Table of Contents DWS-1008 CLI Reference Guide Table of Contents Using the Command Line Interface ................................................................2 CLI Conventions ........................................................................................2 Globs .........................................................................................................4 Command Line Editing ..............................................................................6 Using CLI Help ...........
DWS-1008 CLI Reference Guide Using the Command Line Interface Using the Command Line Interface CLI Conventions Command Prompts By default, the MSS CLI provides the following prompt for restricted users. The mm portion shows the DWS switch model number (for example, 1008) and the nnnnnn portion shows the last 6 digits of the switch’s media access control (MAC) address.
DWS-1008 CLI Reference Guide Using the Command Line Interface Text Entry Conventions and Allowed Characters Unless otherwise indicated, the MSS CLI accepts standard ASCII alphanumeric characters, except for tabs and spaces, and is case-insensitive. The CLI has specific notation requirements for MAC addresses, IP addresses, and masks, and allows you to group usernames, MAC addresses, virtual LAN (VLAN) names, and ports in a single command.
DWS-1008 CLI Reference Guide Using the Command Line Interface Wildcard Masks Security access control lists (ACLs) use source and destination IP addresses and wildcard masks to determine whether the switch filters or forwards IP packets. Matching packets are either permitted or denied network access. The ACL checks the bits in IP addresses that correspond to any 0s (zeros) in the mask, but does not check the bits that correspond to 1s (ones) in the mask.
Using the Command Line Interface DWS-1008 CLI Reference Guide EXAMPLE\* All users in the Windows Domain EXAMPLE with usernames that have no delimiters. EXAMPLE\*.* All users in the Windows Domain EXAMPLE whose usernames contain periods. ** All users. MAC Address Globs A media access control (MAC) address glob is a similar method for matching some authentication, authorization, and accounting (AAA) and forwarding database (FDB) commands to one or more 6-byte MAC addresses.
DWS-1008 CLI Reference Guide Using the Command Line Interface Port Lists The physical Ethernet ports on a switch can be set for connection to DWL-8220AP access points, authenticated wired users, or the network backbone. You can include a single port or multiple ports in one CLI command by using the appropriate list format. The ports on a DWS-1008 switch are numbered 1 through 8. No port 0 exists on the switch. You can include a single port or multiple ports in a command that includes port port-list.
Using the Command Line Interface DWS-1008 CLI Reference Guide Keyboard Shortcuts The following table lists the keyboard shortcuts for entering and editing CLI commands: Keyboard Shortcut(s) ---------------------------------Ctrl+A Ctrl+B or Left Arrow key Ctrl+C Ctrl+D Ctrl+E Ctrl+F or Right Arrow key Ctrl+K Ctrl+L or Ctrl+R Ctrl+N or Down Arrow key Ctrl+P or Up Arrow key Ctrl+U or Ctrl+X Ctrl+W Esc B Esc D Delete key or Backspace key Function --------------------------------------------------------------
DWS-1008 CLI Reference Guide Using the Command Line Interface Using CLI Help The CLI provides online help. To see the full range of commands available at your access level, type the help command.
DWS-1008 CLI Reference Guide Using the Command Line Interface To see all the variations, type one of the commands followed by a question mark (?).
Access Commands DWS-1008 CLI Reference Guide Access Commands Use access commands to control access to the Mobility Software System (MSS) (CLI). This chapter presents access commands alphabetically. Use the following table to locate commands in this chapter based on their use. disable Changes the CLI session from enabled mode to restricted access. Syntax: Defaults: Access: disable None. Enabled.
DWS-1008 CLI Reference Guide Access Commands quit Exit from the CLI session. Syntax: quit Defaults: Access: None All Examples: To end the administrator’s session, type the following command: DWS-1008> quit set enablepass Sets the password that provides enabled access (for configuration and monitoring) to the DWS-1008 switch. Note: The enable password is case-sensitive. Syntax: set enablepass Defaults: None. Access: Enabled. Usage: After typing the set enablepass command, press Enter.
DWS-1008 CLI Reference Guide System Services Commands System Services Commands Use system services commands to configure and monitor system information for a DWS-1008 switch. This chapter presents system services commands alphabetically. Use the following table to located commands in this chapter based on their use. clear banner motd Deletes the message-of-the-day (MOTD) banner that is displayed before the login prompt for each CLI session on the switch.
DWS-1008 CLI Reference Guide System Services Commands Clear Prompt (continued) Examples: To reset the prompt, type the following command: switch1# clear prompt success: change accepted. DWS-1008# clear system Clears the system configuration of the specified information. Syntax: clear system [contact | countrycode | ip-address | location | name] contact Resets the name of contact person for the DWS-1008 switch to null. countrycode Resets the country code for the switch to null.
DWS-1008 CLI Reference Guide System Services Commands help Displays a list of commands that can be used to configure and monitor the switch. Syntax: help Defaults: None. Access: All. Examples: Use this command to see a list of available commands. If you have restricted access, you see fewer commands than if you have enabled access.
DWS-1008 CLI Reference Guide System Services Commands history Displays the command history buffer for the current CLI session.
DWS-1008 CLI Reference Guide System Services Commands set confirm Enables or disables the display of confirmation messages for commands that might have a large impact on the network. Syntax: set confirm {on | off} on off Enables confirmation messages. Disables confirmation messages. Defaults: Configuration messages are enabled Access: Enabled Usage: This command remains in effect for the duration of the session, until you enter an exit or quit command, or until you enter another set confirm command.
DWS-1008 CLI Reference Guide System Services Commands Examples: To set the number of lines displayed to 100, type the following command: DWS-1008# set length 100 success: screen length for this session set to 100 Set Prompt Changes the CLI prompt for the DWS-1008 switch to a string you specify. Syntax: set prompt string string Alphanumeric string up to 32 characters long. To include spaces in the prompt, you must enclose the string in double quotation marks (“”).
DWS-1008 CLI Reference Guide System Services Commands set system contact Stores a contact name for the DWS-1008 switch. Syntax: set system contact string string Alphanumeric string up to 256 characters long, with no blank spaces. Defaults: None Access: Enabled To view the system contact string, type the show system command. Examples: The following command sets the system contact information to tamara@example.com: DWS-1008# set system contact tamara@example.com success: change accepted.
DWS-1008 CLI Reference Guide System Services Commands set system countrycode (continued) Defaults: The factory default country code is None. Access: Enabled. Usage: You must set the system county code to a valid value before using any set ap commands to configure a DWL-8220AP access point. Examples: To set the country code to Canada, type the following command: DWS-1008# set system country code CA success: change accepted.
DWS-1008 CLI Reference Guide System Services Commands set system location Stores location information for the DWS-1008 switch. Syntax: set system location string string Alphanumeric string up to 256 characters long, with no blank spaces. Defaults: None Access: Enabled Usage: You cannot include spaces in the system location string. To view the system location string, type the show system command.
DWS-1008 CLI Reference Guide System Services Commands show banner motd Shows the banner that was configured with the set banner motd command. Syntax: show banner motd Defaults: None Access: Enabled Examples: To display the banner with the message of the day, type the following command: DWS-1008# show banner motd hello world show system Displays system information.
DWS-1008 CLI Reference Guide System Services Commands The table below describes the fields of show system output. Field Description ------------------------------------------------------------------------------------------------------------------------Product Name DWS model number. System Name System name (factory default, or optionally configured with set system name). System Countrycode Country-specific 802.11 code required for AP operation (configured with set system countrycode).
DWS-1008 CLI Reference Guide System Services Commands Field Description ------------------------------------------------------------------------------------------------------------------------Temperature Status of temperature sensors at three locations in the switch: • ok - Temperature is within the acceptable range of 0° C to50° C (32° F to 122° F). • Alarm - Temperature is above or below the acceptable range. MSS sends an alert to the system log every 5 minutes until this condition is corrected.
DWS-1008 CLI Reference Guide Port Commands Port Commands Use port commands to configure and manage individual ports and load-sharing port groups. This chapter presents port commands alphabetically. clear dap Caution: When you clear a Distributed AP, MSS ends user sessions that are using the AP. Removes a Distributed AP. Syntax: clear dap dap-num dap-num Number of the Distributed AP(s) you want to remove.
DWS-1008 CLI Reference Guide name name Port Commands Name of the port group. Defaults: None. Access: Enabled. Examples: The following command clears port group server1: DWS-1008# clear port-group name server1 success: change accepted. clear port name Removes the name assigned to a port. Syntax: clear port port-list name port-list List of physical ports. MSS removes the names from all the specified ports.
DWS-1008 CLI Reference Guide Port Commands Port Parameter Setting -----------------------------------------------------------------------------------------------------------------------VLAN membership None. Note: Although the command changes a port to a network port, the command does not place the port in any VLAN. To use the port in a VLAN, you must add the port to the VLAN. Spanning Tree Protocol (STP) Based on the VLAN(s) you add the port to. 802.1X No authorization. Port groups None.
DWS-1008 CLI Reference Guide Port Commands monitor port counters (continued) Defaults: All types of statistics are displayed for all ports. MSS refreshes the statistics every 5 seconds. This interval cannot be configured. Statistics types are displayed in the following order by default: • Octets • Packets • Receive errors • Transmit errors • Collisions • Receive Ethernet statistics • Transmit Ethernet statistics Access: All Usage: Each type of statistic is displayed separately.
DWS-1008 CLI Reference Guide Port Commands Port Status Rx Octets Tx Octets ============================================================= 1 Up 27965420 34886544 ... To cycle the display to the next set of statistics, press the Spacebar.
DWS-1008 CLI Reference Guide Statistics Option receive-errors Port Commands Field Rx Crc Rx Error Rx Short Rx Overrun transmit-errors Tx Crc Tx Short Tx Fragment Tx Abort collisions Single Coll Multiple Coll Excessive Coll Total Coll receive-etherstats Rx 64 Rx 127 Rx 255 Rx 511 Rx 1023 Rx 1518 D-Link Systems, Inc. Description Number of frames received by the port that had the correct length but contained an invalid frame check sequence (FCS) value.
DWS-1008 CLI Reference Guide Statistics Option transmit-etherstats Port Commands Field Tx 64 Tx 127 Tx 255 Tx 511 Tx 1023 Tx 1518 Description Number of packets transmitted that were 64 bytes long. Number of packets transmitted that were from 65 through 127 bytes long. Number of packets transmitted that were from 128 through 255 bytes long. Number of packets transmitted that were from 256 through 511 bytes long. Number of packets transmitted that were from 512 through 1023 bytes long.
DWS-1008 CLI Reference Guide Port Commands set dap (continued) Syntax: set dap dap-num serial-id serial-ID model {dwl-8220ap} [radiotype {11a | 11b| 11g}] dap-num Number for the Distributed AP. serial-id serial-ID DWL-8220AP access point serial ID. The serial ID is listed on the AP case. To display the serial ID using the CLI, use the show version details command. The range of valid connection numbers is from 1-30. radiotype 11a|11b|11g Radio type: • 11a—802.11a • 11b—802.11b • 11g—802.
DWS-1008 CLI Reference Guide Port Commands set port Administratively disables or reenables a port. Syntax: set port {enable | disable} port-list enable disable port-list Enables the specified ports. Disables the specified ports. List of physical ports. MSS disables or reenables all the specified ports. Defaults: All ports are enabled. Access: Enabled Usage: A port that is administratively disabled cannot send or receive packets. This command does not affect the link state of the port.
DWS-1008 CLI Reference Guide Port Commands set port-group Usage: You can configure up to 16 ports in a port group, in any combination of ports. The port numbers do not need to be contiguous and you can use 10/100 Ethernet ports and gigabit Ethernet ports in the same port group. After you add a port to a port group, you cannot configure port parameters on the individual port. Instead, change port parameters on the entire group.
DWS-1008 CLI Reference Guide Port Commands set port negotiation Disables or reenables autonegotiation on gigabit Ethernet or 10/100 Ethernet ports. Syntax: set port negotiation port-list {enable | disable} port-list enable disable List of physical ports. MSS disables or reenables autonegotiation on all the specified ports. Enables autonegotiation on the specified ports. Disables autonegotiation on the specified ports. Defaults: Autonegotiation is enabled on all Ethernet ports by default.
DWS-1008 CLI Reference Guide Port Commands set port poe (continued) Defaults: PoE is disabled on network and wired authentication ports. The state on access point ports depends on whether you enabled or disabled PoE when setting the port type.
DWS-1008 CLI Reference Guide Port Commands set port trap Enables or disables Simple Network Management Protocol (SNMP) linkup and linkdown traps on an individual port. Syntax: set port trap port-list {enable | disable} port-list List of physical ports. enable Enables the Telnet server. disable Disables the Telnet server. Defaults: SNMP linkup and linkdown traps are disabled by default. Access Enabled. Usage: The set port trap command overrides the global setting of the set snmp trap command.
DWS-1008 CLI Reference Guide Port Commands set port type ap (continued) Syntax: set port type ap port-list model dwl-8220ap poe {enable | disable} [radiotype {11a | 11b | 11g}] port-list poe enable | disable List of physical ports. Power over Ethernet (PoE) state. radiotype 11a |11b|11g Radio type: • 11a—802.11a • 11b—802.11b • 11g—802.11g Access: Enabled Usage: You cannot set a port’s type if the port is a member of a port VLAN. To remove a port from a VLAN, use the clear vlan command.
DWS-1008 CLI Reference Guide Port Commands set port type ap (continued) The following command sets ports 4 through 6 for the DWL-8220AP and enables PoE on the ports: DWS-1008# set port type ap 4-6 model dwl-8220ap poe enable This may affect the power applied on the configured ports. Would you like to continue? (y/n) [n]y success: change accepted. The following command sets port 1 for the DWL-8220AP, enables PoE on the port, and sets the radio type to 802.
DWS-1008 CLI Reference Guide Port Commands set port type wired-auth (continued) Defaults: The default tag-list is null (no tag values). The default number of sessions is 1. The default fallthru authentication type is none. Access: Enabled Usage: You cannot set a port’s type if the port is a member of a port VLAN. To remove a port from a VLAN, use the clear vlan command. To reset a port as a network port, use the clear port type command.
DWS-1008 CLI Reference Guide Port Commands show port counters Displays port statistics. Syntax: show port counters [octets | packets | receive-errors | transmit-errors | collisions | receive-etherstats | transmit-etherstats] [port port-list] octets Displays octet statistics. packets Displays packet statistics. receive-errors Displays errors in received packets. transmit-errors Displays errors in transmitted packets. collisions Displays collision statistics.
DWS-1008 CLI Reference Guide Port Commands show port-group Displays port group information. Syntax: show port-group [all | name group-name] all Displays information for all port groups. name group-name Displays information for the specified port group. Defaults: None Access: All Examples: The following command displays the configuration of port group server2: DWS-1008# show port-group name server2 Port group: server2 is up Ports: 1, 3 The table below describes the fields in the show port-group output.
DWS-1008 CLI Reference Guide Port Commands Examples: The following command displays PoE information for all ports on the DWS-1008 switch: DWS-1008# show port poe Link Port PoE PoE Port Name Status Type config Draw ============================================================= 1 1 up disabled off 2 2 down disabled off 3 3 down disabled off 4 4 down disabled off 5 5 down disabled off 6 6 up MP enabled 1.44 7 7 down disabled invalid 8 8 down disabled invalid The table below describes the fields in this display.
DWS-1008 CLI Reference Guide Port Commands Examples: The following command displays information for all ports on the DWS-1008: DWS-1008# show port status Port Name Admin Oper Config Actual Type Media ============================================================= 1 1 up up auto 100/full network 10/100BaseTx 2 2 up down auto network 10/100BaseTx 3 3 up down auto network 10/100BaseTx 4 4 up down auto network 10/100BaseTx 5 5 up up auto 100/full ap 10/100BaseTx 6 6 up down auto network 10/100BaseTx 7 7 up down
DWS-1008 CLI Reference Guide VLAN Commands VLAN Commands Use virtual LAN (VLAN) commands to configure and manage parameters for individual port VLANs on network ports. This chapter presents VLAN commands alphabetically. clear fdb Deletes an entry from the forwarding database (FDB). Syntax: clear fdb {perm | static | dynamic | port port-list} [vlan vlan-id] [tag tag-value] perm Clears permanent entries.
DWS-1008 CLI Reference Guide VLAN Commands clear fdb (continued) Examples: The following command clears all static forwarding database entries that match VLAN blue: DWS-1008# clear fdb static vlan blue success: change accepted. The following command clears all dynamic forwarding database entries that match all VLANs: DWS-1008# clear fdb dynamic success: change accepted.
DWS-1008 CLI Reference Guide VLAN Commands clear vlan (continued) Usage: If you do not specify a port-list, the entire VLAN is removed from the configuration. Note: You cannot delete the default VLAN but you can remove ports from it. To remove ports from the default VLAN, use the port port-list option. Examples: The following command removes port 1 from VLAN green: DWS-1008# clear vlan green port 1 This may disrupt user connectivity. Do you wish to continue? (y/n) [n]y success: change accepted.
DWS-1008 CLI Reference Guide VLAN Commands set fdb (continued) vlan vlan-id Name or number of a VLAN of which the port is a member. The entry is added only for the specified VLAN. tag tag-value VLAN tag value that identifies a virtual port. You can specify a number from 1 through 4095. If you do not specify a tag value, an entry is created for an untagged interface only. If you specify a tag value, an entry is created only for the specified tagged interface. Defaults: None. Access: Enabled.
DWS-1008 CLI Reference Guide VLAN Commands set fdb agingtime (continued) Examples: The following command changes the aging timeout period to 600 seconds for entries that match VLAN orange: DWS-1008# set fdb agingtime orange age 600 success: change accepted. set vlan name Creates a VLAN and assigns a number and name to it. Syntax: set vlan vlan-num name name vlan-num VLAN number. You can specify a number from 2 through 4095. name String up to 16 alphabetic characters long.
DWS-1008 CLI Reference Guide VLAN Commands set vlan port Assigns one or more network ports to a VLAN. You also can add a virtual port to each network port by adding a tag value to the network port. Syntax: set vlan vlan-id port port-list [tag tag-value] vlan-id port port-list tag tag-value VLAN name or number. List of physical ports. Tag value that identifies a virtual port. You can specify a value from 1 through 4095. Defaults: By default, no ports are members of any VLANs.
DWS-1008 CLI Reference Guide VLAN Commands show fdb Displays entries in the forwarding database. Syntax: show fdb [mac-addr-glob [vlan vlan-id]] show fdb {perm | static | dynamic | system | all} [port port-list | vlan vlan-id] mac-addr-glob A single MAC address or set of MAC addresses. Specify a MAC address, or use the wildcard character (*) to specify a set of MAC addresses. vlan vlan-id Name or number of a VLAN for which to display entries. perm Displays permanent entries.
DWS-1008 CLI Reference Guide VLAN Commands Examples: The following command displays all entries in the forwarding database: DWS-1008# show fdb all * = Static Entry. + = Permanent Entry. # = System Entry.
