D-Linkメーカーdws-1008の使用説明書/サービス説明書
ページ先へ移動 of 531
.
D-Link DWS-1008 CLI Manual i T able of Contents Introducing the D-Link Mobility System .........................................................................................1 D-Link Mobility System ..................................................
D-Link DWS-1008 CLI Manual ii IGMP Snooping Commands ........................................................................................................ 450 Security A CL Commands...................................................................
D-Link DWS-1008 CLI Manual 1 The D-Link Mobility System is an enter prise-class WLAN solution that seamlessly integrates with an e xisting wired enter pr ise network.
D-Link DWS-1008 CLI Manual 2 T ext and Syntax: Conventions This CLI manual uses the f ollo wing te xt and syntax conv entions: Con vention Use Monospace T ext Sets off command syntax or sample commands and system responses. Bold T e xt Highlights commands that you enter or items you select.
D-Link DWS-1008 CLI Manual 3 CLI Conventions Be aw are of the f ollowing MSS CLI con v entions f or command entr y: • “Command Prompts” on page 3 • “Syntax: Notation” on page 4 • “T e .
D-Link DWS-1008 CLI Manual 4 The MSS CLI uses standard syntax notation: • Bold monospace f ont identifies the command and ke ywords y ou must type .
D-Link DWS-1008 CLI Manual 5 MAC Address Notation MSS displays MA C addresses in he xadecimal numbers with a colon (:) delimiter between bytes—f or e xample, 00:01:02:1a:00:01. Y ou can enter MA C addresses with either h yphen (-) or colon (:) delimiters , but colons are pref erred.
D-Link DWS-1008 CLI Manual 6 Name “globbing” is a wa y of using a wildcard patter n to e xpand a single element into a list of elements that match the patter n.
D-Link DWS-1008 CLI Manual 7 MAC Address Globs A media access control (MAC) address glob is a similar method for matching some authentication, authorization, and accounting (AAA) and f orwarding database (FDB) commands to one or more 6-b yte MA C addresses.
D-Link DWS-1008 CLI Manual 8 Port Lists The ph ysical Ether net por ts on a s witch can be set f or connection to access points, authenticated wired users, or the network backbone . Y ou can include a single por t or multiple por ts in one MSS CLI command by using the appropriate list f ormat.
D-Link DWS-1008 CLI Manual 9 Command-Line Editing MSS editing functions are similar to those of many other netw ork operating systems. Keyboard Shortcuts The f ollowing k e yboard shor tcuts are av ailable f or enter ing and editing CLI commands: Ke yboard Shortcut(s) Function Ctrl+A Jumps to the first char acter of the command line.
D-Link DWS-1008 CLI Manual 10 Single-Asterisk (*) Wildcard Character Y ou can use the single-aster isk (*) wildcard character in globbing. F or details, see “User Globs, MAC Address Globs, and VLAN Globs” on page 7. Double-Asterisk (**) Wildcard Characters The double-asterisk (**) wildcard character matches all user names.
D-Link DWS-1008 CLI Manual 11 Understanding Command Descriptions Each command description in the D-Link Command Reference contains the f ollowing elements: • A command name, which sho ws the k eyw ords b ut not the variab les.
D-Link DWS-1008 CLI Manual 12 Access Commands Use access commands to control access to the Mobility Software System (MSS) (CLI). This chapter presents access commands alphabetically . Use the f ollowing table to locate commands in this chapter based on their use.
D-Link DWS-1008 CLI Manual 13 quit Exit from the CLI session. Syntax: quit Defaults: None. Access: All. Examples: T o end the administrator’ s session, type the follo wing command: DWS-1008> quit set enablepass Sets the passw ord that provides enab led access (f or configuration and monitoring) to the s witch.
D-Link DWS-1008 CLI Manual 14 System Ser vices Commands Use system ser vices commands to configure and monitor system information f or a D WS-1008 s witch. This chapter presents system ser vices commands alphabetically . Use the follo wing table to located commands in this chapter based on their use.
D-Link DWS-1008 CLI Manual 15 c lear banner motd Syntax: clear banner motd Defaults: None. Access: Enabled. Examples: T o clear a banner , type the f ollo wing command: DWS-1008> clear banner motd .
D-Link DWS-1008 CLI Manual 16 c lear system Clears the system configuration of the specified inf ormation. Syntax: clear system [contact | countrycode | idle-timeout | ip-address | location | name] contact countrycode idle-timeout ip-address location name Defaults: None.
D-Link DWS-1008 CLI Manual 17 help Syntax: clear history Defaults: None. Access: All. Examples: Use this command to see a list of av ailable commands. If y ou hav e restricted access, y ou see f e wer commands than if you ha ve enab led access.
D-Link DWS-1008 CLI Manual 18 history Syntax: clear history Defaults: None. Access: All. Examples: T o show the histor y of y our session, type the f ollowing command: D WS-1008# history quic kstar t Runs a script that interactively helps y ou configure a ne w s witch.
D-Link DWS-1008 CLI Manual 19 set banner motd Configures the banner string that is display ed bef ore the beginning of each login prompt f or each CLI session on the D WS-1008 s witch. Syntax: set banner motd ^te xt^ Defaults: None. Access: Enabled. Usage: T ype a caret (^), then the message, then another caret.
D-Link DWS-1008 CLI Manual 20 set confirm Enables or disab les the displa y of confirmation messages for commands that might hav e a large impact on the networ k. Syntax: set confirm {on | off} on Enables confirmation messages. off Disables confirmation messages.
