D-Link dws-1008 manual

[...]

D-Link DWS-1008 CLI Manual i T able of Contents Introducing the D-Link Mobility System .........................................................................................1 D-Link Mobility System .................................................................................................................1 Using the Command-Line Interface .[...]

D-Link DWS-1008 CLI Manual ii IGMP Snooping Commands ........................................................................................................ 450 Security A CL Commands.............................................................................................................469 T race Commands .....................................[...]

D-Link DWS-1008 CLI Manual 1 The D-Link Mobility System is an enter prise-class WLAN solution that seamlessly integrates with an e xisting wired enter pr ise network. The D-Link system pro vides secure connectivity to both wireless and wired users in large environments such as office buildings , hospitals, and univ ersity campuses and in small env[...]

D-Link DWS-1008 CLI Manual 2 T ext and Syntax: Conventions This CLI manual uses the f ollo wing te xt and syntax conv entions: Con vention Use Monospace T ext Sets off command syntax or sample commands and system responses. Bold T e xt Highlights commands that you enter or items you select. Italic T ext Designates command variables that you replace[...]

D-Link DWS-1008 CLI Manual 3 CLI Conventions Be aw are of the f ollowing MSS CLI con v entions f or command entr y: • “Command Prompts” on page 3 • “Syntax: Notation” on page 4 • “T e xt Entr y Conv entions and Allowed Characters” on page 4 • “User Globs, MA C Address Globs, and VLAN Globs” on page 6 • “P or t Lists” o[...]

D-Link DWS-1008 CLI Manual 4 The MSS CLI uses standard syntax notation: • Bold monospace f ont identifies the command and ke ywords y ou must type . F or e xample: set enable pass • Italic monospace f ont indicates a placeholder for a value . For e xample, you replace vlan-id in the f ollowing command with a vir tual LAN (VLAN) ID: clear inter[...]

D-Link DWS-1008 CLI Manual 5 MAC Address Notation MSS displays MA C addresses in he xadecimal numbers with a colon (:) delimiter between bytes—f or e xample, 00:01:02:1a:00:01. Y ou can enter MA C addresses with either h yphen (-) or colon (:) delimiters , but colons are pref erred. F or shor tcuts: • Y ou can e xclude leading zeros when typing[...]

D-Link DWS-1008 CLI Manual 6 Name “globbing” is a wa y of using a wildcard patter n to e xpand a single element into a list of elements that match the patter n. MSS accepts user globs, MAC address globs, and VLAN globs. The order in which globs appear in the configuration is impor tant, because once a glob is matched, processing stops on the l[...]

D-Link DWS-1008 CLI Manual 7 MAC Address Globs A media access control (MAC) address glob is a similar method for matching some authentication, authorization, and accounting (AAA) and f orwarding database (FDB) commands to one or more 6-b yte MA C addresses. In a MAC address glob , you can use a single aster isk (*) as a wildcard to match all MA C a[...]

D-Link DWS-1008 CLI Manual 8 Port Lists The ph ysical Ether net por ts on a s witch can be set f or connection to access points, authenticated wired users, or the network backbone . Y ou can include a single por t or multiple por ts in one MSS CLI command by using the appropriate list f ormat. The por ts on a switch are numbered 1 through 8. No por[...]

D-Link DWS-1008 CLI Manual 9 Command-Line Editing MSS editing functions are similar to those of many other netw ork operating systems. Keyboard Shortcuts The f ollowing k e yboard shor tcuts are av ailable f or enter ing and editing CLI commands: Ke yboard Shortcut(s) Function Ctrl+A Jumps to the first char acter of the command line. Ctrl+B or Lef[...]

D-Link DWS-1008 CLI Manual 10 Single-Asterisk (*) Wildcard Character Y ou can use the single-aster isk (*) wildcard character in globbing. F or details, see “User Globs, MAC Address Globs, and VLAN Globs” on page 7. Double-Asterisk (**) Wildcard Characters The double-asterisk (**) wildcard character matches all user names. For details, see “U[...]

D-Link DWS-1008 CLI Manual 11 Understanding Command Descriptions Each command description in the D-Link Command Reference contains the f ollowing elements: • A command name, which sho ws the k eyw ords b ut not the variab les. F or e xample , the f ollowing command name appears at the top of a command description and in the index: set { ap | dap [...]

D-Link DWS-1008 CLI Manual 12 Access Commands Use access commands to control access to the Mobility Software System (MSS) (CLI). This chapter presents access commands alphabetically . Use the f ollowing table to locate commands in this chapter based on their use. enable Places the CLI session in enabled mode, which provides access to all commands r[...]

D-Link DWS-1008 CLI Manual 13 quit Exit from the CLI session. Syntax: quit Defaults: None. Access: All. Examples: T o end the administrator’ s session, type the follo wing command: DWS-1008> quit set enablepass Sets the passw ord that provides enab led access (f or configuration and monitoring) to the s witch. Syntax: set enablepass Defaults:[...]

D-Link DWS-1008 CLI Manual 14 System Ser vices Commands Use system ser vices commands to configure and monitor system information f or a D WS-1008 s witch. This chapter presents system ser vices commands alphabetically . Use the follo wing table to located commands in this chapter based on their use. quickstart on page 18 set auto-config on page [...]

D-Link DWS-1008 CLI Manual 15 c lear banner motd Syntax: clear banner motd Defaults: None. Access: Enabled. Examples: T o clear a banner , type the f ollo wing command: DWS-1008> clear banner motd success: change accepted Note: As an alter native to clear ing the banner , you can overwrite the existing banner with an empty banner by typing the f[...]

D-Link DWS-1008 CLI Manual 16 c lear system Clears the system configuration of the specified inf ormation. Syntax: clear system [contact | countrycode | idle-timeout | ip-address | location | name] contact countrycode idle-timeout ip-address location name Defaults: None. Access: All. Examples: T o clear the location of the switch, type the f ollo[...]

D-Link DWS-1008 CLI Manual 17 help Syntax: clear history Defaults: None. Access: All. Examples: Use this command to see a list of av ailable commands. If y ou hav e restricted access, y ou see f e wer commands than if you ha ve enab led access. T o displa y a list of CLI commands av ailable at the enabled access lev el, type the f ollowing command [...]

D-Link DWS-1008 CLI Manual 18 history Syntax: clear history Defaults: None. Access: All. Examples: T o show the histor y of y our session, type the f ollowing command: D WS-1008# history quic kstar t Runs a script that interactively helps y ou configure a ne w s witch. Caution! The quickstart command is f or configuration of a new s witch only . [...]

D-Link DWS-1008 CLI Manual 19 set banner motd Configures the banner string that is display ed bef ore the beginning of each login prompt f or each CLI session on the D WS-1008 s witch. Syntax: set banner motd ^te xt^ Defaults: None. Access: Enabled. Usage: T ype a caret (^), then the message, then another caret. Do not use the f ollowing char acte[...]

D-Link DWS-1008 CLI Manual 20 set confirm Enables or disab les the displa y of confirmation messages for commands that might hav e a large impact on the networ k. Syntax: set confirm {on | off} on Enables confirmation messages. off Disables confirmation messages. Defaults: Configuration messages are enab led. Access: Enabled. Usage: This comm[...]

D-Link DWS-1008 CLI Manual 21 Usage: Use this command if the output of a CLI command is greater than the number of lines allo wed b y def ault f or a ter minal type. Examples: T o set the number of lines displa yed to 100, type the f ollowing command: DWS-1008# set length 100 success: screen length for this session set to 100 set license Installs a[...]

D-Link DWS-1008 CLI Manual 22 set pr ompt Changes the CLI prompt f or the D WS-1008 s witch to a string you specify . Syntax: set pr ompt string string Defaults: The factory default f or the D WS s witch prompt is D WS-mm-nnnnnn, where mm is the model number and nnnnnn is the last 6 digits of the 12-digit system MA C address. Access: Enabled. Usage[...]

D-Link DWS-1008 CLI Manual 23 set system contact Stores a contact name f or the D WS-1008 s witch. Syntax: set system contact string string Defaults: None. Access: Enabled. T o view the system contact string, type the show system command. Examples: The follo wing command sets the system contact inf or mation to tamara@e xample .com : DWS-1008# set [...]

D-Link DWS-1008 CLI Manual 24[...]

D-Link DWS-1008 CLI Manual 25 Defaults: None. Access: Enabled. Usage: Y ou must set the system county code to a valid v alue before using any set ap commands to configure an access point. Examples: T o set the countr y code to Canada, type the follo wing command: DWS-1008# set system country code CA success: change accepted. See Also: • show con[...]

D-Link DWS-1008 CLI Manual 26 Access: Enabled. Usage: This command applies to all types of CLI management sessions: console , T elnet, and SSH. The timeout change applies to existing sessions only , not to new sessions. Examples: The follo wing command sets the idle timeout to 1800 seconds (one half hour): D WS-1008# set system idle-timeout 1800 su[...]

D-Link DWS-1008 CLI Manual 27 set system location Stores location inf or mation f or the D WS-1008 switch. Syntax: set system location string string Defaults: None. Access: Enabled. T o view the system location string, type the show system command. Examples: T o store the location of the switch in the s witch’ s configuration, type the follo win[...]

D-Link DWS-1008 CLI Manual 28 Usage: Entering set system name with no str ing resets the system name to the f actor y def ault. T o view the system name string, type the show system command. Examples: The f ollowing example sets the system name to a name that identifies the D WS s witch: DWS-1008# set system name D WS-bldg3 success: change accepte[...]

D-Link DWS-1008 CLI Manual 29 sho w licenses Displa ys inf or mation about the license k ey(s) currently installed on an D WS-1008 s witch. Syntax: sho w licenses Defaults: None. Access: All Examples: T o view license k eys , type the f ollowing command: DWS-1008# show licenses F eature : 80 additional APs See Also: • set license sho w load Displ[...]

D-Link DWS-1008 CLI Manual 30 sho w system Displa ys system inf or mation. Syntax: sho w system Defaults: None. Access: Enabled. Examples: T o show system inf or mation, type the f ollowing command: DWS-1008# show system The table on the ne xt page descr ibes the fields of show system output.[...]

D-Link DWS-1008 CLI Manual 31 Field Description Product Name D WS model number . System Name System name (f actor y default, or optionally configured with set system name ). System Countr ycode Countr y-specific 802.11 code required f or AP operation. (configured with set system countrycode ) T otal P ower Ov er Ether net T otal pow er that the [...]

D-Link DWS-1008 CLI Manual 32 Field Description Memor y Current size (in megab ytes) of non volatile memory (NVRAM) and synchronous dynamic RAM (SDRAM), plus the percentage of total memor y space in use, in the f ollowing f or mat: NVRAM size /SDRAM siz e (percent of total) T otal P ower Ov er Ether net T otal pow er that the D WS-1008 is currently[...]

D-Link DWS-1008 CLI Manual 33 Port Commands Use por t commands to configure and manage individual por ts and load-shar ing por t groups. This chapter presents por t commands alphabetically . Use the f ollowing tab le to locate commands in this chapter based on their use. set por t type ap on page 51 set dap on page 42 set por t type wired-auth on [...]

D-Link DWS-1008 CLI Manual 34 c lear dap Caution: When y ou clear a Distributed AP , MSS ends user sessions that are using the AP . Remov es a Distributed AP . Syntax: c lear dap dap-num dap-num Defaults: None. Access: Enabled. Examples: The follo wing command clears Distributed AP 1: DWS-1008# clear dap 1 This will clear specified DAP devices. Wo[...]

D-Link DWS-1008 CLI Manual 35 c lear por t-gr oup Remov es a por t group Syntax: c lear port-group name name name Defaults: None. Access: Enabled. Examples: The follo wing command clears por t group ser v er1: DWS-1008# clear port-group name server1 success: change accepted. See Also: • set por t-group Name of the por t group . c lear por t mirr [...]

D-Link DWS-1008 CLI Manual 36 c lear por t name Remov es the name assigned to a por t. Syntax: c lear port por t-list name por t-list Defaults: None. Access: Enabled. Examples: The follo wing command clears the names of por ts 1 through 4: D WS-1008# clear port 1-4 name See Also: • set por t name List of ph ysical por ts. MSS remov es the names f[...]

D-Link DWS-1008 CLI Manual 37 P or t P arameter Setting VLAN membership None. Note: Although the command changes a por t to a network por t, the command does not place the por t in any VLAN. T o use the por t in a VLAN, you m ust add the por t to the VLAN. Spanning T ree Protocol (STP) Based on the VLAN(s) you add the por t to . 802.1X No authoriza[...]

D-Link DWS-1008 CLI Manual 38 monitor por t counter s Displa ys and continually updates por t statistics. Syntax: monitor por t counter s [octets | packets | receive-errors | transmit-error s | collisions | receive-etherstats | transmit-ether stats] octets packets recieve-err ors transmit-error s collisions receive-etherstats transmit-etherstats De[...]

D-Link DWS-1008 CLI Manual 39 Usage: Each type of statistic is displa yed separately . Press the Spacebar to cycle through the displa ys f or each type. If y ou use an option to specify a statistic type, the displa y begins with that statistic type . Y ou can use one statistic option with the command. Use the ke ys listed the f ollo wing table to c[...]

D-Link DWS-1008 CLI Manual 40 Statistics Option Field Description Display ed for All Options P or t P or t the statistics are displa yed f or . Status P or t status. The status can be Up or Down. octets Rx Octets T otal numbewr of octets re veiv ed by the por t. This number includes octets receiv ed in frames that contained errors. Tx Octets T otal[...]

D-Link DWS-1008 CLI Manual 41 Statistics Option Field Description T ransmit-err ors Tx Crc Number of frames tr ansmitted by the port that had the correct length but contained an in v alid FCS value . Tx Shor t Number of frames transmitted b y the por t that were f ewer than 64 b ytes long. Tx F ragment T otal number of frames transmitted that were [...]

D-Link DWS-1008 CLI Manual 42 reset por t Resets a por t by toggling its link state and P ow er ov er Ether net (P oE) state. Syntax: reset port por t-list por t-list Defaults: None. Access: Enabled. Usage: The reset command disables the por t’ s link and P oE (if applicab le) f or at least 1 second, then reenables them. This beha vior is useful [...]

D-Link DWS-1008 CLI Manual 43 Access: Enabled. Examples: The f ollo wing command configures Distributed AP 1 f or AP model MP-372 with serial-ID 0322199999: DWS-1008# set dap 1 serial-id 0322199999 model mp-372 success: change accepted. The f ollowing command remo v es Distributed AP 1: DWS-1008# clear dap 1 This will clear specified DAP devices.[...]

D-Link DWS-1008 CLI Manual 44 The f ollowing command reenab les the por t: DWS-1008# set port enable 4 success: set “enable” on port 4 See Also: • set reset por t set por t-gr oup Administrativ ely disab les or reenables a por t. Syntax: set port-group name group-name port-list mode {on | off} name group-name por t-list mode {on | off} Defaul[...]

D-Link DWS-1008 CLI Manual 45 The follo wing commands disable the link for por t group ser ver1 , change the list of por ts in the group , and reenable the link: DWS-1008# set port-group name server1 1-5 mode off success: change accepted. DWS-1008# set port-group name server1 1-4,7 mode on success: change accepted. See Also: • clear por t-group[...]

D-Link DWS-1008 CLI Manual 46 set por t mirr or Configures por t mirror ing. P or t mirror ing is a troubleshooting f eature that copies (mirrors) traffic sent or receiv ed by a D WS-1008 por t (the source por t) to another por t (the obser ver) on the same D WS-1008. Y ou can attach a protocol analyzer to the obser v er por t to e xamine the sou[...]

D-Link DWS-1008 CLI Manual 47 Defaults: None Access: Enabled. Usage: T o simplify configuration and av oid confusion between a por t’ s number and its name, D-Link recommends that you do not use n umbers as por t names. Examples: The follo wing command sets the name of por t 4 to adminpool: DWS-1008# set port 4 name adminpool success: change acc[...]

D-Link DWS-1008 CLI Manual 48 A stream of large pac kets sent to an D WS-1008 por t in such a configuration can cause forw arding on the link to stop . Examples: The follo wing command disab les autonegotiation on por ts 1, 2, and 4 through 6: DWS-1008# set port negotiation 1,2,4-6 disable The f ollowing command enab les autonegotiation on por t 5[...]

D-Link DWS-1008 CLI Manual 49 DWS-1008# set port poe 3,5 disable If you ar e enabling power on these ports, they must be connected only to appr oved PoE devices with the corr ect wiring. Do you wish to continue? (y/n) [n]y The f ollowing command enab les P oE on por ts 2 and 4: DWS-1008# set port poe 2,4 enable If you ar e enabling power on these p[...]

D-Link DWS-1008 CLI Manual 50 Examples: The follo wing command sets the por t speed on por ts 1, 3 through 5, and 8 to 10 Mbps and sets the operating mode to full-duple x: DWS-1008# set port speed 1,3-5,8 10 set por t trap Enables or disables Simple Network Management Protocol (SNMP) linkup and linkdown traps on an individual por t. Syntax: set por[...]

D-Link DWS-1008 CLI Manual 51 set por t type ap Configures a D WS-1008 s witch por t f or an (AP) access point. Caution! When you set the por t type f or AP use, you must specify the P oE state (enable or disable) of the por t. Use the D WS-1008’ s P oE to power D-Link access points or P oE enabled de vices only . If you enab le P oE on a por t [...]

D-Link DWS-1008 CLI Manual 52 P ort Parameter Setting VLAN Membership Remov ed from all VLANs. Y ou cannot assign an AP access por t to a VLAN. MSS automatically assigns AP access por ts to VLANs based on user traffic. Spanning T ree Protocol (STP) Not applicable . 802.1x Uses authentication parameters configured f or users. P or t Groups Not app[...]

D-Link DWS-1008 CLI Manual 53 set por t type wired-auth Configures an D WS-1008 por t f or a wired authentication user . Syntax: set port type wired-auth por t-list [tag tag-list ] [max-sessions num ] [auth-fall-thru {last-resort | none | web-por tal}] por t-list tag-list num last-resort none web-portal Defaults: The def ault tag-list is null (no [...]

D-Link DWS-1008 CLI Manual 54 F or 802.1X clients , wired authentication works only if the clients are directly attached to the wired authentication por t, or are attached through a hub that does not bloc k forw arding of pack ets from the client to the P AE group address (01:80:c2:00:00:03). Wired authentication wor ks in accordance with the 802.1[...]

D-Link DWS-1008 CLI Manual 55 sho w por t counters Displa ys por t statistics. Syntax: show port counters [octets | pac kets | receive-error s | transmit-err ors | collisions | receive-ether stats | transmit-etherstats] [port por t-list ] octets Displa ys octet statistics. packets Displa ys pack et statistics . receive-error s Displa ys errors in r[...]

D-Link DWS-1008 CLI Manual 56 sho w por t-gr oup Displa ys por t group inf or mation. Syntax: show port-group [name g roup-name ] name group-name Displa ys inf or mation f or the specified por t group . Defaults: None. Access: All. Examples: The follo wing command displa ys the configuration of por t group server2: DWS-1008# show port-group name [...]

D-Link DWS-1008 CLI Manual 57 sho w por t poe Displa ys status inf or mation f or por ts on which P ower o ver Ethernet (P oE) is enabled. Syntax: sho w por t poe [ por t-list ] por t-list List of ph ysical por ts. If y ou do not specify a por t list, P oE inf or mation is displa y ed f or all por ts. Defaults: None. Access: All. Examples: The foll[...]

D-Link DWS-1008 CLI Manual 58 sho w por t status Displa ys configuration and status inf ormation for por ts. Syntax: sho w por t status [ por t-list ] por t-list List of ph ysical por ts. If you do not specify a por t list, inf or mation is displa y ed f or all por ts. Defaults: None. Access: All. Examples: The follo wing command displa ys inf or [...]

D-Link DWS-1008 CLI Manual 59 VLAN Commands Use vir tual LAN (VLAN) commands to configure and manage parameters f or individual por t VLANs on network por ts, and to displa y information about clients within a networ k. This chapter presents VLAN commands alphabetically . Use the follo wing table to locate commands in this chapter based on their u[...]

D-Link DWS-1008 CLI Manual 60 c lear fdb Deletes an entr y from the f orwarding database (FDB). Syntax: clear fdb {perm | static | d ynamic | port por t-list } [vlan vlan-id ] [tag tag-v alue ] perm Clears per manent entries. A per manent entr y does not age out and remains in the database e ven after a reboot, reset, or pow er cycle . Y ou must sp[...]

D-Link DWS-1008 CLI Manual 61 c lear security l2-restrict Remov es one or more MA C addresses from the list of destination MA C addresses to which clients in a VLAN are allowed to send tr affic at La yer 2. Syntax: c lear security l2-restrict vlan vlan-id [permit-mac mac-addr [ mac-addr ] | all] vlan-id VLAN name or number . permit-mac List of MAC[...]

D-Link DWS-1008 CLI Manual 62 c lear security l2-restrict counter s Clear statistics counters f or La yer 2 f orwarding restriction. Syntax: clear security l2-restrict counter s [vlan vlan-id | all] vlan-id VLAN name or number . all Clears La y er 2 f orwarding restriction counters f or all VLANs. Defaults: If you do not specify a VLAN or all, coun[...]

D-Link DWS-1008 CLI Manual 63 Defaults: None . Access: Enabled. Usage: If y ou do not specify a por t-list, the entire VLAN is remo ved from the configur ation. Note: Y ou cannot delete the def ault VLAN but you can remov e por ts from it. T o remov e por ts from the def ault VLAN, use the por t por t-list option. Examples: The follo wing command [...]

D-Link DWS-1008 CLI Manual 64 set fdb Adds a per manent or static entr y to the f orwarding database . Syntax: set fdb {perm | static} mac-addr port por t-list vlan vlan-id [tag tag-v alue ] perm Adds a permanent entr y . A permanent entr y does not age out and remains in the database e v en after a reboot, reset, or power cycle . static Adds a sta[...]

D-Link DWS-1008 CLI Manual 65 set fdb agingtime Changes the aging timeout period for dynamic entries in the f orwarding database . Syntax: set fdb agingtime vlan-id age seconds vlan-id VLAN name or number . The timeout per iod change applies only to entr ies that match the specified VLAN. age seconds V alue for the timeout period, in seconds. Y ou[...]

D-Link DWS-1008 CLI Manual 66 Defaults: La yer 2 restriction is disab led by def ault. Access: Enabled. Usage: Y ou can specify multiple addresses by listing them on the same command line or b y enter ing multiple commands. T o change a MAC address, use the clear security l2-restrict command to remov e it, then use the set security l2-restrict comm[...]

D-Link DWS-1008 CLI Manual 67 VLAN names are case-sensitiv e f or RADIUS authorization when a client roams to a s witch. If the s witch is not configured with the VLAN the client is on, but is configured with a VLAN that has the same spelling b ut different capitalization, authorization f or the client fails . F or example , if the client is on V[...]