DWS-1008 CLI Reference Guide VLAN Commands show fdb agingtime Displays the aging timeout period for forwarding database entries. Syntax: show fdb agingtime [vlan vlan-id] vlan vlan-id VLAN name or number. If you do not specify a VLAN, the aging timeout period for each VLAN is displayed.
DWS-1008 CLI Reference Guide VLAN Commands show vlan config Displays VLAN information. Syntax: show vlan config [vlan-id] vlan-id VLAN name or number. If you do not specify a VLAN, information for all VLANs is displayed.
DWS-1008 CLI Reference Guide IP Services Commands IP Services Commands Use IP services commands to configure and manage IP interfaces, management services, the Domain Name Service (DNS), Network Time Protocol (NTP), and aliases, and to ping a host or trace a route. This chapter presents IP services commands alphabetically. clear interface Removes an IP interface. Syntax: clear interface vlan-id ip vlan-id VLAN name or number.
DWS-1008 CLI Reference Guide IP Services Commands clear ip dns domain Removes the default DNS domain name. Syntax: clear ip dns domain Defaults: None Access: Enabled Examples: The following command removes the default DNS domain name from a DWS-1008 switch: DWS-1008# clear ip dns domain Default DNS domain name cleared. clear ip dns server Removes a DNS server from a DWS-1008 switch configuration. Syntax: clear ip dns server ip-addr ip-addr IP address of a DNS server.
DWS-1008 CLI Reference Guide IP Services Commands clear ip route (continued) ip-addr/mask-length IP address and subnet mask length in CIDR format (for example, 10.10.10.10/24). gateway IP address, DNS hostname, or alias of the next-hop router. Defaults: None Access: Enabled Examples: The following command removes the route to destination 10.10.10.68/24 through gateway router 10.10.10.1: DWS-1008# clear ip route 10.10.10.68/24 10.10.10.1 success: change accepted.
DWS-1008 CLI Reference Guide IP Services Commands Examples The following command removes NTP server 192.168.40.240 from a switch configuration: DWS-1008# clear ntp server 192.168.40.240 success: change accepted. clear ntp update-interval Resets the NTP update interval to the default value. Syntax: clear ntp update-interval Defaults: The default NTP update interval is 64 seconds.
DWS-1008 CLI Reference Guide IP Services Commands clear snmp notify target Clears an SNMP notification target. Syntax: clear snmp notify target target-num target-num ID of the target. Defaults: None Access: Enabled Examples: The following command clears notification target 3: DWS-1008# clear snmp notify target 3 success: change accepted. clear snmp profile Clears an SNMP notification profile. Syntax: clear snmp profile profile-name profile-name Name of the notification profile you are clearing.
DWS-1008 CLI Reference Guide IP Services Commands clear summertime Clears the summertime setting from a DWS-1008 switch. Syntax: clear summertime Defaults: None Access: Enabled. Examples: To clear the summertime setting from a DWS-1008 switch, type the following command: DS-1008# clear summertime success: change accepted. clear system ip-address Clears the system IP address. Caution: Clearing the system IP address disrupts the system tasks that use the address.
DWS-1008 CLI Reference Guide IP Services Commands clear timezone (continued) Defaults: None Access: Enabled Examples: To return the switch’s real-time clock to UTC, type the following command: DWS-1008# clear timezone success: change accepted. ping Tests IP connectivity between a DWS-1008 switch and another device. MSS sends an Internet Control Message Protocol (ICMP) echo packet to the specified device and listens for a reply packet.
DWS-1008 CLI Reference Guide IP Services Commands ping (continued) vlan-name VLAN name to use as the ping source. MSS uses the IP address configured on the VLAN as the source IP address in the ping packets. Defaults: • count - 5. • dnf - Disabled. • interval - 100 (one tenth of a second) • size - 56. Access: Enabled Usage: To stop a ping command that is in progress, press Ctrl+C. Examples The following command pings a device that has IP address 10.1.1.1: DWS-1008# ping 10.1.1.1 PING 10.1.1.1 (10.1.1.
DWS-1008 CLI Reference Guide IP Services Commands set arp (continued) ip-addr IP address of the entry, in dotted decimal notation. mac-addr MAC address to map to the IP address. Use colons to separate the octets (for example, 00:11:22:aa:bb:cc). Defaults: None Access: Enabled Examples: The following command adds a static ARP entry that maps IP address 10.10.10.1 to MAC address 00:bb:cc:dd:ee:ff: DWS-1008# set arp static 10.10.10.1 00:bb:cc:dd:ee:ff success: added arp 10.10.10.
DWS-1008 CLI Reference Guide IP Services Commands set interface Configures an IP interface on a VLAN. Syntax: set interface vlan-id ip {ip-addr mask | ip-addr/mask-length} vlan-id VLAN name or number. ip-addr mask IP address and subnet mask in dotted decimal notation (for example, 10.10.10.10 255.255.255.0). ip-addr/mask-length IP address and subnet mask length in CIDR format (for example, 10.10.10.10/24). Defaults: None Access: Enabled Usage: You can assign one IP interface to each VLAN.
DWS-1008 CLI Reference Guide IP Services Commands set interface dhcp-client (continued) Syntax: set interface vlan-id ip dhcp-client {enable | disable} vlan-id enable disable VLAN name or number. Enables the DHCP client on the VLAN. Disables the DHCP client on the VLAN. Defaults: Disabled Access: Enabled Usage: You can enable the DHCP client on one VLAN only. You can configure the DHCP client on more than one VLAN, but the client can be active on only one VLAN. MSS also has a configurable DHCP server.
DWS-1008 CLI Reference Guide IP Services Commands set interface dhcp-server (continued) Defaults: The DHCP server is enabled by default. Access: Enabled. Usage: By default, all addresses except the host address of the VLAN, the network broadcast address, and the subnet broadcast address are included in the range. If you specify the range, the start address must be lower than the stop address, and all addresses must be in the same subnet.
DWS-1008 CLI Reference Guide IP Services Commands set ip alias Configures an alias, which maps a name to an IP address. You can use aliases as shortcuts in CLI commands. Syntax: set ip alias name ip-addr name ip-addr String of up to 32 alphanumeric characters, with no spaces. IP address in dotted decimal notation. Defaults: None Access: Enabled Examples: The following command configures the alias HR1 for IP address 192.168.1.2: DWS-1008# set ip alias HR1 192.168.1.2 success: change accepted.
DWS-1008 CLI Reference Guide IP Services Commands set ip dns domain (continued) Syntax: set ip dns domain name name Domain name of between 1 and 64 alphanumeric characters with no spaces (for example, example.org). Defaults: None Access: Enabled Usage: To override the default domain name when entering a hostname in a CLI command, enter a period at the end of the hostname. For example, if the default domain name is example.com, enter chris. if the fully qualified hostname is chris and not chris. example.
DWS-1008 CLI Reference Guide IP Services Commands set ip dns server (continued) Examples: The following commands configure a DWS-1008 switch to use a primary DNS server and two secondary DNS servers: DWS-1008# set ip dns server 10.10.10.50/24 primary success: change accepted. DWS-1008# set ip dns server 10.10.20.69/24 secondary success: change accepted. DWS-1008# set ip dns server 10.10.30.69/24 secondary success: change accepted. D-Link Systems, Inc.
DWS-1008 CLI Reference Guide IP Services Commands set ip route Adds a static route to the IP route table. Syntax: set ip route {default | ip-addr mask | ip-addr/mask-length} gateway metric default Default route. A DWS-1008 switch uses the default route if an explicit route is not available for the destination. Note: default is an alias for IP address 0.0.0.0/0. ip-addr mask IP address and subnet mask for the route destination, in dotted decimal notation (for example, 10.10.10.10 255.255.255.0).
DWS-1008 CLI Reference Guide IP Services Commands set ip route (continued) Examples: The following command adds a default route that uses gateway 10.5.4.1 and gives the route a cost of 1: DWS-1008# set ip route default 10.5.4.1 1 success: change accepted. The following commands add two default routes, and configure MSS to always use the route through 10.2.4.69 when the interface to that gateway router is up: DWS-1008# set ip route default 10.2.4.69 1 success: change accepted.
DWS-1008 CLI Reference Guide IP Services Commands set ip ssh Changes the TCP port number on which a DWS-1008 switch listens for Secure Shell (SSH) management traffic. Caution: If you change the SSH port number from an SSH session, MSS immediately ends the session. To open a new management session, you must configure the SSH client to use the new TCP port number. Syntax: set ip ssh port port-num port-num TCP port number. Defaults: The default SSH port number is 22.
DWS-1008 CLI Reference Guide IP Services Commands set ip ssh server Disables or reenables the SSH server on a DWS-1008 switch. Caution: If you disable the SSH server, SSH access to the switch is also disabled. Syntax: set ip ssh server {enable | disable} enable Enables the SSH server. disable Disables the SSH server. Defaults: The SSH server is enabled by default. Access: Enabled Usage: You must generate an SSH authentication key to use SSH.
DWS-1008 CLI Reference Guide IP Services Commands set ip telnet Changes the TCP port number on which a DWS-1008 switch listens for Telnet management traffic. Caution: If you change the Telnet port number from a Telnet session, MSS immediately ends the session. To open a new management session, you must Telnet to the switch with the new Telnet port number. Syntax: set ip telnet port-num port-num TCP port number. Defaults: The default Telnet port number is 23.
DWS-1008 CLI Reference Guide IP Services Commands set ntp Enables or disables the NTP client on a DWS-1008 switch. Syntax set ntp {enable | disable} enable Enables the NTP client. disable Disables the NTP client. Defaults: The NTP client is disabled by default. Access: Enabled Usage: If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes, convergence of the switch time can take many NTP update intervals.
DWS-1008 CLI Reference Guide IP Services Commands set ntp update-interval Changes how often MSS sends queries to the NTP servers for updates. Syntax: set ntp update-interval seconds seconds Number of seconds between queries. You can specify from 16 through 1024 seconds. Defaults: The default NTP update interval is 64 seconds. Access: Enabled Examples: The following command changes the NTP update interval to 128 seconds: DWS-1008# set ntp update-interval 128 success: change accepted.
DWS-1008 CLI Reference Guide IP Services Commands set snmp community (continued) Defaults: None Access: Enabled Usage: SNMP community strings are passed as clear text in SNMPv1 and SNMPv2c. D-Link recommends that you use strings that cannot easily be guessed by unauthorized users. For example, do not use the well-known strings public and private. If you are using SNMPv3, you can configure SNMPv3 users to use authentication and to encrypt SNMP data.
DWS-1008 CLI Reference Guide IP Services Commands set snmp notify target (continued) target-num ID for the target.This ID is local to the DWS-1008 switch and does not need to correspond to a value on the target itself. You can specify a number from 1 to 10. ip-addr [:udp-port-number] IP address of the server. You also can specify the UDP port number to send notifications to. username USM username. This option is applicable only when the SNMP version is usm.
DWS-1008 CLI Reference Guide IP Services Commands set snmp notify target (continued) SNMPv3 with Traps To configure a notification target for traps from SNMPv3, use the following command: Syntax: set snmp notify target target-num ip-addr[:udp-port-number] usm trap user username [profile profile-name] [security {unsecured | authenticated | encrypted}] target-num ID for the target. This ID is local to the DWS-1008 switch and does not need to correspond to a value on the target itself.
DWS-1008 CLI Reference Guide IP Services Commands set snmp notify target (continued) SNMPv2c with Informs target-num ID for the target. This ID is local to the DWS-1008 switch and does not need to correspond to a value on the target itself. You can specify a number from 1 to 10. ip-addr[:udp-port-number] IP address of the server. You also can specify the UDP port number to send notifications to. community-string Community string.
DWS-1008 CLI Reference Guide IP Services Commands set snmp notify target (continued) SNMPv1 with Traps To configure a notification target for traps from SNMPv1, use the following command: Syntax: set snmp notify target target-num ip-addr[:udp-port-number] v1 community-string [profile profile-name] target-num ID for the target. This ID is local to the DWS-1008 switch and does not need to correspond to a value on the target itself. You can specify a number from 1 to 10.
DWS-1008 CLI Reference Guide IP Services Commands set snmp profile Configures an SNMP notification profile. A notification profile is a named list of all the notification types that can be generated by a switch, and for each notification type, the action to take (drop or send) when an event occurs. You can configure up to ten notification profiles.
DWS-1008 CLI Reference Guide IP Services Commands • ClientDot1xFailureTraps - Generated when a client experiences an 802.1X failure. • ClientRoamingTraps - Generated when a client roams. • CounterMeasureStartTraps - Generated when MSS begins countermeasures against a rogue access point. • CounterMeasureStopTraps - Generated when MSS stops countermeasures against a rogue access point.
DWS-1008 CLI Reference Guide IP Services Commands set snmp profile (continued) • MPBootTraps - Generated when an access point boots. • MPTimeoutTraps - Generated when an access point fails to respond to the DWS-1008 switch. • PoEFailTraps - Generated when a serious PoE problem, such as a short circuit, occurs. • RFDetectAdhocUserTraps - Generated when MSS detects an ad-hoc user. • RFDetectRogueAPTraps - Generated when MSS detects a rogue access point.
DWS-1008 CLI Reference Guide IP Services Commands set snmp profile (continued) • RFDetectDoSTraps - Generated when MSS detects a DoS attack other than an associate request flood, reassociate request flood, or disassociate request flood. • RFDetectInterferingRogueAPTraps - Generated when an interfering device is detected. • RFDetectInterferingRogueDisappearTraps - Generated when an interfering device is no longer detected.
DWS-1008 CLI Reference Guide IP Services Commands set snmp profile (continued) The following commands create notification profile snmpprof_rfdetect, and change the action to send for all RF detection notification types: DWS-1008# set snmp notify profile snmpprof_rfdetect send RFDetectAdhocUserTraps success: change accepted. DWS-1008# set snmp notify profile snmpprof_rfdetect send RFDetectClientViaRogueWiredAPTraps success: change accepted.
DWS-1008 CLI Reference Guide IP Services Commands set snmp protocol Enables a SNMP protocol. MSS supports SNMPv1, SNMPv2c, and SNMPv3. Syntax: set snmp protocol {v1 | v2c | usm | all} {enable | disable} v1 SNMPv1 v2c SNMPv2c usm SNMPv3 (with the user security model) all Enables all supported versions of SNMP. enable Enables the specified SNMP version(s). disable Disables the specified SNMP version(s). Defaults: All SNMP versions are disabled by default.
DWS-1008 CLI Reference Guide IP Services Commands set snmp security (continued) unsecured SNMP message exchanges are not secure. This is the only value supported for SNMPv1 and SNMPv2c. authenticated SNMP message exchanges are authenticated but are not encrypted. encrypted SNMP message exchanges are authenticated and encrypted. auth-requnsecnotify SNMP message exchanges are authenticated but are not encrypted, and notifications are neither authenticated nor encrypted.
DWS-1008 CLI Reference Guide IP Services Commands set snmp usm (continued) usm-username Name of the SNMPv3 user. Specify between 1 and 32 alphanumeric characters, with no spaces. snmp-engine-id {ip ip-addr | local | hex hex-string} Specifies a unique identifier for the SNMP engine. To send informs, you must specify the engine ID of the inform receiver. To send traps and to allow get and set operations and so on, specify local as the engine ID. • hex hex-string - ID is a hexadecimal string.
DWS-1008 CLI Reference Guide IP Services Commands set snmp usm (continued) auth-type {none | md5 | sha} {auth-pass-phrase string | auth-key hex-string} Specifies the authentication type used to authenticate communications with the remote SNMP engine. You can specify one of the following: • none - No authentication is used. • md5 - Message-digest algorithm 5 is used. • sha - Secure Hashing Algorithm (SHA) is used. If the authentication type is md5 or sha, you can specify a passphrase or a hexadecimal key.
DWS-1008 CLI Reference Guide IP Services Commands set snmp usm (continued) encrypt-type {none | des | 3des | aes} {encrypt-pass-phrase string | encrypt-key hex-string} Specifies the encryption type used for SNMP traffic. You can specify one of the following: • none - No encryption is used. This is the default. • des - Data Encryption Standard (DES) encryption is used. • 3des - Triple DES encryption is used. • aes - Advanced Encryption Standard (AES) encryption is used.
DWS-1008 CLI Reference Guide IP Services Commands set summertime Offsets the real-time clock of a switch by +1 hour and returns it to standard time for daylight savings time or a similar summertime period that you set. Syntax: set summertime summer-name [start week weekday month hour min end week weekday month hour min] summer-name start Name of up to 32 alphanumeric characters that describes the summertime offset. You can use a standard name or any name you like. Start of the time change period.
DWS-1008 CLI Reference Guide IP Services Commands set system ip-address Configures the system IP address. The system IP address determines the interface or source IP address MSS uses for system tasks, including the following: • Topology reporting for dual-homed DWL-8220AP access points. • Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP traps. Syntax: set system ip-address ip-addr ip-addr IP address, in dotted decimal notation.
DWS-1008 CLI Reference Guide IP Services Commands Usage: The day of week is automatically calculated from the day you set. The time displayed by the CLI after you type the command might be slightly later than the time you enter due to the interval between when you press Enter and when the CLI reads and displays the new time and date. Configure summertime before you set the time and date.
DWS-1008 CLI Reference Guide IP Services Commands show arp Displays the ARP table. Syntax: show arp [ip-addr] ip-addr IP address. Defaults: If you do not specify an IP address, the whole ARP table is displayed. Access: All Examples: The following command displays ARP entries: DWS-1008# show arp ARP aging time: 1200 seconds Host HW Address -----------------------------------10.5.4.51 00:0b:0e:02:76:f5 10.5.4.
DWS-1008 CLI Reference Guide IP Services Commands show dhcp-client Displays DHCP client information for all VLANs. Syntax: show dhcp-client Defaults: None Access: All Examples: The following command displays DHCP client information: DWS-1008# show dhcp-client Interface: corpvlan(4) Configuration Status: Enabled DHCP State: IF_UP Lease Allocation: 65535 seconds Lease Remaining: 65532 seconds IP Address: 10.3.1.110 Subnet Mask: 255.255.255.0 Default Gateway: 10.3.1.1 DHCP Server: 10.3.1.4 DNS Servers: 10.3.
DWS-1008 CLI Reference Guide IP Services Commands show dhcp-client (continued) Field Subnet Mask Description Network mask of the IP address received from the DHCPserver. Default Gateway Default gateway IP address received from the DHCP server. If the address is 0.0.0.0, the server did not provide an address. DHCP Server IP address of the DHCP server. DNS Servers DNS server IP address(es) received from the DHCP server. DNS Domain Name Default DNS domain name received from the DHCP server.
DWS-1008 CLI Reference Guide IP Services Commands show dhcp-server (continued) The following command displays configuration and status information for each VLAN on which the DHCP server is configured: DWS-1008# show dhcp-server Interface: 0 (Direct AP) Status: UP Address Range: 10.0.0.1-10.0.0.253 Interface: default(1) Status: UP Address Range: 10.10.20.2-10.10.20.254 DHCP Clients: Hardware Address: 00:01:02:03:04:05 State: BOUND Lease Allocation: 43200 seconds Lease Remaining: 12345 seconds IP Address: 10.