D-Link DWS-1008 CLI Manual 21 Usage: Use this command if the output of a CLI command is greater than the number of lines allo wed b y def ault f or a ter minal type.
D-Link DWS-1008 CLI Manual 22 set pr ompt Changes the CLI prompt f or the D WS-1008 s witch to a string you specify . Syntax: set pr ompt string string Defaults: The factory default f or the D WS s witch prompt is D WS-mm-nnnnnn, where mm is the model number and nnnnnn is the last 6 digits of the 12-digit system MA C address.
D-Link DWS-1008 CLI Manual 23 set system contact Stores a contact name f or the D WS-1008 s witch. Syntax: set system contact string string Defaults: None. Access: Enabled. T o view the system contact string, type the show system command. Examples: The follo wing command sets the system contact inf or mation to tamara@e xample .
D-Link DWS-1008 CLI Manual 24.
D-Link DWS-1008 CLI Manual 25 Defaults: None. Access: Enabled. Usage: Y ou must set the system county code to a valid v alue before using any set ap commands to configure an access point. Examples: T o set the countr y code to Canada, type the follo wing command: DWS-1008# set system country code CA success: change accepted.
D-Link DWS-1008 CLI Manual 26 Access: Enabled. Usage: This command applies to all types of CLI management sessions: console , T elnet, and SSH. The timeout change applies to existing sessions only , not to new sessions.
D-Link DWS-1008 CLI Manual 27 set system location Stores location inf or mation f or the D WS-1008 switch. Syntax: set system location string string Defaults: None.
D-Link DWS-1008 CLI Manual 28 Usage: Entering set system name with no str ing resets the system name to the f actor y def ault. T o view the system name string, type the show system command.
D-Link DWS-1008 CLI Manual 29 sho w licenses Displa ys inf or mation about the license k ey(s) currently installed on an D WS-1008 s witch. Syntax: sho w licenses Defaults: None.
D-Link DWS-1008 CLI Manual 30 sho w system Displa ys system inf or mation. Syntax: sho w system Defaults: None. Access: Enabled. Examples: T o show system inf or mation, type the f ollowing command: DWS-1008# show system The table on the ne xt page descr ibes the fields of show system output.
D-Link DWS-1008 CLI Manual 31 Field Description Product Name D WS model number . System Name System name (f actor y default, or optionally configured with set system name ). System Countr ycode Countr y-specific 802.11 code required f or AP operation.
D-Link DWS-1008 CLI Manual 32 Field Description Memor y Current size (in megab ytes) of non volatile memory (NVRAM) and synchronous dynamic RAM (SDRAM), plus the percentage of total memor y space in u.
D-Link DWS-1008 CLI Manual 33 Port Commands Use por t commands to configure and manage individual por ts and load-shar ing por t groups. This chapter presents por t commands alphabetically . Use the f ollowing tab le to locate commands in this chapter based on their use.
D-Link DWS-1008 CLI Manual 34 c lear dap Caution: When y ou clear a Distributed AP , MSS ends user sessions that are using the AP . Remov es a Distributed AP . Syntax: c lear dap dap-num dap-num Defaults: None. Access: Enabled. Examples: The follo wing command clears Distributed AP 1: DWS-1008# clear dap 1 This will clear specified DAP devices.
D-Link DWS-1008 CLI Manual 35 c lear por t-gr oup Remov es a por t group Syntax: c lear port-group name name name Defaults: None. Access: Enabled. Examples: The follo wing command clears por t group ser v er1: DWS-1008# clear port-group name server1 success: change accepted.
D-Link DWS-1008 CLI Manual 36 c lear por t name Remov es the name assigned to a por t. Syntax: c lear port por t-list name por t-list Defaults: None. Access: Enabled. Examples: The follo wing command clears the names of por ts 1 through 4: D WS-1008# clear port 1-4 name See Also: • set por t name List of ph ysical por ts.
D-Link DWS-1008 CLI Manual 37 P or t P arameter Setting VLAN membership None. Note: Although the command changes a por t to a network por t, the command does not place the por t in any VLAN. T o use the por t in a VLAN, you m ust add the por t to the VLAN.
D-Link DWS-1008 CLI Manual 38 monitor por t counter s Displa ys and continually updates por t statistics. Syntax: monitor por t counter s [octets | packets | receive-errors | transmit-error s | collis.
D-Link DWS-1008 CLI Manual 39 Usage: Each type of statistic is displa yed separately . Press the Spacebar to cycle through the displa ys f or each type. If y ou use an option to specify a statistic type, the displa y begins with that statistic type . Y ou can use one statistic option with the command.
D-Link DWS-1008 CLI Manual 40 Statistics Option Field Description Display ed for All Options P or t P or t the statistics are displa yed f or . Status P or t status. The status can be Up or Down. octets Rx Octets T otal numbewr of octets re veiv ed by the por t.
D-Link DWS-1008 CLI Manual 41 Statistics Option Field Description T ransmit-err ors Tx Crc Number of frames tr ansmitted by the port that had the correct length but contained an in v alid FCS value . Tx Shor t Number of frames transmitted b y the por t that were f ewer than 64 b ytes long.
