1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DGS-3612
    5. /
  5. 90
Page 446 / 757 Scroll up to view Page 441 - 445
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
442
config mac_based_access_control method
Description
Specify the authentication method used via the local database or via the RADIUS server.
Parameters
local
- Specify to authenticate via the local database.
radius
- Specify to authenticate via a RADIUS server.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To set the MAC-based Access Control authentication method as local:
DGS-3627:admin# config mac_based_access_control method local
Command: config mac_based_access_control method local
Success.
DGS-3627:admin#
config mac_based_access_control guest_vlan
Purpose
Used to configure the MAC-based Access Control guest VLAN membership.
Syntax
config mac_based_access_control guest_vlan ports <portlist>
Description
This command will assign a specified port list to the MAC-based Access Control guest VLAN.
Ports that are not contained in port list will be removed from the MAC-based Access Control
guest VLAN.
Parameters
<portlist>
- Specify MAC-based Access Control guest VLAN membership.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To set the MAC-based Access Control guest VLAN membership:
DGS-3627:admin# config mac_based_access_control guest_vlan ports 1-8
Command: config mac_based_access_control guest_vlan ports 1-8
Success.
DGS-3627:admin#
config mac_based_access_control ports
Purpose
Used to configure the port parameters for MAC-based Access Control.
Syntax
config mac_based_access_control ports [<portlist> | all] {state [enable | disable] |
mode [port_based | host_based] | aging_time [infinite | <min 1-1440>] | [block_time |
hold_time ]
[infinite|<sec 1-300>] | max_users [<value 1-4000> | no_limit]}(1)
Description
This command allows configures MAC-based Access Control port’s setting.
When the MAC-based Access Control function is enabled for a port and the port is not a
MAC-based Access Control guest VLAN member, the user who is attached to this port will
not be forwarded unless the user passes the authentication. A user that does not pass the
authentication will not be serviced by the switch. If the user passes the authentication, the
user will be able to forward traffic operated under the assigned VLAN.
When the MAC-based Access Control function is enabled for a port, and the port is a MAC-
based Access Control guest VLAN member, the port(s) will be removed from the original
Page 447 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
443
config mac_based_access_control ports
VLAN(s) member ports, and added to MAC-based Access Control guest VLAN member
ports. Before the authentication process starts, the user is able to forward traffic under the
guest VLAN. After the authentication process, the user will be able to access the assigned
VLAN.
If the port authorize mode is port based mode, when the port has been moved to the
authorized VLAN, the subsequent users will not be authenticated again. They will operate in
the current authorized VLAN. If the port authorize mode is host based mode, then each user
will be authorized individually and be capable of getting its own assigned VLAN.
Parameters
ports
- Specifies a range of ports for configuring the MAC-based Access Control function
parameters.
state
- Specifies whether the port’s MAC-based Access Control function is enabled or
disabled.
mode
- See below:
port_based
- Port based means that all users connected to a port share the first
authentication result.
host_based
- Host based means that each user has its own authentication result. If
the Switch does not support MAC-based VLANs, the switch will not allow the host
based option for ports that are in guest VLAN mode.
aging_time
- A time period during which an authenticated host will be kept in an
authenticated state. When the aging time has timed-out, the host will be moved back to
unauthenticated state. If the aging time is set to infinite, it means that authorized clients will
not be aged out automatically.
block_time
- If a host fails to pass the authentication, the next authentication will not start
within the block time unless the user clears the entry state manually. If the block time is set to
0, it means do not block the client that failed authentication.
block_time
– Specify the block time here.
infinite
– Specify to set the time to infinite.
max_users
- Specify maximum number of users per port. The range is 1 to 4000. The default
value is 128.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure the MAC-based Access Control state for ports 1 to 8:
DGS-3627:admin# config mac_based_access_control ports 1-8 state enable
Command: config mac_based_access_control ports 1-8 state enable
Success.
DGS-3627:admin#
To configure the MAC-based Access Control authorization mode for ports 1 to 8:
DGS-3627:admin# config mac_based_access_control ports 1-8 mode host_based
Command: config mac_based_access_control ports 1-8 mode host_based
Success.
DGS-3627:admin#
To configure an unlimited number of maximum users for MAC-based Access Control on ports 1 to 8:
Page 448 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
444
DGS-3627:admin# config mac_based_access_control ports 1-8 max_users no_limit
Command: config mac_based_access_control ports 1-8 max_users no_limit
Success.
DGS-3627:admin#
To configure the MAC-based Access Control timer parameters to have an infinite aging time and a block time of 120
seconds on ports 1 to 8:
DGS-3627:admin# config mac_based_access_control ports 1-8 aging_time infinite block_time
120
Command: config mac_based_access_control ports 1-8 aging_time infinite block_time 120
Success.
DGS-3627:admin#
create mac_based_access_control guest_vlan
Purpose
Used to assign a static 802.1Q VLAN as a MAC-based Access Control guest VLAN.
Syntax
create mac_based_access_control [guest_vlan <vlan_name 32> | guest_vlanid <vlanid
1-4094>]
Description
Used to assign a static 802.1Q VLAN as a MAC-based Access Control guest VLAN.