D-Link DWS-1008 CLI Manual 68 sho w fdb Displa ys entries in the forw arding database. Syntax: show fdb [ mac-addr-glob [vlan vlan-id ]] show fdb {perm | static | d ynamic | system | all} [por t por t-list | vlan vlan-id ] mac-addr-glob A single MA C address or set of MA C addresses. Specify a MAC address , or use the wildcard character (*) to spec[...]

D-Link DWS-1008 CLI Manual 69 The top line of the displa y identifies the characters to distinguish among the entry types. The f ollowing command displa ys all entr ies that begin with the MA C address glob 00: DWS-1008# show fdb 00:* * = Static Entry . + = Per manent Entr y . # = System Entry . VLAN T AG Dest MAC/Route Des [CoS] Destination Por t[...]

D-Link DWS-1008 CLI Manual 70 sho w fdb count Lists the number of entries in the f orwarding database . Syntax: sho w fdb count {perm | static | dynamic} [vlan vlan-id ] perm Lists the number of permanent entries. A per manent entr y does not age out and remains in the database e ven after a reboot, reset, or po wer cycle . static Lists the number [...]

D-Link DWS-1008 CLI Manual 71 Examples: The f ollowing command shows La yer 2 forw arding restr iction information for all VLANs: DWS-1008# show security l2-restrict VLAN Name En Drops Per mit MAC Hits ------------------------------------------------------------------------------------------------- 1 default Y 0 00:0b:0e:02:53:3e 5947 00:30:b6:3e:5[...]

D-Link DWS-1008 CLI Manual 72 Examples: The f ollo wing command displa ys inf or mation f or VLAN burgundy: DWS-1008# show vlan config b urgund y Admin VLAN T unl Port VLAN Name Status State Affin Port T ag State ------------------------------------------------------------------------------------------------------- 2 burgundy Up Up 5 2 none Up 3 [...]

D-Link DWS-1008 CLI Manual 73 Quality of Ser vice Commands Use Quality of Service (QoS) commands to configure pac k et prior itization in MSS . P ack et prior itization ensures that D WS-1008 switches and D WL-8220AP access points giv e preferential treatment to high- prior ity traffic such as v oice and video . This chapter presents QoS commands[...]

D-Link DWS-1008 CLI Manual 74 Defaults: None . Access: Enab led. Usage: T o reset all mappings to their def ault v alues, use the clear qos command without the optional parameters . Examples: The follo wing command resets all QoS mappings: DWS-1008# clear qos success: change accepted. The f ollowing command resets the mapping used to classify pac k[...]

D-Link DWS-1008 CLI Manual 75 set qos dscp-to-cos-map Changes the inter nal QoS value to which MSS maps a pack et’ s DSCP value when classifying inbound pack ets . Syntax: set qos dscp-to-cos-map dscp-range cos le vel dscp-range DSCP range. Y ou can specify the v alues as decimal numbers. V alid decimal values are 0 to 63. T o specify a range, us[...]

D-Link DWS-1008 CLI Manual 76 Examples: The follo wing command displa ys the def ault QoS settings: DWS-1008# show qos default Ingress QoS Classification Map (dscp-to-cos) Ingress DSCP CoS Level =============================================================== 00-09 0 0 0 0 0 0 0 0 1 1 10-19 1 1 1 1 1 1 2 2 2 2 20-29 2 2 2 2 3 3 3 3 3 3 30-39 3 3 4 [...]

D-Link DWS-1008 CLI Manual 77 IP Ser vices Commands Use IP services commands to configure and manage IP interf aces, management ser vices, the Domain Name Ser vice (DNS), Network Time Protocol (NTP), and aliases, and to ping a host or trace a route. This chapter presents IP ser vices commands alphabetically . c lear interface Remov es an IP interf[...]

D-Link DWS-1008 CLI Manual 78 c lear ip alias Remov es an alias , which is a string that represents an IP address. Syntax: c lear ip alias name name Alias name. Defaults: None. Access: Enabled. Examples: The f ollo wing command remov es the alias ser v er1 : DWS-1008# clear ip alias server1 success: change accepted. See Also: • set ip alias • s[...]

D-Link DWS-1008 CLI Manual 79 c lear ip dns server Remov es a DNS server from a D WS-1008 switch configur ation. Syntax: clear ip dns server ip-addr ip-addr IP address of a DNS server . Defaults: None. Access: Enabled. Examples: The follo wing command remov es DNS ser ver 10.10.10.69 from a s witch’ s configuration: DWS-1008# clear ip dns serve[...]

D-Link DWS-1008 CLI Manual 80 Defaults: None. Access: Enabled. Examples: The f ollowing command removes the route to destination 10.10.10.68/24 through router 10.10.10.1: DWS-1008# clear ip r oute 10.10.10.68/24 10.10.10.1 success: change accepted. See Also: • set ip route • show ip route c lear ip telnet Resets the T elnet ser ver’ s TCP por[...]

D-Link DWS-1008 CLI Manual 81 c lear ntp server Remov es an NTP server from a s witch configuration. Syntax: c lear ntp server { ip-addr | all} ip-addr IP address of the ser v er to remov e, in dotted decimal notation. all Remov es all NTP ser vers from the configuration. Defaults: None. Access: Enabled. Examples: The f ollowing command remov es [...]

D-Link DWS-1008 CLI Manual 82 c lear snmp comm unity Clears an SNMP community string. Syntax: clear snmp comm unity name comm-string comm-string Name of the SNMP community y ou want to clear . Defaults: None. Access: Enabled. Examples: The follo wing command clears community string sets witch2: DWS-1008# clear snmp comm unity name setswitc h2 succe[...]

D-Link DWS-1008 CLI Manual 83 c lear snmp notify tar g et Clears an SNMP notification target. Syntax: c lear snmp notify target target-num target-num ID of the target. Defaults: None. Access: Enabled. Examples: The follo wing command clears notification target 3: DWS-1008# clear snmp notify tar get 3 success: change accepted. See Also: • set sn[...]

D-Link DWS-1008 CLI Manual 84 c lear summer time Clears the summer time setting from a D WS-1008 s witch. Syntax: c lear summertime Defaults: None . Access: Enabled. Examples: T o clear the summer time setting from a s witch, type the f ollowing command: DWS-1008# clear summertime success: change accepted. See Also: • clear timezone • set summe[...]

D-Link DWS-1008 CLI Manual 85 c lear timezone Clears the time offset f or the switch’ s real-time cloc k from Coordinated Universal Time (UTC). UTC is also know as Greenwich Mean Time (GMT). Syntax: clear timezone Defaults: None. Access: Enabled. Examples: T o retur n the s witch’ s real-time clock to UTC , type the f ollowing command: DWS-1008[...]

D-Link DWS-1008 CLI Manual 86 inter v al time Time inter val between ping pac k ets, in milliseconds . Y ou can specify from 100 through 10,000. size size P ac ket siz e, in b ytes . Y ou can specify from 56 through 65,507. Note: Because the s witch adds header inf or mation, the ICMP pack et siz e is 8 bytes larger than the siz e you specify . sou[...]

D-Link DWS-1008 CLI Manual 87 set arp Adds an ARP entr y to the ARP table . Syntax: set arp {permanent | static | d ynamic} ip-addr mac-addr permanent Adds a per manent entr y . A per manent entr y does not age out and remains in the database e ven after a reboot, reset, or po wer cycle . static Adds a static entr y . A static entr y does not age o[...]

D-Link DWS-1008 CLI Manual 88 Access: Enabled. Usage: Aging applies only to dynamic entries. T o reset the ARP aging timeout to its def ault v alue, use the set arp agingtime 1200 command. Examples: The follo wing command changes the ARP aging timeout to 1800 seconds: DWS-1008# set arp agingtime 1800 success: set arp aging time to 1800 seconds The [...]

D-Link DWS-1008 CLI Manual 89 Examples: The follo wing command configures IP interf ace 10.10.10.10/24 on VLAN def ault : DWS-1008# set interface default ip 10.10.10.10/24 success: set ip address 10.10.10.10 netmask 255.255.255.0 on vlan default The f ollowing command configures IP interf ace 10.10.20.10 255.255.255.0 on VLAN mauv e : DWS-1008# s[...]

D-Link DWS-1008 CLI Manual 90 set interface dhcp-server Configures the MSS DHCP ser v er . Note: Use of the MSS DHCP ser ver to allocate client addresses is intended f or temporary , demonstration deplo yments and not f or production networks. D-Link recommends that you do not use the MSS DHCP ser v er to allocate client addresses in a production [...]

D-Link DWS-1008 CLI Manual 91 • DNS servers—If these options are not set with the set interf ace dhcp-server command’ s primar y-dns and secondary-dns options, the MSS DHCP server uses the v alues set by the set ip dns server command. • Def ault router—If this option is not set with the set interf ace dhcp-ser v er command’ s def ault-r[...]

D-Link DWS-1008 CLI Manual 92 set ip alias Configures an alias, which maps a name to an IP address. Y ou can use aliases as shor tcuts in CLI commands. Syntax: set ip alias name ip-addr name String of up to 32 alphanumeric characters, with no spaces. ip-addr IP address in dotted decimal notation. Defaults: None. Access: Enabled. Examples: The foll[...]

D-Link DWS-1008 CLI Manual 93 set ip dns domain Configures a def ault domain name for DNS quer ies. The s witch appends the default domain name to domain names or hostnames you enter in commands . Syntax: set ip dns domain name name Domain name of between 1 and 64 alphanumeric characters with no spaces (f or e xample, e xample .org). Defaults: Non[...]

D-Link DWS-1008 CLI Manual 94 Defaults: None. Access: Enabled. Usage: Y ou can configure a D WS-1008 s witch to use one primar y DNS ser ver and up to fiv e secondar y DNS ser v ers. Examples: The f ollowing commands configure a D WS-1008 s witch to use a pr imar y DNS ser v er and two secondary DNS ser vers: DWS-1008# set ip dns server 10.10.10[...]

D-Link DWS-1008 CLI Manual 95 set ip r oute Adds a static route to the IP route table . Syntax: set ip r oute {default | ip-addr mask | ip-addr/mask-length } def ault-router metric default Default route . A D WS-1008 switch uses the def ault route if an explicit route is not av ailab le f or the destination. Note: def ault is an alias f or IP addre[...]

D-Link DWS-1008 CLI Manual 96 Examples: The f ollowing command adds a default route that uses default router 10.5.4.1 and giv es the route a cost of 1: DWS-1008# set ip route default 10.5.4.1 1 success: change accepted. The f ollowing commands add two default routes, and configure MSS to alwa ys use the route through 10.2.4.69 when the s witch int[...]

D-Link DWS-1008 CLI Manual 97 Examples: The follo wing command enab les the SNMP ser ver on a D WS-1008 s witch: DWS-1008# set ip snmp server enable success: change accepted. See Also: • clear snmp trap receiv er • set por t trap • set snmp community • set snmp trap • set snmp trap receiv er • show snmp configur ation set ip ssh Change[...]

D-Link DWS-1008 CLI Manual 98 set ip ssh server Disables or reenab les the SSH server on a s witch. Caution: If you disab le the SSH server , SSH access to the s witch is also disabled. Syntax: set ip ssh server {enable | disable} enable Enab les the SSH ser ver . disable Disables the SSH server . Defaults: The SSH ser ver is enab led b y def ault.[...]

D-Link DWS-1008 CLI Manual 99 Defaults: The def ault T elnet por t number is 23. Access: Enabled. Examples: The follo wing command changes the T elnet por t number on a s witch to 5000: DWS-1008# set ip telnet 5000 success: change accepted. See Also: • clear ip telnet • set ip https ser v er • set ip telnet ser v er • show ip https • show[...]

D-Link DWS-1008 CLI Manual 100 set ntp Enables or disab les the NTP client on a D WS-1008 switch. Syntax: set ntp {enable | disab le} enable Enables the NTP client. disable Disables the NTP client. Defaults: The NTP client is disabled b y def ault. Access: Enabled. Usage: If NTP is configured on a system whose current time differs from the NTP ser[...]

D-Link DWS-1008 CLI Manual 101 Examples: The follo wing command configures a s witch to use NTP ser v er 192.168.1.5: DWS-1008# set ntp server 192.168.1.5 See Also: • clear ntp ser v er • clear ntp update-inter v al • set ntp • set ntp update-inter v al • show ntp set ntp update-interval Changes how often MSS sends queries to the NTP ser[...]

D-Link DWS-1008 CLI Manual 102 set snmp comm unity Configures a community string f or SNMPv1 or SNMPv2c. Note: F or SNMPv3, use the set snmp usm command to configure an SNMPv3 user . SNMPv3 does not use community strings. Syntax: set snmp comm unity name comm-string access {read-only | read-notify | notify-only | read-write | notify-read-write} c[...]

D-Link DWS-1008 CLI Manual 103 Examples: The follo wing command configures the read-write community good_community: DWS-1008# set snmp community read-write good_comm unity success: change accepted. The f ollowing command configures community string s witchmgr1 with access le vel notify-read- write: DWS-1008# set snmp community name s witchmgr1 no[...]

D-Link DWS-1008 CLI Manual 104 notification-type Name of the notification type: • APBootT raps —Generated when an access point boots. • ApNonOperStatusT raps —Generated to indicate an AP radio is nonoperational. • ApOperRadioStatusT raps —Generated when the status of an AP radio changes. • APTimeoutT raps —Generated when an access[...]

D-Link DWS-1008 CLI Manual 105 • CounterMeasureStopT raps —Generated when MSS stops counter measures against a rogue access point. • D APConnectW arningT raps —Generated when a Distributed AP whose finger print has not been configured in MSS establishes a management session with the s witch. • DeviceF ailT raps —Generated when an e v [...]

D-Link DWS-1008 CLI Manual 106 all Sends or drops all notifications. Defaults: A default notification profile (named def ault) is already configured in MSS. All notifications in the def ault profile are dropped by def ault. Access: Enabled. Examples: The f ollowing command changes the action in the default notification profile from drop to [...]

D-Link DWS-1008 CLI Manual 107 DWS-1008# set snmp notify profile snmppr of_rfdetect send RFDetectSpoofedSsidAPT raps success: change accepted. DWS-1008# set snmp notify profile snmppr of_rfdetect send RFDetectUnA uthorizedAPT raps success: change accepted. DWS-1008# set snmp notify profile snmppr of_rfdetect send RFDetectUnA uthorizedOuiT raps s[...]

D-Link DWS-1008 CLI Manual 108 snmp-engine-id SNMP engine ID of the target. Specify ip if the target’ s SNMP {ip | hex he x-str ing } engine ID is based on its IP address . If the target’ s SNMP engine ID is a he xadecimal value , use hex he x-str ing to specify the value . profile profile-name Notification profile this SNMP user will use t[...]

D-Link DWS-1008 CLI Manual 109 security {unsecured | Specifies the security le vel, and is applicab le only when authenticated | encrypted} applicab le only when the SNMP version is usm: • unsecured —Message e xchanges are not authenticated, nor are they encrypted. This is the default. • authenticated —Message e xchanges are authenticated,[...]

D-Link DWS-1008 CLI Manual 110 target-num ID f or the target. This ID is local to the s witch and does not need to correspond to a value on the target itself . Y ou can specify a number from 1 to 10. ip-addr[:udp-por t-number] IP address of the ser ver . Y ou also can specify the UDP por t number to send notifications to . community-string Communi[...]

D-Link DWS-1008 CLI Manual 111 This command configures target 1 at IP address 10.10.40.9. The target’ s SNMP engine ID is based on its address . The MSS SNMP engine will send notifications based on the def ault profile, and will require the target to ackno wledge receiving them. The f ollowing command configures a notification target f or un[...]

D-Link DWS-1008 CLI Manual 112 set snmp security Sets the minimum le v el of security MSS requires for SNMP message e xchanges. Syntax: set snmp security {unsecured | authenticated | encrypted | auth-req-unsec-notify} unsecured SNMP message exchanges are not secure . This is the only value suppor ted for SNMPv1 and SNMPv2c. authenticated SNMP messa[...]

D-Link DWS-1008 CLI Manual 113 set snmp usm Creates a USM user f or SNMPv3. Note: This command does not apply to SNMPv1 or SNMPv2c. For these SNMP versions , use the set snmp community command to configure community strings. Syntax: set snmp usm usm-username snmp-engine-id {ip ip-addr | local | hex he x-string } access {read-only | read-notify | n[...]

D-Link DWS-1008 CLI Manual 114 Specifies the authentication type used to authenticate communications with the remote SNMP engine . Y ou can specify one of the f ollowing: • none—No authentication is used. • md5—Message-digest algor ithm 5 is used. • sha—Secure Hashing Algor ithm (SHA) is used. If the authentication type is md5 or sha, [...]

D-Link DWS-1008 CLI Manual 115 set summer time Offsets the real-time clock of a D WS-1008 s witch by +1 hour and retur ns it to standard time f or da ylight savings time or a similar summertime per iod that you set. Syntax: set summertime summer-name [star t week weekda y month hour min end week weekda y month hour min ] summer-name Name of up to 3[...]

D-Link DWS-1008 CLI Manual 116 set system ip-address Configures the system IP address . The system IP address deter mines the interf ace or source IP address MSS uses f or system tasks, including the f ollowing: • T opology repor ting for dual-homed access points • Def ault source IP address used in unsolicited communications such as AAA accou[...]

D-Link DWS-1008 CLI Manual 117 set timedate Sets the time of da y and date on the D WS-1008 s witch. Syntax: set timedate {date mmm dd yyyy [time hh:mm:ss ]} date mmm dd yyyy System date: • mmm—month. • dd—da y . • yyyy—year . time hh:mm:ss System time, in hours, minutes , and seconds. Defaults: None. Access: Enabled. Usage: The day of [...]

D-Link DWS-1008 CLI Manual 118 Defaults: If this command is not used, then the def ault time zone is UTC . Access: Enab led. Examples: T o set the time zone f or P acific Standard Time (PST), type the f ollowing command: DWS-1008# set timezone PST -8 Timezone is set to ‘PST’, offset fr om UTC is -8:0 hours. See Also: • clear summer time • [...]

D-Link DWS-1008 CLI Manual 119 The table belo w describes the fields in this display . Field Description ARP aging time Number of seconds a dynamic entr y can remain unused bef ore MSS remov es the entr y from the ARP table . Host IP address, hostname, or alias . HW Address MA C address mapped to the IP address, hostname , or alias. VLAN VLAN the [...]

D-Link DWS-1008 CLI Manual 120 The table belo w describes the fields in this display . Field Description Interf ace VLAN name and number . Configuration Status Status of the DHCP client on this VLAN: • Enabled • Disabled DHCP State State of the IP interf ace: • IF_UP • IF_DO WN Lease Allocation Duration of the address lease. Lease Remaini[...]

D-Link DWS-1008 CLI Manual 121 The follo wing command displa ys configuration and status information f or each VLAN on which the DHCP ser v er is configured: DWS-1008# show dhcp-server verbose Interface: 0 (Direct AP) Status: UP Address Range: 10.0.0.1-10.0.0.253 Interface: default(1) Status: UP Address Range: 10.10.20.2-10.10.20.254 Hardwar e Ad[...]

D-Link DWS-1008 CLI Manual 122 Field Description Lease Remaining Number of seconds remaining bef ore the address lease expires . IP Address IP address leased to the client. Subnet Mask Network mask of the IP address leased to the client. Def ault Router Def ault router IP address included in the DHCP Offer to the client. DNS Ser v ers DNS ser v er [...]

D-Link DWS-1008 CLI Manual 123 set interface dhcp-c lient Configures the DHCP client on a VLAN, to allow the VLAN to obtain its IP interf ace from a DHCP ser v er . Syntax: set interface vlan-id ip dhcp-c lient {enable | disable} vlan-id VLAN name or number . enable Enables the DHCP client on the VLAN. disable Disables the DHCP client on the VLAN.[...]

D-Link DWS-1008 CLI Manual 124 set interface dhcp-server Configures the MSS DHCP ser v er . Note: Use of the MSS DHCP ser ver to allocate client addresses is intended f or temporary , demonstration deplo yments and not f or production networks. D-Link recommends that you do not use the MSS DHCP ser v er to allocate client addresses in a production[...]

D-Link DWS-1008 CLI Manual 125 Specification of the DNS domain name, DNS ser v ers, and def ault router are optional. If you omit one or more of these options, the MSS DHCP ser ver uses oath values configured else where on the s witch: • DNS domain name —If this option is not set with the set interf ace dhcp-ser ver command’ s dns-domain op[...]

D-Link DWS-1008 CLI Manual 126 set ip alias Configures an alias, which maps a name to an IP address. Y ou can use aliases as shor tcuts in CLI commands. Syntax: set ip alias name ip-addr name String of up to 32 alphanumeric characters, with no spaces. ip-addr IP address in dotted decimal notation. Defaults: None. Access: Enabled. Examples: The fol[...]

D-Link DWS-1008 CLI Manual 127 set ip dns domain Configures a def ault domain name for DNS quer ies. The s witch appends the default domain name to domain names or hostnames you enter in commands . Syntax: set ip dns domain name name Domain name of between 1 and 64 alphanumeric characters with no spaces (f or e xample, e xample .org). Defaults: No[...]

D-Link DWS-1008 CLI Manual 128 Defaults: None. Access: Enabled. Usage: Y ou can configure a switch to use one pr imar y DNS ser ver and up to five secondar y DNS ser v ers. Examples: The follo wing commands configure a s witch to use a primar y DNS ser ver and two secondar y DNS ser v ers: DWS-1008# set ip dns server 10.10.10.50/24 primar y succ[...]

D-Link DWS-1008 CLI Manual 129 set ip r oute Adds a static route to the IP route table . Syntax: set ip r oute {default | ip-addr mask | ip-addr/mask-length } def ault-router metric default Default route . A D WS-1008 switch uses the def ault route if an e xplicit route is not av ailab le f or the destination. Note: def ault is an alias f or IP add[...]

D-Link DWS-1008 CLI Manual 130 Example: The f ollowing command adds a default route that uses def ault router 10.5.4.1 and giv es the route a cost of 1: DWS-1008# set ip route default 10.5.4.1 1 success: change accepted. The f ollowing commands add two default routes, and configure MSS to alwa ys use the route through 10.2.4.69 when the s witch in[...]

D-Link DWS-1008 CLI Manual 131 set ip ssh Changes the TCP por t number on which a D WS-1008 s witch listens f or Secure Shell (SSH) management traffic. Caution: If you change the SSH por t number from an SSH session, MSS immediately ends the session. T o open a new management session, y ou m ust configure the SSH client to use the ne w TCP por t [...]

D-Link DWS-1008 CLI Manual 132 set ip telnet Changes the TCP por t number on which a D WS-1008 s witch listens for T elnet management traffic. Caution: If y ou change the T elnet por t number from a T elnet session, MSS immediately ends the session. T o open a new management session, you must T elnet to the switch with the new T elnet por t number[...]