DWS-1008 CLI Reference Guide IP Services Commands Output for show dhcp-client verbose Field Interface Description VLAN name and number. Status Status of the interface: • UP • DOWN Address Range Range from which the server can lease addresses. Hardware Address MAC address of the DHCP client. State State of the address lease: • SUSPEND - MSS is checking for the presence of another DHCP server on the subnet. This is the initial state of the MSS DHCP server.
DWS-1008 CLI Reference Guide IP Services Commands show interface Displays the IP interfaces configured on the DWS-1008 switch. Syntax: show interface [vlan-id] vlan-id VLAN name or number. Defaults: If you do not specify a VLAN ID, interfaces for all VLANs are displayed. Access: All Usage: The IP interface table flags an address assigned by a DHCP server with an asterisk ( * ).
DWS-1008 CLI Reference Guide IP Services Commands show ip alias Displays the IP aliases configured on the DWS-1008 switch. Syntax: show ip alias [name] name Alias string. Defaults: If you do not specify an alias name, all aliases are displayed. Access: Enabled Examples: The following command displays all the aliases configured on a DWS-1008 switch: DWS-1008# show ip alias Name IP Address --------------------------HR1 192.168.1.2 payroll 192.168.1.3 radius1 192.168.7.
DWS-1008 CLI Reference Guide IP Services Commands show ip dns (continued) The table below describes the fields in this display. Field Domain Name Description Default domain name configured on the DWS-1008 switch DNS Status Status of the switch’s DNS client: • Enabled • Disabled IP Address IP address of the DNS server Type Server type: • PRIMARY • SECONDARY show ip route Displays the IP route table.
DWS-1008 CLI Reference Guide IP Services Commands show ip route (continued) Usage: When you add an IP interface to a VLAN that is up, MSS adds direct and local routes for the interface to the route table. If the VLAN is down, MSS does not add the routes. If you add an interface to a VLAN but the routes for that interface do not appear in the route table, use the show vlan config command to check the VLAN state.
DWS-1008 CLI Reference Guide IP Services Commands show ip route (continued) NH-Type Next-hop type: • Local - Route is for a local interface. MSS adds the route when you configure an IP address on the switch. • Direct - Route is for a locally attached subnet. MSS adds the route when you add an interface in the same subnet to the switch. • Router - Route is for a remote destination. An switch forwards traffic for the destination to the gateway router.
DWS-1008 CLI Reference Guide IP Services Commands show ip telnet (continued) The table below describes the fields in this display. Field Server Status Description State of the Telnet server: • Enabled • Disabled Port TCP port number on which the switch listens for Telnet management traffic. show ntp Displays NTP client information.
DWS-1008 CLI Reference Guide IP Services Commands show ntp (continued) Field NTP client Description State of the NTP client. The state can be one of the following: • Enabled • Disabled Current update-interval Number of seconds between queries sent by the switch to the NTP servers for updates. Current time System time that was current on the switch when you pressed Enter after typing the show ntp command. Timezone Time zone configured on the switch.
DWS-1008 CLI Reference Guide IP Services Commands show snmp community Displays the configured SNMP community strings. Syntax: show snmp community Defaults: None Access: Enabled Examples: To display the configured SNMP community strings, use the following command: DWS-1008# show snmp community Communities: “wireless_switch”, access=read-write-notify, notify target use cnt=0 The table below describes the fields in this display. Field Community string Description Community string.
DWS-1008 CLI Reference Guide IP Services Commands show snmp counters Displays SNMP statistics counters. Syntax: show snmp counters Defaults: None Access: Enabled Examples: To display SNMP statistics counters, use the following command: DWS-1008# show snmp counters Base SNMP Stats: input packets: 0 output packets: 0 output notifys(traps & informs): 0 input packets with bad version: 0 input packets with ASN.
DWS-1008 CLI Reference Guide IP Services Commands show snmp notify profile Displays SNMP notification profiles. Syntax: show snmp notify profile Defaults: None Access: Enabled Examples: To display notification profiles, use the following command: DWS-1008# show snmp notify profile Notify profiles: default notify profile use cnt=0 notify status for profile: LINKDOWN, drop LINKUP, drop The command lists settings separately for each notification AUTHENTICATION, drop profile.
DWS-1008 CLI Reference Guide IP Services Commands show snmp notify target Displays SNMP notification targets. Syntax: show snmp notify target Defaults: None Access: Enabled Examples: To display a list of the SNMP notification targets, use the following command: DWS-1008# show snmp notification target Notify targets: 1: 10.10.40.
DWS-1008 CLI Reference Guide IP Services Commands show snmp status Displays SNMP version and status information.
DWS-1008 CLI Reference Guide IP Services Commands show snmp status (continued) Field SNMP minimum security Description Lowest (least secure) security level set on the switch: • authenticated - SNMP message exchanges are authenticated but are not encrypted. • auth-req-unsec-notify - SNMP message exchanges are authenticated but are not encrypted, and notifications are neither authenticated nor encrypted. • encrypted - SNMP message exchanges are authenticated and encrypted.
DWS-1008 CLI Reference Guide IP Services Commands show snmp usm Displays information about SNMPv3 users. Defaults: None Access: Enabled Examples: To display USM settings, use the following command: DWS-1008# show snmp usm USM users: “nmsuser”, engineID=localSnmpID access=read-notify auth=NONE encrypt=NONE notify target use cnt=0 The table below describes the fields in this display. Field USM name Description Name of the SNMPv3 user.
DWS-1008 CLI Reference Guide IP Services Commands show summertime Shows a DWS-1008 switch’s offset from its real-time clock. Syntax: show summertime Defaults: There is no summertime offset by default. Access: All Examples: To display the summertime setting on a switch, type the following command: DWS-1008# show summertime Summertime is enabled, and set to ‘PDT’.
DWS-1008 CLI Reference Guide IP Services Commands show timezone Shows the time offset for the real-time clock from UTC on a DWS-1008 switch. Syntax: show timezone Defaults: None Access: All Examples: To display the offset from UTC, type the following command: DWS-1008# show timezone Timezone set to ‘pst’, offset from UTC is -8 hours telnet Opens a Telnet client session with a remote device. Syntax: telnet {ip-addr | hostname} [port port-num] ip-addr hostname IP address of the remote device.
DWS-1008 CLI Reference Guide IP Services Commands telnet (continued) DWS-1008# telnet 10.10.10.90 Session 0 pty tty2.d Trying 10.10.10.90... Connected to 10.10.10.90 Disconnect character is ‘^t’ Copyright (c) 2002, 2003 D-Link Systems, Inc.
DWS-1008 CLI Reference Guide IP Services Commands traceroute Traces the route to an IP host. Syntax: traceroute host [dnf] [no-dns] [port port-num] [queries num] [size size] [ttl hops] [wait ms] host IP address, hostname, or alias of the destination host. Specify the IP address in dotted decimal notation. dnf Sets the Do Not Fragment bit in the ping packet to prevent the packet from being fragmented. no-dns Prevents MSS from performing a DNS lookup for each hop to the destination host.
DWS-1008 CLI Reference Guide IP Services Commands traceroute (continued) The first row of the display indicates the target host, the maximum number of hops, and the packet size. Each numbered row displays information about one hop. The rows are displayed in the order in which the hops occur, beginning with the hop closest to the DWS-1008 switch.
DWS-1008 CLI Reference Guide IP Services Commands Notes D-Link Systems, Inc.
DWS-1008 CLI Reference Guide AAA Commands AAA Commands Use authentication, authorization, and accounting (AAA) commands to provide a secure network connection and a record of user activity. Location policy commands override any virtual LAN (VLAN) or security ACL assignment by AAA or the local database to help you control access locally. This chapter presents AAA commands alphabetically. clear accounting Removes accounting services for specified wireless users with administrative access or network access.
DWS-1008 CLI Reference Guide AAA Commands clear authentication admin Removes an authentication rule for administrative access through Telnet. Syntax: clear authentication admin user-glob user-glob Single user or set of users with administrative access or network access.
DWS-1008 CLI Reference Guide AAA Commands clear authentication dot1x Removes an 802.1X authentication rule. Syntax: clear authentication dot1x {ssid ssid-name | wired} user-glob ssid ssid-name SSID name to which this authentication rule applies. wired Clears a rule used for access over a switch’s wired-authentication port. user-glob User-glob associated with the rule you are removing. Defaults: None Access: Enabled Examples: The following command removes 802.
DWS-1008 CLI Reference Guide AAA Commands clear authentication mac Removes a MAC authentication rule. Syntax: clear authentication mac {ssid ssid-name | wired} mac-addr-glob ssid ssid-name SSID name to which this authentication rule applies. wired Clears a rule used for access over a switch’s wired-authentication port. mac-addr-glob MAC address glob associated with the rule you are removing.
DWS-1008 CLI Reference Guide AAA Commands clear location policy Removes a rule from the location policy on a DWS-1008 switch. Syntax: clear location policy rule-number rule-number Index number of a location policy rule to remove from the location policy. Defaults: None Access: Enabled Usage: To determine the index numbers of location policy rules, use the show location policy command. Removing all the ACEs from the location policy disables this function on the switch.
DWS-1008 CLI Reference Guide AAA Commands clear mac-user Removes a user profile from the local database on the switch, for a user who is authenticated by a MAC address. (To remove a user profile in RADIUS, see the documentation for your RADIUS server). Syntax: clear mac-user mac-addr mac-addr MAC address of the user, in hexadecimal numbers separated by colons (:). You can omit leading zeros.
DWS-1008 CLI Reference Guide AAA Commands clear mac-user group Removes a user profile from a MAC user group in the local database on the switch, for a user who is authenticated by a MAC address. (To remove a MAC user group profile in RADIUS, see the documentation for your RADIUS server). Syntax: clear mac-user mac-addr group mac-addr MAC address of the user, in hexadecimal numbers separated by colons (:). You can omit leading zeros.
DWS-1008 CLI Reference Guide AAA Commands clear mac-usergroup attr Removes an authorization attribute from a MAC user group in the local database on the switch, for a group of users who are authenticated by a MAC address. (To unconfigure an authorization attribute in RADIUS, see the documentation for your RADIUS server). Syntax: clear mac-usergroup group-name attr attribute-name group-name Name of an existing MAC user group.
DWS-1008 CLI Reference Guide AAA Commands clear user Removes a user profile from the local database on the switch, for a user with a password. (To remove a user profile in RADIUS, see the documentation for your RADIUS server). Syntax: clear user username username Username of a user with a password. Defaults: None Access: Enabled Usage: Deleting the user’s profile from the database deletes the assignment of any attributes in the profile to the user.
DWS-1008 CLI Reference Guide AAA Commands clear user group Removes a user with a password from membership in a user group in the local database on the DWS-1008 switch. (To remove a user from a user group in RADIUS, see the documentation for your RADIUS server). Syntax: clear user username group username Username of a user with a password.
DWS-1008 CLI Reference Guide AAA Commands clear usergroup attr Removes an authorization attribute from a user group in the local database on the switch. (To remove an authorization attribute in RADIUS, see the documentation for your RADIUS server). Syntax: clear usergroup group-name attr attribute-name group-name Name of an existing user group. attribute-name Name of an attribute used to authorize all the users in the group for a particular service or session characteristic.
DWS-1008 CLI Reference Guide AAA Commands set accounting {admin | console} (continued) stop-only Sends accounting records only at the end of a network session. method1 method2 method3 method4 At least one of up to four methods that MSS uses to process accounting records. Specify one or more of the following methods in priority order. If the first method does not succeed, MSS tries the second method, and so on.
DWS-1008 CLI Reference Guide AAA Commands set accounting {dot1x | mac} (continued) ssid ssid-name SSID name to which this accounting rule applies. To apply the rule to all SSIDs, type any. wired Applies this accounting rule specifically to users who are authenticated on a wired authentication port. user-glob Single user or set of users with administrative access or network access.
DWS-1008 CLI Reference Guide AAA Commands set authentication admin Configures authentication and defines where it is performed for specified users with administrative access through Telnet. Syntax: set authentication admin user-glob method1 [method2] [method3] [method4] user-glob Single user or set of users with administrative access or network access.
DWS-1008 CLI Reference Guide AAA Commands set authentication admin (continued) Note: The syntax descriptions for the set authentication commands have been separated for clarity. However, the options and behavior for the set authentication admin command are the same as in previous releases. Usage: You can configure different authentication methods for different groups of users.
DWS-1008 CLI Reference Guide AAA Commands set authentication console (continued) method1 method2 method3 method4 At least one of up to four methods that MSS uses to process accounting records. Specify one or more of the following methods in priority order. If the first method does not succeed, MSS tries the second method, and so on. A method can be one of the following: • local - Stores accounting records in the local database on the switch.
DWS-1008 CLI Reference Guide AAA Commands set authentication dot1x Configures authentication and defines how and where it is performed for specified wireless or wired authentication clients who use an IEEE 802.1X authentication protocol to access the network through the switch. Syntax: set authentication dot1x {ssid ssid-name | wired} user-glob [bonded] protocol method1 [method2] [method3] [method4] ssid ssid-name SSID name to which this authentication rule applies. To apply the rule to all SSIDs, type any.
DWS-1008 CLI Reference Guide AAA Commands • eap-tls - EAP with Transport Layer Security (TLS): • Provides mutual authentication, integrity-protected negotiation, and key exchange • Requires X.509 public key certificates on both sides of the connection • Provides encryption and integrity checking for the connection • Cannot be used with RADIUS server authentication • peap-mschapv2 - Protected EAP (PEAP) with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP-V2).
DWS-1008 CLI Reference Guide AAA Commands If you specify multiple authentication methods in the set authentication dot1x command, MSS applies them in the order in which they appear in the command, with these results: • If the first method responds with pass or fail, the evaluation is final. • If the first method does not respond, MSS tries the second method, and so on.
DWS-1008 CLI Reference Guide method1 method2 method3 method4 AAA Commands At least one of up to four methods that MSS uses to handle authentication. Specify one or more of the following methods in priority order. MSS applies multiple methods in the order you enter them. A method can be one of the following: • local - Uses the local database of usernames and user groups on the switch for authentication. • server-group-name - Uses the defined group of RADIUS servers for authentication.
DWS-1008 CLI Reference Guide AAA Commands If the SSID specified in the last-resort authentication rule is any, MSS searches for user last-resort-any. The any in the username is not a wildcard. The username must be last-resort-any, exactly as spelled here. Examples: The following command configures a last-resort authentication rule in the local database for SSID mycorp: DWS-1008# set authentication last-resort ssid mycorp local success: change accepted.
DWS-1008 CLI Reference Guide AAA Commands set authentication mac (continued) Usage: You can configure different authentication methods for different groups of MAC addresses by “globbing.” If you specify multiple authentication methods in the set authentication mac command, MSS applies them in the order in which they appear in the command, with these results: • If the first method responds with pass or fail, the evaluation is final.
DWS-1008 CLI Reference Guide AAA Commands set authentication proxy (continued) Defaults: None Acces: Enabled Usage: AAA for third-party AP users has additional configuration requirements. Examples: The following command configures a proxy authentication rule that matches on all usernames associated with SSID mycorp. MSS uses RADIUS server group srvrgrp1 to proxy RADIUS requests and hence to authenticate and authorize the users. DWS-1008# set authentication proxy ssid mycorp ** srvrgrp1 D-Link Systems, Inc.
DWS-1008 CLI Reference Guide AAA Commands set location policy Creates and enables a location policy on a DWS-1008 switch. A location policy enables you to locally set or change authorization attributes for a user after the user is authorized by AAA, without making changes to the AAA server.
DWS-1008 CLI Reference Guide AAA Commands set location policy (continued) vlan operator vlan-glob VLAN-Name attribute assigned by AAA and condition by which to determine if the location policy rule applies. Replace operator with one of the following operands: eq - Applies the location policy rule to all users assigned VLAN names matching vlan-glob. neq - Applies the location policy rule to all users assigned VLAN names not matching vlan-glob.
DWS-1008 CLI Reference Guide AAA Commands set location policy (continued) Usage: Only a single location policy is allowed per DWS-1008 switch. Once configured, the location policy becomes effective immediately. To disable location policy operation, use the clear location policy command. Conditions within a rule are ANDed. All conditions in the rule must match in order for MSS to take the specified action.
DWS-1008 CLI Reference Guide AAA Commands set location policy (continued) The following command authorizes users entering the network on ports 2 through 4 and port 6 to use the floor2 VLAN, overriding any settings from AAA: DWS-1008# set location policy permit vlan floor2 if port 2-4,6 The following command places all users who are authorized for SSID tempvendor_a into VLAN kiosk_1: DWS-1008# set location policy permit vlan kiosk_1 if ssid eq tempvendor_a success: change accepted.
DWS-1008 CLI Reference Guide AAA Commands set mac-user attr (continued) Syntax: set mac-user mac-addr attr attribute-name value mac-addr MAC address of the user, in hexadecimal numbers separated by colons (:). You can omit leading zeros. attribute-name value Name and value of an attribute you are using to authorize the MAC user for a particular service or session characteristic. Defaults: None Access: Enabled. Usage: To change the value of an attribute, enter set mac-user attr with the new value.
DWS-1008 CLI Reference Guide AAA Commands • Use acl-name.in to filter traffic that enters the switch from users via an access port or wired authentication port, or from the network via a network port. • Use acl-name.out to filter traffic sent from the switch to users via an access port or wired authentication port, or from the network via a network port.
DWS-1008 CLI Reference Guide AAA Commands service-type (continued) • 6 - Administrative; for administrative access to the switch, with authorization to access the enabled (configuration) mode. The user must enter the enable command and the correct enable password to access the enabled mode. • 7 - NAS-Prompt; for administrative access to the nonenabled mode only. In this mode, the user can still enter the enable command and the correct enable password to access the enabled mode.
DWS-1008 CLI Reference Guide AAA Commands set mac-user attr (continued) start-date Date and time at which the user becomes eligible to access the network. MSS does not authenticate the user unless the attempt to access the network occurs at or after the specified date and time, but before the end-date (if specified). Date and time, in the following format: YY/MM/DD-HH:MM You can use start-date alone or with end-date. You also can use start-date, end-date, or both in conjunction with time-of-day.
DWS-1008 CLI Reference Guide AAA Commands set mac-user attr (continued) vlan-name (network access mode only) Virtual LAN (VLAN) assignment. Note: On some RADIUS servers, you might need to use the standard RADIUS attribute Tunnel-Pvt-Group-ID, instead of VLAN-Name. Name of a VLAN that you want the user to use.
DWS-1008 CLI Reference Guide AAA Commands set mac-usergroup attr (continued) Syntax: set mac-usergroup group-name attr attribute-name value group-name Name of a MAC user group. Specify a name of up to 32 alphanumeric characters, with no spaces. attribute-namevalue Name and value of an attribute you are using to authorize all MAC users in the group for a particular service or session characteristic.
DWS-1008 CLI Reference Guide AAA Commands Defaults: No default Mobility Profile exists on the DWS-1008 switch. If you do not assign Mobility Profile attributes, all users have access through all ports, unless denied access by other AAA servers or by access control lists (ACLs). Access: Enabled.