D-Link DWS-1008 CLI Manual 42 reset por t Resets a por t by toggling its link state and P ow er ov er Ether net (P oE) state. Syntax: reset port por t-list por t-list Defaults: None. Access: Enabled. Usage: The reset command disables the por t’ s link and P oE (if applicab le) f or at least 1 second, then reenables them.
D-Link DWS-1008 CLI Manual 43 Access: Enabled. Examples: The f ollo wing command configures Distributed AP 1 f or AP model MP-372 with serial-ID 0322199999: DWS-1008# set dap 1 serial-id 0322199999 model mp-372 success: change accepted. The f ollowing command remo v es Distributed AP 1: DWS-1008# clear dap 1 This will clear specified DAP devices.
D-Link DWS-1008 CLI Manual 44 The f ollowing command reenab les the por t: DWS-1008# set port enable 4 success: set “enable” on port 4 See Also: • set reset por t set por t-gr oup Administrativ ely disab les or reenables a por t.
D-Link DWS-1008 CLI Manual 45 The follo wing commands disable the link for por t group ser ver1 , change the list of por ts in the group , and reenable the link: DWS-1008# set port-group name server1 1-5 mode off success: change accepted. DWS-1008# set port-group name server1 1-4,7 mode on success: change accepted.
D-Link DWS-1008 CLI Manual 46 set por t mirr or Configures por t mirror ing. P or t mirror ing is a troubleshooting f eature that copies (mirrors) traffic sent or receiv ed by a D WS-1008 por t (the source por t) to another por t (the obser ver) on the same D WS-1008.
D-Link DWS-1008 CLI Manual 47 Defaults: None Access: Enabled. Usage: T o simplify configuration and av oid confusion between a por t’ s number and its name, D-Link recommends that you do not use n umbers as por t names.
D-Link DWS-1008 CLI Manual 48 A stream of large pac kets sent to an D WS-1008 por t in such a configuration can cause forw arding on the link to stop .
D-Link DWS-1008 CLI Manual 49 DWS-1008# set port poe 3,5 disable If you ar e enabling power on these ports, they must be connected only to appr oved PoE devices with the corr ect wiring.
D-Link DWS-1008 CLI Manual 50 Examples: The follo wing command sets the por t speed on por ts 1, 3 through 5, and 8 to 10 Mbps and sets the operating mode to full-duple x: DWS-1008# set port speed 1,3-5,8 10 set por t trap Enables or disables Simple Network Management Protocol (SNMP) linkup and linkdown traps on an individual por t.
D-Link DWS-1008 CLI Manual 51 set por t type ap Configures a D WS-1008 s witch por t f or an (AP) access point. Caution! When you set the por t type f or AP use, you must specify the P oE state (enable or disable) of the por t. Use the D WS-1008’ s P oE to power D-Link access points or P oE enabled de vices only .
D-Link DWS-1008 CLI Manual 52 P ort Parameter Setting VLAN Membership Remov ed from all VLANs. Y ou cannot assign an AP access por t to a VLAN. MSS automatically assigns AP access por ts to VLANs based on user traffic. Spanning T ree Protocol (STP) Not applicable .
D-Link DWS-1008 CLI Manual 53 set por t type wired-auth Configures an D WS-1008 por t f or a wired authentication user . Syntax: set port type wired-auth por t-list [tag tag-list ] [max-sessions num .
D-Link DWS-1008 CLI Manual 54 F or 802.1X clients , wired authentication works only if the clients are directly attached to the wired authentication por t, or are attached through a hub that does not bloc k forw arding of pack ets from the client to the P AE group address (01:80:c2:00:00:03).
D-Link DWS-1008 CLI Manual 55 sho w por t counters Displa ys por t statistics. Syntax: show port counters [octets | pac kets | receive-error s | transmit-err ors | collisions | receive-ether stats | transmit-etherstats] [port por t-list ] octets Displa ys octet statistics.
D-Link DWS-1008 CLI Manual 56 sho w por t-gr oup Displa ys por t group inf or mation. Syntax: show port-group [name g roup-name ] name group-name Displa ys inf or mation f or the specified por t group .
D-Link DWS-1008 CLI Manual 57 sho w por t poe Displa ys status inf or mation f or por ts on which P ower o ver Ethernet (P oE) is enabled. Syntax: sho w por t poe [ por t-list ] por t-list List of ph ysical por ts. If y ou do not specify a por t list, P oE inf or mation is displa y ed f or all por ts.
D-Link DWS-1008 CLI Manual 58 sho w por t status Displa ys configuration and status inf ormation for por ts. Syntax: sho w por t status [ por t-list ] por t-list List of ph ysical por ts. If you do not specify a por t list, inf or mation is displa y ed f or all por ts.
D-Link DWS-1008 CLI Manual 59 VLAN Commands Use vir tual LAN (VLAN) commands to configure and manage parameters f or individual por t VLANs on network por ts, and to displa y information about clients within a networ k. This chapter presents VLAN commands alphabetically .
D-Link DWS-1008 CLI Manual 60 c lear fdb Deletes an entr y from the f orwarding database (FDB). Syntax: clear fdb {perm | static | d ynamic | port por t-list } [vlan vlan-id ] [tag tag-v alue ] perm Clears per manent entries. A per manent entr y does not age out and remains in the database e ven after a reboot, reset, or pow er cycle .
D-Link DWS-1008 CLI Manual 61 c lear security l2-restrict Remov es one or more MA C addresses from the list of destination MA C addresses to which clients in a VLAN are allowed to send tr affic at La yer 2. Syntax: c lear security l2-restrict vlan vlan-id [permit-mac mac-addr [ mac-addr ] | all] vlan-id VLAN name or number .
D-Link DWS-1008 CLI Manual 62 c lear security l2-restrict counter s Clear statistics counters f or La yer 2 f orwarding restriction. Syntax: clear security l2-restrict counter s [vlan vlan-id | all] vlan-id VLAN name or number . all Clears La y er 2 f orwarding restriction counters f or all VLANs.
D-Link DWS-1008 CLI Manual 63 Defaults: None . Access: Enabled. Usage: If y ou do not specify a por t-list, the entire VLAN is remo ved from the configur ation. Note: Y ou cannot delete the def ault VLAN but you can remov e por ts from it. T o remov e por ts from the def ault VLAN, use the por t por t-list option.
D-Link DWS-1008 CLI Manual 64 set fdb Adds a per manent or static entr y to the f orwarding database . Syntax: set fdb {perm | static} mac-addr port por t-list vlan vlan-id [tag tag-v alue ] perm Adds a permanent entr y . A permanent entr y does not age out and remains in the database e v en after a reboot, reset, or power cycle .
D-Link DWS-1008 CLI Manual 65 set fdb agingtime Changes the aging timeout period for dynamic entries in the f orwarding database . Syntax: set fdb agingtime vlan-id age seconds vlan-id VLAN name or number . The timeout per iod change applies only to entr ies that match the specified VLAN.
D-Link DWS-1008 CLI Manual 66 Defaults: La yer 2 restriction is disab led by def ault. Access: Enabled. Usage: Y ou can specify multiple addresses by listing them on the same command line or b y enter ing multiple commands.
D-Link DWS-1008 CLI Manual 67 VLAN names are case-sensitiv e f or RADIUS authorization when a client roams to a s witch. If the s witch is not configured with the VLAN the client is on, but is configured with a VLAN that has the same spelling b ut different capitalization, authorization f or the client fails .
D-Link DWS-1008 CLI Manual 68 sho w fdb Displa ys entries in the forw arding database. Syntax: show fdb [ mac-addr-glob [vlan vlan-id ]] show fdb {perm | static | d ynamic | system | all} [por t por t-list | vlan vlan-id ] mac-addr-glob A single MA C address or set of MA C addresses.
D-Link DWS-1008 CLI Manual 69 The top line of the displa y identifies the characters to distinguish among the entry types. The f ollowing command displa ys all entr ies that begin with the MA C address glob 00: DWS-1008# show fdb 00:* * = Static Entry .
D-Link DWS-1008 CLI Manual 70 sho w fdb count Lists the number of entries in the f orwarding database . Syntax: sho w fdb count {perm | static | dynamic} [vlan vlan-id ] perm Lists the number of permanent entries. A per manent entr y does not age out and remains in the database e ven after a reboot, reset, or po wer cycle .
D-Link DWS-1008 CLI Manual 71 Examples: The f ollowing command shows La yer 2 forw arding restr iction information for all VLANs: DWS-1008# show security l2-restrict VLAN Name En Drops Per mit MAC Hit.
D-Link DWS-1008 CLI Manual 72 Examples: The f ollo wing command displa ys inf or mation f or VLAN burgundy: DWS-1008# show vlan config b urgund y Admin VLAN T unl Port VLAN Name Status State Affin P.
D-Link DWS-1008 CLI Manual 73 Quality of Ser vice Commands Use Quality of Service (QoS) commands to configure pac k et prior itization in MSS . P ack et prior itization ensures that D WS-1008 switches and D WL-8220AP access points giv e preferential treatment to high- prior ity traffic such as v oice and video .
D-Link DWS-1008 CLI Manual 74 Defaults: None . Access: Enab led. Usage: T o reset all mappings to their def ault v alues, use the clear qos command without the optional parameters . Examples: The follo wing command resets all QoS mappings: DWS-1008# clear qos success: change accepted.
D-Link DWS-1008 CLI Manual 75 set qos dscp-to-cos-map Changes the inter nal QoS value to which MSS maps a pack et’ s DSCP value when classifying inbound pack ets . Syntax: set qos dscp-to-cos-map dscp-range cos le vel dscp-range DSCP range. Y ou can specify the v alues as decimal numbers.
D-Link DWS-1008 CLI Manual 76 Examples: The follo wing command displa ys the def ault QoS settings: DWS-1008# show qos default Ingress QoS Classification Map (dscp-to-cos) Ingress DSCP CoS Level ====.
D-Link DWS-1008 CLI Manual 77 IP Ser vices Commands Use IP services commands to configure and manage IP interf aces, management ser vices, the Domain Name Ser vice (DNS), Network Time Protocol (NTP), and aliases, and to ping a host or trace a route. This chapter presents IP ser vices commands alphabetically .
D-Link DWS-1008 CLI Manual 78 c lear ip alias Remov es an alias , which is a string that represents an IP address. Syntax: c lear ip alias name name Alias name. Defaults: None. Access: Enabled. Examples: The f ollo wing command remov es the alias ser v er1 : DWS-1008# clear ip alias server1 success: change accepted.
D-Link DWS-1008 CLI Manual 79 c lear ip dns server Remov es a DNS server from a D WS-1008 switch configur ation. Syntax: clear ip dns server ip-addr ip-addr IP address of a DNS server . Defaults: None. Access: Enabled. Examples: The follo wing command remov es DNS ser ver 10.
