1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DGS-3612
    5. /
  5. 91
Page 451 / 757 Scroll up to view Page 446 - 450
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
447
delete mac_based_access_control_local
Parameters
mac
- Delete local database entry by specific MAC address.
vlan
- Delete local database entries by specific target VLAN name.
vlanid
- Delete local database entries by specific target VLAN ID.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To delete the MAC-based Access Control local database entry for MAC address 00-00-00-00-00-01:
DGS-3627:admin# delete mac_based_access_control_local mac 00-00-00-00-00-01
Command: delete mac_based_access_control_local mac 00-00-00-00-00-01
Success.
DGS-3627:admin#
To delete the MAC-based Access Control local database entry for the VLAN name VLAN3:
DGS-3627:admin# delete mac_based_access_control_local vlan VLAN3
Command: delete mac_based_access_control_local vlan VLAN3
Success.
DGS-3627:admin#
config mac_based_access_control authorization network
Purpose
Used to enable or disable the acceptation of an authorized configuration.
Syntax
config mac_based_access_control authorization network {radius [enable | disable] |
local [enable | disable]} (1)
Description
Used to enable or disable the acceptation of an authorized configuration.
When authorization is enabled for MAC-based Access Controls with RADIUS authentication,
the authorized attributes (for example VLAN, 802.1p default priority assigned by the RADUIS
server will be accepted if the global authorization status is enabled.
When authorization is enabled for MAC-based Access Controls with local authentication, the
authorized attributes assigned by the local database will be accepted.
Parameters
radius
- If specified to enable, the authorized attributes (for example VLAN, 802.1p default
priority assigned by the RADUIS server will be accepted if the global authorization status is
enabled. The default state is enabled.
local
- If specified to enable, the authorized attributes assigned by the local database will be
accepted if the global authorization status is enabled. The default state is enabled.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
The following example will disable the configuration authorized from the local database:
Page 452 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
448
DGS-3627:admin# config mac_based_access_control authorization attributes local disable
Command: config mac_based_access_control authorization attributes local disable
Success.
DGS-3627:admin#
show mac_based_access_control
Purpose
Used to display the MAC-based Access Control setting.
Syntax
show mac_based_access_control {ports {<portlist>}}
Description
This command is used to display the MAC-based Access Control settings.
Parameters
If the ports parameter is not specified, the global MAC-based Access Control settings will be
displayed.
<portlist>
- Displays the MAC-based Access Control settings for a specific port or range of
ports.
If no port list is specified, the settings will be displayed for ports which have MAC-based
Access Control enabled.
Restrictions
None.
Example usage:
To show the MAC-based Access Control port configuration for ports 1 to 4:
DGS-3627:admin# show mac_based_access_control ports 1-4
Command: show mac_based_access_control ports 1-4
Port
State
Aging Time
Block Time
Auth Mode
Max Users
(min)
(sec)
------
--------
----------
---------
----------- ------------
1
Disabled
100
100
Port-based
128
2
Disabled
100
200
Host-based
128
3
Disabled
50
0
Port-based
2000
4
Disabled
Infinite
100
Host-based
No Limit
DGS-3627:admin#
show mac_based_access_control_local
Purpose
Used to display the MAC-based Access Control local database entry(s).
Syntax
show mac_based_access_control_local {[mac <macaddr> | vlan <vlan_name 32> |
vlanid <1-4094>]}
Description
This command is used to display the MAC-based Access Control local database entries.
Parameters
Displays all MAC-based Access Control local database entries.
mac
- Displays MAC-based Access Control local database entries for a specific MAC
address.
vlan
- Displays MAC-based Access Control local database entries for a specific target VLAN
name.
vlanid
- Displays MAC-based Access Control local database entries for a specific target
VLAN ID.
Restrictions
None.