DWS-1008 CLI Reference Guide AAA Commands enable Enables the use of the Mobility Profile feature on the switch. disable Specifies that all Mobility Profile attributes are ignored by the switch. Defaults: The Mobility Profile feature is disabled by default. Access: enabled Examples To enable the use of the Mobility Profile feature, type the following command: DWS-1008# set mobility-profile mode enable success: change accepted.
DWS-1008 CLI Reference Guide AAA Commands set user attr Configures an authorization attribute in the local database on the switch for a user with a password. (To assign authorization attributes in RADIUS, see the documentation for your RADIUS server.) Syntax: set user username attr attribute-name value username Username of a user with a password. attribute-namevalue Name and value of an attribute you are using to authorize the user for a particular service or session characteristic.
DWS-1008 CLI Reference Guide AAA Commands set user group (continued) Defaults None Access: Enabled Usage: MSS does not require users to belong to user groups. To create a user group, user the command set usergroup. Examples: The following command adds user Hosni to the cardiology user group: DWS-1008# set user Hosni group cardiology success: change accepted. set usergroup Creates a user group in the local database on the switch for users and assigns authorization attributes for the group.
DWS-1008 CLI Reference Guide AAA Commands show aaa Displays all current AAA settings.
DWS-1008 CLI Reference Guide AAA Commands user last-resort-any Vlan-Name = foo mac-user 01:02:03:04:05:06 usergroup eastcoasters session-timeout = 99 The table below describes the fields that can appear in show aaa output. Field Default Values Description RADIUS default values for all parameters. authport UDP port on the switch for transmission of RADIUS authorization and authentication messages. The default port is 1812. acctport UDP port on the switch for transmission of RADIUS accounting records.
DWS-1008 CLI Reference Guide AAA Commands show aaa (continued) Field Ports Description UDP ports that the switch uses for authentication messages and for accounting records. T/o Setting of timeouts on each RADIUS server currently active. Tries Number of retransmissions configured for each RADIUS server currently active. The default is 3 times. Dead Length of time until the server is considered responsive again.
DWS-1008 CLI Reference Guide AAA Commands The table below describes the fields that can appear in show accounting statistics output. Acct-Authentic Location where the user was authenticated (if authentication took place) for the session: • 1 - RADIUS server • 2 - Local database User-Name Username of a user with a password. Acct-Multi-Session-Id Unique accounting ID for multiple related sessions in a log file.
DWS-1008 CLI Reference Guide AAA Commands show location policy Displays the list of location policy rules that make up the location policy on a switch. Syntax: show location policy Defaults: None Access: Enabled Examples: The following command displays the list of location policy rules in the location policy on a switch: DWS-1008 show location policy Id Clauses -----------------------------------------------------------------------------------------1) deny if user eq *.theirfirm.
DWS-1008 CLI Reference Guide AAA Commands Notes D-Link Systems, Inc.
DWS-1008 CLI Reference Guide AAA Commands Notes D-Link Systems, Inc.
DWS-1008 CLI Reference Guide Access Point Commands Access Point Commands Use DWL-8220AP access point commands to configure and manage DWL-8220AP access points. Be sure to do the following before using the commands: • Define the country-specific IEEE 802.11 regulations on the DWS-1008 switch. • Install the DWL-8220AP access point and connect it to a port on the switch. • Configure an DWL-8220AP access port (for a directly connected AP) or a Distributed AP).
DWS-1008 CLI Reference Guide Examples: Access Point Commands The following command disables and resets radio 2 on the DWL-8220AP access point connected to port 3: DWS-1008# clear ap 3 radio 2 clear radio-profile Removes a radio profile or resets one of the profile’s parameters to its default value. Syntax: clear radio-profile name [parameter] name parameter Radio profile name.
DWS-1008 CLI Reference Guide Access Point Commands The following commands disable the radios that are using radio profile rptest and remove the profile: DWS-1008# set radio-profile rptest mode disable DWS-1008# clear radio-profile rptest success: change accepted. clear service-profile Removes a service profile or resets one of the profile’s parameters to its default value. Syntax: clear service-profile name name Service profile name.
DWS-1008 CLI Reference Guide Access Point Commands Usage: When you enter this command, the DWL-8220AP access point drops all sessions and reboots. Caution: Restarting a DWL-8220AP access point can cause data loss for users who are currently associated with the DWL-8220AP. Examples: The following command resets the DWL-8220AP access point on port 7: DWS-1008# reset ap 7 This will reset specified AP devices.
DWS-1008 CLI Reference Guide Access Point Commands mode enabled tx-pwr Highest setting allowed for the country of operation radio-profile (profile) default max-power default min-client-rate 5.5 for 802.11b/g 24 for 802.11a max-retransmissions 10 Examples: The following command creates a template for automatic Distributed AP configuration: DWS-1008# set dap auto success: change accepted. set dap auto mode Enables a switch’s template for automatic Distributed AP configuration.
DWS-1008 CLI Reference Guide Syntax: Access Point Commands set dap auto [radiotype {11a | 11b| 11g}] radiotype 11a | 11b | 11g Radio type: • 11a - 802.11a • 11b - 802.11b • 11g - 802.11g Defaults: The default radio type for the DWL-8220AP-101 is 802.11g. Examples: The following command sets the radio type to 802.11b: DWS-1008# set dap auto radiotype 11b success: change accepted. set {ap | dap} bias Changes the bias for an DWL-8220AP.
DWS-1008 CLI Reference Guide Access Point Commands For example, if an DWL-8220AP is dual homed to two DWS-1008 switches, and one of the switches has 50 active DWL-8220APs while the other switch has 60 active DWL-8220APs, the new DWL-8220AP selects the switch that has only 50 active DWL-8220APs. If the boot request on DWL-8220AP port 1 fails, the DWL-8220AP attempts to boot over its port 2, using the same process described above. DWL-8220AP selection of a DWS-1008 switch is sticky.
DWS-1008 CLI Reference Guide Access Point Commands set dap fingerprint Confirms an DWL-8220AP’s fingerprint on a switch. If DWL-8220AP security is required by a switch, an DWL-8220AP can establish a management session with the switch only if you have confirmed the DWL-8220AP’s identity by confirming its fingerprint on the switch. Syntax: set dap num fingerprint hex dap dap-num Number of the Distributed AP whose fingerprint you are confirming. hex The 16-digit hexadecimal number of the fingerprint.
DWS-1008 CLI Reference Guide Access Point Commands dapauto Configures a DWL-8220AP group for the DWL-8220AP configuration template. name DWL-8220AP access point group name of up to 16 alphanumeric characters, with no spaces. Defaults: DWL-8220AP access points are not grouped by default. Access: Enabled. Usage: You can assign any subset or all of the DWL-8220AP access points connected to a switch to a group on that switch. All access points in a group must be connected to the same switch.
DWS-1008 CLI Reference Guide Examples: Access Point Commands The following command changes the name of the DWL-8220AP access point on port 1 to techpubs: DWS-1008# set ap 1 name techpubs success: change accepted. set {ap | dap} radio antennatype Sets the model number for an external antenna.
DWS-1008 CLI Reference Guide Access Point Commands ap port-list List of ports connected to the DWL-8220AP access points on which to set the maximum power. dap dap-num Number of a Distributed AP on which to set the maximum power. dapauto Sets the maximum power for radios configured by the DWL-8220AP configuration template. radio 1 Radio 1 of the DWL-8220AP. radio 2 Radio 2 of the DWL-8220AP.
DWS-1008 CLI Reference Guide Access Point Commands radio 1 Radio 1 of the DWL-8220AP. radio 2 Radio 2 of the DWL-8220AP. retransmissions Percentage of packets that can result in retransmissions without resulting in a channel change. You can specify from 1 to 100. Defaults: The default is 10 percent Access: Enabled. Usage: A retransmission is a packet sent from a client to an DWL-8220AP radio that the radio receives more than once. This can occur when the client does not receive an 802.
DWS-1008 CLI Reference Guide Access Point Commands set {ap | dap} radio channel Sets an DWL-8220AP radio’s channel. Syntax: set {ap port-list | dap dap-num} radio {1 | 2} channel channel-number ap port-list List of ports connected to the DWL-8220AP access points on which to set the channel. dap dap-num Number of a Distributed AP on which to set the channel. radio 1 Radio 1 of the DWL-8220AP. radio 2 Radio 2 of the DWL-8220AP. channel Channel number.
DWS-1008 CLI Reference Guide Access Point Commands ap port-list List of ports connected to the DWL-8220AP access points on which to set the minimum data rate. dap dap-num Number of a Distributed AP on which to set the minimum data rate. dapauto Sets the radio mode for DWL-8220APs managed by the DWL-8220AP configuration template. radio 1 Radio 1 of the DWL-8220AP. radio 2 Radio 2 of the DWL-8220AP. rate Minimum data rate, in megabits per second (Mbps).
DWS-1008 CLI Reference Guide Access Point Commands dapauto Sets the radio mode for DWL-8220APs managed by the DWL-8220AP configuration template. radio 1 Radio 1 of the DWL-8220AP. radio 2 Radio 2 of the DWL-8220AP. mode enable Enables a radio. mode disable Disables a radio. Defaults: DWL-8220AP access point radios are disabled by default. Access: Enabled. Usage: To enable or disable one or more radios to which a profile is assigned, use the set ap radio radio-profile command.
DWS-1008 CLI Reference Guide Access Point Commands mode enable Enables radios on the specified ports with the parameter settings in the specified radio profile. mode disable Disables radios on the specified ports. Defaults: None Access: Enabled Usage: When you create a new profile, the radio parameters in the profile are set to their factory default values. To enable or disable all radios that use a specific radio profile, use set radio-profile.
DWS-1008 CLI Reference Guide Access Point Commands Access: Enabled Usage: You also can configure a radio’s channel on the same command line. Use the channel option. This command is not valid if dynamic power tuning (RF Auto-Tuning) is enabled. Examples: The following command configures the transmit power on the 802.11a radio on the DWL-8220AP access point connected to port 5: DWS-1008# set ap 5 radio 1 tx-power 10 success: change accepted.
DWS-1008 CLI Reference Guide Access Point Commands Usage: This parameter applies to all Distributed APs managed by the switch. If you change the setting to required, the switch requires Distributed APs to have encryption keys. The switch also requires their fingerprints to be confirmed in MSS. When DWL-8220AP security is required, an AP can establish a management session with the DWS-1008 switch only if its fingerprint has been confirmed by you in MSS.
DWS-1008 CLI Reference Guide Access Point Commands enable Configures radios to allow associations with 802.11g clients only. disable Configures radios to allow associations with 802.11g clients and 802.11b clients. Defaults: The default setting is disable. Access: Enabled Usage: You must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Even when association of 802.11b clients is disabled, if an 802.
DWS-1008 CLI Reference Guide Access Point Commands Usage: You can enter this command on any DWS-1008 switch. The command takes effect only on that switch. Examples: The following command disables active scan in radio profile radprof3: DWS-1008# set radio-profile radprof3 active-scan disable success: change accepted. set radio-profile auto-tune channel-config Disables or reenables dynamic channel tuning (RF Auto-Tuning) for the DWL-8220AP radios in a radio profile.
DWS-1008 CLI Reference Guide Access Point Commands rate Minimum number of seconds a radio must remain on its current channel setting before RF Auto-Tuning is allowed to change the channel. You can specify from 0 to 65535 seconds. Defaults: The default RF Auto-Tuning channel holddown is 900 seconds. Access: Enabled. Usage: The channel holddown applies even if RF anomalies occur that normally cause an immediate channel change.
DWS-1008 CLI Reference Guide Access Point Commands set radio-profile auto-tune power-backoff-timer Sets the interval at which radios in a radio profile reduce power after temporarily increasing the power to maintain the minimum data rate for an associated client. At the end of each power-backoff interval, radios that temporarily increased their power reduce it by 1 dBm. The power backoff continues in 1 dBm increments after each interval until the power returns to expected setting.
DWS-1008 CLI Reference Guide Access Point Commands When RF Auto-Tuning for power is enabled, MSS does not allow you to manually change the power level. Examples: The following command enables dynamic power tuning for radios in the rp2 radio profile: DWS-1008# set radio-profile rp2 auto-tune power-config enable success: change accepted. set radio-profile auto-tune power-interval Sets the interval at which RF Auto-Tuning decides whether to change the power level on radios in a radio profile.
DWS-1008 CLI Reference Guide Access Point Commands Defaults: The beacon interval for DWL-8220AP radios is 100 ms by default. Access: Enabled Usage: You must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples: The following command changes the beacon interval for radio profile rp1 to 200 ms: DWS-1008# set radio-profile rp1 beacon-interval 200 success: change accepted.
DWS-1008 CLI Reference Guide Access Point Commands set radio-profile dtim-interval Changes the number of times after every beacon that each DWL-8220AP radio in a radio profile sends a delivery traffic indication map (DTIM). An DWL-8220AP access point sends the multicast and broadcast frames stored in its buffers to clients who request them in response to the DTIM. Note: The DTIM interval applies to both the beaconed SSID and the nonbeaconed SSID.
DWS-1008 CLI Reference Guide Access Point Commands Usage: You must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples: The following command changes the fragmentation threshold for radio profile rp1 to 1500 bytes: DWS-1008# set radio-profile rp1 frag-threshold 1500 success: change accepted. set radio-profile long-retry Changes the long retry threshold for the DWL-8220AP radios in a radio profile.
DWS-1008 CLI Reference Guide Access Point Commands Access: Enabled Usage: You must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples: The following command changes the maximum receive threshold for radio profile rp1 to 4000 ms: DWS-1008# set radio-profile rp1 max-rx-lifetime 4000 success: change accepted.
DWS-1008 CLI Reference Guide mode enable Enables the radios that use this profile. mode disable Disables the radios that use this profile. Access Point Commands Defaults: Each radio profile that you create has a set of properties with factory default values that you can change with the other set radio-profile commands in this chapter. Usage: Use the command without any optional parameters to create new profile. If the radio profile does not already exist, MSS creates a new radio profile.
DWS-1008 CLI Reference Guide Access Point Commands name Radio profile name. long Advertises support for long preambles. short Advertises support for short preambles. Defaults: The default is short. Access: Enabled Usage: Changing the preamble length value affects only the support advertised by the radio. Regardless of the preamble length setting (short or long), an 802.11b/g radio accepts and can generate 802.11b/g frames with either short or long preambles. If a client associated with an 802.
DWS-1008 CLI Reference Guide Access Point Commands Usage: You must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples: The following command changes the RTS threshold for radio profile rp1 to 1500 bytes: DWS-1008# set radio-profile rp1 rts-threshold 1500 success: change accepted. set radio-profile service-profile Maps a service profile to a radio profile.
DWS-1008 CLI Reference Guide Access Point Commands Defaults: The default short unicast retry threshold for DWL-8220AP radios is 5 attempts. Access: Enabled Usage: You must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples: The following command changes the short retry threshold for radio profile rp1 to 3: DWS-1008# set radio-profile rp1 short-retry 3 success: change accepted.
DWS-1008 CLI Reference Guide Access Point Commands Syntax: set service-profile name auth-dot1x {enable | disable} name Service profile name. enable Enables 802.1X authentication of WPA clients. disable Disables 802.1X authentication of WPA clients. Defaults: When the WPA IE is enabled, 802.1X authentication of WPA clients is enabled by default. If the WPA IE is disabled, the auth-dot1x setting has no effect. Access: Enabled. Usage: This command does not disable dynamic WEP for non-WPA clients.
DWS-1008 CLI Reference Guide Access Point Commands none Denies authentication and prohibits the user from accessing the SSID. Note: The fallthru authentication type none is different from the uthentication method none you can specify for administrative access. The fallthru authentication type none denies access to a network user. In contrast, the authentication method none allows access to the switch by an administrator. Defaults: The default fallthru authentication type is none.
DWS-1008 CLI Reference Guide Access Point Commands set service-profile beacon Disables or reenables beaconing of the SSID managed by the service profile. A DWL8220AP radio responds to an 802.11 probe any request with only the beaconed SSID(s). For a nonbeaconed SSID, radios respond only to directed 802.11 probe requests that match the nonbeaconed SSID’s SSID string. When you disable beaconing for an SSID, the radio still sends beacon frames, but the SSID name in the frames is blank.
DWS-1008 CLI Reference Guide Access Point Commands set service-profile cipher-tkip Disables or reenables Temporal Key Integrity Protocol (TKIP) encryption in a service profile. Syntax: set service-profile name cipher-tkip {enable | disable} name Service profile name. enable Enables TKIP encryption for WPA clients. disable Disables TKIP encryption for WPA clients. Defaults: When the WPA IE is enabled, TKIP encryption is enabled by default.
DWS-1008 CLI Reference Guide Examples: Access Point Commands The following command configures service profile sp2 to use 104-bit WEP encryption: DWS-1008# set service-profile sp2 cipher-wep104 enable success: change accepted. set service-profile cipher-wep40 Enables dynamic Wired Equivalent Privacy (WEP) with 40-bit keys, in a service profile. Syntax: set service-profile name cipher-wep40 {enable | disable} name Service profile name. enable Enables 40-bit WEP encryption for WPA clients.
DWS-1008 CLI Reference Guide Access Point Commands set service-profile psk-phrase Configures a passphrase for preshared key (PSK) authentication to use for authenticating WPA clients, in a service profile. Radios use the PSK as a pairwise master key (PMK) to derive unique pairwise session keys for individual WPA clients. Syntax: set service-profile name psk-phrase passphrase name Service profile name. passphrase An ASCII string up to 63 characters long.
DWS-1008 CLI Reference Guide Access Point Commands configuration. The binary number is never displayed in the configuration. To use PSK authentication, you must enable it and you also must enable the WPA IE. Examples: The following command configures service profile sp3 to use a raw PSK with PSK clients: DWS-1008# set service-profile sp3 psk-raw c25d3fe4483e867d1df96eaacdf8b02451fa 0836162e758100f5f6b87965e59d success: change accepted.
DWS-1008 CLI Reference Guide Access Point Commands set service-profile ssid-name Configures the SSID name in a service profile. Syntax: set service-profile name ssid-name ssid-name name Service profile name. ssid-name Name of up to 32 alphanumeric characters, with no spaces with quote mark (“) before and after the SSID. Defaults: The default SSID type is crypto (encrypted) and the default name is dlink. Access: Enabled.
DWS-1008 CLI Reference Guide Access Point Commands set service-profile tkip-mc-time Changes the length of time that DWL-8220AP radios use countermeasures if two message integrity code (MIC) failures occur within 60 seconds. When countermeasures are in effect, DWL-8220AP radios dissociate all TKIP and WPA WEP clients and refuse all association and reassociation requests until the countermeasures end. Syntax: set service-profile name tkip-mc-time wait-time name Service profile name.
DWS-1008 CLI Reference Guide Examples: Access Point Commands The following command configures service profile sp2 to use WEP key 2 for encrypting multicast traffic: DWS-1008# set service-profile sp2 wep active-multicast-index 2 success: change accepted. set service-profile wep active-unicast-index Specifies the static Wired-Equivalent Privacy (WEP) key (one of four) to use for encrypting unicast frames. Syntax: set service-profile name wep active-unicast-index num name Service profile name.
