DGS-3000 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
408
• Before the authentication process starts, the user is able to forward traffic under the guest
VLAN.
• After the authentication process, the user will be able to access the assigned VLAN.
If the port authorize mode is port based mode, when the port has been moved to the authorized
VLAN, the subsequent users will not be authenticated again. They will operate in the current
authorized VLAN.
If the port authorize mode is host based mode, then each user will be authorized individually and
be capable of getting its own assigned VLAN.
If port’s block time is set to” infinite”, it means that a failed authentication client will never be
blocked. Block time will be set to “0”.
Format
config mac
_b
ased_access_
control ports [<portlist> |
all] {state [e
nable | disable] | mode
[port_based | host_based] | aging_time [infinite | <min 1-1440>] | block_time <sec 0-300> |
max_users [<value 1-1000> | no_limit]}(1)
Parameters
ports - Specifies a range of ports for configuring the MAC-based Access Control function
parameters.
<portlist> - Enter the list of port used for this configuration here.
all - Specifies all existed ports of switch for configuring the MAC-based Access Control
state - (Optional) Specifies whether the port’s MAC-based Access Control function is enabled or
disabled.
enable - Specifies that the port's MAC-based Access Control states will be enabled.
disable - Specifies that the port's MAC-based Access Control states will be disabled.
mode - (Optional) Specifies the MAC-based access control port mode used.
port_based - Specifies that the MAC-based access control port mode will be set to port-
based.
host_based - Specifies that the MAC-based access control port mode will be set to host-
aging_time - (Optional) A time period during which an authenticated host will be kept in an
authenticated state. When the aging time has timed-out, the host will be moved back to
unauthenticated state.
infinite - Specifies that the authorized clients will not be aged out automatically.
<min 1-1440> - Enter the aging time value here. This value must be between 1 and 1440
block_time - (Optional) If a host fails to pass the authentication, the next authentication will not
start within the block time unless the user clears the entry state manually. If the block time is
set to 0, it means do not block the client that failed authentication.
<sec 0-300> -Enter the block time value here. This value must be between 0 and 300
max_users - (Optional) Specifies maximum number of users per port.
<value 1-1000> - Enter the maximum number of users per port here. This value must be
between 1 and 1000.
no_limit - Specifies to not limit the maximum number of users on the port. The default value is
To Next Page
Loading...
