EasyManuals Logo

D-Link xStack DGS-3610 Series User Manual

D-Link xStack DGS-3610 Series
703 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #247 background imageLoading...
Page #247 background image
DGS-3610 Series Configuration Guide Chapter 21 DHCP Relay Configuration
21-5
Command
Function
DGS-3610(config)# ip dhcp relay
information option dot1x
Enable the DHCP option dot1x function
DGS-3610(config)# no ip dhcp relay
information option dot1x
Disable the DHCP option dot1x function
21.2.4 Configuring DHCP option dot1x
access-group
In the option dot1x application scheme, the device needs to restrict the unauthorized IP or
the IP with low privilege to access certain IP addresses, and restrict the access between
users with low privileges. To do so, configure the command ip dhcp relay information
option dot1x access-group acl-name. Here the ACL defined by acl-name must be
configured in advance. It is used to filter some contents and prohibit unauthorized users from
accessing each other. In addition, ACL associated here is applied to all the ports on the
device. This ACL has not default ACE and is not conflicted with ACLs associated with other
interfaces. For example:
Assign a type of IP addresses for all the unauthorized users, namely
192.168.3.2-192.168.3.254, 192.168.4.2-192.168.4.254, and 192.168.5.2-192.168.5.254.
192.168.3.1, 192.168.4.1, and 192.168.5.1 are gateway addresses that are not assigned to
users. This way, an unauthorized user uses one of the 192.168.3.x-5.x addresses to access
the Web portal for downloading client software. Therefore, the device should be configured
as follows:
DGS-3610# config
DGS-3610(config)# ip access-list extended DenyAccessEachOtherOfUnauthrize
DGS-3610(config-ext-nacl)# permit ip any host 192.168.3.1 //Packet that can be sent
to the gateway
DGS-3610(config-ext-nacl)# permit ip any host 192.168.4.1
DGS-3610(config-ext-nacl)# permit ip any host 192.168.5.1
DGS-3610(config-ext-nacl)# permit ip host 192.168.3.1 any
//Allow communication of packets with IP address as the gateway address
DGS-3610(config-ext-nacl)# permit ip host 192.168.4.1 any
DGS-3610(config-ext-nacl)# permit ip host 192.168.5.1 any
DGS-3610(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255
//Prohibit unauthorized users from accessing each other
DGS-3610(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
DGS-3610(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
DGS-3610(config-ext-nacl)# deny ip 192.168.4.0 0.0.0.255 192.168.4.0 0.0.0.255
DGS-3610(config-ext-nacl)# deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
DGS-3610(config-ext-nacl)# deny ip 192.168.5.0 0.0.0.255 192.168.5.0 0.0.0.255
DGS-3610(config-ext-nacl)# deny ip 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255
DGS-3610(config-ext-nacl)# deny ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
DGS-3610(config-ext-nacl)# exit

Table of Contents

Other manuals for D-Link xStack DGS-3610 Series

Preview: Hardware Installation Guide
Hardware Installation Guide26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the D-Link xStack DGS-3610 Series and is the answer not in the manual?

D-Link xStack DGS-3610 Series Specifications

General IconGeneral
BrandD-Link
ModelxStack DGS-3610 Series
CategorySwitch
LanguageEnglish

Related product manuals