DWS-1008 CLI Reference Guide Access Point Commands Defaults: By default, no static WEP keys are defined. Access: Enabled Usage: MSS automatically enables static WEP when you define a WEP key. MSS continues to support dynamic WEP. If you plan to use static WEP, do not map more than 8 service profiles that contain static WEP keys to the same radio profile.
DWS-1008 CLI Reference Guide Access Point Commands port-list List of ports connected to the DWL-8220AP access point(s) for which to display configuration settings. dap-num Number of a Distributed AP for which to display configuration settings. radio 1 Shows configuration information for radio 1. radio 2 Shows configuration information for radio 2. (This option does not apply to single-radio models.
DWS-1008 CLI Reference Guide Access Point Commands DAP Connection ID for the Distributed AP. Note: This field is applicable only if the DWL-8220AP is configured on the switch as a Distributed AP. serial-id Serial ID of the DWL-8220AP access point. Note: This field is displayed only for Distributed APs. AP model DWL-8220AP access point model number. POE PoE state on the port: • Enable • Disable bias Bias of the connection to the DWL-8220AP: • High • Low name DWL-8220AP access point name.
DWS-1008 CLI Reference Guide Access Point Commands auto-tune min-client-rate Minimum data rate the radio must maintain for associated clients. When RF Auto-Tuning is enabled, the radio can temporarily increase its power to maintain the data rate with an associated client. auto-tune max-retransmissions Maximum percentage of packets that can be retransmitted by a client before RF Auto-Tuning increases power. Note: Only packets that are received twice by the DWL-8220AP are counted as retransmissions.
DWS-1008 CLI Reference Guide Access Point Commands DWS-1008# show ap counters 7 Port: 7 radio: 1 ========================================================= LastPktXferRate 2 PktTxCount 91594255 NumCntInPwrSave 4294966683 MultiPktDrop 0 LastPktRxSigStrength -54 MultiBytDrop 0 LastPktSigNoiseRatio 40 User Sessions 5 TKIP Pkt Transfer Ct 0 MIC Error Ct 0 TKIP Pkt Replays 0 TKIP Decrypt Err 0 CCMP Pkt Decrypt Err 0 DWL-8220AP Pkt Replays 0 CCMP Pkt Transfer Ct 0 RadioResets 0 Port: 7 radio: 2 =================
DWS-1008 CLI Reference Guide Access Point Commands CCMP Pkt Decrypt Err Number of times a decryption error occurred with a packet encrypted with CCMP. CCMP Pkt Transfer Ct the radio. Total number of CCMP packets sent and received by PktTxCount Number of packets transmitted by the radio. MultiPktDrop Number of multicast packets dropped by the radio. MultiBytDrop Number of multicast bytes dropped by the radio. User Sessions Number of users currently associated with the radio.
DWS-1008 CLI Reference Guide Access Point Commands show ap dual-home This command is deprecated in MSS Version 2.0. To display the switches on which a Distributed AP access point is configured, use the show dap global command. show {ap | dap} qos-stats Displays statistics for DWL-8220AP forwarding queues. Syntax: show dap qos-stats [dap-num] Syntax: show ap qos-stats [port-list] dap-num Number of a Distributed AP for which to display QoS statistics counters.
DWS-1008 CLI Reference Guide Access Point Commands Field Description CoS CoS value associated with the forwarding queues. Queue Forwarding queue. DAP or Port Distributed DWL-8200AP number or DWL-8200AP port number. radio Radio number. Tx Number of packets transmitted to the air from the queue. show {ap | dap} etherstats Displays Ethernet statistics for an DWL-8220AP’s Ethernet ports.
DWS-1008 CLI Reference Guide RxMulticast: RxBroadcast: RxGoodFrames: RxAlignErrs: RxShortFrames: RxCrcErrors: RxOverruns: RxDiscards: 21798 11 86188 0 0 0 0 0 Access Point Commands TxSingleColl: TxLateColl: TxMaxColl: TxMultiColl: TxUnderruns: TxCarrierLoss: TxDeferred: 32 0 0 12 0 0 111 The table describes the fields in this display. Field Description --------------------------------------------------------------------------------------------------------------RxUnicast Number of unicast frames received.
DWS-1008 CLI Reference Guide Access Point Commands TxUnderruns Number of frames that were not transmitted or retransmitted due to temporary lack of hardware resources. --------------------------------------------------------------------------------------------------------------TxCarrierLoss Number of frames transmitted despite the detection of a deassertion of CRS during the transmission.
DWS-1008 CLI Reference Guide Access Point Commands show {ap | dap} status Displays DWL-8220AP access point and radio status information. Syntax: show ap status [terse] | [port-list | all [radio {1 | 2}]] Syntax: show dap status [terse] | [dap-num | all [radio {1 | 2}]] terse Displays a brief line of essential status information for each DWL-8220AP. port-list List of ports connected to the DWL-8220AP access point(s) for which to display status.
DWS-1008 CLI Reference Guide Access Point Commands The following command displays the status of a directly connected DWL-8220AP access point: DWS-1008# show ap status 1 Port: 1, AP model: DWL-8220AP, manufacturer D-Link name: AP01 ==================================================== State: operational CPU info: IBM:PPC speed=266666664 Hz version=405GPr id=0x28b08a1e047f1d0f ram=33554432 s/n=0333000288 hw_rev=A3 Uptime: 3 hours, 44 minutes, 28 seconds Radio 1 type: 802.
DWS-1008 CLI Reference Guide Access Point Commands Field Description ----------------------------------------------------------------------------------------------------------------------DAP Connection ID for the Distributed AP. Note: This field is applicable only if the DWL-8220AP is configured on the switch as a Distributed AP. ----------------------------------------------------------------------------------------------------------------------Port Switch port number.
DWS-1008 CLI Reference Guide Access Point Commands ----------------------------------------------------------------------------------------------------------------------CPU info Specifications and identification of the CPU. For DWL-8220AP models other than DWL-8220AP-1xx or DWL-8220AP-2xx, the ID portion of this field is not applicable.
DWS-1008 CLI Reference Guide Access Point Commands show auto-tune attributes Displays the current values of the RF attributes RF Auto-Tuning uses to decide whether to change channel or power settings. Syntax: show auto-tune attributes [ap mp-num [radio {1 | 2| all}]] Syntax: show auto-tune attributes [dap dap-num [radio {1 | 2| all}]] mp-num DWL-8220AP port connected to the DWL-8220AP access point for which to display RF attributes. dap-num Number of a Distributed AP for which to display RF attributes.
DWS-1008 CLI Reference Guide Access Point Commands Packet Retransmission Number of retransmitted packets sent from the client Count to the radio on the active channel. Retransmissions can indicate that the client is not receiving ACKs from the DWL-8220AP radio. ----------------------------------------------------------------------------------------------------------------------Phy Errors Count Number of frames received by the DWL-8220AP radio that had physical layer errors on the active channel.
DWS-1008 CLI Reference Guide Access Point Commands show auto-tune neighbors Displays the other D-Link radios and third-party 802.11 radios that a D-Link radio can hear. Syntax: show auto-tune neighbors [ap ap-num [radio {1 | 2| all}]] Syntax: show auto-tune neighbors [dap dap-num [radio {1 | 2| all}]] ap-num AP port connected to the DWL-8220AP access point for which to display neighbors. dap-num Number of a Distributed AP for which to display neighbors. radio 1 Shows neighbor information for radio 1.
DWS-1008 CLI Reference Guide Access Point Commands Field Description ----------------------------------------------------------------------------------------------------------------------Channel Channel on which the BSSID is detected. ----------------------------------------------------------------------------------------------------------------------Neighbor BSS/MAC BSSID detected by the radio.
DWS-1008 CLI Reference Guide Access Point Commands AP with serial ID 223344: DWS-1008# show dap connection serial-id 223344 Total number of entries: 1 DAP Serial Id DAP IP Address Switch IP Address 9 223344 10.10.4.88 10.9.9.11 The table describes the fields in this display. Field Description ----------------------------------------------------------------------------------------------------------------------DAP Connection ID you assigned to the Distributed AP.
DWS-1008 CLI Reference Guide Access Point Commands DWS-1008# show dap global Total number of entries: 8 DAP Serial Id Switch IP Address Bias 1 .2 .17 .18 .- 11223344 11223344 332211 332211 0322100185 0322100185 0321500120 0321500120 10.3.8.111 10.4.3.2 10.3.8.111 10.4.3.2 10.3.8.111 10.4.3.2 10.3.8.111 10.4.3.2 HIGH LOW LOW HIGH HIGH LOW LOW HIGH The table describes the fields in this display.
DWS-1008 CLI Reference Guide Access Point Commands Usage: This command also displays an DWL-8220AP that is directly connected to a switch, if the switch port to which the DWL-8220AP is connected is configured as a network port instead of an DWL-8220AP access port, and if the network port is a member of a VLAN. Entries in the command output’s table age out after two minutes.
DWS-1008 CLI Reference Guide Access Point Commands show radio-profile Displays radio profile information. Syntax: show radio-profile {name | ?} name Displays information about the named radio profile. ? Displays a list of radio profiles. Defaults: None. Access: Enabled. Usage: MSS contains a default radio profile. D-Link recommends that you do not change this profile but instead keep the profile for reference.
DWS-1008 CLI Reference Guide Access Point Commands RTS Threshold Minimum length (in bytes) a frame can be for a radio in the radio profile to use the RTS/CTS method to send the frame. The RTS/CTS method clears the air of other traffic to avoid corruption of the frame due to a collision with another frame.
DWS-1008 CLI Reference Guide Access Point Commands Client Backoff Timer Interval, in minutes, at which radios in a radio profile reduce power after temporarily increasing the power to maintain the minimum data rate for an associated client. At the end of each power-backoff interval, radios that temporarily increased their power reduce it by 1 dBm. The power backoff continues in 1 dBm increments after each interval until the power returns to expected setting.
DWS-1008 CLI Reference Guide Access Point Commands Field Description ----------------------------------------------------------------------------------------------------------------------ssid-name Service set identifier (SSID) managed by this service profile. ----------------------------------------------------------------------------------------------------------------------ssid-type SSID type: • crypto - Wireless traffic for the SSID is encrypted. • clear - Wireless traffic for the SSID is unencrypted.
DWS-1008 CLI Reference Guide Access Point Commands Shared Key Auth Indicates whether shared-key authentication is enabled. ----------------------------------------------------------------------------------------------------------------------WPA enabled Indicates that the Wi-Fi Protected Access (WPA) information element (IE) is enabled.
DWS-1008 CLI Reference Guide STP Commands STP Commands Use Spanning Tree Protocol (STP) commands to configure and manage spanning trees on the virtual LANs (VLANs) configured on a DWS-1008 switch, to maintain a loop-free network. This chapter presents STP commands alphabetically. Use the following table to locate commands in this chapter based on their use. clear spantree portcost Resets to the default value the cost of a network port or ports on paths to the STP root bridge in all VLANs on a switch.
DWS-1008 CLI Reference Guide Examples: STP Commands The following command resets the STP priority on port 9 to the default: DWS-1008# clear spantree portpri 9 success: change accepted. clear spantree portvlancost Resets to the default value the cost of a network port or ports on paths to the STP root bridge for a specific VLAN on a switch, or for all VLANs. Syntax: clear spantree portvlancost port-list {all | vlan vlan-id} port-list List of ports. The port cost is reset on the specified ports.
DWS-1008 CLI Reference Guide STP Commands Defaults: None. Access: Enabled. Usage: MSS does not change a port’s priority for VLANs other than the one(s) you specify. Examples: The following command resets the STP priority for port 5 in VLAN avocado: DWS-1008# clear spantree portvlanpri 5 vlan avocado success: change accepted. clear spantree statistics Clears STP statistics counters for a network port or ports and resets them to 0.
DWS-1008 CLI Reference Guide vlan vlan-id VLAN name or number. MSS enables or disables STP on only the specified VLAN, on all ports within the VLAN. port port-list vlan-id Port number or list and the VLAN the ports are in. MSS enables or disables STP on only the specified ports, within the specified VLAN. STP Commands Defaults: Disabled. Access: Enabled. Examples: The following command enables STP on all VLANs configured on a switch: DWS-1008# set spantree enable success: change accepted.
DWS-1008 CLI Reference Guide STP Commands set spantree fwddelay Changes the period of time after a topology change that a switch which is not the root bridge waits to begin forwarding Layer 2 traffic on one or all of its configured VLANs. (The root bridge always forwards traffic.) Syntax: set spantree fwddelay delay {all | vlan vlan-id} delay Delay value. You can specify from 4 through 30 seconds. all Changes the forwarding delay on all VLANs. vlan vlan-id VLAN name or number.
DWS-1008 CLI Reference Guide STP Commands DWS-1008# set spantree hello 4 all success: change accepted. set spantree maxage Changes the maximum age for an STP root bridge hello packet that is acceptable to a switch acting as a designated bridge on one or all of its VLANs. After waiting this period of time for a new hello packet, the switch determines that the root bridge is unavailable and issues a topology change message.
DWS-1008 CLI Reference Guide STP Commands SNMP Port Path Cost Defaults: Port Speed Link Type Default Port Path Cost 100 Mbps Full Duplex Aggregate Link (Port Group) Full Duplex Half Duplex Full Duplex Aggregate Link (Port Group) Full Duplex Half Duplex 19 100 Mbps 100 Mbps 10 Mbps 10 Mbps 10 Mbps 18 19 19 95 100 Access: Enabled. Usage: This command applies only to the default VLAN (VLAN 1). To change the cost of a port in another VLAN, use the set spantree portvlancost command.
DWS-1008 CLI Reference Guide STP Commands set spantree portpri Changes the STP priority of a network port or ports for selection as part of the path to the STP root bridge in the default VLAN on a switch. Syntax: set spantree portpri port-list priority value port-list List of ports. MSS changes the priority on the specified ports. priority value Priority value. You can specify a value from 0 (highest priority) through 255 (lowest priority).
DWS-1008 CLI Reference Guide STP Commands Access: Enabled. Examples: The following command changes the cost on ports 3 and 4 to 20 in VLAN mauve: DWS-1008# set spantree portvlancost 3,4 cost 20 vlan mauve success: change accepted. set spantree portvlanpri Changes the priority of a network port or ports for selection as part of the path to the STP root bridge, on one VLAN or all VLANs. Syntax: set spantree portvlanpri port-list priority value {all | vlan vlan-id} port-list List of ports.
DWS-1008 CLI Reference Guide STP Commands vlan vlan-id VLAN name or number. MSS changes the bridge priority on only the specified VLAN. Defaults: The default root bridge priority for the switch on all VLANs is 32,768. Access: Enabled. Examples: The following command sets the bridge priority of VLAN pink to 69: DWS-1008# set spantree priority 69 vlan pink success: change accepted. set spantree uplinkfast Enables or disables STP uplink fast convergence on a switch.
DWS-1008 CLI Reference Guide STP Commands vlan vlan-id VLAN name or number. If you do not specify a VLAN, MSS displays STP information for all VLANs. active Displays information for only the active (forwarding) ports. Defaults: None. Access: All.
DWS-1008 CLI Reference Guide STP Commands Output for show spantree Field Description VLAN VLAN number. Spanning tree mode In the current software version, the mode is always PVST+, which means Per VLAN Spanning Tree+. Spanning tree type In the current software version, the type is always IEEE, which means STP is based on the IEEE 802 standards. Spanning tree State of STP on the VLAN. enabled Designated Root MAC address of the spanning tree’s root bridge.
DWS-1008 CLI Reference Guide Port-State Cost Prio Portfast STP Commands STP state of the port: • Blocking - The port is not forwarding Layer 2 traffic but is listening to and forwarding STP control traffic. • Disabled - The port is not forwarding any traffic, including STP control traffic. The port might be administratively disabled or the link might be disconnected. • Forwarding - The port is forwarding Layer 2 traffic.
DWS-1008 CLI Reference Guide vlan vlan-id STP Commands VLAN name or number. If you do not specify a VLAN, MSS displays information for blocked ports on all VLANs. Defaults: None. Access: All. Usage: The command lists information separately for each VLAN.
DWS-1008 CLI Reference Guide STP Commands DWS-1008# show spantree portfast Port Vlan Portfast ------------------------- ---- ---------1 1 disable 2 1 disable 3 1 disable 4 1 enable 5 1 disable 6 1 disable 7 1 disable 8 1 disable Output for show spantree portfast Field Description Port VLAN Portfast Port number. VLAN number.
DWS-1008 CLI Reference Guide STP Commands port-list List of ports. If you do not specify any ports, MSS displays STP statistics for all ports. vlan vlan-id VLAN name or number. If you do not specify a VLAN, MSS displays STP statistics for all VLANs. Defaults: None. Access: All. Usage: The command displays statistics separately for each port.
DWS-1008 CLI Reference Guide STP Commands Status of Port Timers forward delay timer INACTIVE forward delay timer value 15 message age timer ACTIVE message age timer value 0 topology change timer INACTIVE topology change timer value 0 hold timer INACTIVE hold timer value 0 delay root port timer INACTIVE delay root port timer value 0 delay root port timer restarted is FALSE VLAN based information & statistics spanning tree type ieee spanning tree multicast address 01-00-0c-cc-cc-cd bridge priority 32768 bri
DWS-1008 CLI Reference Guide STP Commands Output for show spantree statistics Field Description Port Port number. VLAN VLAN ID. Spanning Tree enabled for vlan State of the STP feature on the VLAN. port spanning tree state port_id port_number path cost message age designated_root designated cost designated_bridge designated_port D-Link Systems, Inc. State of the STP feature on the port.
DWS-1008 CLI Reference Guide top_change_ack config_pending port_inconsistency config BPDU’s xmitted config BPDU’s received tcn BPDU’s xmitted tcn BPDU’s received forward transition count scp failure count root inc trans count inhibit loopguard loop inc trans count forward delay timer forward delay timer value message age timer message age timer value D-Link Systems, Inc.
DWS-1008 CLI Reference Guide topology change timer topology change timer value hold timer hold timer value delay root port timer delay root port timer value STP Commands Status of the topology change timer. This timer determines the time period during which configured BPDUs are transmitted with the topology change flag set by this switch when it is the root bridge, after detection of a topology change. Current value of the topology change timer, in seconds. Status of the hold timer.
DWS-1008 CLI Reference Guide topology change time topology change detected topology change count topology change last recvd. from dynamic max age transition port BPDU ok count msg age expiry count link loading BPDU in processing num of similar BPDU’s to process received_inferior_bpdu next state src MAC count total src MAC count curr_src_mac next_src_mac D-Link Systems, Inc.
DWS-1008 CLI Reference Guide STP Commands show spantree uplinkfast Displays uplink fast convergence information for one VLAN or all VLANs. Syntax: show spantree uplinkfast [vlan vlan-id] vlan vlan-id VLAN name or number. If you do not specify a VLAN, MSS displays STP statistics for all VLANs. Defaults: None. Access: All.
DWS-1008 CLI Reference Guide IGMP Snooping Commands IGMP Snooping Commands Use Internet Group Management Protocol (IGMP) snooping commands to configure and manage multicast traffic reduction on a switch. clear igmp statistics Clears IGMP statistics counters on one VLAN or all VLANs on a switch and resets them to 0. Syntax: clear igmp statistics [vlan vlan-id] vlan vlan-id VLAN name or number. If you do not specify a VLAN, IGMP statistics are cleared for all VLANs. Defaults: None. Access: Enabled.
DWS-1008 CLI Reference Guide IGMP Snooping Commands DWS-1008# set igmp disable vlan orange success: change accepted. set igmp lmqi Changes the IGMP last member query interval timer on one VLAN or all VLANs on a switch.
DWS-1008 CLI Reference Guide enable Adds the port to the list of static multicast router ports. disable Removes the port from the list of static multicast router ports. IGMP Snooping Commands Defaults: By default, no ports are static multicast router ports. Access: Enabled. Usage: You cannot add DWL-8200AP access ports or wired authentication ports as static multicast ports. However, MSS can dynamically add these port types to the list of multicast ports based on multicast traffic.
DWS-1008 CLI Reference Guide IGMP Snooping Commands set igmp mrsol mrsi Changes the interval between multicast router solicitations by a switch on one VLAN or all VLANs. Syntax: set igmp mrsol mrsi seconds [vlan vlan-id] seconds Number of seconds between multicast router solicitations. You can specify a value from 1 through 65,535. vlan vlan-id VLAN name or number. If you do not specify a VLAN, MSS changes the multicast router solicitation interval for all VLANs.
DWS-1008 CLI Reference Guide IGMP Snooping Commands Examples: The following command changes the other-querier-present interval on VLAN orange to 200 seconds: DWS-1008# set igmp oqi 200 vlan orange success: change accepted. set igmp proxy-report Disables or reenables proxy reporting by a switch on one VLAN or all VLANs. Syntax: set igmp proxy-report {enable | disable} [vlan vlan-id] enable Enables proxy reporting. disable Disables proxy reporting. vlan vlan-id VLAN name or number.
DWS-1008 CLI Reference Guide IGMP Snooping Commands vlan vlan-id VLAN name or number. If you do not specify a VLAN, the timer change applies to all VLANs. Defaults: The default query interval is 125 seconds. Access: Enabled. Usage: The query interval is applicable only when the switch is querier for the subnet. For the switch to become the querier, the pseudo-querier feature must be enabled on the switch and the switch must have the lowest IP address among all the devices eligible to become a querier.
DWS-1008 CLI Reference Guide IGMP Snooping Commands set igmp querier Enables or disables the IGMP pseudo-querier on a switch, on one VLAN or all VLANs. Syntax: set igmp querier {enable | disable} [vlan vlan-id] enable Enables the pseudo-querier. disable Disables the pseudo-querier. vlan vlan-id VLAN name or number. If you do not specify a VLAN, the pseudo-querier is enabled or disabled on all VLANs. Defaults: The pseudo-querier is disabled on all VLANs by default. Access: Enabled.
DWS-1008 CLI Reference Guide IGMP Snooping Commands Access: Enabled. Usage: You cannot add DWL-8200AP access ports or wired authentication ports as static multicast ports. However, MSS can dynamically add these port types to the list of multicast ports based on multicast traffic. Examples: The following command adds port 7 as a static multicast receiver port: DWS-1008# set igmp receiver port 7 enable success: change accepted.
DWS-1008 CLI Reference Guide IGMP Snooping Commands Syntax: show igmp [vlan vlan-id] vlan vlan-id VLAN name or number. If you do not specify a VLAN, MSS displays IGMP information for all VLANs. Defaults: None. Access: All.
DWS-1008 CLI Reference Guide IGMP Snooping Commands Mrouter-Term 0 0 Mrouter-Sol 50 101 DVMRP 4 4 PIM V1 0 0 PIM V2 0 0 Topology notifications: 0 Packets with unknown IGMP type: 0 Packets with bad length: 0 Packets with bad checksum: 0 Packets dropped: 4 0 0 0 0 0 Output for show igmp Field Description VLAN VLAN name. MSS displays information separately for each VLAN. IGMP state.
DWS-1008 CLI Reference Guide Type TTL Group Port Receiver-IP Receiver-MAC TTL Querier information Querier for vlan Querier-IP Querier-MAC D-Link Systems, Inc.
DWS-1008 CLI Reference Guide TTL IGMP vlan member ports IGMP static ports IGMP statistics IGMP Snooping Commands Number of seconds before this entry ages out if the switch does not receive a query message from the querier. Physical ports in the VLAN. This list includes all network ports configured to be in the VLAN and all ports MSS dynamically assigns to the VLAN when a user assigned to the VLAN becomes a receiver.
DWS-1008 CLI Reference Guide IGMP Snooping Commands Output for show igmp mrouter Field Description Multicast routers for vlan Port VLAN containing the multicast routers. Ports are listed separately for each VLAN. Number of the physical port through which the switch can reach the router. IP address of the multicast router. MAC address of the multicast router.
DWS-1008 CLI Reference Guide IGMP Snooping Commands DWS-1008# show igmp querier vlan orange Querier for vlan orange Port Querier-IP Querier-MAC TTL ---- ----------------------------------1 193.122.135.
DWS-1008 CLI Reference Guide IGMP Snooping Commands Syntax: show igmp receiver-table [vlan vlan-id] [group group-ip-addr/mask-length] vlan vlan-id VLAN name or number. If you do not specify a VLAN, MSS displays the multicast receivers on all VLANs. group IP address and subnet mask of a group-ip-addr/mask-length multicast group, in CIDR format (for example, 239.20.20.10/24). If you do not specify a group address, MSS displays the multicast receivers for all groups. Defaults: None. Access: All.
DWS-1008 CLI Reference Guide IGMP Snooping Commands Output for show igmp receiver-table Field Description VLAN VLAN that contains the multicast receiver ports. Ports are listed separately for each VLAN. IP address of the multicast group being received. Physical port through which the switch can reach the receiver. IP address of the receiver. MAC address of the receiver. Number of seconds before this entry ages out if the switch does not receive a group membership message from the receiver.
DWS-1008 CLI Reference Guide IGMP Snooping Commands Leave 0 Mrouter-Adv 0 Mrouter-Term 0 Mrouter-Sol 50 DVMRP 4 PIM V1 0 PIM V2 0 Topology notifications: 0 Packets with unknown IGMP type: 0 Packets with bad length: 0 Packets with bad checksum: 0 Packets dropped: 4 0 0 0 101 4 0 0 0 0 0 0 0 0 0 Output for show igmp statistics Field Description IGMP statistics for VLAN name. Statistics are listed separately vlan for each VLAN.
DWS-1008 CLI Reference Guide IGMP Snooping Commands IGMP message type Type of IGMP message, continued: • Mrouter-Term - Multicast router termination messages. A multicast router sends this type of message when multicast forwarding is disabled on the router interface, the router interface is administratively disabled, or the router itself is gracefully shutdown. • Mrouter-Sol - Multicast router solicitation messages.
DWS-1008 CLI Reference Guide Security ACL Commands Security ACL Commands Use security ACL commands to configure and monitor security access control lists (ACLs). Security ACLs filter packets to restrict or permit network usage by certain users or traffic types, and can assign to packets a class of service (CoS) to define the priority of treatment for packet filtering. (Security ACLs are different from the location policy on a DWS-1008 switch, which helps you locally control user access.
DWS-1008 CLI Reference Guide Security ACL Commands DWS-1008# show security acl info all ACL information for all set security acl ip acl_133 (hits #1 0) --------------------------------------------------------------------------1. deny IP source IP 192.168.1.6 0.0.0.0 destination IP any set security acl ip acl_134 (hits #3 0) --------------------------------------------------------------------------1. permit IP source IP 192.168.0.1 0.0.0.
DWS-1008 CLI Reference Guide Security ACL Commands vlan vlan-id VLAN name or number. MSS removes the security ACL from the specified VLAN. port port-list Port list. MSS removes the security ACL from the specified physical port or ports. tag tag-value Tag value that identifies a virtual port in a VLAN. Specify a value from 1 through 4095. MSS removes the security ACL from the specified virtual port. dap dap-num One or more Distributed DWL-8220APs, based on their connection IDs.
DWS-1008 CLI Reference Guide Security ACL Commands Syntax: commit security acl {acl-name | all} acl-name Name of an existing security ACL to clear. ACL names start with a letter and are case-insensitive. all Commits all security ACLs in the edit buffer. Defaults: None Access: Enabled Usage: Use the commit security acl command to save security ACLs into, or delete them from, the permanent configuration.
DWS-1008 CLI Reference Guide Security ACL Commands Syntax: hit-sample-rate seconds seconds disables Number of seconds between samples. A sample rate of 0 (zero) the sample process. Defaults: By default, the hits are not sampled. Access: Enabled Usage: To view counter results for a particular ACL, use the show security acl info acl-name command. To view the hits for all security ACLs, use the show security acl hits command. Examples: The first command sets MSS to sample ACL hits every 15 seconds.
DWS-1008 CLI Reference Guide Security ACL Commands Syntax: rollback security acl {acl-name | all} acl-name Name of an existing security ACL to clear. ACL names start with a letter and are case-insensitive. all Rolls back all security ACLs in the edit buffer, clearing all uncommitted ACEs.
DWS-1008 CLI Reference Guide Security ACL Commands Syntax: By IP packets set security acl ip acl-name {permit [cos cos] | deny} ip {source-ip-addr mask destination-ip-addr mask} [precedence precedence][tos tos] [before editbuffer-index | modify editbuffer-index] [hits] Syntax: By ICMP packets set security acl ip acl-name {permit [cos cos] | deny} icmp {source-ip-addr mask destination-ip-addr mask} [type icmp-type][code icmp-code] [precedence precedence][tos tos] [before editbuffer-index | modify editbuffe
DWS-1008 CLI Reference Guide Security ACL Commands • 4 or 5 - Video. Packets are queued in DWL-8220AP forwarding queue 2. Use CoS level 4 or 5 for voice over IP (VoIP) packets other than SpectraLink Voice Priority (SVP). • 6 or 7 - Voice. Packets are queued in DWL-8220AP forwarding queue 1. Use 6 or 7 only for VoIP phones that use SVP, not for other types of traffic deny Blocks traffic that matches the conditions in the ACE.
DWS-1008 CLI Reference Guide code icmp-code precedence precedence Security ACL Commands For ICMP messages filtered by type, additionally filters ICMP messages by code. Specify a value from 0 through 255. (For a list of ICMPmessage type and code numbers, see www.iana.org/assignments/icmp-parameters.) Filters packets by precedence level.
DWS-1008 CLI Reference Guide Security ACL Commands You cannot perform ACL functions that include permitting, denying, or marking with a Class of Service (CoS) level on packets with a multicast or broadcast destination address. The order of security ACEs in a security ACL is important. Once an ACL is active, its ACEs are checked according to their order in the ACL. If an ACE criterion is met, its action takes place and any ACEs that follow are ignored.
DWS-1008 CLI Reference Guide Security ACL Commands set security acl map Assigns a committed security ACL to a VLAN, physical port or ports, virtual port, or Distributed AP on the switch. Note: To assign a security ACL to a user or group in the local database, use the command set user attr, set mac-user attr, set usergroup attr, or set mac-usergroup attr with the Filter-Id attribute. To assign a security ACL to a user or group with Filter-Id on a RADIUS server, see the documentation for your RADIUS server.
DWS-1008 CLI Reference Guide Security ACL Commands Examples: The following command maps security ACL acl_133 to port 4 for incoming packets: DWS-1008 set security acl map acl_133 port 4 in success: change accepted. show security acl Displays a summary of security ACLs that are committed - saved in the running configuration and nonvolatile storage - or a summary of ACLs in the edit buffer.
DWS-1008 CLI Reference Guide Security ACL Commands show security acl dscp Displays a table that maps Differentiated Services Code Point (DSCP) values to their equivalent combinations of IP precedence values and IP ToS values. Use the table to look up the values to use with the precedence and tos options in an ACE when you want the ACE to match on their equivalent DSCP value.
DWS-1008 CLI Reference Guide Security ACL Commands Access: Enabled Usage: For MSS to count hits for a security ACL, you must specify hits in the set security acl commands that define ACE rules for the ACL.
DWS-1008 CLI Reference Guide Security ACL Commands set security acl ip acl_123 (hits #5 462) ----------------------------------------------------------------------------------------------------1. permit IP source IP 192.168.1.11 0.0.0.255 destination IP any enable-hits 2. deny IP source IP 192.168.2.11 0.0.0.0 destination IP any set security acl ip acl_134 (hits #3 0) ----------------------------------------------------------------------------------------------------1. permit IP source IP 192.168.0.1 0.0.
DWS-1008 CLI Reference Guide Security ACL Commands show security acl resource-usage Displays statistics about the resources used by security ACL filtering on the switch.
DWS-1008 CLI Reference Guide Security ACL Commands In mapping : True No VLAN or PORT mapping : False No VPORT mapping : True The table below explains the fields in the show security acl resource-usage output.
DWS-1008 CLI Reference Guide Security ACL Commands show security acl resource-usage Output (continued) ----------------------------------------------------------------------------------------------------------------------------Field Description ----------------------------------------------------------------------------------------------------------------------------Leaves in secondary Number of ACL data entries stored in secondary leaf memory.
DWS-1008 CLI Reference Guide Security ACL Commands show security acl resource-usage Output (continued) ----------------------------------------------------------------------------------------------------------------------------Field Description ----------------------------------------------------------------------------------------------------------------------------Root in first Leaf buffer allocation: • True - Enough primary leaf buffers are allocated in nonvolatile memory to accommodate all leaves.
DWS-1008 CLI Reference Guide Cryptography Commands Cryptography Commands Use cryptography commands to configure and manage certificates and public-private key pairs for system authentication. Depending on your network configuration, you must create keys and certificates to authenticate the switch to IEEE 802.1X wireless clients for which the switch performs authentication. crypto ca-certificate Installs a certificate authority’s own PKCS #7 certificate into the DWS-1008 switch certificate and key storage area.
DWS-1008 CLI Reference Guide Cryptography Commands 3. When MSS prompts you for the PEM-formatted certificate, paste the PKCS #7 object file onto the command line. Examples: The following command adds the certificate authority’s certificate to certificate and key storage: DWS-1008# crypto ca-certificate admin Enter PEM-encoded certificate -----BEGIN CERTIFICATE----MIIDwDCCA2qgAwIBAgIQL2jvuu4PO5FAQCyewU3ojANBgkqhkiG9wOBAQUFADCB mzerMClaweVQQTTooewi\wpoer0QWNFNkj90044mbdrl1277SWQ8G7DiwYUtrqoQplKJvx z .....
DWS-1008 CLI Reference Guide Cryptography Commands The switch verifies the validity of the public key associated with this certificate before installing it, to prevent a mismatch between the switch’s private key and the public key in the installed certificate.
DWS-1008 CLI Reference Guide Cryptography Commands crypto generate request Generates a Certificate Signing Request (CSR). This command outputs a PEM-formatted PKCS #10 text string that you can cut and paste to another location for delivery to a certificate authority. This command generates either an administrative CSR for use with an EAP CSR for use with 802.1X clients. Syntax: crypto generate request {eap} eap Generates a request for an EAP certificate to authenticate the switch to 802.
DWS-1008 CLI Reference Guide Defaults: None Cryptography Commands Access: Enabled Usage: To use this command, you must already have generated a public-private encryption key pair with the crypto generate key command. Enter crypto generate request eap and press Enter. When you are prompted, type the identifying values in the fields, or press Enter if the field is optional. You must enter a common name for the switch.
DWS-1008 CLI Reference Guide Cryptography Commands crypto generate self-signed Generates a self-signed certificate for either an administrative certificate for use with an EAP certificate for use with 802.1X wireless users. Syntax: crypto generate self-signed {eap} eap Generates an EAP certificate to authenticate the switch to 802.1X supplicants (clients).
DWS-1008 CLI Reference Guide Cryptography Commands crypto otp Sets a one-time password (OTP) for use with the crypto pkcs12 command. Syntax: crypto otp {eap} one-time-password eap Creates a one-time password for installing a PKCS #12 object file for an EAP certificate and key pair - and optionally the certificate authority’s own certificate - to authenticate the switch to 802.1X supplicants (clients).
DWS-1008 CLI Reference Guide Cryptography Commands crypto pkcs12 Unpacks a PKCS #12 object file into the certificate and key storage area on the switch. This object file contains a public-private key pair, a DWS-1008 switch certificate signed by a certificate authority, and the certificate authority’s certificate.
DWS-1008 CLI Reference Guide Cryptography Commands show crypto ca-certificate Displays information about the certificate authority’s PEM-encoded PKCS #7 certificate. . Syntax: show crypto ca-certificate {eap} eap Displays information about the certificate authority’s certificate that signed the Extensible Authentication Protocol (EAP) certificate for the switch. The EAP certificate authenticates the DWS-1008 switch to 802.1X supplicants (clients).
DWS-1008 CLI Reference Guide Cryptography Commands show crypto certificate Displays information about one of the cryptographic certificates installed on the switch. Syntax: show crypto certificate {eap} eap Displays information about the EAP certificate that authenticates the switch to 802.1X supplicants (clients). Defaults: None Access: Enabled Usage: You must have generated a self-signed certificate or obtained a certificate from a certificate authority before displaying information about the certificate.
DWS-1008 CLI Reference Guide Cryptography Commands show crypto key ssh Displays SSH authentication key information. This command displays the checksum (also called a fingerprint) of the public key. When you connect to the switch with an SSH client, you can compare the SSH key checksum displayed by the switch with the one displayed by the client to verify that you really are connected to the switch and not another device.
DWS-1008 CLI Reference Guide Cryptography Commands Notes D-Link Systems, Inc.
DWS-1008 CLI Reference Guide RADIUS Commands RADIUS Commands Use RADIUS commands to set up communication between an switch and groups of up to four RADIUS servers for remote authentication, authorization, and accounting (AAA) of administrators and network users. This chapter presents RADIUS commands alphabetically. Use the following table to locate commands in this chapter based on their uses. clear radius Resets parameters that were globally configured for RADIUS servers to their default values.
DWS-1008 CLI Reference Guide RADIUS Commands DWS-1008# clear radius retransmit success: change accepted. DWS-1008# clear radius timeout success: change accepted. clear radius client system-ip Removes the switch’s system IP address from use as the permanent source address in RADIUS client requests from the switch to its RADIUS server(s). Syntax: clear radius client system-ip Defaults: None. Access: Enabled.
DWS-1008 CLI Reference Guide RADIUS Commands Syntax: clear radius proxy port all Defaults: None. Access: Enabled. Examples: The following command clears all RADIUS proxy port entries from the switch: DWS-1008# clear radius proxy port all success: change accepted. clear radius server Removes the named RADIUS server from the switch configuration. Syntax: clear radius server server-name server-name Name of a RADIUS server configured to perform remote AAA services for the switch. Defaults: None.
