Page 286 / 351 Scroll up to view Page 281 - 285
286
set wireless mac-auth wrlss-MAC-list mac-address
MAC-address_string
Enters a new MAC address into the MAC address authorization table. The format for an
Ethernet MAC address is six hexadecimal values between 00 and FF inclusive separated by
colons or dashes (e.g., 00:00:C5:70:00:04).
set wireless mac-auth wrlss-MAC-list mac-address
MAC-address_string
” allow-access { on | off }
Designates whether the MAC address is enabled or not for wireless network access. Dis-
abled MAC addresses cannot be used for access until enabled.
Page 287 / 351
287
CONFIG Commands
RADIUS Server Settings
set radius radius-name "
server_name_string
"
Specifies the default RADIUS server name or IP address.
set radius radius-secret "
shared_secret
"
Specifies the RADIUS secret key used by this server. The shared secret should have the
same characteristics as a normal password.
set radius alt-radius-name "
server_name_string
"
Specifies an alternate RADIUS server name or IP address to be used if the primary server
is unreachable.
set radius alt-radius-secret "
shared_secret
"
Specifies the secret key used by the alternate RADIUS server.
set radius radius-port
port_number
Specifies the port on which the RADIUS server is listening. The default value is 1812.
Page 288 / 351
288
VLAN Settings
You can create up to 8 VLANs, and you can also restrict any VLAN, and the computers on it,
from administering the Gateway. See
VLAN
” on page
106
for more information.
set vlan name
name
Sets the descriptive name for the VLAN. If no name is specified, displays a selection list of
node names to select for editing. Once a new VLAN name is specified, presents the list of
VLAN characteristics to define.
set vlan name
name
type [ by-port | global ]
Specifies VLAN
type
:
by-port
or
global
. Default is
by-port
.
set vlan name
name
id
VID
Specifies VLAN
id
(VID), when type is set to
global
. The numerical range of possible VIDs
is 1 - 4094. (A VID of zero (0) is permitted on the Ethernet WAN port only.)
set vlan name
name
admin-restricted [ off | on ]
Turns
admin-restricted
off
or
on
. Default is
off
. If you select
on
, administrative access to
the Gateway is blocked from the specified VLAN.
set vlan name
name
seg-pbits [ 0 - 7 ]
Specifies the 802.1p priority bit. If you set this to a value greater than 0, all packets of this
VLAN with unmarked priority bits (pbits) will be re-marked to this priority.
set vlan name
name
ports
port
option [ off | on ]
Enables or disables the Gateway’s physical Ethernet, USB or VCC
port
or wireless SSID for
the specified VLAN.
Page 289 / 351
289
CONFIG Commands
set vlan name
name
ports
port
tag [ off | on ]
If set to
on
, packets transmitted from this port through this VLAN must be tagged with the
VLAN VID. Packets received through this port destined for this VLAN must be tagged with
the VLAN VID by the source. The
tag
option is only available on
global
type ports.
set vlan name
name
ports
port
priority [ off | on ]
Enables or disables the
priority
for the port assigned to the specified VLAN allowing
packet prioritization based on any 802.1p priority bits in the VLAN header to prioritize pack-
ets within the Gateway’s internal queues, according to DiffServ priority mapping rules.
set vlan name
name
ports
port
promote [ off | on ]
Enables or disables the
promote
setting allowing writing any 802.1p priority bits into the
IP-TOS header bit field for received IP packets on this port destined for this VLAN. Write any
IP-TOS priority bits into the 802.1p priority bit field for tagged IP packets transmitted from
this port for this VLAN. All mappings between Ethernet 802.1p and IP-TOS are made via
diffserv
dscp-map
settings.
set vlan name
name
ports
port
port-pbits [ 0 - 7 ]
Specifies the 802.1p priority bit for this port associated with the specified VLAN. If you set
this to a value greater than 0, all packets of this port with unmarked priority bits (pbits) will
be re-marked to this priority.
set vlan name
name
ip-interface
ip_interface
Associates this VLAN with the specified IP interface. By default the
ip-vcc1
and
ip-eth-a
interfaces are available, but others may be defined.
set vlan name
name
inter-vlan-routing [ group-1... group-8 ] [ off | on ]
When set to
on
,
inter-vlan-routing
allows VLANs in the specified group to route traffic to
the others; ungrouped VLANs cannot route traffic to each other.
You must save the changes, exit out of configuration mode, and restart the Gateway for the
changes to take effect.
Page 290 / 351
290
Example 1:
A simple example using the “Step” method – Navigate to the VLAN item:
Netopia-3000/9437188 (top)>> vlan
Netopia-3000/9437188 (vlan)>> set
vlan
(vlan) node list ...
Select (name) node to modify from list,
or enter new (name) to create.
vlan name (?): vlan1
(vlan1) has been added to the (vlan) list
name "vlan1"
type (by-port) [ by-port | global ]: by-port
admin-restricted (off) [ off | on ]: off
seg-pbits (0) [ 0 - 7 ]: 0
ports
At this point you have created a VLAN. It is called
vlan1
, without any admin restrictions.
Next, add the port
eth0.1
port to this VLAN:
ports
eth0.1
option (off) [ off | on ]: on
priority (off) [ off | on ]: on
promote (off) [ off | on ]: on
port-pbits (0) [ 0 - 7 ]: 1
eth0.2
option (off) [ off | on ]:
eth0.3
option (off) [ off | on ]:
eth0.4
option (off) [ off | on ]:
ssid1
option (off) [ off | on ]:
vcc1
option (off) [ off | on ]:
Assign an IP interface:
ip-vcc1
option (off) [ off | on ]:
ip-eth-a
option (off) [ off | on ]: on
ipsec-mgmt1
option (off) [ off | on ]:
Netopia-3000/9437188 (vlan)>>

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top