DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch CLI Manual
config mac_based_access_control ports
config mac_based_access_control ports [<portlist> | all] {state [enable | disable] |
mode [port_based | host_based] | aging_time [infinite | <min 1-1440>] | [block_time |
hold_time ] [infinite|<sec 1-300>] | max_users [<value 1-4000> | no_limit]}(1)
This command allows configures MAC-based Access Control port’s setting.
When the MAC-based Access Control function is enabled for a port and the port is not a
MAC-based Access Control guest VLAN member, the user who is attached to this port will
not be forwarded unless the user passes the authentication. A user that does not pass the
authentication will not be serviced by the switch. If the user passes the authentication, the
user will be able to forward traffic operated under the assigned VLAN.
When the MAC-based Access Control function is enabled for a port, and the port is a MAC-
based Access Control guest VLAN member, the port(s) will be removed from the original
VLAN(s) member ports, and added to MAC-based Access Control guest VLAN member
ports. Before the authentication process starts, the user is able to forward traffic under the
guest VLAN. After the authentication process, the user will be able to access the assigned
If the port authorize mode is port based mode, when the port has been moved to the
authorized VLAN, the subsequent users will not be authenticated again. They will operate in
the current authorized VLAN. If the port authorize mode is host based mode, then each user
will be authorized individually and be capable of getting its own assigned VLAN.
- Specifies a range of ports for configuring the MAC-based Access Control function
- Specifies whether the port’s MAC-based Access Control function is enabled or
- See below:
- Port based means that all users connected to a port share the first
authentication result.
- Host based means that each user has its own authentication result. If
the Switch does not support MAC-based VLANs, the switch will not allow the host
based option for ports that are in guest VLAN mode.
- A time period during which an authenticated host will be kept in an
authenticated state. When the aging time has timed-out, the host will be moved back to
unauthenticated state. If the aging time is set to infinite, it means that authorized clients will
not be aged out automatically.
- If a host fails to pass the authentication, the next authentication will not start
within the block time unless the user clears the entry state manually. If the block time is set to
0, it means do not block the client that failed authentication.
– Specify the block time here.
– Specify to set the time to infinite.
- Specify maximum number of users per port. The range is 1 to 4000. The default
value is 1024.
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure the MAC-based Access Control state for ports 1 to 8:
DGS-3450:admin# config mac_based_access_control ports 1-8 state enable
Command: config mac_based_access_control ports 1-8 state enable
To configure the MAC-based Access Control authorization mode for ports 1 to 8: