1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DGS-3612
    5. /
  5. 110
Page 546 / 757 Scroll up to view Page 541 - 545
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
542
70
POLICY ROUTE COMMANDS
Policy Based routing is a method used by the Switch to give specified devices a cleaner path to the Internet. Used in
conjunction with the Access Profile feature, the Switch will identify traffic originating from a specified IP address and
forward it on to a next hop router that has a less congested connection to the Internet than the normal routing scheme of
your network.
The steps needed to set up policy-based routing on the switch are as follows:
Create an access profile using the
create access_profile
command which specifies information that will identify
the device to be given a policy route.
Modify the rule regarding this access profile using the
config access_profile
command. (Remember not to add
the deny parameter to this rule, or packets will be dropped and the policy route will not take effect.)
Name the policy route to be used by configuring the
create policy_route
command.
Bind the access profile (profile_id) and its rule (access_id) to this policy route using the
config policy_route
command. This command must also to be used to add the next hop IP address of the device that will be
connected directly to the gateway router. When the time is ready to deploy the policy route, the administrator
must enable this function here as well (state [enable | disable
])
.
Once completed, the Switch will identify the device to be given a policy route using the access profile function, recognize
that is has a Policy Based route, and then forward the information on to the specified next hop router, that will, in turn,
relay packets to the gateway router. Thus, the new, cleaner path to the Internet has been formed.
The Policy Route commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in
the following table.
Command
Parameters
create policy_route
name <policyroute_name 32>
config policy_route
name <policyroute_name 32> acl profile_id <value 1-14> access_id <value 1-
128> nexthop <ipaddr> state [enable | disable]
delete policy_route
name <policyroute_name 32>
show policy_route
Each command is listed, in detail, in the following sections.
create policy_route
Purpose
Used to create a name to identify a policy route.
Syntax
create policy_route name <policyroute_name 32>
Description
This command is used to create a policy route name which will identify the policy route.
Parameters
name <policyroute_name 32>
Enter an alphanumeric name of no more than 32 characters to
identify this policy route.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To create the policy route name “manager”:
Page 547 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
543
DGS-3627:admin# create policy_route name manager
Command: create policy_route name manager
Success.
DGS-3627:admin#
config policy_route
Purpose
Used to configure the parameters to set the policy route on the Switch.
Syntax
config policy_route name <policyroute_name 32> acl profile_id <value 1-14> access_id
<value 1-128> nexthop <ipaddr> state [enable | disable]
Description
This command is used to configure the policy route settings for a policy route created with the
create policy_route
command. The administrator must have previously created an access
profile with an accompanying access rule using the
create access_profile profile_id
and
config access_profile profile_id
mentioned previously in this manual. The next hop router IP
address must also be specified using this command.
Parameters
name <policyroute_name 32>
Enter an alphanumeric name of no more than 32 characters
which identifies this policy route.
acl – This parameter is used to denote the access profile that will be used with this command, by
identifying the following parameters:
profile_id <value 1-14>
Enter the ID number of the previously created access profile
that is to be associated with this policy route.
access_id
<
value 1-128>
Enter the previously created access ID that has been
created in conjunction with the access profile ID mentioned previously, that is to be
associated with this policy route.
nexthop <ipaddr>
Enter the IP address of the next hop router that will be connected to the
gateway router. This field must be set or no policy routing will take place.
state [enable | disable]
– Used to enable or disable this policy route on the Switch.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure the policy route name “manager”:
DGS-3627:admin# config policy_route name manager acl profile_id 1 access_id 2 nexthop
10.2.2.2 state enable
Command: config policy_route name manager acl profile_id 1 access_id 2 nexthop 10.2.2.2
state enable
Success.
DGS-3627:admin#
delete policy_route
Purpose
Used to delete a policy route setting.
Syntax
delete policy_route name <policyroute_name 32>
Description
This command is used to delete a policy route setting.
Parameters
name <policyroute_name 32>
Enter an alphanumeric name of no more than 32 characters to
identify this policy route to be deleted.
Restrictions
Only Administrator and Operator-level users can issue this command.
Page 548 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
544
Example usage:
To delete the policy route name “manager”:
DGS-3627:admin# delete policy_route name manager
Command: delete policy_route name manager
Success.
