {vlan <vlan_name 32> | source_ip <ipaddr> | destination_ip <ipaddr> | dscp
<value 0-63> | [icmp {type <value 0-255> |code <value 0-255>} | igmp {type <value 0-255>}
| tcp {src_port <value 0-65535> | dst_port <value 0-65535> | urg | ack | psh | rst | syn | fin} |
udp {src port <value 0-65535> | dst port <value 0-65535>} | protocol id <value 0-255>
151