DWS-1008 CLI Reference Guide Examples: RADIUS Commands To remove the server group sg-77 type the following command: DWS-1008# clear server group sg-77 success: change accepted. To disable load balancing in a server group shorebirds, type the following command: DWS-1008# set server group shorebirds load-balance disable success: change accepted. set radius Configures global defaults for RADIUS servers that do not explicitly set these values themselves.
DWS-1008 CLI Reference Guide RADIUS Commands Usage: You can specify only one parameter per command line. Examples: The following commands sets the dead time to 5 minutes, the RADIUS key to goody, the number of retransmissions to 1, and the timeout to 21 seconds on all RADIUS servers connected to the switch: DWS-1008# set radius deadtime 5 success: change accepted. DWS-1008# set radius key goody success: change accepted. DWS-1008# set radius retransmit 1 success: change accepted.
DWS-1008 CLI Reference Guide RADIUS Commands [acct-port acct-udp-port-number] [port udp-port-number] key string address ipaddress IP address of the third-party AP. Enter the address in dotted decimal notation. port udpportnumber UDP port on which the switch listens for RADIUS access-requests from the AP. acct-port acct-udpportnumber UDP port on which the switch listens for RADIUS stop-accounting records from the AP.
DWS-1008 CLI Reference Guide RADIUS Commands Access: Enabled. Usage: AAA for third-party AP users has additional configuration requirements. Enter a separate command for each SSID, and its tag value, you want the switch to support. Examples: The following command maps SSID mycorp to packets received on port 3 or 4, using 802.1Q tag value 104: DWS-1008# set radius proxy port 3-4 tag 104 ssid mycorp success: change accepted. set radius server Configures RADIUS servers and their parameters.
DWS-1008 CLI Reference Guide key string RADIUS Commands Password (shared secret key) the switch uses to authenticate to the RADIUS server. You must provide the same password that is defined on the RADIUS server. The password can be 1 to 32 characters long, with no spaces or tabs. author-password Password used for authorization to a RADIUS password server for users seeking MAC or last-resort network access. Specify a password of up to 32 alphanumeric characters with no spaces or tabs.
DWS-1008 CLI Reference Guide RADIUS Commands set server group Configures a group of one to four RADIUS servers. Syntax: set server group group-name members server-name1 [server-name2] [servername3] [server-name4] group-name members server-name1 server-name2 server-name3 server-name4 Server group name of up to 32 characters, with no spaces or tabs. The names of one or more configured RADIUS servers. You can enter up to four server names. Defaults: None. Access: Enabled.
DWS-1008 CLI Reference Guide RADIUS Commands Defaults: Load balancing is disabled by default. Access: Enabled. Usage: You can optionally enable load balancing after assigning the server group members. If you configure load balancing, MSS sends each AAA request to a separate server, starting with the first one on the list and skipping unresponsive servers. If no server in the group responds, MSS moves to the next method configured with set authentication and set accounting.
DWS-1008 CLI Reference Guide 802.1x Management Commands 802.1X Management Commands Use 802. IEEE X management commands to modify the default settings for IEEE 802.1X sessions on a switch. For best results, change the settings only if you are aware of a problem with the switch’s 802.1X performance. Caution: 802.1X parameter settings are global for all SSIDs configured on the switch. clear dot1x bonded-period Resets the Bonded Auth period to its default value.
DWS-1008 CLI Reference Guide 802.1x Management Commands clear dot1x port-control Resets all wired authentication ports on the switch to default 802.1X authentication. Syntax: clear dot1x port-control Defaults: By default, all wired authentication ports are set to auto and they process authentication requests as determined by the set authentication dot1X command. Access: Enabled. Usage: This command is overridden by the set dot1x authcontrol command.
DWS-1008 CLI Reference Guide Examples: 802.1x Management Commands Type the following command to reset the maximum number of reauthorization attempts to the default: DWS-1008# clear dot1x reauth-max success: change accepted. clear dot1x reauth-period Resets the time period that must elapse before a reauthentication attempt, to the default time period. Syntax: clear dot1x reauth-period Defaults: The default is 3600 seconds (1 hour). Access: Enabled.
DWS-1008 CLI Reference Guide 802.1x Management Commands Syntax: clear dot1x timeout supplicant Defaults: The default for the authentication timeout sessions is 30 seconds. Access: Enabled. Examples: Type the following command to reset the timeout period for an authentication session: DWS-1008# clear dot1x timeout supplicant success: change accepted.
DWS-1008 CLI Reference Guide 802.1x Management Commands Access: Enabled. Usage: This command applies only to wired authentication ports. Examples: To enable per-port 802.1X authentication on wired authentication ports, type the following command: DWS-1008# set dot1x authcontrol enable success: dot1x authcontrol enabled. set dot1x bonded-period Changes the Bonded Auth™ (bonded authentication) period. The Bonded Auth period is the number of seconds MSS allows a Bonded Auth user to reauthenticate.
DWS-1008 CLI Reference Guide 802.1x Management Commands set dot1x key-tx Enables or disables the transmission of encryption key information to the supplicant (client) in EAP over LAN (EAPoL) key messages, after authentication is successful. Syntax: set dot1x key-tx {enable | disable} enable Enables transmission of encryption key information to clients. disable Disables transmission of encryption key information to clients. Defaults: Key transmission is enabled by default. Access: Enabled.
DWS-1008 CLI Reference Guide 802.1x Management Commands set dot1x port-control Determines the 802.1X authentication behavior on individual wired authentication ports or groups of ports. Syntax: set dot1x port-control {forceauth | forceunauth | auto} port-list forceauth Forces the specified wired authentication port(s) to unconditionally authorize all 802.1X authentication attempts, with an EAP success message.
DWS-1008 CLI Reference Guide Examples: 802.1x Management Commands Type the following command to set the quiet period to 90 seconds: DWS-1008# set dot1x quiet-period 90 success: dot1x quiet period set to 90. set dot1x reauth Determines whether the switch allows the reauthentication of supplicants (clients). Syntax: set dot1x reauth {enable | disable} enable Permits reauthentication. disable Denies reauthentication. Defaults: Reauthentication is enabled by default. Access: Enabled.
DWS-1008 CLI Reference Guide 802.1x Management Commands set dot1x reauth-period Sets the number of seconds that must elapse before the switch attempts reauthentication. Syntax: set dot1x reauth-period seconds seconds Specify a value between 60 (1 minute) and 1,641,600 (19 days). Defaults: The default is 3600 seconds (1 hour). Access: Enabled. Usage: You also can use the RADIUS session-timeout attribute to set the reauthentication timeout for a specific client.
DWS-1008 CLI Reference Guide 802.1x Management Commands Syntax: set dot1x timeout supplicant seconds seconds Specify a value between 1 and 65,535. Defaults: The default is 30 seconds. Access: Enabled. Examples: Type the following command to set the number of seconds for authentication session timeout to 300: DWS-1008# set dot1x timeout supplicant 300 success: dot1x supplicant timeout set to 300.
DWS-1008 CLI Reference Guide 802.1x Management Commands Defaults: WEP key rotation is enabled, by default. Access: Enabled. Usage: Reauthentication is not required for WEP key rotation to take place. Broadcast and multicast keys are always rotated at the same time, so all members of a given radio, VLAN, or encryption type receive the new keys at the same time.
DWS-1008 CLI Reference Guide 802.1x Management Commands Defaults: None. Access: Enabled. Examples: Type the following command to display the 802.
DWS-1008 CLI Reference Guide 802.1x Management Commands Type the following command to display 802.1X statistics: DWS-1008# show dot1x stats 802.
DWS-1008 CLI Reference Guide Starts While Authenticating Logoffs While Authenticating Bad Packets Received D-Link Systems, Inc. 802.1x Management Commands Number of times that the switch state wildcard transitions from AUTHENTICATING to ABORTING, as a result of an EAPoL-Start message being received from the Supplicant (client). Number of times that the switch state wildcard transitions from AUTHENTICATING to ABORTING, as a result of an EAPoL-logoff message being received from the Supplicant (client).
DWS-1008 CLI Reference Guide Session Management Commands Session Management Commands Use session management commands to display and clear administrative and network user sessions. clear sessions Clears all administrative sessions, or clears administrative console or Telnet sessions.
DWS-1008 CLI Reference Guide Session Management Commands To clear Telnet client session 0, type the following command: DWS-1008# clear sessions telnet client 0 clear sessions network Clears all network sessions for a specified username or set of usernames, MAC address or set of MAC addresses, virtual LAN (VLAN) or set of VLANs, or session ID.
DWS-1008 CLI Reference Guide Session Management Commands Examples: To clear all sessions for MAC address 00:01:02:03:04:05, type the following command: DWS-1008# clear sessions network mac-addr 00:01:02:03:04:05 To clear session 9, type the following command: DWS-1008# clear sessions network session-id 9 SM Apr 11 19:53:38 DEBUG SM-STATE: localid 9, mac 00:06:25:09:39:5d, flags 0000012fh, to change state to KILLING Localid 9, globalid SESSION-9-893249336 moved from ACTIVE to KILLING (client=00:06:25:09:39:
DWS-1008 CLI Reference Guide Examples: Session Management Commands To view information about sessions of administrative users, type the following command: DWS-1008> show sessions admin Tty Username Time (s) Type ------- -------------------- -------- ---tty0 3644 Console tty2 tech 6 Telnet tty3 sshadmin 381 SSH 3 admin sessions To view information about console users’ sessions, type the following command: DWS-1008> show sessions console Tty Username Time (s) ------- --------------------------console 8573
DWS-1008 CLI Reference Guide Session Management Commands show sessions telnet client Output Field Description Session Session number assigned by MSS when the client session is established. IP address of the remote device. Server Address Server Port Client Port TCP port number of the remote device’s TCP server. TCP port number MSS is using for the client side of the session.
DWS-1008 CLI Reference Guide vlan vlan-glob session-id localsession-id wired verbose Session Management Commands Displays all network sessions on a single VLAN or a set of VLANs. Specify a VLAN name, use the double-asterisk wildcard character (**) to specify all VLAN names, or use the single-asterisk wildcard character (*) to specify a set of VLAN names up to or following the first delimiter character, either an at sign (@) or a period (.). (For details, see “VLAN Globs” on page 10.
DWS-1008 CLI Reference Guide Session Management Commands The following command displays summary information about the sessions for MAC address 00:05:5d:7e:98:1a: DWS-1008> show sessions network mac-addr 00:05:5d:7e:98:1a User Sess IP or MAC VLAN Port/ Name ID Address Name Radio ------------------------------------------------------------------------------------------EXAMPLE\Havel 13* 10.10.10.
DWS-1008 CLI Reference Guide Session Management Commands (Additional show sessions network verbose Ou describes the additional fields of the verbose output of show sessions network commands.) The following command displays information about network session 27: DWS-1008> show sessions network session-id 27 Global Id: SESS-27-000430-835586-58dfe5a State: ACTIVE Port/Radio: 3/1 MAC Address: 00:00:2d:6f:44:77 User Name: EXAMPLE Natasha IP Address: 10.10.40.
DWS-1008 CLI Reference Guide Session Management Commands Additional show sessions network verbose Output Field Description Client MAC MAC address of the session user. GID Global session ID, a unique session number. State Status of the session: • AUTH, ASSOC REQ—Client is being associated by the 802.1X protocol. • AUTH AND ASSOC—Client is being associated by the 802.1X protocol, and the user is being authenticated. • AUTHORIZING—User has been authenticated (for example, by the 802.
DWS-1008 CLI Reference Guide Session Management Commands State Status of the session: • AUTH, ASSOC REQ—Client is being associated by the 802.1X protocol. • AUTH AND ASSOC—Client is being associated by the 802.1X protocol, and the user is being authenticated. • AUTHORIZING—User has been authenticated (for example, by the 802.1X protocol and an AAA method), and is entering AAA authorization. • AUTHORIZED—User has been authorized by an AAA method.
DWS-1008 CLI Reference Guide Unicast bytes in Unicast packets out Unicast bytes out Multicast packets in Multicast bytes in Number of packets with encryption errors Number of bytes with encryption errors Last packet data rate Last packet signal strength Last packet data S/N ratio D-Link Systems, Inc. Session Management Commands Total number of unicast bytes received from the user by the switch (64-bit counter). Total number of unicast packets sent by the switch to the user (64-bit counter).
DWS-1008 CLI Reference Guide RF Detection Commands RF Detection Commands MSS automatically performs RF detection scans on enabled and disabled radios to detect rogue access points. A rogue access point is a BSSID (MAC address associated with an SSID) that does not belong to a D-Link device . MSS can issue countermeasures against rogue devices to prevent clients from being able to use them. You can configure RF detection parameters on individual switches.
DWS-1008 CLI Reference Guide RF Detection Commands clear rfdetect ignore Removes a device from the ignore list for RF scans. MSS does not generate log messages or traps for the devices in the ignore list. Syntax: clear rfdetect ignore mac-addr mac-addr Basic service set identifier (BSSID), which is a MAC address, of the device to remove from the ignore list. Defaults: None. Access: Enabled.
DWS-1008 CLI Reference Guide Examples: RF Detection Commands The following command removes client OUI aa:bb:cc:00:00:00 from the permitted vendor list: DWS-1008# clear rfdetect vendor-list client aa:bb:cc:00:00:00 success: aa:bb:cc:00:00:00 is no longer in client vendor-list. set rfdetect attack-list Adds an entry to the attack list. The attack list specifies the MAC address of devices that MSS should issue countermeasures against whenever the devices are detected on the network.
DWS-1008 CLI Reference Guide RF Detection Commands set rfdetect ignore Configures a list of known devices to ignore during an RF scan. MSS does not generate log messages or traps for the devices in the ignore list. Syntax: set rfdetect ignore mac-addr mac-addr BSSID (MAC address) of the device to ignore. Defaults: MSS reports all non-D-Link BSSIDs detected during an RF scan. Access: Enabled.
DWS-1008 CLI Reference Guide RF Detection Commands set rfdetect signature Enables AP signatures. An AP signature is a set of bits in a management frame sent by an AP that identifies that AP to MSS. If someone attempts to spoof management packets from a D-link AP, MSS can detect the spoof attempt. Syntax: set rfdetect signature {enable | disable} enable disable Enables AP signatures. Disables AP signatures. Defaults: AP signatures are disabled by default. Access: Enabled.
DWS-1008 CLI Reference Guide RF Detection Commands AP or client vendors that are allowed on the network. MSS does not list a device as a rogue or interfering device if the device’s OUI is in the permitted vendor list. Syntax: set rfdetect vendor-list {client | ap} mac-addr client | ap mac-addr | all Specifies whether the entry is for an AP brand or a client brand. Organizationally Unique Identifier (OUI) to remove. Defaults: The permitted vendor list is empty by default and all vendors are allowed.
DWS-1008 CLI Reference Guide Total number of entries: 1 Blacklist MAC Type ------------------------ --------------------11:22:33:44:55:66 configured 11:23:34:45:56:67 assoc req flood RF Detection Commands Port -----3 TTL ----25 show rfdetect clients Displays the wireless clients detected by a switch. Syntax: show rfdetect clients [mac mac-addr] mac mac-addr Displays detailed information for a specific client. Defaults: None. Access: Enabled.
DWS-1008 CLI Reference Guide RF Detection Commands show rfdetect clients Output Field Client MAC Client Vendor AP MAC AP Vendor Port/Radio/Channel NoL Type Last seen Description MAC address of the client. Company that manufactures or sells the client. MAC address of the radio with which the rogue client is associated. Company that manufactures or sells the AP with which the rogue client is associated. Port number, radio number, and channel number of the radio that detected the rogue.
DWS-1008 CLI Reference Guide Typ Dst Last Rogue Status Check RF Detection Commands Classification of the rogue device: • rogue - Wireless device that is on the network but is not supposed to be on the network. • intfr - Wireless device that is not part of your network and is not a rogue, but might be causing RF interference with AP radios. • known - Device that is a legitimate member of the network. MAC addressed to which the last 802.11 packet detected from the client was addressed.
DWS-1008 CLI Reference Guide 802.11 reassociation flood 802.
DWS-1008 CLI Reference Guide RF Detection Commands show rfdetect data Output Field BSSID Description MAC address of the SSID used by the detected device. Vendor Company that manufactures or sells the rogue device. Type Classification of the rogue device: • rogue - Wireless device that is not supposed to be on the network. The device has an entry in a switch’s FDB and is therefore on the network. • intfr - Wireless device that is not part of your network but is not a rogue.
DWS-1008 CLI Reference Guide RF Detection Commands Examples: The following example displays the list of ignored devices: DWS-1008# show rfdetect ignore Total number of entries: 2 Ignore MAC ----------------aa:bb:cc:11:22:33 aa:bb:cc:44:55:66 show rfdetect SSID The lines in this display are compiled from data from multiple listeners (AP radios). If an item has the value unresolved, not all listeners agree on the value for that item.
DWS-1008 CLI Reference Guide RF Detection Commands show rfdetect vendor-list Displays the entries in the permitted vendor list. Syntax: show rfdetect vendor-list Defaults: None. Access: Enabled. Examples: The following example shows the permitted vendor list on switch: DWS-1008# show rfdetect vendor-list Total number of entries: 1 OUI Type ---------------------aa:bb:cc:00:00:00 client 11:22:33:00:00:00 ap show rfdetect visible Displays the BSSIDs discovered by a specific D-Link radio.
DWS-1008 CLI Reference Guide RF Detection Commands Usage: If a D-Link radio is supporting more than one SSID, each of the corresponding BSSIDs is listed separately.
DWS-1008 CLI Reference Guide Flags SSID D-Link Systems, Inc. RF Detection Commands Classification and encryption information for the rogue: • The i, a, or u flag indicates the classification. • The other flags indicate the encryption used by the rogue. For flag definitions, see the key in the command output. SSID used by the detected device.
DWS-1008 CLI Reference Guide File Management Commands File Management Commands Use file management commands to manage system files and to display software and boot information. backup Creates an archive of switch system files and optionally, user file, in Unix tape archive (tar) format. Syntax: backup system [tftp:/ip-addr/]filename [all | critical] [tftp:/ip-addr/]filename Name of the archive file to create. You can store the file locally in the switch’s nonvolatile storage or on a TFTP server.
DWS-1008 CLI Reference Guide File Management Commands The backup command places the boot configuration file into the archive. (The boot configuration file is the Configured boot configuration in the show boot command’s output.) If the running configuration contains changes that have not been saved, these changes are not in the boot configuration file and are not archived.
DWS-1008 CLI Reference Guide Syntax: File Management Commands copy source-url destination-url source-url Name and location of the file to copy. The uniform resource locator (URL) can be one of the following: • [subdirname/]filename • file:[subdirname/]filename • tftp://ip-addr/[subdirname/]filename • tmp:filename For the filename, specify between 1 and 128 alphanumeric characters, with no spaces. Enter the IP address in dotted decimal notation. The subdirname/ option specifies a subdirectory.