D-Link DWS-1008 CLI Manual 80 Defaults: None. Access: Enabled. Examples: The f ollowing command removes the route to destination 10.10.10.68/24 through router 10.
D-Link DWS-1008 CLI Manual 81 c lear ntp server Remov es an NTP server from a s witch configuration. Syntax: c lear ntp server { ip-addr | all} ip-addr IP address of the ser v er to remov e, in dotted decimal notation. all Remov es all NTP ser vers from the configuration.
D-Link DWS-1008 CLI Manual 82 c lear snmp comm unity Clears an SNMP community string. Syntax: clear snmp comm unity name comm-string comm-string Name of the SNMP community y ou want to clear .
D-Link DWS-1008 CLI Manual 83 c lear snmp notify tar g et Clears an SNMP notification target. Syntax: c lear snmp notify target target-num target-num ID of the target. Defaults: None. Access: Enabled. Examples: The follo wing command clears notification target 3: DWS-1008# clear snmp notify tar get 3 success: change accepted.
D-Link DWS-1008 CLI Manual 84 c lear summer time Clears the summer time setting from a D WS-1008 s witch. Syntax: c lear summertime Defaults: None . Access: Enabled. Examples: T o clear the summer time setting from a s witch, type the f ollowing command: DWS-1008# clear summertime success: change accepted.
D-Link DWS-1008 CLI Manual 85 c lear timezone Clears the time offset f or the switch’ s real-time cloc k from Coordinated Universal Time (UTC). UTC is also know as Greenwich Mean Time (GMT).
D-Link DWS-1008 CLI Manual 86 inter v al time Time inter val between ping pac k ets, in milliseconds . Y ou can specify from 100 through 10,000. size size P ac ket siz e, in b ytes . Y ou can specify from 56 through 65,507. Note: Because the s witch adds header inf or mation, the ICMP pack et siz e is 8 bytes larger than the siz e you specify .
D-Link DWS-1008 CLI Manual 87 set arp Adds an ARP entr y to the ARP table . Syntax: set arp {permanent | static | d ynamic} ip-addr mac-addr permanent Adds a per manent entr y . A per manent entr y does not age out and remains in the database e ven after a reboot, reset, or po wer cycle .
D-Link DWS-1008 CLI Manual 88 Access: Enabled. Usage: Aging applies only to dynamic entries. T o reset the ARP aging timeout to its def ault v alue, use the set arp agingtime 1200 command.
D-Link DWS-1008 CLI Manual 89 Examples: The follo wing command configures IP interf ace 10.10.10.10/24 on VLAN def ault : DWS-1008# set interface default ip 10.10.10.10/24 success: set ip address 10.10.10.10 netmask 255.255.255.0 on vlan default The f ollowing command configures IP interf ace 10.
D-Link DWS-1008 CLI Manual 90 set interface dhcp-server Configures the MSS DHCP ser v er . Note: Use of the MSS DHCP ser ver to allocate client addresses is intended f or temporary , demonstration deplo yments and not f or production networks.
D-Link DWS-1008 CLI Manual 91 • DNS servers—If these options are not set with the set interf ace dhcp-server command’ s primar y-dns and secondary-dns options, the MSS DHCP server uses the v alues set by the set ip dns server command.
D-Link DWS-1008 CLI Manual 92 set ip alias Configures an alias, which maps a name to an IP address. Y ou can use aliases as shor tcuts in CLI commands. Syntax: set ip alias name ip-addr name String of up to 32 alphanumeric characters, with no spaces.
D-Link DWS-1008 CLI Manual 93 set ip dns domain Configures a def ault domain name for DNS quer ies. The s witch appends the default domain name to domain names or hostnames you enter in commands . Syntax: set ip dns domain name name Domain name of between 1 and 64 alphanumeric characters with no spaces (f or e xample, e xample .
D-Link DWS-1008 CLI Manual 94 Defaults: None. Access: Enabled. Usage: Y ou can configure a D WS-1008 s witch to use one primar y DNS ser ver and up to fiv e secondar y DNS ser v ers. Examples: The f ollowing commands configure a D WS-1008 s witch to use a pr imar y DNS ser v er and two secondary DNS ser vers: DWS-1008# set ip dns server 10.
D-Link DWS-1008 CLI Manual 95 set ip r oute Adds a static route to the IP route table . Syntax: set ip r oute {default | ip-addr mask | ip-addr/mask-length } def ault-router metric default Default route . A D WS-1008 switch uses the def ault route if an explicit route is not av ailab le f or the destination.
D-Link DWS-1008 CLI Manual 96 Examples: The f ollowing command adds a default route that uses default router 10.5.4.1 and giv es the route a cost of 1: DWS-1008# set ip route default 10.5.4.1 1 success: change accepted. The f ollowing commands add two default routes, and configure MSS to alwa ys use the route through 10.
D-Link DWS-1008 CLI Manual 97 Examples: The follo wing command enab les the SNMP ser ver on a D WS-1008 s witch: DWS-1008# set ip snmp server enable success: change accepted.
D-Link DWS-1008 CLI Manual 98 set ip ssh server Disables or reenab les the SSH server on a s witch. Caution: If you disab le the SSH server , SSH access to the s witch is also disabled. Syntax: set ip ssh server {enable | disable} enable Enab les the SSH ser ver .