DGS-3627:admin#
show policy_route
Purpose
Used to display policy route settings.
Syntax
show policy_route
Description
This command is used to display policy route settings.
Parameters
None.
Restrictions
None.
Example usage:
To display the policy route settings:
DGS-3627:admin# show policy_route
Command: show policy_route
Policy Routing Table
---------------------
Name
Profile ID
Access ID Next Hop
State
-------------------------------- ----------
--------- --------------- --------
manager
1
1
10.3.3.3
Enabled
Total Entries: 1
DGS-3627:admin#
Page 549 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
545
71
PORT SECURITY COMMANDS
The primary purpose of port security function is to restrict the access to a switch port to a number of authorized users. If
an unauthorized user tries to access a port-security enabled port, the system will block the access by dropping its packet.
The Port Security commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in
the following table.
Command
Parameters
config port_security ports
[<portlist> | all] {admin_state [enable | disable] | max_learning_addr
<max_lock_no 0-64> | lock_address_mode [Permanent | DeleteOnTimeout |
DeleteOnReset]}(1)
delete port_security_entry vlan_name
<vlan_name 32> port <port> mac_address <macaddr>
clear port_security_entry port
<portlist>
show port_security
{ports <portlist>}
Each command is listed, in detail, in the following sections.
config port_security
Purpose
This command is used to set the port level port security setting.
Syntax
config port_security ports [<portlist> | all] {admin_state [enable | disable] |
max_learning_addr <max_lock_no 0-64> | lock_address_mode [permanent | delete
ontimeout | deleteonreset]}(1)
Description
This command configures admin state, maximum learning address and lock address mode.
There are four levels of limitations on the learned entry number, for the entire system, for a
port, for a VLAN, and for specific VLAN on a port. If any limitation is exceeded, the new entry
will be discarded.
Parameters
portlist
- Specifies a range of ports to be configured.
all
- Specifies that all ports will be configured.
admin_state
- Specifies to enable/disable the port security function on the port. By default,
the setting is disabled.
max_learning_addr
- Specifies the maximum of port security entries that can be learned on
this port. If the value is set to 0, it means that no user can get authorized by port security
function on this port. If the setting is smaller than the number of current learned entries on the
port, the command will be rejected. The default value is 1.
lock_address_mode
- Indicates the mode of locking address. The default mode is
deleteonreset.
Permanent
- The address will never be deleted unless the user removes it manually
or the VLAN of the entry is removed or the port is removed from the VLAN, or port
security is disabled on the port where the address resides..
DeleteOnTimeout
- This entry will be removed if it’s idle for the ageing time.
DeleteOnReset
- This address will be removed if the switch is reset or reboots. The
cases under which the permanent entries are deleted also apply to the deleteonreset
entries,
Restrictions
Only Administrator and Operator-level users can issue this command.
Page 550 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
546
Example usage:
To config port security setting:
DGS-3627:admin# config port_security ports 1:6 admin_state enable max_learning_addr 10
lock_address_mode Permanent
Command: config port_security ports 1:6 admin_state enable max_learning_addr 10
lock_address_mode Permanent
Success.
DGS-3627:admin#
delete port_security_entry vlan_name
Purpose
Used to delete a port security entry.
Syntax
delete port_security_entry vlan_name <vlan_name 32> port <port> mac_address
<macaddr>
Description
Used to delete a port security entry.
Parameters
<vlan_name>
- Specifies the VLAN by VLAN name.
port
- Specifies a range of ports to be configured
mac_address
- Specifiies the MAC address of the entry.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To delete a default route from the routing table:
DGS-3627:admin#delete port_security_entry vlan_name default port 1 mac_address 00-01-30-
10-2C-C7
Command: delete port_security_entry vlan_name default port 1 mac_address 00-01-30-10-2C-
C7
DGS-3627:admin#
clear port_security_entry
Purpose
Used to clear the MAC entrieslearned by the port security function.
Syntax
clear port_security_entry port <portlist>
Description
Used to clear the MAC entries learned by the port security function.
Parameters
<portlist>
- Specifies a range of ports to be configured. The port-security entries learned on
the specified port will be cleared.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To clear port security entry by port(s):

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top