Support User Manuals

D-Link DES-7200 Refrigerator User Manual

Open as PDF

of 1968

DES-7200 Configuration Guide Chapter 5 DHCP Relay Configuration

5-6

Command Function

DES-7200(config)# ip dhcp relay

information option dot1x

Enable the DHCP option dot1x function.

DES-7200(config)# no ip dhcp relay

information option dot1x

Disable the DHCP option dot1x

function.

5.2.4 Configuring DHCP

option dot1x

access-group

In the option dot1x application scheme, the device needs to restrict the

unauthorized IP address or the IP address with low privilege to access certain

IP addresses, and restrict the access between users with low privileges. To do

so, configure the command ip dhcp relay information option dot1x

access-group acl-name. Here the ACL defined by acl-name must be

configured in advance. It is used to filter some contents and prohibit

unauthorized users from accessing each other. In addition, ACL associated

here is applied to all the ports on the device. This ACL has not default ACE and

is not conflicted with ACLs associated with other interfaces. For example:

Assign a type of IP addresses for all the unauthorized users, namely

192.168.3.2-192.168.3.254, 192.168.4.2-192.168.4.254, and

192.168.5.2-192.168.5.254. 192.168.3.1, 192.168.4.1, and 192.168.5.1 are

gateway addresses that are not assigned to users. In this way, an unauthorized

user uses one of the 192.168.3.x-5.x addresses to access the Web portal for

downloading client software. Therefore, the device should be configured as

follows:

DES-7200# config

DES-7200(config)# ip access-list extended DenyAccessEachOtherOfUnauthrize

DES-7200(config-ext-nacl)# permit ip any host 192.168.3.1 //Packet that

can be sent to the gateway

DES-7200(config-ext-nacl)# permit ip any host 192.168.4.1

DES-7200(config-ext-nacl)# permit ip any host 192.168.5.1

DES-7200(config-ext-nacl)# permit ip host 192.168.3.1 any

//Permit the packets whose source IP address is the gateway.

DES-7200(config-ext-nacl)# permit ip host 192.168.4.1 any

DES-7200(config-ext-nacl)# permit ip host 192.168.5.1 any

DES-7200(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.3.0

0.0.0.255

//Prohibit unauthorized users from accessing each other

DES-7200(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.4.0

0.0.0.255

previous next