D-Link DWS-1008 CLI Manual 133 Usage: The maximum number of T elnet sessions suppor ted on a switch is eight. If SSH is also enabled, the s witch can hav e up to eight T elnet or SSH sessions, in any combination, and one console session. Examples: The f ollo wing command enables the T elnet ser v er on a D WS-1008 s witch: DWS-1008# set ip telnet s[...]

D-Link DWS-1008 CLI Manual 134 set ntp server Configures a D WS-1008 s witch to use an NTP server . Syntax: set ntp server ip-addr ip-addr IP address of the NTP ser v er , in dotted decimal notation. Defaults: None. Access: Enabled. Usage: Y ou can configure up to three NTP ser v ers. MSS queries all the ser v ers and selects the best response ba[...]

D-Link DWS-1008 CLI Manual 135 set snmp comm unity Configures a community string f or SNMPv1 or SNMPv2c. Note: F or SNMPv3, use the set snmp usm command to configure an SNMPv3 user . SNMPv3 does not use community strings. Syntax: set snmp comm unity name comm-string access {read-only | read-notify | notify-onl y | read-write | notify-read-write} [...]

D-Link DWS-1008 CLI Manual 136 The f ollowing command configures community string s witchmgr1 with access le vel notify-read- write: DWS-1008# set snmp community name s witchmgr1 notify-read-write success: change accepted. See Also: • clear snmp community • set ip snmp ser v er • set snmp notify target • set snmp notify profile • set sn[...]

D-Link DWS-1008 CLI Manual 137 • A utoT uneRadioP owerChangeT raps —Generated when the RF A uto-T uning feature changes the pow er setting on a radio . • ClientAssociationFailureT raps —Generated when a client’ s attempt to associate with a radio f ails . • ClientA uthorizationSuccessT raps —Generated when a client is successfully aut[...]

D-Link DWS-1008 CLI Manual 138 • RFDetectSpoofedMacAPT raps —Generated when MSS detects a wireless pack et with the source MA C address of a D-Link AP , but without the spoof ed MP’ s signature (finger print). • RFDetectSpoofedSsidAPT raps —Generated when MSS detects beacon frames f or a v alid SSID , b ut sent by a rogue AP . • RFDete[...]

D-Link DWS-1008 CLI Manual 139 DWS-1008# set snmp notify profile snmppr of_rfdetect send RFDetectInterferingRogueDisappearT raps success: change accepted. DWS-1008# set snmp notify profile snmppr of_rfdetect send RFDetectRogueAPT raps success: change accepted. DWS-1008# set snmp notify profile snmppr of_rfdetect send RFDetectRogueDisappearT raps[...]

D-Link DWS-1008 CLI Manual 140 set snmp notify tar g et Configures a notification target f or notifications from SNMP . A notification target is a remote de vice to which MSS sends SNMP notifications. Y ou can configure the MSS SNMP engine to send confir med notifications (inf or ms) or unconfir med notifications (traps). Some of the comm[...]

D-Link DWS-1008 CLI Manual 141 retries num Specifies the number of times the MSS SNMP engine will resend a notification that has not been ackno wledged by the target. Y ou can specify from 0 to 3 retr ies . timeout num Specifies the number of seconds MSS waits f or acknowledgement of a notification. Y ou can specify from 1 to 5 seconds. SNMPv3 [...]

D-Link DWS-1008 CLI Manual 142 SNMPv2c with Informs T o configure a notification target f or inf or ms from SNMPv2c, use the f ollowing command: Syntax: set snmp notify tar get target-num ip-addr [ :udp-por t-number ] v2c community-string inform [pr ofile profile-name ] [retries num ] [timeout num ] target-num ID f or the target. This ID is loc[...]

D-Link DWS-1008 CLI Manual 143 SNMPv1 with T raps T o configure a notification target f or traps from SNMPv1, use the f ollo wing command: Syntax: set snmp notify tar get target-num ip-addr [ :udp-por t-number ] v1 community-string [profile profile-name ] target-num ID f or the target. This ID is local to the s witch and does not need to corres[...]

D-Link DWS-1008 CLI Manual 144 set snmp pr otocol Enables an SNMP protocol. MSS suppor ts SNMPv1, SNMPv2c, and SNMPv3. Syntax: set snmp pr otocol {v1 | v2c | usm | all} {enable | disable} v1 SNMPv1 v2c SNMPv2c usm SNMPv3 (with the user secur ity model) all Enab les all suppor ted versions of SNMP . enable Enables the specified SNMP v ersion(s). di[...]

D-Link DWS-1008 CLI Manual 145 Defaults: By def ault, MSS allows nonsecure (unsecured) SNMP message e xchanges. Access: Enabled. Usage: SNMPv1 and SNMPv2c do not suppor t authentication or encr yption. If you plan to use SNMPv1 or SNMPv2c, lea v e the minimum le v el of SNMP security set to unsecured. Examples: The follo wing command sets the minim[...]

D-Link DWS-1008 CLI Manual 146 snmp-engine-id {ip ip-addr | Specifies a unique identifier f or the SNMP engine. local | hex he x-str ing } T o send inf or ms , you m ust specify the engine ID of the inf or m receiv er . T o send traps and to allo w get and set operations and so on, specify local as the engine ID . • hex he x-string —ID is a h[...]

D-Link DWS-1008 CLI Manual 147 auth-type {none | md5 | sha} Specifies the authentication type used to authenticate {auth-pass-phrase communications with the remote SNMP engine . string | auth-key he x-string } Y ou can specify one of the f ollo wing: • none —No authentication is used. • md5 —Message-digest algor ithm 5 is used. • sha —[...]

D-Link DWS-1008 CLI Manual 148 Defaults: No SNMPv3 users are configured by def ault. When you configure an SNMPv3 user , the default access is read-only , and the default authentication and encr yption types are both none. Access: Enabled. Examples: The f ollowing command creates USM user snmpmgr1 , associated with the local SNMP engine ID . This[...]

D-Link DWS-1008 CLI Manual 149 weekda y Da y of the week to star t or end the time change. V alid values are sun, mon, tue, wed, thu, fri, and sat. month Month of the year to star t or end the time change. V alid v alues are jan, f eb , mar , apr , ma y , jun, jul, aug, sep, oct, no v , and dec. hour Hour to star t or end the time change—a v alue[...]

D-Link DWS-1008 CLI Manual 150 set system ip-address Configures the system IP address . The system IP address deter mines the interf ace or source IP address MSS uses f or system tasks, including the f ollowing: • T opology repor ting for dual-homed access points • Def ault source IP address used in unsolicited communications such as AAA accou[...]

D-Link DWS-1008 CLI Manual 151 set timedate Sets the time of da y and date on the s witch. Syntax: set timedate {date mmm dd yyyy [time hh:mm:ss ]} date mmm dd yyyy System date: • mmm —month. • dd —da y . • yyyy —year . time hh:mm:ss System time, in hours, minutes , and seconds. Defaults: None. Access: Enabled. Usage: The da y of w eek [...]

D-Link DWS-1008 CLI Manual 152 zone-name Time zone name of up to 32 alphabetic characters . Y ou can use a standard name or any name y ou like . - Minus time to indicate hours (and min utes) to be subtracted from UTC . Otherwise, hours and minutes are added b y def ault. hours Number of hours to add or subtract from UTC . minutes Number of minutes [...]

D-Link DWS-1008 CLI Manual 153 The table belo w describes the fields in this display . Field Description ARP aging time Number of seconds a dynamic entr y can remain unused before MSS remov es the entr y from the ARP table . Host IP address, hostname , or alias. HW Address MA C address mapped to the IP address, hostname, or alias . VLAN VLAN the e[...]

D-Link DWS-1008 CLI Manual 154 The table belo w describes the fields in this display . Field Description Interf ace VLAN name and number . Configuration Status Status of the DHCP client on this VLAN: • Enabled • Disabled DHCP State State of the IP interf ace: • IF_UP • IF_DO WN Lease Allocation Duration of the address lease . Lease Remain[...]

D-Link DWS-1008 CLI Manual 155 The follo wing command displa ys configuration and status information f or each VLAN on which the DHCP ser v er is configured: DWS-1008# show dhcp-server verbose Inter face: 0 (Direct AP) Status: UP Address Range: 10.0.0.1-10.0.0.253 Inter face: default(1) Status: UP Address Range: 10.10.20.2-10.10.20.254 Hardwar e [...]

D-Link DWS-1008 CLI Manual 156 Field Description Lease Remaining Number of seconds remaining before the address lease e xpires. IP Address IP address leased to the client. Subnet Mask Network mask of the IP address leased to the client. Def ault Router Def ault router IP address included in the DHCP Off er to the client. DNS Ser v ers DNS ser ver I[...]

D-Link DWS-1008 CLI Manual 157 sho w ip alias Displa ys the IP aliases configured on the D WS-1008 s witch. Syntax: sho w ip alias [ name ] name Alias string. Defaults: If you do not specify an alias name , all aliases are displa y ed. Access: Enab led. Examples: The follo wing command displa ys all the aliases configured on a s witch: DWS-1008# [...]

D-Link DWS-1008 CLI Manual 158 sho w ip dns Displa ys the DNS ser v ers the s witch is configured to use. Syntax: sho w ip dns Defaults: None. Access: All. Examples: The follo wing command displa ys the DNS inf or mation: DWS-1008# show ip dns Domain Name: example.com DNS Status: enabled IP Address T ype ------------------------------------- 10.1.[...]

D-Link DWS-1008 CLI Manual 159 sho w ip https Displa ys inf or mation about the HTTPS management por t. Syntax: sho w ip https Defaults: None. Access: All. Examples: The follo wing command shows the status and por t number for the HTTPS management interf ace to the s witch: DWS-1008> show ip https HTTPS is enabled HTTPS is set to use port 443 La[...]

D-Link DWS-1008 CLI Manual 160 sho w ip r oute Displa ys the IP route table . Syntax: sho w ip route [ destination ] destination Route destination IP address, in dotted decimal notation. Defaults: None. Access: All. Usage: When y ou add an IP interf ace to a VLAN that is up , MSS adds direct and local routes f or the interf ace to the route tab le.[...]

D-Link DWS-1008 CLI Manual 161 Field Description Gatew a y Next-hop router f or reaching the route destination. Note: This field applies only to static routes. VLAN:Interf ace Destination VLAN, protocol type, and IP address of the route. Because direct routes are f or local interf aces, a destination IP address is not listed. The destination for t[...]

D-Link DWS-1008 CLI Manual 162 sho w ntp Displa ys NTP client inf or mation. Syntax: sho w ntp Defaults: None. Access: All. Examples: T o display NTP inf or mation for a D WS-1008 s witch, type the f ollowing command: DWS-1008> show ntp NTP client: enabled Current update-interval: 20(secs) Current time: Fri Feb 06 2004, 12:02:57 Timezone is set [...]

D-Link DWS-1008 CLI Manual 163 sho w snmp comm unity Displa ys the configured SNMP community strings. Syntax: sho w snmp community Defaults: None. Access: Enab led. See Also: • clear snmp community • set snmp community sho w snmp counters Displa ys SNMP statistics counters. Syntax: sho w snmp counters Defaults: None. Access: Enabled. sho w snm[...]

D-Link DWS-1008 CLI Manual 164 sho w snmp status Displa ys SNMP v ersion and status inf or mation. Syntax: sho w snmp status Defaults: None . Access: Enabled. See Also: • set snmp community • set snmp notify target • set snmp notify profile • set snmp protocol • set snmp security • set snmp usm • show snmp comm unity • show snmp co[...]

D-Link DWS-1008 CLI Manual 165 sho w summer time Shows a s witch’ s offset from its real-time cloc k. Syntax: sho w summer time Defaults: There is no summer time offset by def ault. Access: All. Examples: T o display the summer time setting on a s witch, type the f ollo wing command: DWS-1008# show summertime Summertime is enabled, and set to ‘[...]

D-Link DWS-1008 CLI Manual 166 sho w timezone Shows the time offset f or the real-time clock from UTC on a s witch. Syntax: sho w timezone Defaults: None. Access: All. Examples: T o display the offset from UTC , type the follo wing command: DWS-1008# show timezone Timezone set to ‘pst’, offset fr om UTC is -8 hours See Also: • clear summer ti[...]

D-Link DWS-1008 CLI Manual 167 Examples: In the f ollowing e xample, an administrator estab lishes a T elnet session with another s witch and enters a command on the remote s witch: DWS-1008# telnet 10.10.10.90 Session 0 pty tty2.d T rying 10.10.10.90... Connected to 10.10.10.90 Disconnect character is ‘^t’ Copyright (c) 2002, 2003 D-Link Syste[...]

D-Link DWS-1008 CLI Manual 168 tracer oute T races the route to an IP host. Syntax: tracer oute host [dnf] [no-dns] [port por t-num ] [queries num ] [size size ] [ttl hops ] [wait ms ] host IP address, hostname , or alias of the destination host. Specify the IP address in dotted decimal notation. dnf Sets the Do Not F ragment bit in the ping pac k [...]

D-Link DWS-1008 CLI Manual 169 The first row of the display indicates the target host, the maximum number of hops , and the pack et size. Each numbered row displa ys information about one hop. The rows are display ed in the order in which the hops occur , beginning with the hop closest to the switch. The row f or a hop lists the total time in mill[...]

D-Link DWS-1008 CLI Manual 170 AAA Commands Use authentication, authorization, and accounting (AAA) commands to pro vide a secure netw ork connection and a record of user activity . Location policy commands o v erride any vir tual LAN (VLAN) or security ACL assignment b y AAA or the local database to help y ou control access locally . This chapter [...]

D-Link DWS-1008 CLI Manual 171 c lear accounting Remov es accounting services f or specified wireless users with administrativ e access or network access. Syntax: c lear accounting {admin | dot1x | system} { user-glob } admin Users with administrativ e access to the s witch through a console connection or through a T elnet or W eb View connection.[...]

D-Link DWS-1008 CLI Manual 172 c lear authentication admin Remov es an authentication rule f or administrativ e access through T elnet or W eb View . Syntax: c lear authentication admin user-glob user-glob A single user or set of users. Specify a username, use the doub le-asterisk wildcard character (**) to specify all usernames, or use the single-[...]

D-Link DWS-1008 CLI Manual 173 Defaults: None. Access: Enab led. Note: The syntax descriptions for the clear authentication commands hav e been separated for clarity . Howe ver , the options and behavior for the clear authentication console command are the same as in pre vious releases. Examples: The f ollo wing command clears authentication f or a[...]

D-Link DWS-1008 CLI Manual 174 c lear authentication mac Remov es a MA C authentication rule. Syntax: c lear authentication mac {ssid ssid-name | wired} mac-addr-glob ssid ssid-name SSID name to which this authentication rule applies. wired Clears a rule used for access o v er a s witch’ s wired-authentication por t. mac-addr-glob MA C address gl[...]

D-Link DWS-1008 CLI Manual 175 c lear authentication web Remov es a WebAAA rule. Syntax: c lear authentication web {ssid ssid-name | wired} user-glob ssid ssid-name SSID name to which this authentication rule applies. wired Clears a rule used for access o v er a s witch’ s wired-authentication por t. user-glob User-glob associated with the r ule [...]

D-Link DWS-1008 CLI Manual 176 c lear mac-user Remov es a user profile from the local database on the s witch, f or a user who is authenticated by a MA C address. (T o remov e a user profile in RADIUS , see the documentation for your RADIUS ser v er .) Syntax: c lear mac-user mac-addr mac-addr MA C address of the user , in he xadecimal numbers se[...]

D-Link DWS-1008 CLI Manual 177 Defaults: None . Access: Enabled. Examples: The follo wing command remov es an access control list (ACL) from the profile of a user at MA C address 01:02:03:04:05:06: DWS-1008# clear mac-user 01:02:03:04:05:06 attr filter -id success: change accepted. See Also: • set mac-user attr • show aaa c lear mac-user gr o[...]

D-Link DWS-1008 CLI Manual 178 c lear mac-user gr oup Remov es a user group from the local database on the D WS-1008 switch, for a group of users who are authenticated by a MAC address. (T o delete a MA C user group in RADIUS , see the documentation f or your RADIUS server .) Syntax: c lear mac-usergr oup group-name group-name Name of an existing M[...]

D-Link DWS-1008 CLI Manual 179 Examples: The f ollowing command remo ves the members of the MA C user group eastcoasters from a VLAN assignment by deleting the VLAN-Name attribute from the group: DWS-1008# clear mac-user group eastcoaster s attr vlan-name success: change accepted. See Also: • clear mac-usergroup • set mac-usergroup attr • sho[...]

D-Link DWS-1008 CLI Manual 180 c lear user attr Remov es an authorization attribute from the user profile in the local database on the s witch, f or a user with a pass word. (T o remov e an authorization attr ib ute from a RADIUS user profile , see the documentation f or your RADIUS server .) Syntax: c lear user user name attr attribute-name user[...]

D-Link DWS-1008 CLI Manual 181 Examples: The follo wing command remov es the user Nin from the user group Nin is in: DWS-1008# clear user Nin gr oup success: change accepted. See Also: • clear usergroup • set user group • show aaa c lear user gr oup Remov es a user group and its attributes from the local database on the s witch, f or users wi[...]

D-Link DWS-1008 CLI Manual 182 c lear user gr oup attr Remov es an author ization attribute from a user group in the local database on the switch. (T o remov e an authorization attribute in RADIUS, see the documentation f or your RADIUS ser v er .) Syntax: c lear usergr oup group-name attr attribute-name group-name Name of an existing user group . [...]

D-Link DWS-1008 CLI Manual 183 star t-stop Sends accounting records at the star t and end of a network session. stop-only Sends accounting records only at the end of a networ k session. method1-4 At least one of up to four methods that MSS uses to process accounting records. Specify one or more of the follo wing methods in pr iority order . If the [...]

D-Link DWS-1008 CLI Manual 184 dot1x Users with network access through the s witch who are authenticated b y 802.1X. mac Users with network access through the s witch who are authenticated by MA C authentication. web Users with network access through the s witch who are authenticated by W ebAAA. ssid ssid-name SSID name to which this accounting rul[...]

D-Link DWS-1008 CLI Manual 185 Defaults: Accounting is disab led f or all users by def ault. Access: Enab led. Usage: For network users with star t-stop accounting whose records are sent to a RADIUS ser v er , MSS sends interim updates to the RADIUS ser ver when the user roams . Examples: The f ollowing command issues stop-only records to the RADIU[...]

D-Link DWS-1008 CLI Manual 186 set authentication admin Configures authentication and defines where it is perf ormed for specified users with administrativ e access through T elnet or W eb View . Syntax: set authentication admin user-glob method1 [ method2 ] [ method3 ] [ method4 ] user-glob Single user or set of users with administrativ e acces[...]

D-Link DWS-1008 CLI Manual 187 Usage: Y ou can configure diff erent authentication methods f or diff erent groups of users. (For details, see “User Globs, MA C Address Globs, and VLAN Globs” on page 7.) If you specify multiple authentication methods in the set authentication console command, MSS applies them in the order in which they appear i[...]

D-Link DWS-1008 CLI Manual 188 user-glob Single user or set of users with administrativ e access ov er the network through T elnet or Web View . Specify a user name, use the doub le-asterisk wildcard character (**) to specify all user names, or use the single-aster isk wildcard character (*) to specify a set of usernames up to or f ollowing the fi[...]

D-Link DWS-1008 CLI Manual 189 Usage: Y ou can configure diff erent authentication methods f or diff erent groups of users. (For details, see “User Globs, MA C Address Globs, and VLAN Globs” on page 7.) If y ou specify multiple authentication methods in the set authentication console command, MSS applies them in the order in which they appear [...]

D-Link DWS-1008 CLI Manual 190 bonded Enab les Bonded Auth™ (bonded authentication). When this f eature is enabled, MSS authenticates the user only if the machine the user is on has already been authenticated. protocol Protocol used f or authentication. Specify one of the f ollowing: • eap-md5 —Extensible A uthentication Protocol (EAP) with m[...]

D-Link DWS-1008 CLI Manual 191 method1-4 At least one of up to four methods that MSS uses to handle authentication. Specify one or more of the follo wing methods in prior ity order . MSS applies multiple methods in the order you enter them. A method can be one of the f ollowing: • local —Uses the local database of user names and user groups on [...]

D-Link DWS-1008 CLI Manual 192 If the user name does not match an authentication r ule f or the SSID the user is attempting to access , MSS uses the f allthru authentication type configured f or the SSID , which can be last-resor t, web-por tal (for W ebAAA), or none. Examples: The f ollowing command configures EAP-TLS authentication in the local[...]

D-Link DWS-1008 CLI Manual 193 method1-4 At least one of up to four methods that MSS uses to handle authentication. Specify one or more of the follo wing methods in prior ity order . MSS applies multiple methods in the order you enter them. A method can be one of the f ollowing: • local —Uses the local database of user names and user groups on [...]

D-Link DWS-1008 CLI Manual 194 set authentication pr o xy Configures a pro xy authentication rule for a third-par ty AP’ s wireless users. Syntax: set authentication pr o xy ssid ssid-name user-glob radius-server-gr oup ssid ssid-name SSID name to which this authentication r ule applies . user-glob A single user or a set of users. Specify a user[...]

D-Link DWS-1008 CLI Manual 195 set authentication web Configures an authentication rule to allow a user to log in to the network using a web page ser v ed by the s witch. The r ule can be activated if the user is not otherwise granted or denied access by 802.1X, or granted access b y MA C authentication. Syntax: set authentication web {ssid ssid-n[...]

D-Link DWS-1008 CLI Manual 196 Usage: Y ou can configure diff erent authentication methods f or different groups of users by “globbing. ” Y ou can configure a rule either for wireless access to an SSID , or f or wired access through a s witch’ s wired authentication por t. If the rule is f or wireless access to an SSID , specify the SSID na[...]

D-Link DWS-1008 CLI Manual 197 set location policy Creates and enables a location policy on a s witch. A location policy enab les you to locally set or change authorization attributes f or a user after the user is authorized by AAA, without making changes to the AAA ser v er . Syntax: set location policy den y if {ssid operator ssid-name | vlan ope[...]

D-Link DWS-1008 CLI Manual 198 Replace operator with one of the f ollo wing operands: • eq —Applies the location policy rule to all users assigned VLAN names matching vlan-glob . • neq —Applies the location policy rule to all users assigned VLAN names not matching vlan-glob . F or vlan-glob , specify a VLAN name, use the double-asterisk wil[...]

D-Link DWS-1008 CLI Manual 199 Conditions within a rule are ANDed. All conditions in the rule m ust match in order f or MSS to take the specified action. If the location policy contains multiple r ules, MSS compares the user inf or mation to the rules one at a time , in the order the rules appear in the switch’ s configuration file, beginning [...]

D-Link DWS-1008 CLI Manual 200 set mac-user Configures a user profile in the local database on the s witch f or a user who can be authenticated by a MA C address , and optionally adds the user to a MA C user group . (T o configure a MA C user profile in RADIUS, see the documentation f or your RADIUS ser v er .) Syntax: set mac-user mac-addr [gr[...]

