• 
- Ethernet 
IP
• 
• |
, |
|
|
|
(access profile mask) |
. ( |
create |
access_profile) |
|
|
|
• |
(access profile rule), |
|
|
( |
config access_profile) |
|
|
•
access_id. 
ID, 
. 
, 
.
•
, 
, 
802.1p/DSCP
,
“
” 
DSCP PHB (Per-Hop Behavior – 
).
1. Ethernet: |
2. IP: |
||
• |
VLAN |
• |
VLAN |
• MAC |
• |
IP |
|
• MAC |
• |
IP |
|
• 802.1p |
• DSCP |
||
• |
Ethernet |
• |
(ICMP, IGMP, TCP, UDP) |
• |
* |
• TCP/UDP- |
|
|
|
• |
* |
|
XX |
|
|
, 
Auto Assign 
Access ID.
5 
4 
(0x00xffffffff)
: 
Internet 
MAC- 
Internet
Internet
PC1 PC2
Internet:
IP = 10.254.254.251/8 0050BA999999
Internet: PC1:10.1.1.1/8, 0050ba111111 PC2:10.2.2.2/8, 0050ba222222
= 10.254.254.251
PC (
Internet 
):
IP: 10.x.x.x/8
:
1: 
MAC 
= 
MAC 
= 
PC1, 
MAC 
= 
MAC 
= 
PC2, 
(
MAC - PC3, PC4, 
.
.)
2: 
MAC 
= 
, 
3: 
(
).
# 
1
create access_profile ethernet source_mac FF-FF-FF-FF-FF-FF destination_mac FF-FF-FF-FF-FF-FF profile_id 10
config access_profile profile_id 10 add access_id 11 ethernet source_mac 00-50-ba-11-11-11 destination_mac 00-50-ba-99-99-99 permit
config access_profile profile_id 10 add access_id 12 ethernet source_mac 00-50-ba-22-22-22 destination_mac 00-50-ba-99-99-99 permit
#
MAC 
ID 
(10), 
ID 
(13, 14, 15 
.
.).
#
2
create access_profile ethernet destination_mac FF-FF-FF-FF-FF-FF profile_id 20
config access_profile profile_id 20 add access_id 21 ethernet destination_mac 00-50-ba-99-99-99 deny
# 
3: 
:
PC1, PC2 
Internet. (
1 MAC 
Internet)
Internet. (
PC 
Internet,
2)
PC1, PC2 
(Intranet OK, 
3)
:
1: 
MAC 
= 
, 
(
, 
.
.)
2: 
(
).
# 
1
create access_profile ethernet destination_mac FF-FF-FF-FF-FF-FF profile_id 10
config access_profile profile_id 10 add access_id 10 ethernet destination_mac 00-50-ba-99-99- 99 port 24 deny
# 
ID 
(10), 
ID 
(21, 22, 23 
.
.).
# 
2: 
:
PC1, PC2 
Internet. (
1 MAC 
Internet)
Internet. (
PC 
Internet, 
2)
PC1, PC2 
(Intranet OK, 
3)
: 
Internet 
IP
Internet
NAT
IP: 192.168.1.254/32
• 
Internet 
: 192.168.1.1 ~ 192.168.1.63
• 
Intranet
.1 ~ .63
( |
) |
( |
Internet) |
: 192.168.1.x