D-Link DWS-1008 CLI Manual 99 Defaults: The def ault T elnet por t number is 23. Access: Enabled. Examples: The follo wing command changes the T elnet por t number on a s witch to 5000: DWS-1008# set ip telnet 5000 success: change accepted.
D-Link DWS-1008 CLI Manual 100 set ntp Enables or disab les the NTP client on a D WS-1008 switch. Syntax: set ntp {enable | disab le} enable Enables the NTP client. disable Disables the NTP client. Defaults: The NTP client is disabled b y def ault. Access: Enabled.
D-Link DWS-1008 CLI Manual 101 Examples: The follo wing command configures a s witch to use NTP ser v er 192.168.1.5: DWS-1008# set ntp server 192.168.
D-Link DWS-1008 CLI Manual 102 set snmp comm unity Configures a community string f or SNMPv1 or SNMPv2c. Note: F or SNMPv3, use the set snmp usm command to configure an SNMPv3 user .
D-Link DWS-1008 CLI Manual 103 Examples: The follo wing command configures the read-write community good_community: DWS-1008# set snmp community read-write good_comm unity success: change accepted.
D-Link DWS-1008 CLI Manual 104 notification-type Name of the notification type: • APBootT raps —Generated when an access point boots. • ApNonOperStatusT raps —Generated to indicate an AP radio is nonoperational. • ApOperRadioStatusT raps —Generated when the status of an AP radio changes.
D-Link DWS-1008 CLI Manual 105 • CounterMeasureStopT raps —Generated when MSS stops counter measures against a rogue access point. • D APConnectW arningT raps —Generated when a Distributed AP whose finger print has not been configured in MSS establishes a management session with the s witch.
D-Link DWS-1008 CLI Manual 106 all Sends or drops all notifications. Defaults: A default notification profile (named def ault) is already configured in MSS.
D-Link DWS-1008 CLI Manual 107 DWS-1008# set snmp notify profile snmppr of_rfdetect send RFDetectSpoofedSsidAPT raps success: change accepted. DWS-1008# set snmp notify profile snmppr of_rfdetect send RFDetectUnA uthorizedAPT raps success: change accepted.
D-Link DWS-1008 CLI Manual 108 snmp-engine-id SNMP engine ID of the target. Specify ip if the target’ s SNMP {ip | hex he x-str ing } engine ID is based on its IP address . If the target’ s SNMP engine ID is a he xadecimal value , use hex he x-str ing to specify the value .
D-Link DWS-1008 CLI Manual 109 security {unsecured | Specifies the security le vel, and is applicab le only when authenticated | encrypted} applicab le only when the SNMP version is usm: • unsecured —Message e xchanges are not authenticated, nor are they encrypted.
D-Link DWS-1008 CLI Manual 110 target-num ID f or the target. This ID is local to the s witch and does not need to correspond to a value on the target itself . Y ou can specify a number from 1 to 10. ip-addr[:udp-por t-number] IP address of the ser ver .
D-Link DWS-1008 CLI Manual 111 This command configures target 1 at IP address 10.10.40.9. The target’ s SNMP engine ID is based on its address . The MSS SNMP engine will send notifications based on the def ault profile, and will require the target to ackno wledge receiving them.
D-Link DWS-1008 CLI Manual 112 set snmp security Sets the minimum le v el of security MSS requires for SNMP message e xchanges. Syntax: set snmp security {unsecured | authenticated | encrypted | auth-req-unsec-notify} unsecured SNMP message exchanges are not secure .
D-Link DWS-1008 CLI Manual 113 set snmp usm Creates a USM user f or SNMPv3. Note: This command does not apply to SNMPv1 or SNMPv2c. For these SNMP versions , use the set snmp community command to configure community strings.
D-Link DWS-1008 CLI Manual 114 Specifies the authentication type used to authenticate communications with the remote SNMP engine . Y ou can specify one of the f ollowing: • none—No authentication is used. • md5—Message-digest algor ithm 5 is used.
D-Link DWS-1008 CLI Manual 115 set summer time Offsets the real-time clock of a D WS-1008 s witch by +1 hour and retur ns it to standard time f or da ylight savings time or a similar summertime per iod that you set.
D-Link DWS-1008 CLI Manual 116 set system ip-address Configures the system IP address . The system IP address deter mines the interf ace or source IP address MSS uses f or system tasks, including the.
D-Link DWS-1008 CLI Manual 117 set timedate Sets the time of da y and date on the D WS-1008 s witch. Syntax: set timedate {date mmm dd yyyy [time hh:mm:ss ]} date mmm dd yyyy System date: • mmm—month. • dd—da y . • yyyy—year . time hh:mm:ss System time, in hours, minutes , and seconds.
D-Link DWS-1008 CLI Manual 118 Defaults: If this command is not used, then the def ault time zone is UTC . Access: Enab led. Examples: T o set the time zone f or P acific Standard Time (PST), type the f ollowing command: DWS-1008# set timezone PST -8 Timezone is set to ‘PST’, offset fr om UTC is -8:0 hours.
D-Link DWS-1008 CLI Manual 119 The table belo w describes the fields in this display . Field Description ARP aging time Number of seconds a dynamic entr y can remain unused bef ore MSS remov es the entr y from the ARP table . Host IP address, hostname, or alias .
