xStack® DES-3200 Series Layer 2 Ethernet Managed Switch CLI Reference Guide
config mac_based_access_control ports
Used to configure the parameters of the MAC-based access control.
config mac_based_access_control ports [<portlist> | all] {state [enable | disable] | mode
[port_based | host_based] aging_time [infinite | <min 1-1440>] | hold_time [infinite | <sec 1-
300> ] | max_users [no_limit | <value 1-128>] } (1)
This command is used to configure the parameters of the MAC-based access control
setting. When the MAC-AC function is enabled for a port, and the guest VLAN function for
this port is disabled, the user attached to this port will not be forwarded unless the user
pass the authentication. The user that does not pass the authentication will not be serviced
by the Switch. If the user passes the authentication, the user will be able to forward traffic
operated under the original VLAN configuration.
When the MAC-AC function is enabled for a port, and the guest VLAN function for this port
is enabled, it will move from the original VLAN member port, and become the member port
of the guest VLAN. before the authentication process starts. After the authentication and
authorization is enabled, if a valid VLAN is assigned by the RADIUS server, then this port
will be removed from the guest VLAN and become the member port of the assigned VLAN.
For guest VLAN mode, if the MAC address is authorized, but no VLAN information
assigned from RADIUS Server or the VLAN assigned by RADIUS server is invalid (e.g. the
assigned VLAN does not exist), this port/MAC will be removed from the member port of the
guest VLAN and will become a member port of the original VLAN.
ports - A range of ports that are enabled or disabled for the MAC-based access control
state - Specify whether MAC AC function is enabled or disabled.
mode – Either port-based or host-based. port_based means that all users connected to a
port share the first authentication result. host_based means that each user can have its
own authentication result.
aging_time - A time period during which an authenticated host will be kept in an
authenticated state. When the aging time is timed-out, the host will be moved back to an
unauthenticated state.
hold_time - If a host fails to pass the authentication, the next authentication will not start
within the hold time unless the user clears the entry state manually.
max_users - A threshold of maximum authorized client(s).
Only Administrator-level users can issue this command.
Example usage:
To configure a port state for MAC-based access control:
DES-3200-28:4#config mac_based_access_control ports 1-8 state enable
Command: config mac_based_access_control ports 1-8 state enable
create mac_based_access_control
Used to assign the guest VLAN.
create mac_based_access_control [guest_vlan <vlan_name 32>|