Page 453 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
449
Example usage:
To show the MAC-based Access Control local database:
DGS-3627:admin# show mac_based_access_control_local
Command: show mac_based_access_control_local
MAC Address
VID
-----------------
----
00-00-00-00-00-01
1
00-00-00-00-00-02
123
00-00-00-00-00-03
123
00-00-00-00-00-04
1
Total Entries:4
DGS-3627:admin#
To show the MAC-based Access Control local database for the MAC address 00-00-00-00-00-01:
DGS-3627:admin# show mac_based_access_control_local mac 00-00-00-00-00-01
Command: show mac_based_access_control_local mac 00-00-00-00-00-01
MAC Address
VID
-----------------
----
00-00-00-00-00-01
1
Total Entries:1
DGS-3627:admin#
To show MAC-based Access Control local database for the VLAN called ‘default’:
DGS-3627:admin# show mac_based_access_control_local vlan default
Command: show mac_based_access_control_local vlan default
MAC Address
VID
-----------------
----
00-00-00-00-00-01
1
00-00-00-00-00-04
1
Total Entries:2
DGS-3627:admin#
show mac_based_access_control auth_state
Purpose
Used to display the MAC-based Access Control authentication status.
Syntax
show mac_based_access_control auth_state ports {<portlist>}
Description
This command is used to display the MAC-based Access Control authentication status.
Parameters
<portlist>
- Display authentication status by specific port.
If not specified port(s), it will display all of MAC-based Access Control ports authentication
status.
Restrictions
None.
Page 454 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
450
Example usage:
Suppose that port 1 is in host based mode:
MAC 00-00-00-00-00-01 is authenticated without a VLAN assigned (may be the specified target VLAN does not exist or
the target VLAN has not been specified at all), the ID of the RX VLAN will be displayed (RX VLAN ID is 4004 in this
example).
MAC 00-00-00-00-00-02 is authenticated with a target VLAN assigned, the ID of the target VLAN will be displayed (target
VLAN ID is 1234 in this example).
MAC 00-00-00-00-00-03 fails to pass authentication, the VID field will be shown as “-”, indicating that packets with SA 00-
00-00-00-00-03 will be dropped no matter which VLAN these packets are from.
MAC 00-00-00-00-00-04 attempts to start authentication, the VID field will be shown as “-“until authentication completes.
Suppose that port 2 is in port based mode:
MAC 00-00-00-00-00-10 is the host which causes port 2 to pass authentication; the MAC address is followed by “(P)” to
indicate port based mode authentication.
Suppose that port 3 is in port based mode:
MAC 00-00-00-00-00-20 attempts to start authentication, the MAC address is followed by “(P)” to indicate port based
mode authentication.
MAC 00-00-00-00-00-21 fails to pass authentication, the MAC address is followed by “(P)” to indicate port based mode
authentication.
NOTE:
In port-based mode, the VLAN ID field is displayed in the same way as host based mode.
To display the MAC-based Access Control authentication status on port 1, 2, 3.
DGS-3627:admin# show mac_based_access_control auth_state ports 1-3
Command: show mac_based_access_control auth_state ports 1-3
(P):Port based
Port MAC Address
State
VID
Priority
Aging Time/
Block Time
---- ------------------- ------------- ------- ---------- ------------
1
00-00-00-00-00-01
Authenticated
4004
3
Infinite
1
00-00-00-00-00-02
Authenticated
1234
-
Infinite
1
00-00-00-00-00-03
Blocked
-
-
60
1
00-00-00-00-00-04
Authenticating
-
-
5
2
00-00-00-00-00-10(P) Authenticated
1234
4
1440
3
00-00-00-00-00-20(P) Authenticating
-
-
20
3
00-00-00-00-00-21(P) Blocked
-
-
120
Total Authenticating Hosts :2
Total Authenticated Hosts
:3
Total Blocked Hosts
:2
DGS-3627:admin#
config mac_based_access_control max_users
Purpose
Used to configure the maximum number of authorized clients.
Syntax
config mac_based_access_control max_users [<value 1-4000> | no_limit]
Description
This setting is a global limitation on the maximum number of users that can be learned via
MAC-based Access Control.
In addition, to the global limitation, the maximum number of users per port is also limited.
Page 455 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
451
config mac_based_access_control max_users
This is specified by the config config mac_based_access_control ports max_users command.
Parameters
<value 1–4000>
- Specify to set the maximum number of authorized clients on the whole
device.
no_limit
- Specify to not limit the maximum number of users on the system. By default, there
is no limit on the number of users.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure the maximum number of users the MAC-based Access Control system supports:
DGS-3627:admin# config mac_based_access_control max_users 128
Command: config mac_based_access_control max_users 128
Success.
DGS-3627:admin#

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top