D-Link DWS-1008 CLI Manual 120 The table belo w describes the fields in this display . Field Description Interf ace VLAN name and number . Configuration Status Status of the DHCP client on this VLAN: • Enabled • Disabled DHCP State State of the IP interf ace: • IF_UP • IF_DO WN Lease Allocation Duration of the address lease.
D-Link DWS-1008 CLI Manual 121 The follo wing command displa ys configuration and status information f or each VLAN on which the DHCP ser v er is configured: DWS-1008# show dhcp-server verbose Interface: 0 (Direct AP) Status: UP Address Range: 10.0.
D-Link DWS-1008 CLI Manual 122 Field Description Lease Remaining Number of seconds remaining bef ore the address lease expires . IP Address IP address leased to the client. Subnet Mask Network mask of the IP address leased to the client. Def ault Router Def ault router IP address included in the DHCP Offer to the client.
D-Link DWS-1008 CLI Manual 123 set interface dhcp-c lient Configures the DHCP client on a VLAN, to allow the VLAN to obtain its IP interf ace from a DHCP ser v er . Syntax: set interface vlan-id ip dhcp-c lient {enable | disable} vlan-id VLAN name or number .
D-Link DWS-1008 CLI Manual 124 set interface dhcp-server Configures the MSS DHCP ser v er . Note: Use of the MSS DHCP ser ver to allocate client addresses is intended f or temporary , demonstration deplo yments and not f or production networks.
D-Link DWS-1008 CLI Manual 125 Specification of the DNS domain name, DNS ser v ers, and def ault router are optional. If you omit one or more of these options, the MSS DHCP ser ver uses oath values c.
D-Link DWS-1008 CLI Manual 126 set ip alias Configures an alias, which maps a name to an IP address. Y ou can use aliases as shor tcuts in CLI commands. Syntax: set ip alias name ip-addr name String of up to 32 alphanumeric characters, with no spaces.
D-Link DWS-1008 CLI Manual 127 set ip dns domain Configures a def ault domain name for DNS quer ies. The s witch appends the default domain name to domain names or hostnames you enter in commands . Syntax: set ip dns domain name name Domain name of between 1 and 64 alphanumeric characters with no spaces (f or e xample, e xample .
D-Link DWS-1008 CLI Manual 128 Defaults: None. Access: Enabled. Usage: Y ou can configure a switch to use one pr imar y DNS ser ver and up to five secondar y DNS ser v ers. Examples: The follo wing commands configure a s witch to use a primar y DNS ser ver and two secondar y DNS ser v ers: DWS-1008# set ip dns server 10.
D-Link DWS-1008 CLI Manual 129 set ip r oute Adds a static route to the IP route table . Syntax: set ip r oute {default | ip-addr mask | ip-addr/mask-length } def ault-router metric default Default route . A D WS-1008 switch uses the def ault route if an e xplicit route is not av ailab le f or the destination.
D-Link DWS-1008 CLI Manual 130 Example: The f ollowing command adds a default route that uses def ault router 10.5.4.1 and giv es the route a cost of 1: DWS-1008# set ip route default 10.5.4.1 1 success: change accepted. The f ollowing commands add two default routes, and configure MSS to alwa ys use the route through 10.
D-Link DWS-1008 CLI Manual 131 set ip ssh Changes the TCP por t number on which a D WS-1008 s witch listens f or Secure Shell (SSH) management traffic. Caution: If you change the SSH por t number from an SSH session, MSS immediately ends the session.
D-Link DWS-1008 CLI Manual 132 set ip telnet Changes the TCP por t number on which a D WS-1008 s witch listens for T elnet management traffic. Caution: If y ou change the T elnet por t number from a T elnet session, MSS immediately ends the session.
D-Link DWS-1008 CLI Manual 133 Usage: The maximum number of T elnet sessions suppor ted on a switch is eight. If SSH is also enabled, the s witch can hav e up to eight T elnet or SSH sessions, in any combination, and one console session.
D-Link DWS-1008 CLI Manual 134 set ntp server Configures a D WS-1008 s witch to use an NTP server . Syntax: set ntp server ip-addr ip-addr IP address of the NTP ser v er , in dotted decimal notation. Defaults: None. Access: Enabled. Usage: Y ou can configure up to three NTP ser v ers.
D-Link DWS-1008 CLI Manual 135 set snmp comm unity Configures a community string f or SNMPv1 or SNMPv2c. Note: F or SNMPv3, use the set snmp usm command to configure an SNMPv3 user .
D-Link DWS-1008 CLI Manual 136 The f ollowing command configures community string s witchmgr1 with access le vel notify-read- write: DWS-1008# set snmp community name s witchmgr1 notify-read-write success: change accepted.
D-Link DWS-1008 CLI Manual 137 • A utoT uneRadioP owerChangeT raps —Generated when the RF A uto-T uning feature changes the pow er setting on a radio . • ClientAssociationFailureT raps —Generated when a client’ s attempt to associate with a radio f ails .
D-Link DWS-1008 CLI Manual 138 • RFDetectSpoofedMacAPT raps —Generated when MSS detects a wireless pack et with the source MA C address of a D-Link AP , but without the spoof ed MP’ s signature (finger print). • RFDetectSpoofedSsidAPT raps —Generated when MSS detects beacon frames f or a v alid SSID , b ut sent by a rogue AP .
D-Link DWS-1008 CLI Manual 139 DWS-1008# set snmp notify profile snmppr of_rfdetect send RFDetectInterferingRogueDisappearT raps success: change accepted. DWS-1008# set snmp notify profile snmppr of_rfdetect send RFDetectRogueAPT raps success: change accepted.
