D-Link DGS-3612 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

D-Link

DGS-3612

Page 741 / 757 Scroll up to view Page 736 - 740

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

737

config vrrp vrid

Purpose

To configure a VRRP router set on the Switch.

Syntax

config vrrp vrid <vrid 1-255> ipif <ipif_name 12> {state [enable | disable] | priority <int

1-254> | ipaddress <ipaddr> | advertisement_interval <int 1-255> | preempt [true | false]

| critical_ip <ipaddr> | critical_ip_state [enable | disable]}

Description

This command is used to configure a previously created VRRP interface on the Switch.

Parameters

vrid <vrid 1-255>

– Enter a value between

and

255

that uniquely identifies the VRRP group

to configure. All routers participating in this group must be assigned the same

vrid

value. This

value MUST be different from other VRRP groups set on the Switch.

ipif <ipif_name 12>

– Enter the name of a previously configured IP interface to configure a

VRRP entry for. This IP interface must be assigned to a VLAN on the Switch.

state [enable | disable]

– Used to enable and disable the VRRP router on the Switch.

priority <int 1-254>

– Enter a value between

and

254

to indicate the router priority. The

VRRP Priority value may determine if a higher priority VRRP router overrides a lower priority

VRRP router. A higher priority will increase the probability that this router will become the

Master router of the group. A lower priority will increase the probability that this router will

become the backup router. VRRP routers that are assigned the same priority value will elect

the highest physical IP address as the Master router. The default value is

100

. (The value of

255 is reserved for the router that owns the IP address associated with the virtual router and

is therefore set automatically.)

ipaddress <ipaddr>

– Enter the virtual IP address that will be assigned to the VRRP entry.

This IP address is also the default gateway that will be statically assigned to end hosts and

must be set for all routers that participate in this group.

advertisement_interval <int 1-255>

– Enter a time interval value, in seconds, for sending

VRRP message packets. This value must be consistent with all routers participating within

the same VRRP group. The default is

second.

preempt [true | false]

– This entry will determine the behavior of backup routers within the

VRRP group by controlling whether a higher priority backup router will preempt a lower

priority Master router. A true entry, along with having the backup router’s priority set higher

than the masters priority, will set the backup router as the Master router. A false entry will

disable the backup router from becoming the Master router. This setting must be consistent

with all routers participating within the same VRRP group. The default setting is

true

critical_ip <ipaddr>

– Enter the IP address of the physical device that will provide the most

direct route to the Internet or other critical network connections from this virtual router. This

must be a real IP address of a real device on the network. If the connection from the virtual

router to this IP address fails, the virtual router will be disabled automatically. A new master

will be elected from the backup routers participating in the VRRP group. Different critical IP

addresses may be assigned to different routers participating in the VRRP group, and can

therefore define multiple routes to the Internet or other critical network connections.

critical_ip_state [enable | disable]

– This parameter is used to enable or disable the critical IP

address entered above. The default is

disable

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To configure a VRRP entry:

DGS-3627:admin# config vrrp vrid 1 ipif Zira state enable priority 100

advertisement_interval 2

Command: config vrrp vrid 1 ipif Zira state enable priority 100 advertisement_interval 2

Success.

DGS-3627:admin#

Page 742 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

738

config vrrp ipif

Purpose

To configure the authentication type for the VRRP routers of an IP interface.

Syntax

config vrrp ipif <ipif_name 12> [authtype [none | simple authdata <string 8> | ip

authdata <string 16>]]

Description

This command is used to set the authentication type for the VRRP routers of an IP interface.

Parameters

ipif <ipif_name 12>

– Enter the name of a previously configured IP interface for which to

configure the VRRP entry. This IP interface must be assigned to a VLAN on the Switch.

authtype

– Specifies the type of authentication used. The authtype must be consistent with

all routers participating within the VRRP group. The user may choose between:

none

– Entering this parameter indicates that VRRP protocol exchanges will not be

authenticated.

simple authdata <string 8>

– This parameter, along with an alphanumeric string of no more

than eight characters, to set a simple password for comparing VRRP message packets

received by a router. If the two passwords are not exactly the same, the packet will be

dropped.

ip authdata <string 16>

– This parameter will require the user to set an alphanumeric

authentication string of no more than 16 characters to generate a MD5 message digest for

authentication in comparing VRRP messages received by the router. If the two values are

inconsistent, the packet will be dropped.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To set the authentication type for a VRRP entry:

DGS-3627:admin# config vrrp ipif Zira authtype simple authdata tomato

Command: config vrrp ipif Zira authtype simple authdata tomato

Success.

DGS-3627:admin#

show vrrp

Purpose

To view the VRRP settings set on the Switch.

Syntax

show vrrp {ipif <ipif_name 12> {vrid <vrid 1-255>}}

Description

This command is used to view current VRRP settings of the VRRP Operations table.

Parameters

ipif <ipif_name 12>

– Enter the name of a previously configured IP interface for which to view

the VRRP settings. This IP interface must be assigned to a VLAN on the Switch.

vrid <vrid 1-255>

– Enter the VRRP ID of a VRRP entry for which to view these settings.