D-Link DWS-1008 CLI Manual 201 Defaults: None. Access: Enabled. Usage: T o change the v alue of an attrib ute, enter set mac-user attr with the new v alue. T o delete an attribute, use c lear mac-user attr . Y ou can assign attr ib utes to individual MAC users and to MA C user groups. If attr ibutes are configured f or a MAC user and also f or the[...]

D-Link DWS-1008 CLI Manual 202 Attribute Description V alid V alue(s) filter-id (network access mode only) Security access control list (ACL), to per mit or deny traffic receiv ed (input) or sent (output) by the s witch. Name of an e xisting secur ity ACL, up to 253 alphanumeric characters , with no tabs or spaces. • Use acl-name.in to filter [...]

D-Link DWS-1008 CLI Manual 203 Attribute Description V alid V alue(s) time-of-da y (network access mode only) Da y(s) and time(s) dur ing which the user is permitted to log into the network. After authorization, the user’ s session can last until either the Time-Of-Da y range or the Session- Timeout duration (if set) e xpires, whichev er is shor [...]

D-Link DWS-1008 CLI Manual 204 Attribute Description V alid V alue(s) vlan-name (network access mode only) Vir tual LAN (VLAN) assignment. Note: On some RADIUS ser v ers, you might need to use the standard RADIUS attribute T unnel-Pvt-Group-ID , instead of VLAN-Name. Name of a VLAN that you want the user to use. acct-interim-inter val Interval in s[...]

D-Link DWS-1008 CLI Manual 205 set mac-user gr oup attr Creates a user group in the local database on the s witch for users who are authenticated by a MA C address, and assigns authorization attributes f or the group . (T o configure a user group and assign author ization attr ibutes through RADIUS, see the documentation f or your RADIUS server .)[...]

D-Link DWS-1008 CLI Manual 206 set user Configures a user profile in the local database on the s witch f or a user with a pass word. (T o configure a user profile in RADIUS, see the documentation f or your RADIUS ser v er .) Syntax: set user username passwor d [encrypted] string user name User name of a user with a pass word. encrypted Indicate[...]

D-Link DWS-1008 CLI Manual 207 set user attr Configures an authorization attr ib ute in the local database on the s witch f or a user with a pass word. (T o assign authorization attr ibutes in RADIUS , see the documentation f or y our RADIUS ser v er .) Syntax: set user username attr attr ibute-name v alue user name User name of a user with a pass[...]

D-Link DWS-1008 CLI Manual 208 set user gr oup Adds a user to a user group . The user m ust ha v e a pass word and a profile that e xists in the local database on the s witch. (T o configure a user in RADIUS, see the documentation f or your RADIUS ser v er .) Syntax: set user username group group-name user name User name of a user with a pass wor[...]

D-Link DWS-1008 CLI Manual 209 Defaults: None. Access: Enab led. Usage: T o change the v alue of an attribute , enter set usergroup attr with the new value . T o delete an attr ibute , use clear usergr oup attr . T o add a user to a group , user the command set user group . Y ou can assign attr ib utes to individual users and to user groups. If att[...]

D-Link DWS-1008 CLI Manual 210 sho w aaa Displa ys all current AAA settings. Syntax: sho w aaa Defaults: None . Access: Enab led. Examples: T o display all current AAA settings , type the f ollowing command: DWS-1008# show aaa Default V alues authport=1812 acctpor t=1813 timeout=5 acct-timeout=5 retrans=3 deadtime=0 key=(null) author -pass=(null) R[...]

D-Link DWS-1008 CLI Manual 211 The table belo w describes the fields that can appear in show aaa output. Field Description Default V alues RADIUS default v alues f or all parameters. authport UDP por t on the s witch for transmission of RADIUS author ization and authentication messages. The default por t is 1812. acctport UDP por t on the switch f[...]

D-Link DWS-1008 CLI Manual 212 sho w accounting statistics Displa ys the AAA accounting records f or wireless users. The records are stored in the local database on the s witch. (T o displa y RADIUS accounting records, see the documentation f or your RADIUS ser v er .) Syntax: sho w accounting statistics Defaults: None. Access: Enabled. Examples: T[...]

D-Link DWS-1008 CLI Manual 213 The table belo w describes the fields that can appear in show accounting statistics output. Field Description Date and time Date and time of the accounting record. Acct-Status-T ype T ype of accounting record: • ST ART • ST OP • UPD A TE Acct-A uthentic Location where the user was authenticated (if authenticati[...]

D-Link DWS-1008 CLI Manual 214 Cr yptography Commands A digital cer tificate is a f or m of electronic identification for computers. The s witch requires digital cer tificates to authenticate its communications to Web View , to W ebAAA clients, and to Extensible A uthentication Protocol (EAP) clients f or which the switch perf or ms all EAP proc[...]

D-Link DWS-1008 CLI Manual 215 crypto ca-cer tificate Installs a cer tificate authority’ s o wn PKCS#7 cer tificate into the s witch cer tificate and ke y storage area. Syntax: crypto ca-certificate {admin | eap | web} PEM-f or matted-cer tificate admin Stores the cer tificate author ity’ s cer tificate that signed the administrativ e c[...]

D-Link DWS-1008 CLI Manual 216 Examples The follo wing command adds the cer tificate authority’ s cer tificate to s witch cer tificate and ke y storage: DWS-1008# crypto ca-cer tificate admin Enter PEM-encoded cer tificate -----BEGIN CERTIFICA TE----- MIIDwDCCA2qgAwIBAgIQL2jvuu4PO5F AQCyewU3ojANBgkqhkiG9wOBAQUF ADCB mzerMClaweVQQTT ooewiwpo[...]

D-Link DWS-1008 CLI Manual 217 1. Open the PKCS#7 object file with an ASCII text editor such as Notepad or vi. 2. Enter the crypto cer tificate command on the CLI command line. 3. When MSS prompts you for the PEM-formatted cer tificate, paste the PKCS#7 object file onto the command line. The s witch verifies the validity of the public ke y ass[...]

D-Link DWS-1008 CLI Manual 218 128 | 512 | 1024 | Length of the ke y pair in bits. 2048 Note: The minimum ke y length f or SSH is 1024. The length 128 applies only to domain and is the only valid option f or it. Defaults: None. Access: Enabled. Usage: Y ou can ov erwrite a ke y by gener ating another ke y of the same type . SSH requires an SSH auth[...]

D-Link DWS-1008 CLI Manual 219 State Name string (Op tio nal ) Spec ify th e name of the st ate , in up to 64 alp han um eric cha ra cte rs . S pac es are al lo w ed. Locality Name string (Opt ion al) Spec ify the nam e of the loca lit y , in up to 80 alp han um eric cha ra cte rs wit h n o s pac es . Organizational Name (O pti ona l) Spe cif y the[...]

D-Link DWS-1008 CLI Manual 220 CSR for admin is -----BEGIN CERTIFICA TE REQUEST ----- MIIBuzCCASQCAQA wezELMAkGA1UEBhMCdXMxCzAJBgNVBAgT AmNhMQswCQYDVQQH EwJjYTELMAkGA1UEChMCY2ExCzAJBgNVBAsT AmNhMQswCQYDVQQDEwJjYTEYMBYG CSqGSIb3DQEJAR YJY2F A Y2EuY29tMREwDwYJKoZIhvcNAQkCEwJjYTCBnzANBgkq hkiG9w0BAQEF AAOBjQAwgYkCgYEA1zatpYStOjHMa0QJmWHeZPPFGQ9kBEimJK[...]

D-Link DWS-1008 CLI Manual 221 Common Name Spec ify a uniq ue n ame f or th e s witch , in up to 8 0 alp han um eric string cha ra cte rs wit h no spa ces . Use a full y qual ifie d nam e if suc h name s are su ppo r ted on y ou r n etw ork. Thi s fi eld is re qui red . Not e: If you are gen er ati ng a W ebA AA (we b) cer ti fica te , us e a co[...]

D-Link DWS-1008 CLI Manual 222 crypto otp Sets a one-time pass word (O TP) for use with the crypto pkcs12 command. Syntax: crypto otp {admin | eap | web} one-time-pass word admin Creates a one-time pass word for installing a PKCS#12 object file f or an administrativ e cer tificate and ke y pair—and optionally the cer tificate author ity’ s o[...]

D-Link DWS-1008 CLI Manual 223 crypto pkcs12 Unpacks a PKCS#12 object file into the cer tificate and ke y storage area on the switch. This object file contains a public-priv ate ke y pair , a s witch cer tificate signed by a cer tificate authority , and the cer tificate author ity’ s cer tificate. Syntax: crypto pkcs12 {admin | eap | web} [...]

D-Link DWS-1008 CLI Manual 224 sho w cr ypto ca-cer tificate Displa ys inf or mation about the cer tificate authority’ s PEM-encoded PKCS#7 cer tificate. Syntax: sho w crypto ca-cer tificate {admin | eap | web} admin Displays inf or mation about the cer tificate author ity’ s cer tificate that signed the administrativ e cer tificate f or[...]

D-Link DWS-1008 CLI Manual 225 sho w cr ypto cer tificate Displa ys inf or mation about one of the cr yptogr aphic cer tificates installed on the switch. Syntax: sho w crypto cer tificate {admin | eap | web} admin Displays information about the administrativ e cer tificate that authenticates the s witch to W eb View . eap Displays inf or mation[...]

D-Link DWS-1008 CLI Manual 226 sho w cr ypto ke y domain Displa ys the chec ksum (also called a finger pr int) of the public k e y used to authenticate management traffic between s witches. Syntax: sho w crypto key domain Defaults: None. Access: Enabled. Examples: T o display the fingerpr int f or s witch-s witch security , type the f ollowing c[...]

D-Link DWS-1008 CLI Manual 227 RADIUS and Ser ver Groups Commands Use RADIUS commands to set up communication betw een a switch and groups of up to f our RADIUS ser v ers for remote authentication, author ization, and accounting (AAA) of administrators and networ k users. This chapter presents RADIUS commands alphabetically . Use the follo wing tab[...]

D-Link DWS-1008 CLI Manual 228 c lear radius Resets parameters that were globally configured f or RADIUS ser vers to their def ault values . Syntax: c lear radius {deadtime | key | retransmit | timeout} deadtime Number of minutes to wait after declar ing an unresponsive RADIUS ser v er unav ailab le bef ore retr ying the RADIUS ser v er . key P as[...]

D-Link DWS-1008 CLI Manual 229 c lear radius c lient system-ip Remov es the s witch’ s system IP address from use as the permanent source address in RADIUS client requests from the s witch to its RADIUS ser v er(s). Syntax: c lear radius client system-ip deadtime Number of minutes to wait after declar ing an unresponsive RADIUS ser v er unav aila[...]

D-Link DWS-1008 CLI Manual 230 c lear radius pr o xy client Remov es RADIUS pro xy client entries f or third-par ty APs. Syntax: c lear radius pro xy client all Defaults: None Access: Enabled. Examples: The follo wing command clears all RADIUS pro xy client entries from the switch: DWS-1008# clear radius pr o xy c lient all success: change accepted[...]

D-Link DWS-1008 CLI Manual 231 c lear radius server Remov es the named RADIUS server from the s witch configuration. Syntax: c lear radius server ser ver-name ser v er-name Name of a RADIUS ser ver configured to perform remote AAA ser vices f or the s witch. Defaults: None Access: Enabled. Examples: The f ollowing command remo v es the RADIUS ser[...]

D-Link DWS-1008 CLI Manual 232 T o disable load balancing in a server g roup shorebirds , type the f ollowing command: DWS-1008# set server group shorebir ds load-balance disable success: change accepted. See Also: • set ser v er group set radius Configures global def aults f or RADIUS servers that do not e xplicitly set these v alues themselv e[...]

D-Link DWS-1008 CLI Manual 233 Defaults: Global RADIUS parameters ha v e the f ollowing def ault v alues: • deadtime —0 (zero) minutes (The s witch does not designate unresponsiv e RADIUS ser vers as una v ailab le.) • encrypted-key —No ke y • key —No k ey • retransmit —3 (the total number of attempts, including the first attempt) [...]

D-Link DWS-1008 CLI Manual 234 set radius c lient system-ip C a u s e s al l R A D I U S r e q u e s t s to b e s o u r c e d fr om t h e IP a d d r e s s s p e c i fi e d b y t h e s e t s y s t e m ip -a dd re ss command, providing a permanent source IP address for RADIUS pac k ets sent from the s witch. Syntax: set radius c lient system-ip Defa[...]

D-Link DWS-1008 CLI Manual 235 Access: Enabled. Usage: AAA f or third-par ty AP users has additional configuration requirements. Examples: The f ollo wing command configures a RADIUS pro xy entry f or a third-party AP RADIUS client at 10.20.20.9, sending RADIUS traffic to the default UDP por ts 1812 and 1813 on the s witch: DWS-1008# set radius [...]

D-Link DWS-1008 CLI Manual 236 set radius server Configures RADIUS ser vers and their parameters. By def ault, the s witch automatically sets all these v alues e xcept the pass word (k ey). Syntax: set radius server ser v er-name [address ip-address ] [auth-port por t-number ] [acct-port por t-number ] [timeout seconds ] [retransmit number ] [dead[...]

D-Link DWS-1008 CLI Manual 237 Defaults: Def ault v alues are listed below: • auth-por t —UDP por t1812 • acct-por t —UDP por t1813 • timeout —5 seconds • retransmit —3 (the total number of attempts, including the first attempt) • deadtime —0 (zero) minutes (The s witch does not designate unresponsiv e RADIUS ser vers as una v [...]

D-Link DWS-1008 CLI Manual 238 set server group Configures a group of one to f our RADIUS servers. Syntax: set server group g roup-name members server-name1 [ server-name2 ] [ ser v er-name3 ] [ ser ver-name4 ] group-name Ser v er group name of up to 32 characters , with no spaces or tabs. members The names of one or more configured RADIUS server[...]

D-Link DWS-1008 CLI Manual 239 set server group load-balance Enables or disab les load balancing among the RADIUS servers in a ser v er group . Syntax: set server group g roup-name load-balance {enable | disable} group-name Ser v er group name of up to 32 characters . load-balance Enables or disab les load balancing of authentication requests among[...]

D-Link DWS-1008 CLI Manual 240 802.1X Management Commands Use 802. IEEE X management commands to modify the default settings f or IEEE 802.1X sessions on a D WS-1008 switch. F or best results, change the settings only if you are aware of a problem with the s witch’ s 802.1X performance. This chapter presents 802.1X commands alphabetically . Use t[...]

D-Link DWS-1008 CLI Manual 241 c lear dot1x bonded-period Resets the Bonded A uth period to its default v alue . Syntax: c lear dot1x max-req Defaults: The default bonded authentication period is 0 seconds. Access: Enabled. Examples: T o reset the Bonded per iod to its def ault, type the f ollowing command: DWS-1008# clear dot1x bonded-period succe[...]

D-Link DWS-1008 CLI Manual 242 c lear dot1x por t-contr ol Resets all wired authentication por ts on the switch to def ault 802.1X authentication. Syntax: c lear dot1x port-control Defaults: By def ault, all wired authentication por ts are set to auto and the y process authentication requests as deter mined b y the set authentication dot1X command.[...]

D-Link DWS-1008 CLI Manual 243 c lear dot1x reauth-max Resets the maximum number of reauthorization attempts to the def ault setting. Syntax: c lear dot1x reauth-max Defaults: The default is 2 attempts . Access: Enabled. Examples: T ype the f ollowing command to reset the maximum number of reauthorization attempts to the def ault: DWS-1008# clear d[...]

D-Link DWS-1008 CLI Manual 244 c lear dot1x timeout auth-server Resets to the def ault setting the number of seconds that m ust elapse bef ore the s witch times out a request to a RADIUS ser v er . Syntax: c lear dot1x reauth-period Defaults: The default is 30 seconds . Access: Enabled. Examples: T o reset the def ault timeout f or requests to an a[...]

D-Link DWS-1008 CLI Manual 245 c lear dot1x tx-period Resets to the def ault setting the number of seconds that must elapse bef ore the switch retransmits an EAP ov er LAN (EAP oL) pack et. Syntax: c lear dot1x tx-period Defaults: The default is 5 seconds . Access: Enabled. Examples: T ype the follo wing command to reset the EAP oL retransmission t[...]

D-Link DWS-1008 CLI Manual 246 set dot1x bonded-period Changes the Bonded A uth™ (bonded authentication) per iod. The Bonded Auth per iod is the number of seconds MSS allo ws a Bonded A uth user to reauthenticate. Syntax: set dot1x bonded-period seconds seconds Number of seconds MSS retains session information f or an authenticated machine while [...]

D-Link DWS-1008 CLI Manual 247 set dot1x ke y-tx Enables or disables the transmission of encr yption ke y inf or mation to the supplicant (client) in EAP ov er LAN (EAP oL) ke y messages , after authentication is successful. Syntax: set dot1x ke y-tx {enable | disable} enable Enab les transmission of encryption key inf or mation to clients. disable[...]

D-Link DWS-1008 CLI Manual 248 See Also: • clear dot1x max-req • show dot1x set dot1x por t-contr ol Deter mines the 802.1X authentication behavior on individual wired authentication por ts or groups of por ts. Syntax: set dot1x port-control {f orceauth | f or ceunauth | auto} por t-list for ceauth F orces the specified wired authentication po[...]

D-Link DWS-1008 CLI Manual 249 set dot1x quiet-period Sets the number of seconds a s witch remains quiet and does not respond to a supplicant after a f ailed authentication. Syntax: set dot1x quiet-period seconds seconds Specify a v alue between 0 and 65,535. Defaults: The default is 60 seconds . Access: Enabled. Examples: T ype the follo wing comm[...]

D-Link DWS-1008 CLI Manual 250 set dot1x reauth-period Sets the number of seconds that must elapse bef ore the switch attempts reauthentication. Syntax: set dot1x reauth-period seconds seconds Specify a v alue between 60 (1 minute) and 1,641,600 (19 da ys). Defaults: The default is 3600 seconds (1 hour). Access: Enabled. Usage: Y ou also can use th[...]

D-Link DWS-1008 CLI Manual 251 set dot1x timeout supplicant Sets the number of seconds that must elapse before the s witch times out an authentication session with a supplicant (client). Syntax: set dot1x timeout supplicant seconds seconds Specify a v alue between 1 and 65,535. Defaults: The default is 30 seconds . Access: Enabled. Examples: T ype [...]

D-Link DWS-1008 CLI Manual 252 set dot1x wep-reke y Enables or disables Wired Equivalency Privacy (WEP) rek eying f or broadcast and multicast encr yption ke ys . Syntax: set dot1X wep-reke y {enable | disable} enable Causes the broadcast and multicast ke ys f or WEP to be rotated at an inter val set b y the set dot1x wep-reke y-period for each rad[...]

D-Link DWS-1008 CLI Manual 253 sho w dot1x Displa ys 802.1X client inf or mation f or statistics and configuration settings . Syntax: sho w dot1x {clients | stats | config} clients Displays inf or mation about active 802.1X clients, including client name, MA C address, and state . stats Displa ys global 802.1X statistics associated with connectin[...]

D-Link DWS-1008 CLI Manual 254 T ype the f ollowing command to displa y the 802.1X clients: DWS-1008# show dot1x config 802.1X user policy ---------------------- ‘host/bob-laptop.mycorp.com’ on ssid ‘mycorp’ doing P ASSTHRU ’bob.mycorp.com’ on ssid ‘mycorp’ doing P ASSTHRU (bonded) 802.1X parameter setting ---------------------- --[...]

D-Link DWS-1008 CLI Manual 255 T ype the f ollowing command to displa y 802.1X statistics: DWS-1008# show dot1x stats 802.1X statistic value ---------------------- ---------------------- Enters Connecting: 709 Logoffs While Connecting: 112 Enters Authenticating: 467 Success While Authenticating: 0 Timeouts While Authenticating: 52 Failures While Au[...]

D-Link DWS-1008 CLI Manual 256 Session Management Commands Use session management commands to displa y and clear administrative and network user sessions. This chapter presents session management commands alphabetically . Use the f ollowing table to locate commands in this chapter based on their use. Administrative Sessions show sessions on page 25[...]

D-Link DWS-1008 CLI Manual 257 T o clear all administrativ e T elnet sessions, type the f ollo wing command: DWS-1008# clear sessions telnet This will ter minate manager sessions, do you wish to continue? (y|n) [n] y T o clear T elnet client session 0, type the follo wing command: DWS-1008# clear sessions telnet c lient 0 See Also: • show session[...]

D-Link DWS-1008 CLI Manual 258 Examples: T o clear all sessions f or MA C address 00:01:02:03:04:05, type the f ollowing command: DWS-1008# clear sessions netw ork mac-addr 00:01:02:03:04:05 This will ter minate manager sessions, do you wish to continue? (y|n) [n] y T o clear session 9, type the f ollowing command: DWS-1008# clear sessions netw ork[...]

D-Link DWS-1008 CLI Manual 259 Defaults: None. Access: All, e xcept f or show sessions telnet c lient , which has enab led access. Examples: T o view information about sessions of administr ative users, type the f ollowing command: DWS-1008# clear sessions admin Tty Username Time (s) T ype ------- -------------------- -------- ---- tty0 3644 Consol[...]

D-Link DWS-1008 CLI Manual 260 The table below describes the fields of the show sessions admin , show sessions console , and show sessions telnet displa ys. show sessions admin, show sessions console , and sho w sessions telnet Output Field Description Tty The T elnet ter minal number , or console for administrativ e users connected through the co[...]

D-Link DWS-1008 CLI Manual 261 ssid ssid-name Displa ys all network sessions f or an SSID . vlan vlan-glob Displa ys all network sessions on a single VLAN or a set of VLANs . Specify a VLAN name, use the double-asterisk wildcard character (**) to specify all VLAN names, or use the single-aster isk wildcard character (*) to specify a set of VLAN nam[...]

D-Link DWS-1008 CLI Manual 262 The f ollo wing command displa ys summar y inf or mation about the sessions f or MA C address 00:05:5d:7e:98:1a : DWS-1008# show sessions netw ork mac-addr 00:05:5d:7e:98:1a User Sess IP or MAC VLAN Port/ Name ID Addr ess Name Radio ------------------------------ ---- ----------------- --------------- ----- EXAMPLEHa[...]

D-Link DWS-1008 CLI Manual 263 The f ollowing command displa ys information about network session 88: DWS-1008# show sessions netw ork session-id 88 Local Id: 88 Global Id: SESS-88-00040f-876766-623fd6 State: ACTIVE SSID: Rack-39-PM Por t/Radio: 10/1 MAC Address: 00:0f:66:f4:71:6d User Name: last-resort-Rack-39-PM IP Address: 10.2.39.217 Vlan Name:[...]

D-Link DWS-1008 CLI Manual 264 Additional sho w sessions netw ork verbose Output Field Description Client MA C MA C address of the session user . GID Global session ID , a unique session number . State Status of the session: • A UTH, ASSOC REQ—Client is being associated by the 802.1X protocol. • A UTH AND ASSOC—Client is being associated b [...]

