D-Link DGS-3612 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

D-Link

DGS-3612

Page 41 / 757 Scroll up to view Page 36 - 40

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

DGS-3627:admin#

config 802.1x authorization attributes radius disable

Command: config 802.1x authorization attributes radius disable

Success.

DGS-3627:admin#

show 802.1x

Purpose

Used to display the 802.1X state or configurations.

Syntax

show 802.1x { [ auth_state | auth_configuration ] ports { < portlist > } }

Description

The show 802.1x command displays the 802.1X state or configurations.

Parameters

auth_state

- Used to display 802.1X authentication state machine of some or all ports

auth_configuration

- Used to display 802.1X configurations of some or all ports.

portlist

- Specifies a range of ports to be displayed.

If no port is specified, all ports will be displayed.

If no parameter is specified, the 802.1X system configurations will be displayed.

Restrictions

None.

Example usage:

To display the 802.1X states:

DGS-3627:admin#

show 802.1x auth_state ports 1-4

Command: show 802.1x auth_state ports 1-4

Status:

A – Authorized; U – Unauthorized; (P): Port-Based 802.1X

Port MAC Address

PAE State

Backend State

Status

VID

Priority

---- --------------------- ---------------- -------------- ------- ----

--------

00-00-00-00-00-01

Authenticated

Idle

4004

00-00-00-00-00-02

Authenticated

Idle

1234

00-00-00-00-00-04

Authenticating

Response

(P)

Authenticating

Request

(P)

Connecting

Idle

(P)

Held

Idle

Total Authenticating Hosts : 2

Total Authenticated Hosts

: 2

DGS-3627:admin#

To display the 802.1X system level configurations:

DGS-3627:admin#

show 802.1x

Command: show 802.1x

802.1X

: Enabled

Authentication Mode

: Port_based

Authentication Protocol

: Radius_Eap

Forward EAPOL PDU

: Enabled

Max Users

: no_limit

RADIUS Authorization

: Enabled

DGS-3627:admin#

Page 42 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

To display the 802.1X port level configurations:

DGS-3627:admin#

show 802.1x auth_configuration ports 1:1

Command: show 802.1x auth_configuration ports 1:1

Port number

: 1:1

Capability

: None

AdminCrlDir

: Both

OpenCrlDir

: Both

Port Control

: Auto

QuietPeriod

: 60 sec

TxPeriod

: 30 sec

SuppTimeout

: 30 sec

ServerTimeout

: 30 sec

MaxReq

: 2 times

ReAuthPeriod

: 3600 sec

ReAuthenticate

: Disabled

Forward EAPOL PDU On Port

: Enabled

Max Users On Port

: 10

DGS-3627:admin#

config 802.1x capability

Purpose

Used to configure the port capability.

Syntax

config 802.1x capability ports [ < portlist > | all ] [ authenticator | none ]

Description

The config 802.1x capability command configures the port capability.

Parameters

portlist

- Specifies a range of ports to be configured.

all

- Specifies all ports to be configured.

authenticator

- The port that wishes to enforce authentication before allowing access to

services that are accessible via that port adopts the authenticator role.

none

- Disable authentication on the specified ports.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To configure the port capability:

DGS-3627:admin# config 802.1x capability ports 1:1-1:10 authenticator

Command: config 802.1x capability ports 1:1-1:10 authenticator

Success.

DGS-3627:admin#

config 802.1x max_users

Purpose

Used to configure the maximum number of users that can be learned via 802.1X

authentication.

Syntax

config 802.1x max_users [<value 1 – 4000> | no_limit]

Description

The setting is a global limitation on the maximum number of users that can be learned via

802.1X authentication.

In addition to the global limitation, maximum user for per port is also limited. It is specified by

config 802.1x auth_parameter command.

Page 43 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

config 802.1x max_users

Parameters

max_users

- Specifies the maximum number of users.

The range is 1 to 4000. By default, there is no limit on the maximum users.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To configure 802.1X number of users to be limited to 200:

DGS-3627:admin#

config 802.1x max_users 200

Command: config 802.1x max_users 200

Success.

DGS-3627:admin#

config 802.1x auth_parameter

Purpose

Used to configure the parameters that control the operation of the authenticator associated

with a port.

Syntax

config 802.1x auth_parameter ports [ <portlist> | all ][ default |{ direction [ both | in ]|

port_control [ force_unauth | auto | force_auth ] | quiet_period < sec 0-65535> |

tx_period < sec 1-65535> | supp_timeout < sec 1-65535>| server_timeout < sec 1-

65535> | max_req < value 1-10> | reauth_period < sec 1-65535> | enable_reauth [

enable | disable ] | max_users [ <value 1 – 128> | no_limit ]} (1)]

Description

The config 802.1x auth_parameter command configures the parameters that control the

operation of the authenticator associated with a port.

