1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DGS-3612
    5. /
  5. 35
Page 171 / 757 Scroll up to view Page 166 - 170
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
167
19
COMPOUND AUTHENTICATION COMMANDS
The Compound Authentication UI specification describes the Common feature for access control functionalities and
specifications.
The Compound Authentication commands in the Command Line Interface (CLI) are listed (along with the appropriate
parameters) in the following table.
Command
Parameters
create authentication guest_vlan
[vlan <vlan_name 32> | vlanid <vlanid 1-4094>]
delete authentication guest_vlan
[vlan <vlan_name 32> | vlanid <vlanid 1-4094>]
config authentication guest_vlan
[vlan <vlan_name 32> | vlanid <vlanid 1-4094>] [add | delete ] ports [ <portlist>
|all ]
config authentication ports
[<portlist> | all] {auth_mode [port_based | host_based { vlanid <vidlist> state
[enable | disable] }]| multi_authen_methods[none | any | dot1x_impb |
impb_jwac]} (1)
show authentication guest_vlan
show authentication ports
{<portlist>}
enable authorization attributes
disable authorization attributes
show authorization
config authentication server failover
[local | permit | block]
show authentication
Each command is listed, in detail, in the following sections.
create authentication guest_vlan
Purpose
Used to assign a static VLAN to be guest VLAN.
Syntax
create authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>]
Description
The create guest_vlan command will assign a static VLAN to be guest VLAN.
The specific VLAN which assigned to guest VLAN must be existed.
The specific VLAN which assigned to guest VLAN can’t be deleted.
For further description of this command please see description for config authentication
guest_vlan ports.
Parameters
<vlan_name 32>
- Specify the guest VLAN by VLAN name.
vlanid
- Specify the guest VLAN by VLAN ID.
Restrictions
Only Administrator and Operator-level users can issue this command.
Page 172 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
168
Example usage:
To create an authentication guest VLAN:
DGS-3627:admin# create authentication guest_vlan vlan guestVLAN
Command: create authentication guest_vlan vlan guestVLAN
Success.
DGS-3627:admin#
delete authentication guest_vlan
Purpose
Used to delete guest VLAN configuration.
Syntax
delete authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>]
Description
The delete guest_vlan command will delete guest VLAN setting, but won’t delete the static
VLAN.
All ports which enable guest VLAN will move to original VLAN after deleting guest VLAN.
For further description of this command please see description for config authentication
guest_vlan ports.
Parameters
<vlan_name 32>
- Specify the guest VLAN by VLAN name.
vlanid
- Specify the guest VLAN by VLAN ID.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To delete an authentication guest VLAN:
DGS-3627:admin# delete authentication guest_vlan vlan guestVLAN
Command: delete authentication guest_vlan vlan guestVLAN
Success.
DGS-3627:admin#
config authentication guest_vlan ports
Purpose
Used to configure security port(s) as specified guest VLAN member.
Syntax
config authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>] [add |
delete ] ports [ <portlist> |all ]
Description
Used to configure security port(s) as specified guest VLAN member.
Parameters
vlan_name
- Assigned a VLAN as guest VLAN. The VLAN must be an existed static VLAN.
vlanid
- Assigned a VLAN as guest VLAN. The VLAN must be an existed static VLAN.
add
- Specifies to add port list to the guest VLAN.
delete
- Specifies to delete port list from the guest VLAN.
portlist
- Specify the configured port(s).
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure an authentication guest VLAN:
Page 173 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
169
DGS-3627:admin# config authentication guest_vlan vlan gv add ports all
Command: config authentication guest_vlan vlan gv add ports all
Success.
DGS-3627:admin#
config authentication ports
Purpose
Used to configure security port(s).
Syntax
config authentication ports [<portlist> | all] {auth_mode [port_based | host_based {
vlanid <vidlist> state [enable | disable] }]| multi_authen_methods[none | any |
dot1x_impb | impb_jwac]} (1)
Description
The user can use this command to configure authorization mode and authentication method
on ports.
