Table of Contents
DGS-3700 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide
config access_profile
Protocol (IGMP) field within each packet.
type − Specifies that the access profile will apply to packets that
have
this IGMP type value.
tcp − Specifies that the Switch will examine the Transmission Control Protocol (TCP)
field within each packet.
src_port − Specifies that the access profile will apply only to
packets that have this TCP source port in their TCP header.
dst_port − Specifies that the access profile will apply only to
packets that have this TCP destination port in their TCP header.
urg: TCP control flag (urgent)
ack: TCP control flag (acknowledgement)
psh: TCP control flag (push)
rst: TCP control flag (reset)
syn: TCP control flag (synchronize)
fin: TCP control flag (finish)
udp − Specifies that the Switch will examine the User Datagram Protocol (UDP) field
in each packet.
src_port − Specifies that the access profile will apply only to
packets that have this UDP source port in their UDP header.
dst_port − Specifies that the access profile will apply only to
packets that have this UDP destination port in their UDP header.
protocol_id − Specifies that the Switch will examine the protocol field
in each packet and if this field contains the value entered here, apply the following
rules.
user_define − Specifies a mask to be combined with the value
found in the frame header and if this field contains the value entered here, apply
the following rules.
packet_content_mask – Allows users to examine any up to four specified offset_chunk
within a packet at one time and specifies that the Switch will mask the packet
header beginning with the offset value specified as follows:
packet_content { offset_chunk_1 | offset_chunk_2
0xffffffff>| offset_chunk_3 | offset_chunk_4
0xffffffff>
With this advanced unique Packet Content Mask (also known as Packet Content Access Control List -
D-Link switches can effectively mitigate some network attacks like the
ACL),
common ARP Spoofing attack that is wide spread today. This is the reason that
Packet Content ACL is able to inspect any specified content of a packet in different
protocol layers.
IPV6 - Denotes that IPv6 packets will be examined by the Switch for forwarding or
filtering based on the rules configured in the config access_profile command for
IPv6.
class – Entering this parameter will instruct the Switch to examine the class field of
the IPv6 header. This class field is a part of the packet header that is similar to the
Type of Service (ToS) or Precedence bits field in IPv4.
flowlabel – Entering this parameter will instruct the Switch to examine the flow label
field of the IPv6 header. This flow label field is used by a source to label sequences
of packets such as non-default quality of service or real time service packets.
tcp – Specifies that the Switch will examine each frame's Transmission Control
Protocol (TCP) field.
Page | 371
Chapters
Table of Contents