D-Link DWS-1008 CLI Manual 265 sho w sessions network session-id Output Field Description Local Id Identifier for the session on this par ticular s witch. (This is the session ID you specify when entering the show sessions network session-id command.) Global Id Unique session identifier within the network. State Status of the session: • A UTH, [...]

D-Link DWS-1008 CLI Manual 266 Unicast bytes out T otal number of unicast bytes sent b y the s witch to the user (64-bit counter). Mul tica st pac k ets in T otal number of m ulticast pack ets received from the user b y the s witch (64-bit counter). Multicast bytes in T otal n umber of multicast bytes receiv ed from the user by the s witch (64-bit [...]

D-Link DWS-1008 CLI Manual 267 RF Detection Commands MSS automatically perf or ms RF detection scans on enab led and disabled radios to detect rogue access points. A rogue access point is a BSSID (MA C address associated with an SSID) that does not belong to a D-Link de vice and is not a member of the ignore list configured on the seed s witch. MS[...]

D-Link DWS-1008 CLI Manual 268 c lear rfdetect attac k-list Remov es a MA C address from the attac k list. Syntax: c lear rfdetect attack-list mac-addr mac-addr MA C address you w ant to remov e from the attack list. Defaults: None. Access: Enabled. Examples: The follo wing command clears MA C address 11:22:33:44:55:66 from the attac k list: DWS-10[...]

D-Link DWS-1008 CLI Manual 269 c lear rfdetect ssid-list Remov es an SSID from the permitted SSID list. Syntax: c lear rfdetect ssid-list ssid-name ssid-name SSID name you w ant to remov e from the per mitted SSID list. Defaults: None. Access: Enabled. Examples: The follo wing command clears SSID mycorp from the per mitted SSID list: DWS-1008# clea[...]

D-Link DWS-1008 CLI Manual 270 set rfdetect attac k-list Adds an entry to the attac k list. The attack list specifies the MA C addresses of de vices that MSS should issue counter measures against whene v er the de vices are detected on the network. The attack list can contain the MA C addresses of APs and clients. Syntax: set rfdetect attac k-list[...]

D-Link DWS-1008 CLI Manual 271 MSS can place a client in the b lack list due to an association, reassociation or disassociation flood from the client. The client b lack list applies only to the s witch on which the list is configured. Switches do not share client blac k lists . Examples: The follo wing command adds client MA C address 11:22:33:44[...]

D-Link DWS-1008 CLI Manual 272 See Also: • clear rfdetect ignore • show rfdetect ignore set rfdetect log Disables or reenables generation of log messages when rogues are detected or when the y disappear . Syntax: set rfdetect log {enable | disab le} enable Enab les logging of rogues. disable Disab les logging of rogues. Defaults: RF detection l[...]

D-Link DWS-1008 CLI Manual 273 Usage: The command applies only to APs managed by the s witch on which y ou enter the command. T o enable signatures on all APs , enter the command on each s witch. Note: Y ou must use the same AP signature setting (enab led or disab led) on all s witches. Examples: The follo wing command enab les AP signatures on an [...]

D-Link DWS-1008 CLI Manual 274 set rfdetect vendor -list Adds an entr y to the per mitted v endor list. The per mitted v endor list specifies the third-par ty AP or client vendors that are allowed on the network. MSS does not list a device as a rogue or interf ering device if the de vice’ s OUI is in the per mitted v endor list. Syntax: set rfde[...]

D-Link DWS-1008 CLI Manual 275 Examples: The follo wing e xample shows the attac k list on s witch: DWS-1008# show rfdetect attac k-list T otal number of entries: 1 Attacklist MA C P or t/Radio/Chan RSSI SSID ----------------- ----------------- ------ ------------ 11:22:33:44:55:66 dap 2/1/11 -53 rogue-ssid See Also: • clear rfdetect attack-list [...]

D-Link DWS-1008 CLI Manual 276 Examples: The f ollowing command shows information about all wireless clients detected by a s witch’ s APs: DWS-1008# show rfdetect c lients T otal number of entries: 30 Client MAC Client AP MAC AP Por t/Radio NoL T ype Last V endor V endor /Channel seen ----------------- ------- ----------------- ------- ----------[...]

D-Link DWS-1008 CLI Manual 277 T ype Classification of the rogue de vice: • rogue—Wireless de vice that is on the network b ut is not supposed to be on the network. • intfr—Wireless device that is not par t of your network and is not a rogue , but might be causing RF interf erence with AP radios. • known—De vice that is a legitimate me[...]

D-Link DWS-1008 CLI Manual 278 Usage: This command is v alid only on the seed s witch Examples: The follo wing e xample displa ys counter measures status: DWS-1008# show rfdetect countermeasures T otal number of entries: 190 Rogue MAC T ype Countermeasures IPaddr Port/Radio Radio Mac /Channel ----------------- ----- ------------------ -------------[...]

D-Link DWS-1008 CLI Manual 279 Examples: The follo wing command shows counters f or rogue activity detected by a s witch: DWS-1008# show rfdetect countermeasures T ype Current T otal ------------------------------------------------------------------------------------------------------------ Rogue access points 0 0 Inter fering access points 139 111[...]

D-Link DWS-1008 CLI Manual 280 sho w rfdetect data Displa ys inf or mation about the APs detected b y a s witch. Syntax: sho w rfdetect data Defaults: None. Access: Enabled. Usage: Y ou can enter this command on any switch. The output applies only to the s witch on which you enter the command. T o display all de vices that a specific D-Link radio [...]

D-Link DWS-1008 CLI Manual 281 The table belo w describes the fields in this display . Field Description BSSID MA C address of the SSID used by the detected de vice. V endor Company that manuf actures or sells the rogue de vice. T ype Classification of the rogue de vice: • rogue—Wireless de vice that is not supposed to be on the network. The [...]

D-Link DWS-1008 CLI Manual 282 sho w rfdetect ssid-list Displa ys the entries in the per mitted SSID list. Syntax: sho w rfdetect ssid-list Defaults: None. Access: Enabled. Examples: The follo wing e xample shows the permitted SSID list on s witch: DWS-1008# show rfdetect ssid-list T otal number of entries: 3 SSID ----------------- mycorp corporate[...]

D-Link DWS-1008 CLI Manual 283 sho w rfdetect visible Displa ys the BSSIDs discov ered by a specific D-Link radio . The data includes BSSIDs transmitted by other D-Link r adios as well as b y third-par ty access points. Syntax: sho w rfdetect visible mac-addr Syntax: sho w rfdetect visible ap mp-num [radio{1|2}] Syntax: sho w rfdetect visible dap [...]

D-Link DWS-1008 CLI Manual 284 The table belo w describes the fields in this display . Field Description T ransmit MAC MA C address the rogue de vice that sent the 802.11 pack et detected by the AP r adio V endor Company that man ufactures or sells the rogue de vice. T ype Classification of the rogue de vice: • rogue—Wireless device that is o[...]

D-Link DWS-1008 CLI Manual 285 Examples: The f ollowing command tests the RF link between the s witch and the client with MA C address 00:0e:9b:bf:ad:13: DWS-1008# test rflink mac 00:0e:9b:bf:ad:13 RF-Link T est to 00:0e:9b:bf:ad:13 : Session-Id: 2 Packets Sent Packets Rcvd RSSI SNR RTT (micro-secs) ------------ ------------ ------- ----- --------[...]

D-Link DWS-1008 CLI Manual 286 File Management Commands Use file management commands to manage system files and to displa y software and boot inf or mation. This chapter presents file management commands alphabetically . Use the f ollowing tab le to locate commands in this chapter based on their use. Software V er sion reset system on page 297 s[...]

D-Link DWS-1008 CLI Manual 287 bac kup Creates an archiv e of s witch system files and optionally , user file, in Unix tape archiv e ( tar ) f or mat. Syntax: bac kup system [tftp:/ ip-addr /] filename [all | critical] [ tftp:/ ip-addr/]filename Name of the archiv e file to create . Y ou can store the file locally in the s witch’ s nonv ola[...]

D-Link DWS-1008 CLI Manual 288 Examples: The f ollowing command creates an archiv e of the system-critical files and copies the archiv e directly to a TFTP ser ver . The filename in this example includes a TFTP ser ver IP address, so the archiv e is not stored locally on the s witch. DWS-1008# backup system tftp:/10.10.20.9/sysa_bak critical succ[...]

D-Link DWS-1008 CLI Manual 289 Examples: The follo wing commands bac k up the configuration file on a s witch, reset the s witch to its f actor y def ault configuration, and reboot the s witch: DWS-1008# copy configuration tftp://10.1.1.1/bac kupcfg success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] DWS-1008# clear boot config success: [...]

D-Link DWS-1008 CLI Manual 290 Usage: The filename and file: filename URLs are equivalent. Y ou can use either URL to ref er to a file in a s witch’ s nonv olatile memory . The tftp: //ip-addr/filename URL ref ers to a file on a TFTP ser v er . If DNS is configured on the s witch, you can specify a TFTP ser ver’ s hostname as an alter na[...]

D-Link DWS-1008 CLI Manual 291 delete Caution: MSS does not prompt y ou to verify whether you want to delete a file . When you press Enter after typing a delete command, MSS immediately deletes the specified file. Note: MSS does not allow you to delete the currently running software image file or the r unning configuration. Syntax: delete url [...]

D-Link DWS-1008 CLI Manual 292 dir Displa ys a list of the files in nonv olatile storage and temporar y files. Syntax: dir [ subdirname ] | [file:] | [core:] | [boot0:] | [boot1:] subdir name Subdirector y name. If you specify a subdirector y name, the command lists the files in that subdirector y . Otherwise , the command lists the files in t[...]

D-Link DWS-1008 CLI Manual 293 core:command_audit.cur 37 bytes Aug 28 2005, 21:11:41 T otal: 37 bytes used, 91707 Kbytes free The f ollowing command displa ys the files in the root director y: DWS-1008# dir file: =========================================================== file: Filename Size Created file:configuration 48 KB Jul 12 2005, 15:02:[...]

D-Link DWS-1008 CLI Manual 294 The table belo w describes the fields in the dir output. Field Description Filename Filename or subdirector y name. F or files, the director y name is shown in front of the filename (for example , file: configuration). The file: director y is the root director y . F or subdirector ies, a f orward slash is shown [...]

D-Link DWS-1008 CLI Manual 295 load config Caution: This command completely remov es the running configuration and replaces it with the configuration contained in the file . D-Link recommends that you sav e a copy of the current r unning configuration to a bac kup configuration file bef ore loading a ne w configuration. Loads configuration[...]

D-Link DWS-1008 CLI Manual 296 md5 Calculates the MD5 checksum f or a file in the switch’ s non v olatile storage. Syntax: md5 [boot0: | boot1:] filename boot0: | boot1: Boot par tition into which you copied the file . filename: Name of the file. Defaults: None. Access: Enabled. Usage: Y ou must include the boot par tition name in front of t[...]

D-Link DWS-1008 CLI Manual 297 DWS-1008# dir ========================================================== file: Filename Size Created file:configuration 17 KB May 21 2004, 18:20:53 file:configuration.txt 379 bytes May 09 2004, 18:55:17 corp2/ 512 bytes May 21 2004, 19:22:09 corp_a/ 512 bytes May 21 2004, 19:15:48 file:dangcfg 13 KB May 16 2004,[...]

D-Link DWS-1008 CLI Manual 298 Examples: The follo wing command restar ts a s witch that does not hav e any unsa ved configuration changes: DWS-1008# reset system This will reset the entir e system. Are you sur e (y/n) y The f ollo wing commands attempt to restar t a s witch with a r unning configuration that has unsa v ed changes, and then f orc[...]

D-Link DWS-1008 CLI Manual 299 Usage: If a file in the archive has a counter par t on the switch, the archive v ersion of the file replaces the file on the s witch. The restore command does not delete files that do not hav e counter par ts in the archive. F or e xample, the command does not completely replace the user files area. Instead, fil[...]

D-Link DWS-1008 CLI Manual 300 Examples: The follo wing e xample remov es subdirector y cor p2 : DWS-1008# rmdir corp2 success: change accepted. See Also: • dir • mkdir sa ve config Sav es the r unning configuration to a configuration file . Syntax: sa ve config [ filename ] filename Name of the configuration file . Specify between 1 a[...]

D-Link DWS-1008 CLI Manual 301 set boot bac kup-configuration Specifies the name of a bac kup configuration file to be used in the e v ent that MSS cannot read the s witch’ s configuration file at boot time. Syntax: set boot bac kup-configuration filename filename Name of the file to use as a backup configuration file if MSS cannot re[...]

D-Link DWS-1008 CLI Manual 302 set boot par tition Specifies the boot par tition in which to look f or the system image file follo wing the next system reset, software reload, or po wer cycle . Syntax: set boot partition {boot0 | boot1} boot0 Boot par tition 0. boot1 Boot par tition 1. Defaults: By default, a s witch uses the same boot par tition[...]

D-Link DWS-1008 CLI Manual 303 The table belo w describes the fields in the show boot output. Field Description Configured boot v ersion Software version the s witch will run ne xt time the software is rebooted. Configured boot image Boot par tition and image filename MSS will use to boot next time the software is rebooted. Configured boot con[...]

D-Link DWS-1008 CLI Manual 304 • spantree • system • trace • vlan • vlan-fdb If you do not specify a configur ation area, nondef ault inf or mation f or all areas is displa yed. all Includes configuration items that are set to their def ault values . Defaults: None. Access: Enabled. Usage: If y ou do not use one of the optional paramete[...]

D-Link DWS-1008 CLI Manual 305 Examples: The follo wing command displa ys v ersion inf or mation f or a s witch: DWS-1008# show ver sion Mobility System Software, V ersion: 4.1.0 QA 67 Copyright (c) 2002, 2003, 2004, 2005 D-Link, Inc. All rights reserved. Build Infor mation: (build#67) TOP 2005-07-21 04:41:00 Model: DWS-1008 Hardwar e Mainboard: ve[...]

D-Link DWS-1008 CLI Manual 306 The table belo w describes the fields in the show version output. Field Description Build Inf or mation F actor y timestamp of the image file. Label Software v ersion and build date . Build Suffix Build suffix. Model Build model. Hardware V ersion information for the switch’ s motherboard and P ower over Ether n[...]

D-Link DWS-1008 CLI Manual 307 Access Point Commands Use D WL-8220AP access point commands to configure and manage D WL-8220AP access points. Be sure to do the f ollowing bef ore using the commands: • Define the countr y-specific IEEE 802.11 regulations on the D WS-1008 s witch. • Install the D WL-8220AP access point and connect it to a por [...]

D-Link DWS-1008 CLI Manual 308 Examples The f ollo wing command disab les and resets radio 2 on the DWL-8220AP access point connected to por t 3: D WS-1008# c lear ap 3 radio 2 c lear dap boot-configuration Remov es the static IP address configuration f or a Distr ib uted AP . Syntax: clear dap boot-configuration dap-n um dap dap-num Defaults: N[...]

D-Link DWS-1008 CLI Manual 309 c lear radio-pr ofile Remov es a radio profile or resets one of the profile’ s parameters to its def ault value . Syntax: clear radio-pr ofile name [parameter] name parameter Defaults If you reset an individual par ameter , the parameter is retur ned to it’ s def ault value . Access: Enabled Usage: If y ou spe[...]

D-Link DWS-1008 CLI Manual 310 See Also: • set {ap | dap} radio radio-profile • set radio-profile mode • show {ap | dap} config • show radio-profile c lear service-profile Remov es a service profile or resets one of the profile’ s parameters to its def ault v alue. Syntax: clear service-pr ofile name [soda {agent-directory | failu[...]

D-Link DWS-1008 CLI Manual 311 Examples: The f ollowing commands disable the radios that are using radio profile r p6 , remo ve ser vice-profile svcprof6 from r p6 , then clear svcprof6 from the configuration. DWS-1008# set radio-profile rp6 mode disab le DWS-1008# clear radio-pr ofile rp6 service-profile svcpr of6 success: change accepted. D[...]

D-Link DWS-1008 CLI Manual 312 set dap auto Creates a profile f or automatic configuration of Distributed APs . Syntax: set dap auto Defaults: None. Access: Enabled. The follo wing T ab le lists the configurab le profile parameters and their def aults. The only parameter that requires configuration is the profile mode . The profile is disab [...]

D-Link DWS-1008 CLI Manual 313 Examples: The follo wing command creates a profile f or automatic Distr ibuted AP configuration: DWS-1008# set dap auto success: change accepted. See Also: • set dap auto mode • set dap auto persistent • set dap auto radiotype • set {ap | dap} bias • set {ap | dap} blink • set {ap | dap} group • set {a[...]

D-Link DWS-1008 CLI Manual 314 set dap auto per sistent Conv er ts a temporar y AP configuration created by the AP configuration profile into a persistent AP configuration on the D WS-1008. Syntax: set dap auto per sistent [ dap-num | all] dap-num all Defaults: None. Access: Enabled. Usage: T o displa y the Distributed AP numbers assigned to A [...]

D-Link DWS-1008 CLI Manual 315 Defaults: The def ault radio type f or the D WL-8220AP is 802.11g. Access: Enabled Examples: The follo wing command sets the radio type to 802.11b: DWS-1008# set dap auto radiotype 11b success: change accepted. See Also: • set dap auto • set dap auto mode • set dap auto persistent set {ap | dap} bias Changes the[...]

D-Link DWS-1008 CLI Manual 316 If AP por t 1 is indirectly connected to D WS-1008 s witches through the network, the AP boots from the s witch with the high bias for the AP . If the bias for all connections is the same, the AP selects the switch that has the greatest capacity to add more active APs. F or example , if an AP is dual homed to two D WS[...]

D-Link DWS-1008 CLI Manual 317 Examples: The f ollowing command enab les LED b link mode on the access points connected to por ts 3 and 4: D WS-1008# set ap 3-4 blink enable success: change accepted. set dap boot-ip Specifies static IP address inf or mation f or a Distributed AP . Syntax: set dap dap-num boot-ip ip ip-addr netmask mask-addr gate w[...]

D-Link DWS-1008 CLI Manual 318 Examples: The f ollo wing command configures Distributed AP 1 to use IP address 172.16.0.42 with a 24-bit netmask, and use 172.16.0.20 as its def ault gatew a y: D WS-1008# set dap 1 boot-ip ip 172.16.0.42 netmask 255.255.255.0 gatewa y 172.16.0.20 mode enable success: change accepted. See Also: • clear dap boot-co[...]

D-Link DWS-1008 CLI Manual 319 When a static IP address is specified f or a Distributed AP , there is no preconfigured DNS inf or mation or DNS name for the D WS-1008 the Distr ibuted AP attempts to use as its boot de vice. If you configure a static IP address f or a Distributed AP , but do not specify a boot de vice, then the D WS-1008 s witch [...]

D-Link DWS-1008 CLI Manual 320 Usage: When this command is configured, all Ether net frames emitted from the Distributed AP are formatted with an 802.1Q tag with a specified VLAN number . F rames sent to the Distributed AP that are not tagged with this v alue are ignored. Examples: The follo wing command configures Distributed AP 1 to use VLAN t[...]

D-Link DWS-1008 CLI Manual 321 set dap fingerprint V er ifies an AP’ s finger pr int on an D WS-1008. If AP-D WS security is required by an D WS-1008, an AP can establish a management session with the switch only if you hav e v erified the AP’ s identity by v er ifying its finger print on the switch. Syntax: set dap dap-num fingerprint he[...]

D-Link DWS-1008 CLI Manual 322 set {ap | dap} f or ce-image-do wnload Configures an AP to download its software image from the D WS-1008 instead of loading the image that is locally stored on the AP . Syntax: set {ap por t-list | dap { dap-num | auto}} for ce-image-do wnload {enable | disable} ap por t-list dap dap-num dap auto for ce-image-do wnl[...]

D-Link DWS-1008 CLI Manual 323 set {ap | dap} gr oup Configures a named g roup of AP access points. MSS automatically load balances sessions among the access points in a group . T o balance the sessions, MSS rejects an association request f or an access point’ s radio if that radio has at least four more active sessions than the radio of the sam[...]

D-Link DWS-1008 CLI Manual 324 set {ap | dap} location Specifies location inf or mation f or an AP . Syntax: set {ap por t-list | dap { dap-num } location string ap por t-list dap dap-num location string Defaults: None . Access: Enabled Usage: Use this command to specify inf ormation about the location of the AP . Examples: The follo wing command [...]

D-Link DWS-1008 CLI Manual 325 set {ap | dap} name Changes an AP name. Syntax: set {ap por t-list | dap dap-num } name name ap por t-list dap dap-num name Defaults: The default name of a directly attached AP is based on the por t number of the AP access por t attached to the AP . F or e xample, the def ault name f or an AP on AP access por t 1 is A[...]

D-Link DWS-1008 CLI Manual 326 indoors outdoors Defaults: The def ault antenna location is indoors. Access: Enabled Examples: The f ollowing command sets the antenna location f or radio 1 on Distr ib uted AP 22 to outdoors : DWS-1008# set dap 22 radio 1 antenna-location outdoors success: change accepted. See Also: • set {ap | dap} radio antennaty[...]

D-Link DWS-1008 CLI Manual 327 Defaults: All radios use the internal antenna by def ault. Access: Enabled Examples: The f ollo wing command configures the 802.11b/g radio on Distributed AP 1 to use antenna model ANT1060: DWS-1008# set dap 1 radio 1 antennatype ANT1060 success: change accepted. See Also: • show {ap | dap} config set {ap | dap} r[...]

D-Link DWS-1008 CLI Manual 328 Example: The follo wing command sets the maximum pow er that RF Auto-T uning can set on radio 1 on the D WL-8220AP access point on por t 5 to 12 dBm. DWS-1008# set ap 5 radio 1 auto-tune max-power 12 success: change accepted. See Also: • set radio-profile auto-tune pow er-config • set radio-profile auto-tune po[...]

D-Link DWS-1008 CLI Manual 329 Examples: The f ollo wing command configures the channel on the 802.11a radio on the D WL-8220AP access point connected to por t 5: DWS-1008# set ap 5 radio 1 channel 36 success: change accepted. The f ollowing command configures the channel and transmit po wer on the 802.11b/g radio on the D WL-8220AP access point [...]

D-Link DWS-1008 CLI Manual 330 Usage: T o enable or disable one or more radios to which a profile is assigned, use the set ap radio radio-profile command. T o enable or disable all radios that use a specific radio profile , use the set radio-profile command. Examples: The f ollowing command enables radio 1 on the D WL-8220AP access points conn[...]

D-Link DWS-1008 CLI Manual 331 Defaults: When you create a new profile , the radio parameters in the profile are set to their f actor y def ault v alues . T o enable or disable all radios that use a specific radio profile , use set radio-profile . Access: Enab led. Examples: The follo wing command enables radio 1 on por ts 4 through 6 assigned[...]

D-Link DWS-1008 CLI Manual 332 Examples: The follo wing command configures the transmit power on the 802.11a radio on the D WL-8220AP access point connected to por t 5: DWS-1008# set ap 5 radio 1 tx-power 10 success: change accepted. The f ollowing command configures the channel and transmit po wer on the 802.11b/g radio on the D WL-8220AP access[...]

D-Link DWS-1008 CLI Manual 333 AP can estab lish a management session with the D WS-1008 s witch only if its finger pr int has been confir med b y you in MSS . A change to D WL-8220AP security suppor t does not affect management sessions that are already established. T o apply the new setting to an D WL-8220AP , restar t the D WL-8220AP . Example[...]

D-Link DWS-1008 CLI Manual 334 set radio-pr ofile active-scan Disables or reenables activ e RF detection scanning on the D WL-8220AP radios managed by a radio profile. When active scanning is enab led, D WL-8220AP radios look for rogue devices by sending probe any requests (probe requests with a null SSID name), to solicit probe responses from ot[...]

D-Link DWS-1008 CLI Manual 335 name enable disable no-client Defaults: Dynamic channel assignment is enab led by def ault. Access: Enab led. Usage: If y ou disab le RF A uto-T uning f or channels, MSS does not dynamically set the channels when radios are first enab led and also does not tune the channels during operation. If RF Auto-T uning f or c[...]

D-Link DWS-1008 CLI Manual 336 name rate Defaults: The def ault RF A uto-T uning channel holddown is 900 seconds. Access: Enab led. Usage: The channel holddown applies e ven if RF anomalies occur that nor mally cause an immediate channel change. Examples: The f ollowing command changes the channel holddown for radios in radio profile r p2 to 600 s[...]

D-Link DWS-1008 CLI Manual 337 If y ou set the inter val to 0, RF A uto-T uning does not ree valuate the channel at regular inter vals . How e ver , RF A uto-T uning can still change the channel in response to RF anomalies. Examples: The f ollo wing command sets the channel inter val f or radios in radio profile r p2 to 2700 seconds (45 minutes): [...]

D-Link DWS-1008 CLI Manual 338 set radio-pr ofile auto-tune po wer -config Enables or disables dynamic power tuning (RF A uto-T uning) f or the D WL-8220AP radios in a radio profile . Syntax: set radio-profile name auto-tune po wer -config {enable | disable} name enable disable Defaults: Dynamic po wer assignment is disab led by def ault. Acce[...]

D-Link DWS-1008 CLI Manual 339 set radio-pr ofile auto-tune po wer -inter v al Sets the inter v al at which RF A uto-T uning decides whether to change the pow er lev el on radios in a radio profile. At the end of each inter v al, MSS processes the results of the RF scans perf or med during the previous interval, and changes radio po wer le vels i[...]

D-Link DWS-1008 CLI Manual 340 set radio-pr ofile auto-tune po wer -loc kdown Locks down the current po wer settings on all radios in a radio profile . The pow er settings that are in effect when the command is entered are changed into statically configured pow er settings on the radios . RF A uto-T uning of power is then disab led in the radio [...]

D-Link DWS-1008 CLI Manual 341 Defaults: The def ault interval is 60 seconds. Access: Enab led. Examples: The follo wing command changes the power ramp inter v al f or radios in radio profile r p2 to 120 seconds: DWS-1008# set radio-profile rp2 auto-tune po wer-ramp-interv al 120 success: change accepted. See Also: • set {ap | dap} radio auto-t[...]

D-Link DWS-1008 CLI Manual 342 set radio-pr ofile countermeasures Counter measures aff ect wireless service on a radio . When an AP radio is sending counter measures, the radio is disabled f or use b y network traffic , until the r adio finishes sending the counter measures. Enables or disables countermeasures f or on the D WL-8220AP radios mana[...]

D-Link DWS-1008 CLI Manual 343 The f ollowing command causes radios managed b y radio profile r adprof3 to issue countermeasures against de vices in the D WS-1008’ s attack list: DWS-1008# radio-profile radpr of3 countermeasures configured success: change accepted. Note that when you issue this command, countermeasures are then issued only aga[...]

D-Link DWS-1008 CLI Manual 344 set radio-pr ofile frag-threshold Changes the fragmentation threshold f or the D WL-8220AP radios in a radio profile . The fragmentation threshold is the threshold at which the long-retr y-count is applicab le instead of the shor t-retr y-count. The long-retr y-count specifies the number of times a radio can send a[...]

D-Link DWS-1008 CLI Manual 345 set radio-pr ofile max-rx-lifetime Changes the maximum receive threshold f or the D WL-8220AP radios in a radio profile. The maximum receive threshold specifies the number of milliseconds that a frame receiv ed by a radio can remain in buff er memor y . Syntax: set radio-profile name max-rx-lif etime time name tim[...]

D-Link DWS-1008 CLI Manual 346 Defaults: The default maximum receive threshold for D WL-8220AP radios is 2000ms (2 seconds). Access: Enab led. Usage: Y ou must disab le all radios that are using a radio profile bef ore you can change parameters in the profile. Use the set radio-profile mode command. Examples: The f ollowing command changes the m[...]

D-Link DWS-1008 CLI Manual 347 P arameter Default V alue Radio Beha vior When P arameter Set to Default V alue activ e-scan enable Sends probe any requests (probe requests with a null SSID name) to solicit probe responses from other access points. auto-tune enable Allo ws dynamic configuration of channel and power settings by MMS. beacon-inter v a[...]

D-Link DWS-1008 CLI Manual 348 Access: Enab led. Usage: Use the command without any optional parameters to create ne w profile. If the radio profile does not already e xist, MSS creates a ne w radio profile . Use the enable or disab le option to enab le or disable all the r adios using a profile. T o assign the profile to one or more r adios, [...]

D-Link DWS-1008 CLI Manual 349 set radio-pr ofile preamble-length Changes the preamb le length f or which an 802.11b/g D WL-8220AP radio adver tises suppor t. This command does not apply to 802.11a. Syntax: set radio-profile name preamb le-length {long | short} name long short Defaults: The def ault is short . Access: Enab led. Usage: Changing th[...]

D-Link DWS-1008 CLI Manual 350 set radio-pr ofile qos-mode Sets the prior itization mode f or f orwarding queues on AP r adios managed by the r adio profile. Syntax: set radio-profile name qos-mode {svp | wmm} name svp wmm Defaults: The def ault QoS mode is wmm . Access: Enab led. Usage: When SVP is enabled, AP f orwarding prior itization is opt[...]

D-Link DWS-1008 CLI Manual 351 Syntax: set radio-profile name rfid-mode {enab le | disable} name enable disable Defaults: The def ault is disable . Access: Enab led. Examples: The f ollowing command enab les radios managed by radio profile rp1 to act as asset location receiv ers: DWS-1008# set radio-profile rfid-mode enab le success: change ac[...]

D-Link DWS-1008 CLI Manual 352 Examples: The f ollowing command changes the R TS threshold f or radio profile r p1 to 1500 bytes: DWS-1008# set radio-profile rp1 rts-threshold 1500 success: change accepted. See Also: • set radio-profile mode • show r adio-profile set radio-pr ofile service-profile Maps a ser vice profile to a radio pro?[...]

D-Link DWS-1008 CLI Manual 353 P arameter Default V alue Radio Behavior When P arameter Set to Default V alue cac-mode none Does not limit the number of active user sessions based on Call Admission Control. cac-session 14 If session-based CAC is enabled ( cac-mode is set to session ), limits the number of activ e user sessions on a radio to 14. cip[...]

D-Link DWS-1008 CLI Manual 354 P arameter Default V alue Radio Behavior When P arameter Set to Default V alue psk-phrase No passphrase defined Uses dynamically generated ke ys rather than statically configured ke ys to authenticate WP A clients. psk-ra w No preshared ke y defined Uses dynamically generated ke ys rather than statically configure[...]

D-Link DWS-1008 CLI Manual 355 P arameter Default V alue Radio Behavior When P arameter Set to Default V alue user-idle-timeout 180 Allows a client to remain idle for 180 seconds (3 minutes) before MSS changes the client’ s session to the Disassociated state. web-por tal-acl por talacl Note: This is the default only if the f allthru type on the s[...]

D-Link DWS-1008 CLI Manual 356 Access: Enab led. Usage: Y ou must configure the ser vice profile bef ore you can map it to a radio profile. Y ou can map the same ser vice profile to more than one radio profile . Y ou must disable all radios that use a radio profile bef ore y ou can change parameters in the profile. Use the set radio-profile[...]

D-Link DWS-1008 CLI Manual 357 set service-profile attr Configures authorization attr ib utes that are applied b y def ault to users accessing the SSID managed by the ser vice profile. These SSID def ault attributes are applied in addition to any supplied by the RADIUS server or from the local database . Syntax: set service-profile name attr at[...]

D-Link DWS-1008 CLI Manual 358 Defaults: By def ault, a service profile does not hav e any authorization attributes set. Access: Enab led. Usage: T o change the v alue of a def ault attr ib ute for a ser vice profile, use the set service- profile attr command and specify a ne w v alue. The SSID def ault attributes are applied in addition to any [...]

D-Link DWS-1008 CLI Manual 359 set service-profile auth-dot1x Disables or reenables 802.1X authentication of Wi-Fi Protected Access (WP A) clients b y AP radios , when the WP A inf or mation element (IE) is enabled in the ser vice profile that is mapped to the radio profile that the radios are using. Syntax: set service-profile name auth-dot1x [...]

D-Link DWS-1008 CLI Manual 360 set service-profile auth-fallthru Specifies the authentication type for users who do not match an 802.1X or MAC authentication rule f or an SSID managed by the ser vice profile. When a user tr ies to associate with an SSID , MSS checks the authentication r ules f or that SSID for a userglob that matches the user na[...]

D-Link DWS-1008 CLI Manual 361 the ser vice profile r nd_lab to web-por tal: DWS-1008# set service-profile rnd_lab auth-fallthru web-portal success: change accepted. See Also: • set web-por tal • set ser vice-profile web-por tal-f or m • show service-profile set service-profile auth-psk Enables preshared ke y (PSK) authentication of Wi-F[...]

D-Link DWS-1008 CLI Manual 362 set service-profile beacon Disables or reenab les beaconing of the SSID managed b y the ser vice profile. An AP radio responds to an 802.11 probe any request with only the beaconed SSID(s). F or a nonbeaconed SSID , radios respond only to directed 802.11 probe requests that match the nonbeaconed SSID’ s SSID str i[...]

D-Link DWS-1008 CLI Manual 363 name none session Defaults: The def ault CA C mode is none . Access: Enab led. Examples: The f ollo wing command enables session-based CA C on ser vice profile sp1 : DWS-1008# set service-profile sp1 cac-mode session success: change accepted. See Also: • set ser vice-profile cac-session • show service-profile [...]

D-Link DWS-1008 CLI Manual 364 Examples: The f ollo wing command changes the maximum number of sessions f or radios used by service profile sp1 to 10: DWS-1008# set service-profile sp1 cac-session 10 success: change accepted. See Also: • set ser vice-profile cac-mode • show service-profile set service-profile cipher -ccmp Enables Counter w[...]

D-Link DWS-1008 CLI Manual 365 set service-profile cipher -tkip Disables or reenab les T emporal K ey Integrity Protocol (TKIP) encr yption in a ser vice profile. Syntax: set service-profile name cipher -ccmp {enable | disable} name enable disable Defaults: When the WP A IE is enabled, TKIP encr yption is enabled b y def ault. Access: Enab led. [...]

D-Link DWS-1008 CLI Manual 366 Defaults: 104-bit WEP encr yption is disabled b y def ault. Access: Enab led. Usage: T o use 104-bit WEP with WP A clients, you m ust also enable the WP A IE. When 104-bit WEP in WP A is enabled in the ser vice profile, radios managed by a radio profile that is mapped to the ser vice profile can also suppor t non-W[...]

D-Link DWS-1008 CLI Manual 367 Defaults: 40-bit WEP encr yption is disabled b y def ault. Access: Enab led. Usage: T o use 40-bit WEP with WP A clients, you m ust also enable the WP A IE. When 40-bit WEP in WP A is enabled in the ser vice profile, radios managed by a radio profile that is mapped to the ser vice profile can also suppor t non-WP A[...]

D-Link DWS-1008 CLI Manual 368 Usage: This command applies only when static CoS is enabled. If static CoS is disabled, prior itization is based on the QoS mode configured in the radio profile, and on any A CLs that set CoS. T o enable static CoS , use the set service-profile static-cos command. Examples: The f ollo wing command changes the stati[...]

D-Link DWS-1008 CLI Manual 369 set service-profile idle-c lient-probing Disables or reenables periodic keepaliv es from AP radios to clients on a ser vice profile’ s SSID . When idle-client probing is enabled, the AP radio sends a unicast null-data frame to each client e v er y 10 seconds. Normally , a client that is still active sends an Ac k [...]

D-Link DWS-1008 CLI Manual 370 name enable disable Defaults: This option is disab led by def ault. Access: Enab led. Usage: Ev en when this option is enabled, the D WS-1008 to which a user roams (the roamed-to s witch) can reassign the VLAN in any of the f ollowing cases: Examples: The f ollo wing command enables the k eep-initial-vlan option on se[...]

D-Link DWS-1008 CLI Manual 371 Access: Enab led. Usage: The length of time a client can remain idle (unresponsiv e to idle-client probes) is specified by the user -idle-timeout command. Examples: The follo wing command changes the long retr y threshold f or ser vice profile sp1 to 8: DWS-1008# set service-profile sp1 long-retry-count 8 success: [...]

D-Link DWS-1008 CLI Manual 372 name enable disable Defaults: The no-broadcast mode is disab led by def ault. (Broadcast traffic not disabled.) Access: Enab led. Usage: T o fur ther reduce ARP traffic on a service profile , use the set service-pr ofile pro xy-arp command to enable Pro xy ARP . Examples: The f ollo wing command enables the no-bro[...]

D-Link DWS-1008 CLI Manual 373 Defaults: Pro xy ARP is disab led by def ault. Access: Enab led. Usage: T o fur ther reduce broadcast traffic on a ser vice profile, use the set ser vice-profile no- broadcast command to disable DHCP and ARP request broadcasts . Examples: The f ollo wing command enables pro xy ARP on ser vice profile sp1 : DWS-100[...]

D-Link DWS-1008 CLI Manual 374 Examples: The follo wing command configures service profile sp3 to use passphrase “1234567890123<>?=+&% The quick bro wn f o x jumps ov er the lazy sl”: DWS-1008# set service-profile sp3 psk-phrase “1234567890123<>?=+&% The quick br o wn fo x jumps over the lazy sl” success: change accep[...]

D-Link DWS-1008 CLI Manual 375 set service-profile r sn-ie Enables the Rob ust Security Network (RSN) Information Element (IE). The RSN IE adver tises the RSN (sometimes called WP A2) authentication methods and cipher suites suppor ted by radios in the r adio profile mapped to the ser vice profile. Syntax: set service-profile name r sn-ie {enab[...]

D-Link DWS-1008 CLI Manual 376 set service-profile short-retr y-count Changes the shor t retr y threshold f or a ser vice profile. The shor t retr y threshold specifies the number of times a radio can send a shor t unicast fr ame without receiving an ackno wledgment. A shor t unicast frame is a frame that is shor ter than the frag-threshold. Syn[...]

D-Link DWS-1008 CLI Manual 377 name threshold Defaults: The def ault shor t unicast retr y threshold is 5 attempts. Access: Enab led. Examples: The f ollowing command changes the shor t retr y threshold for ser vice profile sp1 to 3: DWS-1008# set service-profile sp1 short-retr y-count 3 success: change accepted. See Also: • set radio-profile [...]

D-Link DWS-1008 CLI Manual 378 set service-profile soda enf orce-c hec ks Specifies whether a client is allow ed access to the network after it has do wnloaded and r un the SOD A agent security checks . Syntax: set service-profile name enf orce-c hecks {enab le | disable} name enable disable Defaults: By def ault, SOD A agent checks are performe[...]

D-Link DWS-1008 CLI Manual 379 set service-profile soda failure-pa ge Specifies a page on the DWS-1008 that is loaded when a client f ails the secur ity checks performed by the SOD A agent. Syntax: set service-profile name soda failure-page page name page Defaults: By def ault, the D WS-1008 dynamically generates a page indicating that the SODA [...]

D-Link DWS-1008 CLI Manual 380 set service-profile soda logout-pa ge Specifies a page on the D WS-1008 that is loaded when a client logs out of the network by closing the SOD A vir tual desktop . Syntax: set service-profile name soda logout-page page name page Defaults: None . Access: Enab led. Usage: When a client closes the SOD A vir tual desk[...]

D-Link DWS-1008 CLI Manual 381 set service-profile soda mode Enables or disab les Sygate On-Demand (SOD A) functionality for a service profile. Syntax: set service-profile name soda mode {enable | disab le} name enable disable Defaults: Disab led. Access: Enab led. Usage: When SOD A functionality is enab led f or a ser vice profile, a SOD A age[...]

D-Link DWS-1008 CLI Manual 382 Defaults: Disab led. Access: Enab led. Usage: If the SOD A agent checks f ail on a client, by def ault the client is disconnected from the network. Optionally , you can specify a f ailure page for the client to load (with the set ser vice-profile soda f ailure-page command). When the f ailure page is loaded, you can [...]

D-Link DWS-1008 CLI Manual 383 The page is assumed to reside in the root director y on the D WS-1008. optionally specify a diff erent director y where the page resides. This functionality occurs only when the enf orce checks option is enabled f or the ser vice profile. The enf orce checks option is enab led b y def ault. Examples: The follo wing c[...]

D-Link DWS-1008 CLI Manual 384 Examples: The f ollowing command applies the name guest to the SSID managed by ser vice profile clear_wlan : DWS-1008# set service-profile c lear_wlan ssid-name guest success: change accepted. The f ollowing command applies the name cor porate users to the SSID managed by ser vice profile mycorp_sr vcprf : DWS-1008[...]

D-Link DWS-1008 CLI Manual 385 set service-profile static-cos Enables or disables static CoS on a ser vice profile. Static CoS assigns the same CoS le vel to all traffic on the ser vice profile’ s SSID , regardless of 802.1p or DSCP mar kings in the pack ets themselv es, and regardless of any A CLs that mar k CoS. This option pro vides a simp[...]

D-Link DWS-1008 CLI Manual 386 set service-profile tkip-mc-time Changes the length of time that AP radios use counter measures if two message integrity code (MIC) f ailures occur within 60 seconds. When counter measures are in effect, D WL-8220APs dissociate all TKIP and WP A WEP clients and refuse all association and reassociation requests until [...]

D-Link DWS-1008 CLI Manual 387 name 11a | 11b | 11g mandantory rate-list disabled rate-list beacon-rate rate multicast-rate { rate | auto } Ser vice profile name. Radio type. Set of data transmission rates that clients are required to suppor t in order to associate with an SSID on an AP . A client must suppor t at least one of the mandator y rates[...]

D-Link DWS-1008 CLI Manual 388 Defaults: This command has the f ollo wing def aults: • mandantory: • 11a - 6.0,12.0,24.0 • 11b - 1.0,2.0 • 11g - 1.0,2.0,5.5,11.0 • disabled - None. All rates applicable to the r adio type are suppor ted by def ault. • beacon-rate: • 11a - 6.0 • 11b - 2.0 • 11g - 2.0 • multicast-rate - auto f or a[...]

D-Link DWS-1008 CLI Manual 389 Syntax: set service-profile name user -idle-timeout seconds name seconds Defaults: The def ault user idle timeout is 180 seconds (3 minutes). Access: Enab led. Examples: The f ollo wing command increases the user idle timeout to 360 seconds (6 minutes): DWS-1008# set service-profile sp1 user -idle-timeout 360 succes[...]

D-Link DWS-1008 CLI Manual 390 Access: Enab led. Usage: The first time you set the ser vice profile’ s auth-fallthru option to web-por tal , MSS sets the web-portal-acl option to por talacl . The value remains por talacl e v en if you change the auth-fallthru option again. T o change the web-portal-acl v alue, you must use the set service-pro?[...]

D-Link DWS-1008 CLI Manual 391 Note: T o use W ebAAA, the fallthru authentication type in the ser vice profile that manages the SSID must be set to web-por tal. T o use W ebAAA for a wired authentication por t, edit the por t configuration with the set por t type wired-auth command. The web-por tal authentication type also requires additional con[...]

D-Link DWS-1008 CLI Manual 392 set service-profile web-portal-session-timeout Changes the number of seconds MSS allows Web P or tal W ebAAA sessions to remain in the Deassociated state bef ore being ter minated automatically . Syntax: set service-profile name web-portal-session-timeout seconds name seconds Defaults: The def ault Web P or tal W eb[...]

D-Link DWS-1008 CLI Manual 393 set service-profile wep active-m ulticast-index Specifies the static Wired-Equivalent Privacy (WEP) ke y (one of f our) to use for encr ypting multicast frames . Syntax: set service-profile name wep active-m ulticast-index n um name num Defaults: If WEP encr yption is enabled and WEP ke ys are defined, APs use WEP[...]

D-Link DWS-1008 CLI Manual 394 Access: Enab led. Usage: Bef ore using this command, you must configure values f or the WEP ke ys you plan to use. Use the set ser vice-profile wep ke y-inde x command. Examples: The f ollowing command configures ser vice profile sp2 to use WEP ke y 4 for encr ypting unicast traffic: DWS-1008# set service-profil[...]

D-Link DWS-1008 CLI Manual 395 Examples: The f ollowing command configures a 5-b yte WEP ke y f or key inde x 1 on service profile sp2 to aabbccddee : DWS-1008# set service-profile sp2 wep key-inde x 1 key aabbccd dee success: change accepted. See Also: • set ser vice-profile wep activ e-multicast-inde x • set ser vice-profile wep activ e-[...]

D-Link DWS-1008 CLI Manual 396 List of por ts connected to the D WL-8220AP access point(s) f or which to displa y configuration settings . Number of a Distributed AP f or which to displa y configuration settings . Shows configur ation inf or mation f or radio 1. Shows configuration inf or mation f or radio 2. (This option does not apply to sing[...]

D-Link DWS-1008 CLI Manual 397 The f ollowing T ab le descr ibes the fields in this displa y . Field Description por t D WS-1008 por t number . Note: This field is applicable only if the DWL-8220AP is directly connected to the D WS-1008 and the D WS-1008’ s por t is configured as an AP access por t. D AP Connection ID f or the Distributed AP .[...]

D-Link DWS-1008 CLI Manual 398 sho w {ap | dap} counters Displa ys D WL-8220AP access point and radio statistics counters . Syntax: show ap counter s [ por t-list [radio {1 | 2}]] Syntax: show dap counter s [ dap-num [radio {1 | 2}]] por t-list dap-num radio 1 radio 2 Defaults: None . Access: Enab led. Usage: T o displa y statistics counters and ot[...]

D-Link DWS-1008 CLI Manual 399 TxUniPkt TxUniByte RxPkt UndcrptPkt TxMultiPkt TxMultiByte RxByte UndcrptByte PhyErr 1.0: 1017 0 10170 0 14 8347 0 0 3964 2.0: 5643 55683 822545 8697520 3 1670 0 0 8695 5.5: 0 0 0 0 5 258 0 0 4 6.0: 0 0 0 0 0 0 0 0 51 9.0: 0 0 0 0 1 172 0 0 53 11.0: 0 0 0 0 17 998 0 0 35 12.0: 0 0 0 0 0 0 0 0 26 18.0: 0 0 0 0 0 0 0 0 [...]

D-Link DWS-1008 CLI Manual 400 Field Description TKIP Pkt Repla ys Number of TKIP packets that w ere resent to the AP by a client. A low value (under about one hundred) does not necessar ily indicate a problem. How ev er , if this counter is increasing steadily or has a ver y high value (in the hundreds or more), a Denial of Service (DoS) attack mi[...]

D-Link DWS-1008 CLI Manual 401 Field Description User Sessions Number of clients currently associated with the radio . Generally , this counter is equal to the number of sessions listed for the radio in show sessions output. Ho we ver , the counter can diff er from the counter in sho w sessions output if a client is associated with the radio but ha[...]

D-Link DWS-1008 CLI Manual 402 Field Description TxUniPkt Number of unicast pack ets transmitted b y the radio . TxMultiPkt Number of multicast pac kets transmitted b y the radio . TxUniByte Number of unicast bytes tr ansmitted by the radio . TxMultiByte Number of multicast bytes transmitted b y the radio . RxPkt Number of pack ets receiv ed by the[...]

D-Link DWS-1008 CLI Manual 403 sho w {ap | dap} qos-stats Displa ys statistics f or D WL-8220AP f orw arding queues. Syntax: show dap qos-stats [ dap-n um ] [clear] Syntax: show ap qos-stats [ por t-list ] [c lear] dap-num por t-list clear Defaults: None . Access: Enab led. Usage: Repeating this command with the clear option at regular intervals al[...]

D-Link DWS-1008 CLI Manual 404 Field Description CoS CoS v alue associated with the forw arding queues. Queue F orwarding queue. D AP or P or t Distr ibuted AP n umber or D WL-8220AP por t number . radio Radio number . Tx Number of pack ets transmitted to the air from the queue . TxDrop Number of pack ets dropped from the queue instead of being tra[...]

D-Link DWS-1008 CLI Manual 405 Examples: The follo wing command displa ys Ethernet statistics f or the Ether net por ts on Distributed AP 1: DWS-1008# show dap ether stats 1 DAP: 1 ether: 1 ================================= RxUnicast: 75432 TxGoodFrames: 55210 RxMulticast: 18789 TxSingleColl: 32 RxBroadcast: 8 TxLateColl: 0 RxGoodFrames: 94229 TxMa[...]

D-Link DWS-1008 CLI Manual 406 Field Description RxOv err uns Number of frames known to be lost due to a temporary lack of hardw are resources. RxDiscards Number of frames known to be lost due to a temporar y lac k of software resources. TxGoodF rames Number of fr ames transmitted properly on the link. TxSingleColl Number of transmitted frames that[...]

D-Link DWS-1008 CLI Manual 407 Examples: The f ollowing command displa ys inf or mation for D WL-8220AP access point group loadbalance1 : DWS-1008# set service-profile sp2 wpa-ie enable The f ollowing T ab le descr ibes the fields in this displa y: Field Description Load Balance Gr p Name of the D WL-8220AP access point group . P or t D WS-1008 p[...]

D-Link DWS-1008 CLI Manual 408 sho w {ap | dap} status Displa ys D WL-8220AP access point and radio status inf or mation. Syntax: show ap status [ter se] | [ por t-list | all [radio {1 | 2}]] Syntax: sho w dap status [terse] | [ dap-num | all [radio {1 | 2}]] terse por t-list dap-num all radio1 radio2 Defaults: None . Access: Enab led. Examples: Th[...]

D-Link DWS-1008 CLI Manual 409 The f ollowing command displa ys the status of a Distr ibuted AP access point: DWS-1008# show ap status 1 The f ollowing command uses the terse option to displa y br ief inf or mation f or Distributed APs: DWS-1008# show dap status ter se The f ollowing tab le describe the fields in these displays: Port: 1, AP model:[...]

D-Link DWS-1008 CLI Manual 410 Field Description D AP Connection ID f or the Distributed AP . Note: This field is applicable only if the AP is configured on the D WS-1008 as a Distributed AP . P or t D WS-1008 por t number . Note: This field is applicable only if the AP is directly connected to the D WS- 1008 and the D WS-1008’ s por t is con?[...]

D-Link DWS-1008 CLI Manual 411 Field Description Radio 1 type Radio 2 type 802.11 type and configuration state of the radio . • The configure succeed state indicates that the AP has received configuration parameters f or the radio and the radio is ready to accept client connections . • 802.11b protect indicates that the 802.11b/g radio is se[...]

D-Link DWS-1008 CLI Manual 412 Output f or show ap status ter se and show dap status ter se Field Description P or t D WS-1008AP por t number connected to the AP . Flg Operational status flags f or the AP . F or flag definitions, see the k ey in the command output. IP Address IP address of the AP . The address is assigned to the AP b y a DHCP se[...]

D-Link DWS-1008 CLI Manual 413 DWS-1008# show auto-tune attrib utes ap 2 radio 1 Auto-tune attributes for por t 2 radio 1: Noise: -92 Packet Retransmission Count: 0 Utilization: 0 Phy Errors Count: 0 CRC Errors count: 122 The f ollowing tab le describes the fields in the display: See Also: • set {ap | dap} radio auto-tune max-po wer • set radi[...]

D-Link DWS-1008 CLI Manual 414 sho w auto-tune neighbors Displa ys the other D-Link access point and third-par ty 802.11 access points that a D-Link access point can hear . Syntax: show auto-tune neighbor s [ap mp-num [radio {1 | 2| all}]] Syntax: show auto-tune neighbor s [dap dap-num [radio {1 | 2| all}]] mp-num dap-num radio1 radio2 radio all De[...]

D-Link DWS-1008 CLI Manual 415 The f ollowing tab le describes the fields in the display: Field Description Channel Channel on which the BSSID is detected. Neighbor BSS/MA C BSSID detected by the r adio . RSSI Receiv ed signal strength indication (RSSI), in decibels referred to 1 milliwatt (dBm). A higher value indicates a stronger signal. See Als[...]

D-Link DWS-1008 CLI Manual 416 Examples: The f ollowing command displa ys static IP configuration information f or Distributed AP 1: DWS-1008# show dap boot-configuration 1 Field Description D AP Distributed AP number . IP Address Whether static IP address assignment is enabled f or this Distributed AP . VLAN T ag Whether the Distributed AP is co[...]

D-Link DWS-1008 CLI Manual 417 sho w dap connection Displa ys the system IP address of the D WS-1008 that booted a Distributed AP . Syntax: show dap connection [ dap-n um | serial-id serial-ID ] dap-num serial-id Defaults: None . Access: Enab led. Usage: The serial-id parameter displays the active connection f or the specified Distr ib uted AP e v[...]

D-Link DWS-1008 CLI Manual 418 sho w dap global Displa ys connection inf or mation f or Distributed APs configured on an D WS-1008. Syntax: show dap global [ dap-n um | serial-id serial-ID ] dap-num serial-id Defaults: None . Access: Enab led. Usage: Connections are sho wn only f or the Distributed APs that are configured on the D WS-1008 from wh[...]

D-Link DWS-1008 CLI Manual 419 T o show information only f or Distributed APs that hav e active connections, use the show dap connection command. Examples: T o show information only for Distr ibuted APs that hav e active connections, use the show dap connection command. DWS-1008# show dap global T otal number of entries: 8 Field Description D AP Co[...]

D-Link DWS-1008 CLI Manual 420 sho w dap unconfigured Displa ys Distributed APs that are ph ysically connected to the network b ut that are not configured on any D WS-1008s. Syntax: show dap unconfigured Defaults: None . Access: Enab led. Usage: This command also displa ys an AP that is directly connected to an D WS-1008, if the s witch por t to[...]

D-Link DWS-1008 CLI Manual 421 sho w radio-pr ofile Displa ys radio profile inf ormation. Syntax: show radio-pr ofile { name | ?} name ? Defaults: None . Access: Enab led. Usage: MSS contains a def ault radio profile. D-Link recommends that you do not change this profile but instead k eep the profile f or ref erence . Examples: The f ollo win[...]

D-Link DWS-1008 CLI Manual 422 Field Description R TS Threshold Minimum length (in bytes) a frame can be f or a radio in the radio profile to use the RTS/CTS method to send the frame. The RTS/CTS method clears the air of other traffic to av oid corr uption of the frame due to a collision with another frame. F rag Threshold Maximum length (in byte[...]

D-Link DWS-1008 CLI Manual 423 See Also: • set radio-profile activ e-scan • set radio-profile auto-tune channel-config • set radio-profile auto-tune channel-holddo wn • set radio-profile auto-tune channel-interval • set radio-profile auto-tune channel-loc kdown • set radio-profile auto-tune po wer-config • set radio-profile a[...]

D-Link DWS-1008 CLI Manual 424 sho w ser vice-pr ofile Displa ys ser vice profile inf or mation. Syntax show service-pr ofile { name | ?} name ? Defaults None. Access Enabled. Examples The f ollowing command displa ys information for service profile sp1: DWS-1008# show service-profile sp1 Displa ys inf or mation about the named ser vice profi[...]

D-Link DWS-1008 CLI Manual 425 Field Description ssid-name Ser vice set identifier (SSID) managed b y this ser vice profile. ssid-type SSID type: • cr ypto—Wireless traffic f or the SSID is encrypted. • clear—Wireless traffic f or the SSID is unencr ypted. Beacon Indicates whether the radio sends beacons, to adv er tise the SSID: • no[...]

D-Link DWS-1008 CLI Manual 426 Field Description Custom logout web-page The name of the user-specified page that the client loads upon logging out of the networ k, either by closing the SOD A vir tual desktop , or by requesting the page. If no page is specified, then the client is disconnected without loading a logout page. Custom agent-director [...]

D-Link DWS-1008 CLI Manual 427 Field Description Shared K ey A uth Indicates whether shared-k ey authentication is enab led. WP A enabled or RSN enabled Indicates that the Wi-Fi Protected Access (WP A) or Robust Secur ity Network (RSN) inf or mation element (IE) is enabled. Additional fields displa y the settings of other WP A or RSN parameters: ?[...]

D-Link DWS-1008 CLI Manual 428 STP Commands Use Spanning T ree Protocol (STP) commands to configure and manage spanning trees on the vir tual LANs (VLANs) configured on a switch, to maintain a loop-free network. This chapter presents STP commands alphabetically . Use the follo wing table to locate commands in this chapter based on their use. STP [...]

D-Link DWS-1008 CLI Manual 429 c lear spantree por tcost Resets to the def ault value the cost of a netw ork por t or por ts on paths to the STP root bridge in all VLANs on a D WS-1008 s witch. Syntax: c lear spantree portcost por t-list por t-list List of por ts. The por t cost is reset on the specified por ts. Defaults: None. Access: Enab led. U[...]

D-Link DWS-1008 CLI Manual 430 c lear spantree por tvlancost Resets to the default v alue the cost of a network por t or por ts on paths to the STP root bridge f or a specific VLAN on a D WS-1008 s witch, or f or all VLANs. Syntax: c lear spantree portvlancost por t-list {all | vlan vlan-id } por t-list List of ports. The por t cost is reset on th[...]

D-Link DWS-1008 CLI Manual 431 Defaults: None. Access: Enabled. Usage: MSS does not change a por t’ s priority for VLANs other than the one(s) you specify . Examples: The follo wing command resets the STP prior ity f or por t 5 in VLAN av ocado : DWS-1008# clear spantree portvlanpri 5 vlan av ocado success: change accepted. See Also: • clear sp[...]

D-Link DWS-1008 CLI Manual 432 set spantree Enables or disab les STP on one VLAN or all VLANs configured on a D WS-1008 s witch. Syntax: set spantree {enable | disab le} [{all | vlan vlan-id | port por t-list vlan-id }] enable Enables STP . disable Disables STP . all Enab les or disables STP on all VLANs. vlan vlan-id VLAN name or number . MSS ena[...]

D-Link DWS-1008 CLI Manual 433 Defaults: STP backbone f ast path conv ergence is disab led by def ault. Access: Enabled. Usage: If you plan to use the backbone fast con v ergence feature , you must enable it on all the bridges in the spanning tree. Examples: The follo wing command enab les backbone f ast conv ergence: DWS-1008# set spantree backbon[...]

D-Link DWS-1008 CLI Manual 434 set spantree hello Changes the inter val betw een STP hello messages sent by a s witch when operating as the root bridge, on one or all of its configured VLANs. Syntax: set spantree hello interval {all | vlan vlan-id } interval Inter v al v alue. Y ou can specify from 1 through 10 seconds. all Changes the inter v al [...]

D-Link DWS-1008 CLI Manual 435 Examples: The follo wing command changes the maximum acceptable age for root br idge hello pack ets on all VLANs to 15 seconds: DWS-1008# set spantree maxage 15 all success: change accepted. See Also: • show spantree set spantree por tcost Changes the cost that transmission through a network por t or por ts in the d[...]

D-Link DWS-1008 CLI Manual 436 set spantree por tfast Enables or disab les STP por t f ast conv ergence on one or more por ts on a s witch. Syntax: set spantree portfast por t por t-list {enable | disable} port por t-list List of por ts. MSS enables the f eature on the specified por ts. enable Enables por t f ast con v ergence. disable Disables po[...]

D-Link DWS-1008 CLI Manual 437 set spantree por tvlancost Changes the cost of a network por t or por ts on paths to the STP root br idge f or a specific VLAN on an s witch. Syntax: set spantree portvlancost por t-list cost cost {all | vlan vlan-id } por t-list List of ports. MSS applies the cost change to all the specified por ts. cost cost Numer[...]

D-Link DWS-1008 CLI Manual 438 Defaults: The default STP priority for all netw ork por ts is 128. Access: Enabled. Examples: The follo wing command sets the prior ity of por ts 3 and 4 to 48 on VLAN mauve : DWS-1008# set spantree por tvlanpri 3-4 priority 48 vlan mauve success: change accepted. See Also: • clear spantree por tpr i • clear spant[...]

D-Link DWS-1008 CLI Manual 439 set spantree uplinkfast Enables or disables STP uplink f ast con v ergence on a s witch. This f eature enab les a s witch with redundant links to the network backbone to immediately s witch to the backup link to the root bridge if the pr imar y link f ails. Syntax: set spantree uplinkfast {enable | disab le} enable En[...]

D-Link DWS-1008 CLI Manual 440 Defaults: None. Access: All. Examples: The follo wing command displa ys STP inf or mation f or VLAN def ault : DWS-1008# show spantree vlan default VLAN 1 Spanning T ree Mode PVST+ Spanning T ree T ype IEEE Spanning T ree Enabled Designated Root 00-02-4a-70-49-f7 Designated Root Priority 32768 Designated Root Path Cos[...]

D-Link DWS-1008 CLI Manual 441 Field Description Bridge ID Pr iority This switch’ s bridge pr iority . Bridge Max Age This s witch’ s maximum acceptable age f or hello pac kets . Bridge Hello Time This s witch’ s hello interval. Bridge Forw ard Delay This switch’ s f orwarding dela y v alue. P or t P or t number . Note: Only network por ts [...]

D-Link DWS-1008 CLI Manual 442 sho w spantree bac kbonefast Indicates whether the STP backbone f ast conv ergence f eature is enab led or disabled. Syntax: sho w spantree backbonefast Defaults: None. Access: All. Examples: The f ollowing example shows the command output on a s witch with backbone fast conv ergence enabled: DWS-1008# show spantree b[...]

D-Link DWS-1008 CLI Manual 443 sho w spantree por tfast Displa ys STP uplink f ast conv ergence inf or mation f or all network por ts or f or one or more network por ts. Syntax: sho w spantree por tfast [ por t-list ] por t-list List of por ts. If you do not specify an y por ts, MSS displa ys uplink f ast conv ergence inf or mation f or all por ts.[...]

D-Link DWS-1008 CLI Manual 444 sho w spantree por tvlancost Displa ys the cost of a por t on a path to the STP root br idge, f or each of the por t’ s VLANs . Syntax: sho w spantree por tvlancost por t-list por t-list List of ports. Defaults: None. Access: All. Examples: The f ollo wing command shows the STP por t cost of por t 1: DWS-1008# show [...]

D-Link DWS-1008 CLI Manual 445 Examples: The follo wing command shows STP statistics f or por t 1: DWS-1008# show spantree statistics 1 BPDU related parameters Port 1 VLAN 1 spanning tree enabled for VLAN = 1 port spanning tree enabled state Forwarding port_id 0x8015 port_number 0x15 path cost 0x4 message age (port/VLAN) 0(20) designated_root 00-0b[...]

D-Link DWS-1008 CLI Manual 446 VLAN based information & statistics spanning tree type ieee spanning tree multicast addr ess 01-00-0c-cc-cc-cd bridge priority 32768 bridge MAC address 00-0b-0e-12-34-56 bridge hello time 2 bridge forward delay 15 topology change initiator: 0 last topology change occured: T ue Jul 01 2003 22:33:36. topology change[...]

D-Link DWS-1008 CLI Manual 447 Field Description message age Age of the protocol information f or a por t and the value of the maxim um age parameter (sho wn in parenthesis) recorded by the s witch. designated_root MAC address of the root bridge. designated cost T otal path cost to reach the root br idge. designated_bridge Br idge to which this s w[...]

D-Link DWS-1008 CLI Manual 448 Field Description bridge forw ard delay V alue of the f orwarding dela y interval, in seconds, when this s witch is the root or is attempting to become the root. topology change initiator P or t number that initiated the most recent topology change. last topology change occurred System time when the most recent topolo[...]

D-Link DWS-1008 CLI Manual 449 Examples: The follo wing command shows uplink f ast conv ergence inf or mation f or all VLANs: DWS-1008# show spantree uplinkfast VLAN por t list ----------------------------------------- 1 1(fwd),2,3 The table belo w describes the fields in this display . Field Description VLAN VLAN number . por t list P or ts in th[...]

D-Link DWS-1008 CLI Manual 450 IGMP Snooping Commands Use Inter net Group Management Protocol (IGMP) snooping commands to configure and manage multicast traffic reduction on a s witch. This chapter presents IGMP snooping commands alphabetically . Use the f ollowing tab le to locate commands in this chapter based on their use. IGMP Snooping State [...]

D-Link DWS-1008 CLI Manual 451 c lear igmp statistics Clears IGMP statistics counters on one VLAN or all VLANs on a s witch and resets them to 0. Syntax: c lear igmp statistics [vlan vlan-id ] vlan vlan-id VLAN name or number . If you do not specify a VLAN, IGMP statistics are cleared f or all VLANs. Defaults: None. Access: Enabled. Examples: The f[...]

D-Link DWS-1008 CLI Manual 452 set igmp lmqi Changes the IGMP last member quer y inter v al timer on one VLAN or all VLANs on a s witch. Syntax: set igmp lmqi tenth-seconds [vlan vlan-id ] lmqi tenth-seconds Amount of time (in tenths of a second) that the switch waits f or a response to a group-specific query after receiving a lea v e message f or[...]

D-Link DWS-1008 CLI Manual 453 Defaults: By def ault, no por ts are static multicast router por ts. Access: Enab led. Usage: Y ou cannot add AP access por ts or wired authentication por ts as static multicast por ts. How e ver , MSS can dynamically add these por t types to the list of m ulticast por ts based on multicast traffic. Examples: The fol[...]

D-Link DWS-1008 CLI Manual 454 set igmp mr sol mrsi Changes the inter v al between multicast router solicitations by a switch on one VLAN or all VLANs. Syntax: set igmp mr sol mrsi seconds [vlan vlan-id ] seconds Number of seconds between multicast router solicitations. Y ou can specify a v alue from 1 through 65,535. vlan vlan-id VLAN name or numb[...]

D-Link DWS-1008 CLI Manual 455 Examples: The f ollowing command changes the other-querier-present inter v al on VLAN orange to 200 seconds: DWS-1008# set igmp oqi 200 vlan orange success: change accepted. See Also: • set igmp lmqi • set igmp qi • set igmp qri • set igmp querier • set igmp mrouter • set igmp r v set igmp pr o xy-repor t [...]

D-Link DWS-1008 CLI Manual 456 set igmp qi Changes the IGMP quer y inter v al timer on one VLAN or all VLANs on a s witch. Syntax: set igmp qi seconds [vlan vlan-id ] qi seconds Number of seconds that elapse between general queries sent by the s witch when the s witch is the quer ier for the subnet. Y ou can specify a value from 1 through 65,535. v[...]

D-Link DWS-1008 CLI Manual 457 set igmp qri Changes the IGMP quer y response inter v al timer on one VLAN or all VLANs on a s witch. Syntax: set igmp qri tenth-seconds [vlan vlan-id ] qri tenth-seconds Amount of time (in tenths of a second) that the switch w aits f or a receiver to respond to a group-specific quer y message before remo ving the re[...]

D-Link DWS-1008 CLI Manual 458 set igmp querier Enables or disables the IGMP pseudo-querier on a D WS-1008 switch, on one VLAN or all VLANs. Syntax: set igmp querier {enable | disab le} [vlan vlan-id ] enable Enab les the pseudo-quer ier . disable Disables the pseudo-querier . vlan vlan-id VLAN name or number . If you do not specify a VLAN, the pse[...]

D-Link DWS-1008 CLI Manual 459 Usage: Y ou cannot add AP access por ts or wired authentication por ts as static multicast por ts. How e ver , MSS can dynamically add these por t types to the list of m ulticast por ts based on multicast traffic. Examples: The f ollo wing command adds por t 7 as a static multicast receiver port: DWS-1008# set igmp r[...]

D-Link DWS-1008 CLI Manual 460 sho w igmp Displa ys IGMP configuration inf ormation and statistics for one VLAN or all VLANs. Syntax: sho w igmp [vlan vlan-id] vlan vlan-id VLAN name or number . If you do not specify a VLAN, MSS displays IGMP inf or mation f or all VLANs. Defaults: None. Access: All. Examples: The follo wing command displa ys IGMP[...]

D-Link DWS-1008 CLI Manual 461 IGMP message type Received T ransmitted Dropped ---------------------------------------------------------------------------------------- General-Queries 0 0 0 GS-Queries 0 0 0 Report V1 0 0 0 Report V2 5 1 4 Leave 0 0 0 Mrouter -Adv 0 0 0 Mrouter -T erm 0 0 0 Mrouter -Sol 50 101 0 DVMRP 4 4 0 PIM V1 0 0 0 PIM V2 0 0 0[...]