Parameters

portlist

- Specifies a range of ports to be configured.

all

- All ports.

default

- Sets all parameter to be default value.

direction

- Sets the direction of access control.

both

- For bidirectional access control.

- For unidirectional access control.

port_control

- You can force a specific port to be unconditionally authorized or unauthorized

by setting the parameter of port_control to be force_authorized or force_unauthorized.

Besides, the controlled port will reflect the outcome of authentication if port_control is auto.

force_authorized

- Force a specific port to be unconditionally authorized.

auto

- The controlled port will reflect the outcome of authentication.

force_unauthorized

- Force a specific port to be unconditionally unauthorized.

quiet_period

- It is the initialization value of the quietWhile timer. The default value is 60

seconds and can be any value among 0 to 65535.

tx_period

- It is the initialization value of the txWhen timer. The default value is 30 seconds

and can be any integer value among 1 to 65535.

supp_timeout

- The initialization value of the aWhile timer when timing out the supplicant. Its

default value is 30 seconds and can be any integer value among 1 to 65535.

server_timeout

- The initialization value of the aWhile timer when timing out the

authentication server. Its default value is 30 seconds and can be any integer value among 1

to 65535.

max_req

- The maximum number of times that the authentication PAE state machine will

retransmit an EAP Request packet to the supplicant. Its default value is 2 and can be any

integer number among 1 to 10.

reauth_period

- It’s a nonzero number of seconds, which is used to be the re-authentication

timer. The default value is 3600.

Page 44 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

config 802.1x auth_parameter

enable_reauth

- You can enable or disable the re-authentication mechanism for a specific

port.

max_users

- Specifies per port maximum number of users.

The range is 1 to 128.

The default value is 16.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To configure the parameters that control the operation of the authenticator associated with a port:

DGS-3627:admin#

config 802.1x auth_parameter ports 1:1-1:20 direction both

Command: config 802.1x auth_parameter ports 1:1-1:20 direction both

Success.

DGS-3627:admin#

config 802.1x auth_mode

Purpose

Used to configure 802.1X authentication mode.

Syntax

config 802.1x auth_mode [ port_based | mac_based ]

Description

The config 802.1x auth_mode command configures the authentication mode.

Parameters

port_based

- Configure the authentication as port based mode.

mac_based

- Configure the authentication as MAC based mode.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To configure the authentication mode:

DGS-3627:admin# config 802.1x auth_mode port_based

Command: config 802.1x auth_mode port_based

Success.

DGS-3627:admin#

config 802.1x init

Purpose

Used to initialize the authentication state machine of some or all ports.

Syntax

config 802.1x init [ port_based ports [ < portlist | all > ] | mac_based ports [ < portlist >

| all ] { mac_address < macaddr > }]

Description

The config 802.1x init command used to initialize the authentication state machine of some or

all.

Parameters

port_based

- Configure the authentication as port based mode.

mac_based

- Configure the authentication as MAC based mode.

portlist

- Specifies a range of ports to be configured.

all

- All ports.

mac_address

- MAC address of client.

Page 45 / 757

xStack

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

config 802.1x init

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To initialize the authentication state machine of some or all:

DGS-3627:admin#

config 802.1x init port_based ports all

Command: config 802.1x init port_based ports all

Success.

DGS-3627:admin#

config 802.1x reauth

Purpose

Used to re-authenticate the device connected to the port.

Syntax

config 802.1x reauth [ port_based ports [ < portlist | all >]| mac_based ports [ < portlist

> | all ] { mac_address < macaddr > }]

Description

The config 802.1x reauth command re-authenticates the device connected to the port. During

the re-authentication period, the port status remains authorized until failed re-authentication.

Parameters

port_based

- Configure the authentication as port based mode.

mac_based

- Configure the authentication as MAC based mode.

portlist

- Specifies a range of ports to be configured.

all

- All ports.

mac_address

- MAC address of client.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

To re-authenticate the device connected to the port:

DGS-3627:admin#

config 802.1x reauth port_based ports all

Command: config 802.1x reauth port_based ports all

Success.

DGS-3627:admin#

create 802.1x guest_vlan

Purpose

Used to assign a static VLAN to be guest VLAN.

Syntax

create 802.1x guest_vlan { < vlan_name 32 > }

Description

The create 802.1x guest_vlan command will assign a static VLAN to be guest VLAN.

The specific VLAN which assigned to guest VLAN must be existed.

The specific VLAN which assigned to guest VLAN can’t be deleting.

Parameters

<vlan_name 32>

- Specify the static VLAN to be guest VLAN.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example usage:

Rate

Popular D-Link Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share