Parameters
portlist
- Specify port(s) to configure.
auth_mode - port_based
- If one of the attached hosts passes the authentication, all
hosts on the same port will be granted to access network. If the user fails to
authorize, this port will keep trying the next authentication
host_based
- Every user can be authenticated individually. V2.01 and later, can
authenticate client on specific authentication VLAN(s).
vlanid
- Specific authentication VLAN(s).
enable
- Assign the specified VID list as authentication VLAN(s).
disable
- Remove the specified VID list from authentication VLAN(s).
If "vlanid" is not specified, or all VLANs is disabled,means do not care whitch VLAN the client
comes from,the client will be authenticated if the client's MAC(not care the VLAN) is not
authenticated. After the client is authenticated,the client will not be re-authenticated when
received from other VLANs.
All VLANs are disabled by default.
NOTE:
When port’s authorization mode is changed to port based, previously authentication
VLAN(s) on this port will be clear.
multi_authen_methods
- Specifies the method for compound authentication.
none
- Compound authentication is not enabled,
For project that support single authentication mode, the authentication method is defined by
individual authentication module.
For project that does not support single authentication mode, access authentication is
disabled on the port.
any
- If any one of the authentication method (802.1X, MAC-based Access Control, WAC and
JWAC) passes, then pass.
dot1x_impb
– 802.1X will be verified first, and then IMPB will be verified. Both authentication
need to be passed.
impb_jwac
- JWAC will be verified first, and then IMPB will be verified. Both authentication
need to be passed.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
The following example sets authorization mode and authentication VLAN for all port:
Page 174 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
170
DGS-3627:admin# config authentication ports all auth_mode host_based vlanid 1-3 state
enable
Command: config authentication ports all auth_mode host_based vlanid 1-3 state enable
Success.
DGS-3627:admin#
show authentication guest_vlan
Purpose
Used to show guest VLAN setting.
Syntax
show authentication guest_vlan
Description
The show guest VLAN command allows you to show the information of guest VLAN.
Parameters
None.
Restrictions
None.
Example usage:
This example displays the guest VLAN setting:
DGS-3627:admin# show authentication guest_vlan
Command: show authentication guest_vlan
Guest VLAN VID
: 1
Guest VLAN Member Ports
: 4
Guest VLAN VID
: 3
Guest VLAN Member Ports
: 1,8
Total Entries:
2
DGS-3627:admin#
show authentication ports
Purpose
Used to display authentication setting on port(s).
Syntax
show authentication ports {<portlist>}
Description
User can use this command to display authentication method and authorization mode on
ports.
Parameters
portlist
- Display compound authentication on specify port(s).
If not specify the port, displays compound authentication setting of all ports.
Restrictions
None.
Example usage:
This example displays authentication setting for all ports:
Page 175 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
171
DGS-3627:admin# show authentication ports
Command: show authentication ports
Port
Methods
Auth Mode
Authentication VLAN(s)
--------- ---------------- ---------------- ---------------------
1
None
Host based
1,3,5,9,11,88,16
18,56
2
Any
Port based
3
802.1X_IMPB
Host based
4
None
Host based
2000,2005
5
IMPB_JWAC
Port based
6
None
Host based
7
None
Host based
1-20
8
802.1X_IMPB
Host based
9
None
Host based
DGS-3627:admin#
enable authorization
Purpose
The enable authorization command will enable authorization.
Syntax
enable authorization attributes
Description
Used to enable authorization attributes.
When the authorization for attributes is enabled, whether the authorized attributes (for
example VLAN, 802.1p default priority assigned by the RADUIS server or local database will
be accepted which depends on the individual module’s setting.
Authorization for attributes is enabled by default.
Parameters
None.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
This example sets authorization global state enabled:
DGS-3627:admin# enable authorization attributes
Command: enable authorization attributes
Success.
DGS-3627:admin#
disable authorization
Purpose
The disable authorization command will disable authorization.
Syntax
disable authorization attributes
Description
Used to disable authorization attributes.
When the authorization for attributes is disabled, the authorized attributes (for example
VLAN, 802.1p default priority assigned by the RADUIS server or local database will be
ignored even if the individual module’s setting is enabled.
Authorization for attributes is enabled by default.
Parameters
None.
Restrictions
Only Administrator and Operator-level users can issue this command.

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top