D-Link DWS-1008 CLI Manual 462 Field Description TTL Number of seconds before this entry ages out if not refreshed. F or static multicast router entries, the time-to-liv e (TTL) value is undef. Static multicast router entries do not age out. Group IP address of a multicast group . The show igmp receiver-tab le command shows the same inf or mation a[...]

D-Link DWS-1008 CLI Manual 463 vlan vlan-id VLAN name or number . If y ou do not specify a VLAN, MSS displa ys the multicast routers in all VLANs. Defaults: None. Access: All. Examples: The follo wing command displa ys the multicast routers in VLAN orange: DWS-1008# show igmp mr outer vlan orange Multicast routers for vlan orange Por t Mrouter -IPa[...]

D-Link DWS-1008 CLI Manual 464 sho w igmp querier Displa ys inf or mation about the activ e multicast querier , on one VLAN or all VLANs. Quer iers are listed separately f or each VLAN. Each VLAN can hav e only one querier . Syntax: sho w igmp querier [vlan vlan-id ] vlan vlan-id VLAN name or number . If you do not specify a VLAN, MSS displays quer[...]

D-Link DWS-1008 CLI Manual 465 The table belo w describes the fields in the display when a querier other than the s witch is present. Field Description Querier for vlan VLAN containing the querier . Information is listed separately f or each VLAN. Querier-IP IP address of the querier interf ace. Querier-MAC MA C address of the querier interface . [...]

D-Link DWS-1008 CLI Manual 466 The follo wing command lists all receiv ers for multicast g roups 237.255.255.1 through 237.255.255.255, in all VLANs: DWS-1008# show igmp receiver -table gr oup 237.255.255.0/24 VLAN: red Session Por t Receiver -IP Receiver -MAC TTL -------------------------------------------------------------------------------------[...]

D-Link DWS-1008 CLI Manual 467 Examples: The f ollo wing command displa ys IGMP statistics f or VLAN orange : DWS-1008# show igmp statistics vlan orange IGMP statistics for vlan orange: IGMP message type Received T ransmitted Dropped ------------------------------------------------------------------------------------------------- General-Queries 0 [...]

D-Link DWS-1008 CLI Manual 468 Field Description Received Number of pack ets received. T ransmitted Number of pack ets transmitted. This number includes both multicast pack ets originated by the s witch and multicast pac kets received and then f orwarded b y the s witch. Dropped Number of IGMP packets dropped b y the s witch. T opology notificatio[...]

D-Link DWS-1008 CLI Manual 469 Security ACL Commands Use secur ity ACL commands to configure and monitor security access control lists (A CLs). Secur ity A CLs filter pack ets to restr ict or per mit network usage b y cer tain users or traffic types, and can assign to pack ets a class of ser vice (CoS) to define the prior ity of treatment f or [...]

D-Link DWS-1008 CLI Manual 470 c lear security ac l Clears a specified secur ity A CL, an access control entr y (ACE), or all secur ity ACLs , from the edit buff er . When used with the command commit security ac l , clears the A CE from the running configuration. Syntax: c lear security acl { acl-name | all} [ editb uff er-inde x ] acl-name Name[...]

D-Link DWS-1008 CLI Manual 471 DWS-1008# show security ac l inf o all ACL information for all set security acl ip acl_134 (hits #3 0) --------------------------------------------------------- 1. permit IP source IP 192.168.0.1 0.0.0.0 destination IP any enable-hits set security acl ip acl_135 (hits #2 0) --------------------------------------------[...]

D-Link DWS-1008 CLI Manual 472 in Remov es the security A CL from traffic coming into the s witch. out Remov es the security ACL from tr affic going out of the s witch. Defaults: None . Access: Enabled. Usage: T o clear a security A CL map , type the name of the A CL with the VLAN, physical por t or por ts, vir tual por t tag, or Distr ibuted AP [...]

D-Link DWS-1008 CLI Manual 473 Defaults: None. Access: Enabled. Usage: Use the commit security ac l command to sav e security A CLs into , or delete them from, the permanent configuration. Until you commit the creation or deletion of a security A CL, it is stored in an edit buff er and is not enf orced. After you commit a security A CL, it is remo[...]

D-Link DWS-1008 CLI Manual 474 r ollbac k security ac l Clears changes made to the security ACL edit buff er since it was last sav ed. The ACL is rolled back to its state after the last commit security acl command was entered. All uncommitted A CLs in the edit buff er are cleared. Syntax: r ollback security ac l { acl-name | all} acl-name Name of a[...]

D-Link DWS-1008 CLI Manual 475 set security ac l In the edit b uff er , creates a secur ity access control list (A CL), adds one access control entr y (A CE) to a security A CL, and/or reorders A CEs in the A CL. The A CEs in an A CL filter IP pac k ets by source IP address , a La y er 4 protocol, or IP , ICMP , TCP , or UDP pack et inf ormation. [...]

D-Link DWS-1008 CLI Manual 476 acl-name Secur ity A CL name . A CL names m ust be unique within the s witch, m ust star t with a letter , and are case-insensitive . Specify an A CL name of up to 32 of the f ollowing char acters: • Letters a through z and A through Z • Numbers 0 through 9 • Hyphen (-), underscore (_), and period (.) D-Link rec[...]

D-Link DWS-1008 CLI Manual 477 source-ip-addr IP address and wildcard mask of the network or host from which the pack et is being sent. Specify both address and mask in dotted decimal notation. T o match on any address , specify any or 0.0.0.0 255.255.255.255. operator por t Operand and por t number(s) f or matching TCP or UDP pack ets to the numbe[...]

D-Link DWS-1008 CLI Manual 478 dscp codepoint Filters pack ets b y Diff erentiated Ser vices Code P oint (DSCP) value. Y ou can specify a number from 0 to 63, in decimal or binar y f or mat. Note: Y ou cannot use the dscp option along with the precedence and tos options in the same A CE. The CLI rejects an A CE that has this combination of options.[...]

D-Link DWS-1008 CLI Manual 479 The follo wing command creates acl_125 by defining an A CE that denies TCP packets from source IP address 192.168.0.1 to destination IP address 192.168.0.2 f or established sessions only , and counts the hits: DWS-1008# set security acl ip ac l_125 den y tcp 192.168.0.1 0.0.0.0 192.168.0.2 0.0.0.0 established hits Th[...]

D-Link DWS-1008 CLI Manual 480 tag tag-list One or more values that identify a vir tual por t in a VLAN. Specify a single tag v alue from 1 through 4095. Or specify a comma-separ ated list of values , a h yphen-separated range , or any combination, with no spaces. MSS assigns the security ACL to the specified vir tual por t or por ts. dap dap-num [...]

D-Link DWS-1008 CLI Manual 481 set security ac l hit-sample-rate Specifies the time inter val, in seconds, at which the pack et counter f or each secur ity ACL is sampled f or display . The counter counts the number of pack ets filtered by the secur ity A CL—or “hits. ” Syntax: set security ac l hit-sample-rate seconds seconds Number of sec[...]

D-Link DWS-1008 CLI Manual 482 sho w security ac l Displa ys a summar y of the security ACLs that are mapped. Syntax: sho w security acl Defaults: None. Access: Enabled. Usage: This command lists only the A CLs that ha v e been mapped to something (a user , or VLAN, or por t, and so on). T o list all committed A CLs, use the show security ac l inf [...]

D-Link DWS-1008 CLI Manual 483 sho w security ac l editb uffer Displa ys a summar y of the security A CLs that ha ve not yet been committed to the configuration. Syntax: sho w security acl [inf o all] editb uffer info all Displays the A CEs in each uncommitted ACL. Without this option, only the A CE names are listed. Defaults: None . Access: Enabl[...]

D-Link DWS-1008 CLI Manual 484 sho w security ac l hits Displa ys the n umber of pac kets filtered by security A CLs (“hits”) on the s witch. Each time a pack et is filtered b y a security ACL, the hit counter increments . Syntax: sho w security acl hits Defaults: None. Access: Enabled. Usage: F or MSS to count hits for a secur ity ACL, you m[...]

D-Link DWS-1008 CLI Manual 485 Defaults: None. Access: Enab led. Examples: T o displa y the contents of all security A CLs committed on a switch, type the f ollowing command: DWS-1008# show security ac l inf o ACL information for all set security acl ip acl_123 (hits #5 462) --------------------------------------------------------- 1. permit IP sou[...]

D-Link DWS-1008 CLI Manual 486 sho w security ac l map Displa ys the VLANs, por ts, and vir tual por ts on the switch to which a security A CL is assigned. Syntax: sho w security acl map acl-name acl-name Name of an existing security A CL for which to sho w static mapping. A CL names must star t with a letter and are case-insensitiv e. Defaults: No[...]

D-Link DWS-1008 CLI Manual 487 Examples T o display security A CL resource usage, type the f ollowing command: DWS-1008# show security ac l resour ce-usage ACL resour ces Classifier tree counters ------------------------------- Number of rules: 2 Number of leaf nodes: 1 Stored rule count: 2 Leaf chain count: 1 Longest leaf chain: 2 Number of non-l[...]

D-Link DWS-1008 CLI Manual 488 Field Description Number of rules Number of security A CEs currently mapped to por ts or VLANs. Number of leaf nodes Number of secur ity A CL data entries stored in the r ule tree. Stored rule count Number of security ACEs stored in the rule tree. Leaf chain count Number of chained secur ity A CL data entries stored i[...]

D-Link DWS-1008 CLI Manual 489 Field Description Static def ault action Definition of a def ault action: • T r ue—A def ault action types is defined. • F alse—No default action type is defined. No per-user (MA C) mapping P er-user application of a security ACL with the Filter-Id attribute, on the s witch: • T r ue—No security ACLs ar[...]

D-Link DWS-1008 CLI Manual 490 T race Commands Use trace commands to perform diagnostic routines. While MSS allows you to r un many types of traces, this chapter descr ibes commands for those traces you are most lik ely to use. F or a complete listing of the types of traces MSS allo ws, type the set trace ? command. Caution: Using the set trace com[...]

D-Link DWS-1008 CLI Manual 491 c lear trace Deletes running trace commands and ends trace processes. Syntax: c lear trace { trace-area | all} trace-area Ends a par ticular trace process. Specify one of the follo wing k e ywords to end the traces documented in this chapter: • authorization —Ends an author ization trace • dot1x —Ends an 802.1[...]

D-Link DWS-1008 CLI Manual 492 sa ve trace Sav es the accumulated trace data f or enab led traces to a file in the s witch’ s nonv olatile storage . Syntax: sa ve trace filename filename Name for the trace file. T o sav e the file in a subdirector y , specify the subdirector y name, then a slash. For e xample: traces/trace1 Defaults: None. A[...]

D-Link DWS-1008 CLI Manual 493 set trace authorization T races authorization inf or mation. Syntax: set trace authorization [mac-addr mac-address ] [port por t-num ] [user user name ] [level le vel ] mac-addr mac-address T races a MA C address. Specify a MAC address, using colons to separate the octets (f or e xample , 00:11:22:aa:bb:cc). port por [...]

D-Link DWS-1008 CLI Manual 494 port por t-num T races a por t number . Specify a por t number between 1 and 22. user user name T races a user . Specify a username of up to 80 alphanumeric characters with no spaces. level le vel Deter mines the quantity of inf or mation included in the output. Y ou can set the lev el with an integer from 1 to 10, wh[...]

D-Link DWS-1008 CLI Manual 495 Defaults: The default tr ace le v el is 5. Access: Enabled. Examples: T ype the follo wing command to trace session manager activity for MA C address 00:01:02:03:04:05: DWS-1008# set trace sm mac-addr 00:01:02:03:04:05: success: change accepted. See Also: • clear trace • show tr ace sho w trace Displa ys inf ormat[...]

D-Link DWS-1008 CLI Manual 496 Snoop Commands Use snoop commands to monitor wireless traffic, by using a Distributed AP as a sniffing device . The AP copies the sniff ed 802.11 pac k ets and sends the copies to an obser ver , which is typically a protocol analyzer such as Ethereal or T ethereal. This chapter presents snoop commands alphabetically[...]

D-Link DWS-1008 CLI Manual 497 c lear snoop map Remov es a snoop filter from an AP radio . Examples: c lear snoop map filter-name dap dap-num radio {1 | 2} filter-name Name of the snoop filter . dap dap-num Number of a Distr ib uted AP to which to snoop filter is mapped. radio 1 Radio 1 of the AP . radio 2 Radio 2 of the AP . (This option does[...]

D-Link DWS-1008 CLI Manual 498 condition-list Match criteria f or pac kets . Conditions in the list are ANDed. Theref ore, to be copied and sent to an obser v er , a pack et must match all cr iteria in the condition-list . Y ou can specify up to eight of the f ollowing conditions in a filter , in any order or combination: • frame-type {eq | neq}[...]

D-Link DWS-1008 CLI Manual 499 Usage T raffic that matches a snoop filter is copied after it is decr ypted. The decr ypted (clear) v ersion is sent to the obser ver . F or best results: • Do not specify an observer that is associated with the AP where the snoop filter is running. This configuration causes an endless cycle of snoop traffic. ?[...]

D-Link DWS-1008 CLI Manual 500 set snoop map Maps a snoop filter to a r adio on a Distributed AP . A snoop filter does tak e eff ect until y ou map it to a radio and enab le the filter . Examples: set snoop map filter-name dap dap-num radio {1 | 2} filter-name Name of the snoop filter . dap dap-num Number of a Distr ib uted AP to which to map[...]

D-Link DWS-1008 CLI Manual 501 set snoop mode Enables a snoop filter . A snoop filter does not take eff ect until y ou map it to an AP radio and enable the filter . Examples: set snoop { filter-name | all} mode {enable [stop-after num-pkts ] | disab le} {filter-name | all } Name of the snoop filter . Specify all to enable all snoop filters. [...]

D-Link DWS-1008 CLI Manual 502 sho w snoop Displa ys the AP radio mapping f or all snoop filters . Syntax: sho w snoop Defaults: None . Access: Enab led. Usage: T o display the mappings f or a specific AP radio , use the show snoop map command. Examples: The f ollowing command shows the AP radio mappings f or all snoop filters configured on a D[...]

D-Link DWS-1008 CLI Manual 503 sho w snoop map Shows the AP r adios that are mapped to a specific snoop filter . Syntax: sho w snoop map filter-name filter-name Name of the snoop filter . Defaults: None. Access: Enabled. Usage: T o display the mappings f or all snoop filters, use the show snoop command. Examples: The follo wing command shows [...]

D-Link DWS-1008 CLI Manual 504 The table belo w describes the fields in this display . Field Description Filter Name of the snoop filter . Dap Distr ibuted AP containing the r adio to which the filter is mapped. Radio Radio to which the filter is mapped. Rx Match Number of pack ets received b y the radio that match the filter . Tx Match Number[...]

D-Link DWS-1008 CLI Manual 505 System Log Commands Use the system log commands to record information f or monitor ing and troubleshooting. MSS system logs are based on RFC 3164, which defines the log protocol. This chapter presents system log commands alphabetically . Use the follo wing table to locate commands in this chapter based on their use. [...]

D-Link DWS-1008 CLI Manual 506 set log Enables or disables logging of D WS-1008 and AP ev ents to the log b uff er or other logging destination and sets the lev el of the ev ents logged. For logging to a syslog ser v er only , you can also set the f acility logged. Syntax: set log {b uffer | console | current | sessions | trace} [severity se v erit[...]

D-Link DWS-1008 CLI Manual 507 local-facility f acility-le v el For messages sent to a syslog ser v er , maps all messages of the se v erity you specify to one of the standard local log f acilities defined in RFC 3164. Y ou can specify one of the f ollowing v alues: • 0—maps all messages to local0. • 1—maps all messages to local1. • 2—[...]

D-Link DWS-1008 CLI Manual 508 set log mark Configures MSS to generate mar k messages at regular inter v als. The mar k messages indicate the current system time and date. D-Link can use the mark messages to determine the appro ximate time when a system restar t or other ev ent causing a system outage occurred. Syntax: set log mark [enable | disab[...]

D-Link DWS-1008 CLI Manual 509 sho w log b uffer Displa ys system inf or mation stored in the non volatile log b uff er or the trace b uff er . Syntax: sho w log buff er [{ +|- } number-of-messages ] [facility f acility-name ] [matching string ] [severity se v erity-lev el ] buff er Displa ys the log messages in nonv olatile storage. +|- number-of-[...]

D-Link DWS-1008 CLI Manual 510 Usage: The deb ug le v el produces a lot of messages, man y of which can appear to be some what cr yptic. Deb ug messages are used primar ily b y D-Link f or troubleshooting and are not intended f or administrator use . Examples: T ype the f ollowing command to see the facilities f or which y ou can vie w e vent messa[...]

D-Link DWS-1008 CLI Manual 511 sho w log trace Displa ys system inf or mation stored in the non volatile log b uff er or the trace b uff er . Syntax: sho w log trace [{ +|-|/ } number-of-messages ] [facility f acility-name ] [matching string ] [severity se v erity-lev el ] trace Displa ys the log messages in the trace b uff er . +|-|/ Displa ys the[...]

D-Link DWS-1008 CLI Manual 512 Examples: T ype the f ollowing command to see the facilities f or which y ou can vie w e vent messages archiv ed in the buff er : DWS-1008# show log trace facility ? <facility name> Select one of: KERNEL, AAA, SYSLOGD, ACL, APM, ARP , ASO, BOOT , CLI, CLUSTER, CR YPTO, DOT1X, ENCAP , ETHERNET , GA TEWA Y , HTTPD[...]

D-Link DWS-1008 CLI Manual 513 Boot Prompt Commands Boot prompt commands enab le y ou to perf orm basic tasks , including booting a system image file, from the boot prompt (boot>). A CLI session enters the boot prompt if MSS does not boot successfully or you intentionally interrupt the boot process. T o interrupt the boot process , press q foll[...]

D-Link DWS-1008 CLI Manual 514 autoboot Displa ys or changes the state of the autoboot option. The autoboot option controls whether a D WS-1008 s witch automatically boots a system image after initializing the hardw are, f ollowing a system reset or pow er cycle. Syntax: autoboot [ON | on | OFF | off] ON Enables the autoboot option. on Same eff ect[...]

D-Link DWS-1008 CLI Manual 515 HA = ip-addr Host address (IP address) of a TFTP ser v er . This parameter applies only when the boot type is n (network). FL = num Number representing the bit settings of boot flags to pass to the booted system image. Use this parameter only if advised to do so by D-Link. OPT = option Str ing up to 128 bytes of boot[...]

D-Link DWS-1008 CLI Manual 516 change Changes parameters in the currently activ e boot profile. Syntax: change Defaults: The default boot type is c (compact flash). The default filename is def ault. The default flags setting is 0x00000000 (all flags disabled) and the default options list is run=nos;boot=0. The def ault de vice setting is the b[...]

D-Link DWS-1008 CLI Manual 517 create Creates a new boot profile . Syntax: create Defaults: The new boot profile has the same settings as the currently active boot profile by def ault. Access: Boot prompt. Usage: A D WS-1008 s witch can ha v e up to f our boot profiles. The boot profiles are stored in slots, numbered 0 through 3. When y ou cre[...]

D-Link DWS-1008 CLI Manual 518 delete Remov es the currently activ e boot profile. Syntax: delete Defaults: None. Access: Boot prompt. Usage: When y ou type the delete command, the ne xt-lower n umbered boot profile becomes the activ e profile. F or e xample , if the currently activ e profile is number 3, profile number 2 becomes activ e after[...]

D-Link DWS-1008 CLI Manual 519 Defaults: The DHCP option is disabled b y def ault. Access: Boot prompt. Examples: The follo wing command displa ys the current setting of the DHCP option: boot> dhcp DHCP is currently enabled. The f ollowing command disab les the DHCP option: boot> dhcp DHCP is currently disabled. See Also: • boot diag Access[...]

D-Link DWS-1008 CLI Manual 520 Defaults: None. Access: Boot prompt. Usage: T o display the system image software v ersions , use the fver command. This command does not list the boot code v ersions. T o displa y the boot code v ersions, use the v ersion command. Examples: The f ollo wing command displays all the boot code and system image files on[...]

D-Link DWS-1008 CLI Manual 521 Examples: The f ollowing command displa ys the system image v ersion installed in boot par tition 1: boot> fver boot1 File boot1:default version is 1.1.0.98. See Also: • dir • v ersion help Displa ys a list of all the boot prompt commands or detailed inf or mation f or an individual command. Syntax: help [ comm[...]

D-Link DWS-1008 CLI Manual 522 ls Displa ys a list of the boot prompt commands. Syntax: ls Defaults: None . Access: Boot prompt. Usage: T o displa y help f or an individual command, type help f ollow ed b y the command name (f or e xample, help boot). Examples: T o displa y a list of the commands av ailab le at the boot prompt, type the f ollowing [...]

D-Link DWS-1008 CLI Manual 523 ne xt Activ ates and displa ys the boot profile in the ne xt boot profile slot. Syntax: ne xt Defaults: None. Access: Boot prompt. Usage: A D WS-1008 switch contains 4 boot profile slots, numbered 0 through 3. This command activ ates the boot profile in the ne xt slot, in ascending numerical order . If the current[...]

D-Link DWS-1008 CLI Manual 524 reset Resets a D WS-1008 s witch’ s hardware . Syntax: reset Defaults: None. Access: Boot prompt. Usage: After resetting the hardware , the reset command attempts to load a system image file only if other boot settings are configured to do so . Examples: T o immediately reset the system, type the follo wing comman[...]

D-Link DWS-1008 CLI Manual 525 sho w Displa ys the currently active boot profile. A boot profile is a set of parameters that a switch uses to control the boot process. Each boot profile contains the follo wing parameters: • Boot type —Either compact flash (local de vice on the s witch) or network (TFTP) • Boot device —Location of the sy[...]

D-Link DWS-1008 CLI Manual 526 The table belo w describes the fields in the display . Field Description BOO T Inde x Boot profile slot, which can be a number from 0 to 3. BOO T TYPE Boot type: • c—Compact flash. Boots using nonv olatile storage or a flash card. • n—Network. Boots using a TFTP ser v er . DEVICE Location of the system ima[...]

D-Link DWS-1008 CLI Manual 527 test Displa ys or changes the state of the poweron test flag. The po weron test flag controls whether an perf or ms a set of self tests prior to the boot process. Syntax: test [ON | on | OFF | off] ON Enables the po weron test flag. on Same eff ect as ON. OFF Disables the pow eron test flag. off Same effect as OFF[...]

D-Link DWS-1008 CLI Manual 528 Examples: T o displa y hardw are and boot code v ersion inf or mation, type the f ollowing command at the boot prompt: boot> version D-Link Systems Bootstrap/Bootloader V ersion 1.6.5 Release Bootstrap 0 version: 1.17 Active Bootloader 0 version: 1.6.5 Active Bootstrap 1 version: 1.17 Bootloader 1 version: 1.6.3 Bo[...]