Restrictions

None.

Example Usage:

To view the global VRRP settings currently implemented on the Switch (VRRP Enabled):

Page 743 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

739

DGS-3627:admin# show vrrp

Command: show vrrp

Global VRRP

:Enabled

Non-owner response PING

: Disabled

Interface Name

: System

Authentication type

: No Authentication

VRID

: 2

Virtual IP Address

: 10.53.13.3

Virtual MAC Address

: 00-00-5E-00-01-02

Virtual Router State

: Master

State

: Enabled

Priority

: 255

Master IP Address

: 10.53.13.3

Critical IP Address

: 0.0.0.0

Checking Critical IP

: Disabled

Advertisement Interval

: 1 secs

Preempt Mode

: True

Virtual Router Up Time

: 2754089 centi-secs

Total Entries :

DGS-3627:admin#

delete vrrp

Purpose

Used to delete a VRRP entry from the switch.

Syntax

delete vrrp {vrid <vrid 1-255> ipif <ipif_name 12>}

Description

This command is used to remove a VRRP router running on a local device.

Parameters

vrid <vrid 1-255>

– Enter the VRRP ID of the virtual router to be deleted. Not entering this

parameter will delete all VRRP entries on the Switch.

ipif <ipif_name 12>

– Enter the name of the IP interface which holds the VRRP router to

delete.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To delete a VRRP entry:

DGS-3627:admin# delete vrrp vrid 2 ipif Zira

Command: delete vrrp vrid 2 ipif Zira

Success.

DGS-3627:admin#

Page 744 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

740

106

WEB-BASED ACCESS CONTROL (WAC) COMMANDS

WAC is “Web-based Access Control”. Web-Based Authentication Login is a feature designed to authenticate a user when

the user is trying to access the Internet via the Switch.

The authentication process uses HTTP protocol. The switch enters the authenticating stage when users would like to

browse web screen (ex: http://www.kimo.com.tw) through the web browser (ex: IE…). When the switch detects HTTP

packets and this port or this host (host-based mode) is un-authenticated, the switch will pop out username/password

screen to query users. The user can’t access internet until he passes the authentication process.

The switch can be the authentication server itself and do the authentication based on a local database or be a RADIUS

client and perform the authentication process via RADIUS protocol with remote RADIUS server.

The client user initiates the authentication process of WAC via a Web access.

The Web-based Access Control (WAC) commands in the Command Line Interface (CLI) are listed (along with the

appropriate parameters) in the following table.

Command

Parameters

enable wac

disable wac

config wac ports

[<portlist> | all] {state [enable | disable] | aging_time [infinite | <min 1-1440>] |

idle_time [infinite | <min 1-1440>] | block_time [<sec 0-300>]}(1)

config wac method

[local | radius]

config wac default_redirpath

config wac clear_default_redirpath

config wac virtual_ip

{ < ipaddr > | < ipv6addr > } (1)

config wac switch_http_port

< tcp_port_number 1-65535> { [ http | https ] }

create wac user

<username 15> {[vlan <vlan_name 32> | vlanid <vlanid 1-4094>]}

delete wac

[user <username 15> | all_users]

config wac user

<username 15> [vlan <vlan_name 32> | vlanid <vlanid 1-4094> | clear_vlan]

config wac authorization attributes

{radius [enable| disable] | local [enable | disable]}(1)

show wac

show wac ports

{ <portlist> }

show wac user

show wac auth_state ports

{ <portlist> }

clear wac auth_state

[ports [ <portlist> | all ] { authenticated | authenticating | blocked } | macaddr

<macaddr>]

Each command is listed, in detail, in the following sections.

enable wac

Purpose

Used to enable WAC function.

Syntax

enable wac

Page 745 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

741

enable wac

Description

The enable wac command enables WAC function.

WAC and JWAC are mutual exclusive function. That is, they can not be enabled at the same

time.

Parameters

None.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To enable WAC:

DGS-3627:admin# enable wac

Command: enable WAC

Success.

DGS-3627:admin#

disable wac

Purpose

Used to disable WAC function.

Syntax

disable wac

Description

The disable wac command disables WAC function; all authentication entries related to WAC

will be deleted.

Parameters

None.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To disable WAC:

DGS-3627:admin# disable wac

Command: disable wac

Success.

DGS-3627:admin#

config wac ports

Purpose

Used to config state and other parameters of the ports.

Syntax

config wac ports [<portlist> | all] {state [enable | disable] | aging_time [infinite | <min 1-

1440>] | idle_time [infinite | <min 1-1440>] | block_time [<sec 0-300>]}(1)

Description

The config wac ports command allows you to configure port state and other parameters of

WAC.

The default value of aging time is 1440 minutes.

The default value of idle time is infinite.

The default value of block_time is 60 seconds.

Parameters

portlist

- A port range to set their WAC state.

all

- All the Switch ports’ WAC state is to be configured.

state

- To specify the port state of WAC

Rate

Popular D-Link Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share