DGS-3224TGR Layer 2 Gigabit Ethernet Switch User’s Guide
200
when a logical AND operation between an IP address specified in
the next step and the ip_source_mask match.
The default for an access profile on the switch is to permit traffic
flow. If you want to restrict traffic, you must use the deny
parameter.
Now that an access profile has been created, you must add the
criteria the switch will use to decide if a given frame should be
forwarded or filtered. Here, we want to filter any packets that
have an IP source address between 10.42.73.0 and
10.42.73.255:
config access_profile profile_id 1 add access_id 1 ip
source_ip 10.42.73.1
Here we use the profile_id 1 which was specified when the
access profile was created. The add parameter instructs the
switch to add the criteria that follows to the list of rules that are
associated with access profile 1. For each rule entered into the
access profile, you can assign an access_id that both identifies
the rule and establishes a priority within the list of rules. A
lower access_id gives the rule a higher priority. In case of a
conflict in the rules entered for an access profile, the rule with
the highest priority (lowest access_id) will take precedence.
The ip parameter instructs the switch that this new rule will be
applied to the IP addresses contained within each frame’s
header. source_ip tells the switch that this rule will apply to the
source IP addresses in each frame’s header. Finally, the IP
address 10.42.73.1 will be combined with the source_ip_mask
255.255.255.0
to give the IP address 10.42.73.0 for any source
IP address between 10.42.73.0 to 10.42.73.255.