DWS-1008 CLI Reference Guide File Management Commands Examples: The following command copies a file called floor from nonvolatile storage to a TFTP server: DWS-1008# copy floormx tftp://10.1.1.1/floor success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] The following command copies a file called closet from a TFTP server to nonvolatile storage: DWS-1008# copy tftp://10.1.1.1/closet closet success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec] The following command copies system image 020101.
DWS-1008 CLI Reference Guide File Management Commands DWS-1008# copy testconfig tftp://10.1.1.1/testconfig success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] DWS-1008# delete testconfig success: file deleted. Examples: The following command deletes file dang_doc from subdirectory dang: DWS-1008# delete dang/dang_doc success: file deleted. dir Displays a list of the files in nonvolatile storage and temporary files. Syntax: dir [subdirname] subdirname Subdirectory name.
DWS-1008 CLI Reference Guide File Management Commands The following command displays the files in the old subdirectory: DWS-1008# dir old ============================================================= file: Filename Size Created file:configuration.txt 3541 bytes Sep 22 2003, 22:55:44 file:configuration.xml 24 KB Sep 22 2003, 22:55:44 Total: 27 Kbytes used, 207824 Kbytes free The table below describes the fields in the dir output. Output for dir Field Description Filename Filename or subdirectory name.
DWS-1008 CLI Reference Guide File Management Commands Defaults: If you do not specify a filename, MSS uses the same configuration filename that was used for the previous configuration load. For example, if the switch used configuration for the most recent configuration load, MSS uses configuration again unless you specify a different filename. To display the filename of the configuration file MSS loaded during the last reboot, use the show boot command. Access: Enabled.
DWS-1008 CLI Reference Guide File Management Commands DWS-1008# dir ============================================================= file: Filename Size Created file:configuration 17 KB May 21 2004, 18:20:53 file:configuration.
DWS-1008 CLI Reference Guide File Management Commands DWS-1008# reset system This will reset the entire system. Are you sure (y/n)y The following commands attempt to restart a switch with a running configuration that has unsaved changes, and then force the switch to restart: DWS-1008# reset system error: Cannot reset, due to unsaved configuration changes. Use “reset system force” to override. DWS-1008# reset system force ...... rebooting ......
DWS-1008 CLI Reference Guide File Management Commands Usage: The backup command stores the MAC address of the switch in the archive. By default, the restore command works only if the MAC address in the archive matches the MAC address of the switch where the restore command is entered. The force option overrides this restriction and allows you to unpack one switch’s archive onto another switch.
DWS-1008 CLI Reference Guide File Management Commands Defaults: By default, MSS saves the running configuration as the configuration filename used during the last reboot. Access: Enabled. Usage: If you do not specify a filename, MSS replaces the configuration file loaded during the most recent reboot. To display the filename of the configuration file MSS loaded during the most recent reboot, use the show boot command. The command completely replaces the specified configuration file with the running configuration.
DWS-1008 CLI Reference Guide File Management Commands set boot partition Specifies the boot partition in which to look for the system image file following the next system reset, software reload, or power cycle. Syntax: set boot partition {boot0 | boot1} boot0 boot1 Boot partition 0. Boot partition 1. Defaults: By default, a switch uses the same boot partition for the next software reload that was used to boot the currently running image. Access: Enabled.
DWS-1008 CLI Reference Guide File Management Commands The table below describes the fields in the show boot output. Output for show boot Field Description Configured boot image Boot partition and image filename MSS will use to boot next time the software is rebooted. Configured boot Configuration filename MSS will use to boot configuration next time the software is rebooted. Booted version Software version the switch is running.
DWS-1008 CLI Reference Guide area area all File Management Commands Configuration area. You can specify one of the following: • aaa • acls • ap • arp • eapol • httpd • ip • ip-config • log • ntp • portconfig • portgroup • radio-profile • rfdetect • service-profile • sm • snmp • snoop • spantree • system • trace • vlan • vlan-fdb If you do not specify a configuration area, nondefault information for all areas is displayed. Includes configuration items that are set to their default values. Defaults: None.
DWS-1008 CLI Reference Guide File Management Commands Examples: The following command shows configuration information for VLANs: DWS-1008# show config area vlan # Configuration nvgen’d at 2004-5-21 19:36:48 # Image 3.0.0 # Model DWS-1008 # Last change occurred at 2004-5-21 18:20:50 set vlan 1 port 1 show version Displays software and hardware version information for a switch and, optionally, for any attached access points.
DWS-1008 CLI Reference Guide File Management Commands The following command displays additional software build information and DWL-8220AP access point information: DWS-1008# show version details Mobility System Software, Version: 3.0.0 Copyright (c) 2003,2004 by D-Link Systems, Inc Build Information: (build#75) TOP 2004-06-30 07:25:00 Model: DWS-1008 Hardware Mainboard: version 0 ; FPGA version 0 PoE board: version 1 ; FPGA version 6 Serial number 0321300013 Flash: 3.0.0.375 - md0a Kernel: 3.0.
DWS-1008 CLI Reference Guide Port/DAP AP Model Serial # Versions D-Link Systems, Inc. File Management Commands Port number connected to a DWL-8220AP access point. AP model number. AP serial number. AP hardware, firmware, and software versions.
DWS-1008 CLI Reference Guide Trace Commands Trace Commands Use trace commands to perform diagnostic routines. While MSS allows you to run many types of traces, this chapter describes commands for those traces you are most likely to use. For a complete listing of the types of traces MSS allows, type the set trace ? command. clear log trace Deletes the log messages stored in the trace buffer. Syntax: clear log trace Defaults: None. Access: Enabled.
DWS-1008 CLI Reference Guide Trace Commands To clear the session manager trace, type the following command: DWS-1008# clear trace sm success: clear trace sm save trace Saves the accumulated trace data for enabled traces to a file in the switch’s nonvolatile storage. Syntax: save trace filename filename Name for the trace file. To save the file in a subdirectory, specify the subdirectory name, then a slash. For example: traces/trace1 Defaults: None. Access: Enabled.
DWS-1008 CLI Reference Guide Trace Commands Defaults: The default trace level is 5. Access: Enabled. Examples: The following command starts a trace for information about user jose’s authentication: DWS-1008# set trace authentication user jose success: change accepted. set trace authorization Traces authorization information.
DWS-1008 CLI Reference Guide Trace Commands set trace dot1x Traces 802.1X sessions. Syntax: set trace dot1x [mac-addr mac-address] [port port-num] [user username] [level level] mac-addr macaddress port port-num user username level level Traces a MAC address. Specify a MAC address, using colons to separate the octets (for example, 00:11:22:aa:bb:cc). Traces a port number. Specify a switch port number between 1 and 8. Traces a user. Specify a username of up to 80 alphanumeric characters with no spaces.
DWS-1008 CLI Reference Guide port port-num Trace Commands Traces a port number. Specify a switch port number between 1 and 8. Traces a user. Specify a username of up to 80 alphanumeric characters, with no spaces. Determines the quantity of information included in the output. You can set the level with an integer from 1 to 10, where level 10 provides the most information. Levels 1 through 5 provide user-readable information. If you do not specify a level, level 5 is the default.
DWS-1008 CLI Reference Guide Snoop Commands Snoop Commands Use snoop commands to monitor wireless traffic, by using a Distributed AP as a sniffing device. The AP copies the sniffed 802.11 packets and sends the copies to an observer, which is typically a protocol analyzer such as Ethereal or Tethereal. clear snoop Deletes a snoop filter. Syntax: clear snoop filter-name filter-name Name of the snoop filter. Defaults: None. Access: Enabled.
DWS-1008 CLI Reference Guide Snoop Commands set snoop Configures a snoop filter. Syntax: set snoop filter-name [condition-list] [observer ip-addr] [snap-length num] filter-name Name for the filter. The name can be up to 32 alphanumeric characters, with no spaces. condition-list Match criteria for packets. Conditions in the list are ANDed. Therefore, to be copied and sent to an observer, a packet must match all criteria in the condition-list.
DWS-1008 CLI Reference Guide Snoop Commands Usage: Traffic that matches a snoop filter is copied after it is decrypted. The decrypted (clear) version is sent to the observer. For best results: • Do not specify an observer that is associated with the AP where the snoop filter is running. This configuration causes an endless cycle of snoop traffic.
DWS-1008 CLI Reference Guide Snoop Commands Access: Enabled. Usage: You can map the same filter to more than one radio. You can map up to eight filters to the same radio. If more than one filter has the same observer, the AP sends only one copy of a packet that matches a filter to the observer. After the first match, the AP sends the packet and stops comparing the packet against other filters for the same observer.
DWS-1008 CLI Reference Guide Snoop Commands show snoop Displays the AP radio mapping for all snoop filters. Syntax: show snoop Defaults: None. Access: Enabled. Usage: To display the mappings for a specific AP radio, use the show snoop map command. Examples: The following command shows the AP radio mappings for all snoop filters configured on a switch: DWS-1008# show snoop Dap: 3 Radio: 2 snoop1 snoop2 Dap: 2 Radio: 2 snoop2 show snoop info Shows the configured snoop filters.
DWS-1008 CLI Reference Guide Snoop Commands show snoop map Shows the AP radios that are mapped to a specific snoop filter. Syntax: show snoop map filter-name filter-name Name of the snoop filter. Defaults: None. Access: Enabled. Usage: To display the mappings for all snoop filters, use the show snoop command.
DWS-1008 CLI Reference Guide Snoop Commands The table below describes the fields in this display. Field Description Filter Dap Name of the snoop filter. Distributed AP containing the radio to which the filter is mapped. Radio Rx Match Radio to which the filter is mapped. Number of packets received by the radio that match the filter. Tx Match Number of packets sent by the radio that match the filter.
DWS-1008 CLI Reference Guide System Log Commands System Log Commands Use the system log commands to record information for monitoring and troubleshooting. MSS system logs are based on RFC 3164, which defines the log protocol. clear log Clears the log messages stored in the log buffer, or removes the configuration for a syslog server and stops sending log messages to that server. Syntax: clear log [buffer | server ip-addr] buffer server ip-addr Deletes the log messages stored in nonvolatile storage.
DWS-1008 CLI Reference Guide System Log Commands Syntax: set log {buffer | console | current | server ip-addr | sessions | trace} [severity severity-level] [enable | disable] set log server ip-addr [severity severity-level [local-facility facility-level]] [enable | disable] buffer Sets log parameters for the log buffer in nonvolatile storage. console current Sets log parameters for console sessions. Sets log parameters for the current Telnet or console session.
DWS-1008 CLI Reference Guide System Log Commands local-facility facility-level For messages sent to a syslog server, maps all messages of the severity you specify to one of the standard local log facilities defined in RFC 3164. You can specify one of the following values: • 0 - maps all messages to local0. • 1 - maps all messages to local1. • 2 - maps all messages to local2. • 3 - maps all messages to local3. • 4 - maps all messages to local4. • 5 - maps all messages to local5.
DWS-1008 CLI Reference Guide System Log Commands Syntax: set log trace mbytes count count Size of the trace buffer, in megabytes (MB). You can specify from 1 through 50. Defaults: The default trace buffer size is 1 MB. Access: Enabled. Examples: The following command increases the trace buffer size to 4 MB: DWS-1008# set log trace mbytes 4 success: change accepted. show log buffer Displays system information stored in the nonvolatile log buffer or the trace buffer.
DWS-1008 CLI Reference Guide severity severitylevel System Log Commands Displays messages at a severity level greater than or equal to the level specified. Specify one of the following: • emergency - The switch is unusable. • alert - Action must be taken immediately. • critical - You must resolve the critical conditions. If the conditions are not resolved, the switch can reboot or shut down. • error - The switch is missing data or is unable to form a connection. • warning - A possible problem exists.
DWS-1008 CLI Reference Guide System Log Commands show log config Displays log configuration information. Syntax: show log config Defaults: None. Access: Enabled.
DWS-1008 CLI Reference Guide System Log Commands +|-|/number-ofmessages Displays the number of messages specified as follows: • A positive number (for example, +100), displays that number of log entries starting from the oldest in the log. • A negative number (for example, -100) displays that number of log entries starting from newest in the log. • A number preceded by a slash (for example, /100) displays that number of the most recent log entries in the log, starting with the least recent.
DWS-1008 CLI Reference Guide System Log Commands Examples: Type the following command to see the facilities for which you can view event messages archived in the buffer: DWS-1008# show log trace facility ? Select one of: KERNEL, AAA, SYSLOGD, ACL, APM, ARP, ASO, BOOT, CLI, CLUSTER, COPP, CRYPTO, DOT1X, ENCAP, ETHERNET, GATEWAY, HTTPD, IGMP, IP, MISC, NOSE, NP, RAND, RESOLV, RIB, ROAM, ROGUE, SM, SNMPD, SPAN, STORE, SYS, TAGMGR, TBRIDGE, TCPSSL, TELNET, TFTP, TLS, TUNNEL, VLAN, X509, XML, A
DWS-1008 CLI Reference Guide Boot Prompt Commands Boot Prompt Commands Boot prompt commands enable you to perform basic tasks, including booting a system image file, from the boot prompt (boot>). A CLI session enters the boot prompt if MSS does not boot successfully or you intentionally interrupt the boot process. To interrupt the boot process, press q followed by Enter (return). Caution: Generally, boot prompt commands are used only for troubleshooting.
DWS-1008 CLI Reference Guide Boot Prompt Commands Syntax: boot [BT=type] [DEV=device] [FN=filename] [HA=ip-addr] [FL=num] [OPT=option] [OPT+=option] BT=type Boot type: • c - Compact flash. Boots using nonvolatile storage or a flash card. • n - Network. Boots using a TFTP server.
DWS-1008 CLI Reference Guide Boot Prompt Commands Examples: The following command loads system image file 010101.020 from boot partition 1: boot> boot FN=010101.020 DEV=boot1 Compact Flash load from boot1:testcfg matches 010101.020. unzip: Inflating ramdisk_1.1.1.. OK unzip file len 36085486 OK Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 The NetBSD Foundation, Inc. All rights reserved. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California.
DWS-1008 CLI Reference Guide Boot Prompt Commands Examples: The following command enters the configuration mode for the currently active boot profile, changes the device to boot1, and leaves the other parameters with their current settings: boot> change Changing the default configuration is not recommended. Are you sure that you want to proceed? (y/n) BOOT TYPE: [c] DEVICE: [boot0:]boot1 FILENAME: [default] FLAGS: [0x00000000] OPTIONS: [run=nos;boot=0] create Creates a new boot profile.
DWS-1008 CLI Reference Guide Boot Prompt Commands delete Removes the currently active boot profile. Syntax: delete Defaults: None. Access: Boot prompt. Usage: When you type the delete command, the next-lower numbered boot profile becomes the active profile. For example, if the currently active profile is number 3, profile number 2 becomes active after you type delete to delete profile 3. You cannot delete boot profile 0.
DWS-1008 CLI Reference Guide Boot Prompt Commands Syntax: dir [c: | d: | e: | f: | boot0 | boot1] c: Nonvolatile storage area containing boot partition 0 (primary). Nonvolatile storage area containing boot partition 1 (secondary). Primary partition of the flash card in the flash card slot. Secondary partition of the flash card in the flash card slot. Boot partition 0. Boot partition 1. d: e: f: boot0 boot1 Defaults: None. Access: Boot prompt.
DWS-1008 CLI Reference Guide f: boot0: boot1: [filename] Boot Prompt Commands Secondary partition of the flash card in the flash card slot. Boot partition 0. Boot partition 1. System image filename. Defaults: None. Access: Boot prompt. Usage: To display the image filenames, use the dir command. This command does not list the boot code versions. To display the boot code versions, use the version command.
DWS-1008 CLI Reference Guide Boot Prompt Commands ls Displays a list of the boot prompt commands. Syntax: ls Defaults: None. Access: Boot prompt. Usage: To display help for an individual command, type help followed by the command name (for example, help boot). Examples: To display a list of the commands available at the boot prompt, type the following command: boot> ls ls help autoboot boot change create delete next show dir fver version reset test diag Display a list of all commands and descriptions.
DWS-1008 CLI Reference Guide Boot Prompt Commands Examples: To activate the boot profile in the next slot and display the profile, type the following command: boot> next BOOT Index: BOOT TYPE: DEVICE: FILENAME: FLAGS: OPTIONS: 0 c boot1: testcfg 00000000 run=nos;boot=0 reset Resets the switch’s hardware. Syntax: reset Defaults: None. Access: Boot prompt. Usage: After resetting the hardware, the reset command attempts to load a system image file only if other boot settings are configured to do so.
DWS-1008 CLI Reference Guide Boot Prompt Commands show Displays the currently active boot profile. A boot profile is a set of parameters that a switch uses to control the boot process. Each boot profile contains the following parameters: • Boot type - Either compact flash (local device on the switch) or network (TFTP) • Boot device - Location of the system image file • Filename - System image file • Flags - Number representing the bit settings of boot flags to pass to the booted system image.
DWS-1008 CLI Reference Guide Boot Prompt Commands Output for show Field Description BOOT Index Boot profile slot, which can be a number from 0 to 3. Boot type: • c - Compact flash. Boots using nonvolatile storage or a flash card. • n - Network. Boots using a TFTP server.
DWS-1008 CLI Reference Guide Boot Prompt Commands Examples: The following command displays the current setting of the poweron test flag: boot> test The diagnostic execution flag is not set. version Displays version information for a switch’s hardware and boot code. Syntax: version Defaults: None. Access: Boot prompt. Usage: This command does not list the system image file versions installed in the boot partitions. To display system image file versions, use the dir or fver command.
Warranty DWS-1008 CLI Reference Guide Warranty Subject to the terms and conditions set forth herein, D-Link Systems, Inc. (“D-Link”) provides this Limited warranty for its product only to the person or entity that originally purchased the product from: • D-Link or its authorized reseller or distributor and • Products purchased and delivered within the fifty states of the United States, the District of Columbia, U.S. Possessions or Protectorates, U.S. Military Installations, addresses with an APO or FPO.
DWS-1008 CLI Reference Guide Warranty Except as otherwise agreed by D-Link in writing, the replacement Software is provided only to the original licensee, and is subject to the terms and conditions of the license granted by D-Link for the Software. Software will be warranted for the remainder of the original Warranty Period from the date or original retail purchase.
DWS-1008 CLI Reference Guide Warranty D-Link may reject or return any product that is not packaged and shipped in strict compliance with the foregoing requirements, or for which an RMA number is not visible from the outside of the package. The product owner agrees to pay D-Link’s reasonable handling and return shipping charges for any product that is not packaged and shipped in accordance with the foregoing requirements, or that is determined by D-Link not to be defective or non-conforming.
DWS-1008 CLI Reference Guide Warranty Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLE UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT, INCONVENIENCE OR DAMAGES OF ANY CHARACTER, WHETHER DIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOSS OF REVENUE OR PROFIT, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, FAILURE OF OTHER EQUIPMENT OR COM
DWS-1008 CLI Reference Guide Warranty FCC Statement: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communication.
Registration DWS-1008 CLI Reference Guide Registration Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights. Revised: April 4, 2006 Version 1.1 D-Link Systems, Inc.
