create access_profile  ethernet source_mac FF-FF-FF-FF-FF-FF destination_mac FF-FF-FF-FF-FF-FF ethernet_type  profile_id 20
### Block clients with server MAC Cisco asr1002
config access_profile profile_id 20 add access_id auto_assign ethernet source_mac 30-F7-0D-3E-85-00 port 1-16 deny
### Allow broadcast PPPoE-session PADI packets from clients (RSTP: UpLink ports 17-18)
config access_profile profile_id 20 add access_id auto_assign ethernet destination_mac FF-FF-FF-FF-FF-FF ethernet_type 0x8863 port 1-18 permit priority 3 replace_priority replace_dscp_with 24
### Allow PPPoE-session packets from clients to hub (RSTP: UpLink ports 17-18)
config access_profile profile_id 20 add access_id auto_assign ethernet destination_mac 30-F7-0D-3E-85-00 ethernet_type 0x8863 port 1-18 permit priority 3 replace_priority replace_dscp_with 24
config access_profile profile_id 20 add access_id auto_assign ethernet destination_mac 30-F7-0D-3E-85-00 ethernet_type 0x8864 port 1-18 permit priority 3 replace_priority replace_dscp_with 24

###############
## Deny all          ###
###############
create access_profile ethernet source_mac 00-00-00-00-00-00 profile_id 99
config access_profile profile_id 99 add access_id auto_assign ethernet source_mac 00-00-00-00-00-00 port 1-16 deny

###############
## Block IPv6       ###
###############
create cpu access_profile profile_id 1 ethernet  ethernet_type
config cpu access_profile profile_id 1 add access_id 1 ethernet ethernet_type 0x86DD port 1-18 deny
enable cpu_interface_filtering

create access_profile profile_id 1 profile_name Allow_legal_PPPoE_servers ethernet source_mac FF-FF-FF-FF-FF-FF destination_mac FF-FF-FF-FF-FF-FF ethernet_type
### Block clients with server MAC
config access_profile profile_id 1 add access_id auto_assign ethernet source_mac 30-F7-0D-3E-85-00 port 1-48 deny
### Allow broadcast PPPoE-session PADI packets from clients (RSTP: UpLink ports 49-52)
config access_profile profile_id 1 add access_id auto_assign ethernet destination_mac FF-FF-FF-FF-FF-FF ethernet_type 0x8863 port 1-52 permit priority 3 replace_priority replace_dscp_with 24
### Allow PPPoE-session packets from clients to hub (RSTP: UpLink ports 49-52)
config access_profile profile_id 1 add access_id auto_assign ethernet destination_mac 30-F7-0D-3E-85-00 ethernet_type 0x8863 port 1-52 permit priority 3 replace_priority replace_dscp_with 24
config access_profile profile_id 1 add access_id auto_assign ethernet destination_mac 30-F7-0D-3E-85-00 ethernet_type 0x8864 port 1-52 permit priority 3 replace_priority replace_dscp_with 24
###############
## Deny all ###
###############

create access_profile profile_id 99 profile_name Deny_all ethernet source_mac 00-00-00-00-00-00
config access_profile profile_id 99 add access_id auto_assign ethernet source_mac 00-00-00-00-00-00 port 1-48 deny

###############
## Block IPv6       ###
###############

create cpu access_profile profile_id 1 ethernet  ethernet_type
config cpu access_profile profile_id 1 add access_id 1 ethernet ethernet_type 0x86DD port 1-52 deny
enable cpu_interface_filtering

create access_profile profile_id 1 profile_name PCM packet_content_mask offset_chunk_1 3 0xFFFF offset_chunk_2 4 0xFF0000 offset_chunk_3 6 0x00ff0000 offset_chunk_4 9 0x0000ffff
#PADO Block
config access_profile profile_id 1 add access_id auto_assign packet_content offset_chunk_1 0x8863 offset_chunk_2 0x70000 port 1-24 deny
#TCP(0x60000) dst port 445 (0x1BD) block
config access_profile profile_id 1 add access_id auto_assign packet_content offset_chunk_3 0x60000 offset_chunk_4 0x1BD port 1-24 deny