This command can be used to manage unauthenticated hosts in this guest VLAN, that is, the
unauthenticated host will stay in this guest VLAN until a successful authentication attempt.
Parameters
guest_vlan
- Specify MAC-based Access Control guest VLAN by name, it must be a static 1Q
VLAN.
guest_vlanid
- Specify MAC-based Access Control guest VLAN by VID, it must be a static 1Q
VLAN.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To create a MAC-based Access Control guest VLAN:
DGS-3627:admin# create mac_based_access_control guest_vlan VLAN8
Command: create mac_based_access_control guest_vlan VLAN8
Success.
DGS-3627:admin#
delete mac_based_access_control guest_vlan
Purpose
Used to remove a MAC-based Access Control guest VLAN.
Syntax
delete mac_based_access_control [guest_vlan <vlan_name 32> | guest_vlanid < vlanid
1-4094>]
Description
Use this command to remove a MAC-based Access Control guest VLAN. When the guest
VLAN is removed, the guest VLAN function will be disabled.
Parameters
guest_vlan
- Specifies the name of the MAC-based Access Control’s guest VLAN
guest_vlanid
- Specifies the VID of the MAC-based Access Control’s guest VLAN
Restrictions
Only Administrator and Operator-level users can issue this command.
Page 449 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
445
Example usage:
To delete the MAC-based Access Control guest VLAN called default:
DGS-3627:admin# delete mac_based_access_control guest_vlan default
Command: delete mac_based_access_control guest_vlan default
Success.
DGS-3627:admin#
clear mac_based_access_control auth_state
Purpose
Used to clear the clients’ authentication information by specific port(s) or MAC address.
Syntax
clear mac_based_access_control auth_state [ports [all | <portlist>] | mac_addr
<macaddr>]
Description
This command is used to clear the authentication state of a user (or port). The port (or the
user) will return to an un-authenticated state. All the timers associated with the port (or the
user) will be reset.
Parameters
ports
- To specify the port range to delete MAC addresses on them.
<macaddr>
- To delete a specified host with this MAC address.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To clear MAC-based Access Control clients’ authentication information for all ports:
DGS-3627:admin# clear mac_based_access_control auth_state ports all
Command: clear mac_based_access_control auth_state ports all
Success.
DGS-3627:admin#
To delete the MAC-based Access Control authentication information for the host that has a MAC address of 00-00-00-47-
04-65:
DGS-3627:admin# clear mac_based_access_control auth_state mac_addr 00-00-00-47-04-65
Command: clear mac_based_access_control auth_state mac_addr 00-00-00-47-04-65
Success.
DGS-3627:admin#
create mac_based_access_control_local
Purpose
Used to create a MAC-based Access Control local database entry that will be used for
authentication. This command can also specify the VLAN that an authorized host will be
assigned to.
Syntax
create mac_based_access_control_local mac <macaddr> {[vlan <vlan_name 32> |
vlanid < vlanid 1-4094>]}
Description
This command is used to create a database entry. The user also has the option of specifying
a target VLAN for this entry.
Page 450 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
446
create mac_based_access_control_local
Parameters
mac
- Specify the MAC address that can pass local authentication.
vlan
- Specify the target VLAN by using the VLAN name. When this host is authorized, it will
be assigned to this VLAN.
vlanid
- Specify the target VLAN by using the VID. When this host is authorized, it will be
assigned to this VLAN if the target VLAN exists.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To create one MAC-based Access Control local database entry for MAC address 00-00-00-00-00-01 and specify that the
host will be assigned to the “default” VLAN after the host has been authorized:
DGS-3627:admin# create mac_based_access_control_local mac 00-00-00-00-00-01 vlan default
Command: create mac_based_access_control_local mac 00-00-00-00-00-01 vlan default
Success.
DGS-3627:admin#
config mac_based_access_control_local
Purpose
Used to configure a MAC-based Access Control local database entry.
Syntax
config mac_based_access_control_local mac <macaddr> [vlan <vlan_name 32> |
vlanid < vlanid 1-4094> | clear_vlan]
Description
This command is used to configure a MAC-based Access Control local database entry.
Parameters
mac
- Specify the authenticated host’s MAC address.
vlan
- Specify the target VLAN by VLAN name. When this host is authorized, the host will be
assigned to this VLAN.
vlanid
- Specify the target VLAN by VID. When this host is authorized, the host will be
assigned to this VLAN if the target VLAN exists.
clear_vlan
- Clear target VLAN information for specific hosts from the local database.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure the target VLAN “default” for the MAC-based Access Control local database entry 00-00-00-00-00-01:
DGS-3627:admin# config mac_based_access_control_local mac 00-00-00-00-00-01 vlan default
Command: config mac_based_access_control_local mac 00-00-00-00-00-01 vlan default
Success.
DGS-3627:admin#
delete mac_based_access_control_local
Purpose
Used to delete a MAC-based Access Control local database entry.
Syntax
delete mac_based_access_control_local [mac <macaddr> | vlan <vlan_name 32> |
vlanid < vlanid 1-4094>]
Description
This command is used to delete a MAC-based Access Control local database entry.

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top