D-Link DWS-1008 CLI Manual 140 set snmp notify tar g et Configures a notification target f or notifications from SNMP . A notification target is a remote de vice to which MSS sends SNMP notifications. Y ou can configure the MSS SNMP engine to send confir med notifications (inf or ms) or unconfir med notifications (traps).
D-Link DWS-1008 CLI Manual 141 retries num Specifies the number of times the MSS SNMP engine will resend a notification that has not been ackno wledged by the target. Y ou can specify from 0 to 3 retr ies . timeout num Specifies the number of seconds MSS waits f or acknowledgement of a notification.
D-Link DWS-1008 CLI Manual 142 SNMPv2c with Informs T o configure a notification target f or inf or ms from SNMPv2c, use the f ollowing command: Syntax: set snmp notify tar get target-num ip-addr [ :udp-por t-number ] v2c community-string inform [pr ofile profile-name ] [retries num ] [timeout num ] target-num ID f or the target.
D-Link DWS-1008 CLI Manual 143 SNMPv1 with T raps T o configure a notification target f or traps from SNMPv1, use the f ollo wing command: Syntax: set snmp notify tar get target-num ip-addr [ :udp-por t-number ] v1 community-string [profile profile-name ] target-num ID f or the target.
D-Link DWS-1008 CLI Manual 144 set snmp pr otocol Enables an SNMP protocol. MSS suppor ts SNMPv1, SNMPv2c, and SNMPv3. Syntax: set snmp pr otocol {v1 | v2c | usm | all} {enable | disable} v1 SNMPv1 v2c SNMPv2c usm SNMPv3 (with the user secur ity model) all Enab les all suppor ted versions of SNMP .
D-Link DWS-1008 CLI Manual 145 Defaults: By def ault, MSS allows nonsecure (unsecured) SNMP message e xchanges. Access: Enabled. Usage: SNMPv1 and SNMPv2c do not suppor t authentication or encr yption. If you plan to use SNMPv1 or SNMPv2c, lea v e the minimum le v el of SNMP security set to unsecured.
D-Link DWS-1008 CLI Manual 146 snmp-engine-id {ip ip-addr | Specifies a unique identifier f or the SNMP engine. local | hex he x-str ing } T o send inf or ms , you m ust specify the engine ID of the inf or m receiv er . T o send traps and to allo w get and set operations and so on, specify local as the engine ID .
D-Link DWS-1008 CLI Manual 147 auth-type {none | md5 | sha} Specifies the authentication type used to authenticate {auth-pass-phrase communications with the remote SNMP engine . string | auth-key he x-string } Y ou can specify one of the f ollo wing: • none —No authentication is used.
D-Link DWS-1008 CLI Manual 148 Defaults: No SNMPv3 users are configured by def ault. When you configure an SNMPv3 user , the default access is read-only , and the default authentication and encr yption types are both none. Access: Enabled. Examples: The f ollowing command creates USM user snmpmgr1 , associated with the local SNMP engine ID .
D-Link DWS-1008 CLI Manual 149 weekda y Da y of the week to star t or end the time change. V alid values are sun, mon, tue, wed, thu, fri, and sat. month Month of the year to star t or end the time change. V alid v alues are jan, f eb , mar , apr , ma y , jun, jul, aug, sep, oct, no v , and dec.
D-Link DWS-1008 CLI Manual 150 set system ip-address Configures the system IP address . The system IP address deter mines the interf ace or source IP address MSS uses f or system tasks, including the.
D-Link DWS-1008 CLI Manual 151 set timedate Sets the time of da y and date on the s witch. Syntax: set timedate {date mmm dd yyyy [time hh:mm:ss ]} date mmm dd yyyy System date: • mmm —month. • dd —da y . • yyyy —year . time hh:mm:ss System time, in hours, minutes , and seconds.
D-Link DWS-1008 CLI Manual 152 zone-name Time zone name of up to 32 alphabetic characters . Y ou can use a standard name or any name y ou like . - Minus time to indicate hours (and min utes) to be subtracted from UTC . Otherwise, hours and minutes are added b y def ault.
D-Link DWS-1008 CLI Manual 153 The table belo w describes the fields in this display . Field Description ARP aging time Number of seconds a dynamic entr y can remain unused before MSS remov es the entr y from the ARP table . Host IP address, hostname , or alias.
D-Link DWS-1008 CLI Manual 154 The table belo w describes the fields in this display . Field Description Interf ace VLAN name and number . Configuration Status Status of the DHCP client on this VLAN: • Enabled • Disabled DHCP State State of the IP interf ace: • IF_UP • IF_DO WN Lease Allocation Duration of the address lease .
D-Link DWS-1008 CLI Manual 155 The follo wing command displa ys configuration and status information f or each VLAN on which the DHCP ser v er is configured: DWS-1008# show dhcp-server verbose Inter face: 0 (Direct AP) Status: UP Address Range: 10.0.
D-Link DWS-1008 CLI Manual 156 Field Description Lease Remaining Number of seconds remaining before the address lease e xpires. IP Address IP address leased to the client. Subnet Mask Network mask of the IP address leased to the client. Def ault Router Def ault router IP address included in the DHCP Off er to the client.
D-Link DWS-1008 CLI Manual 157 sho w ip alias Displa ys the IP aliases configured on the D WS-1008 s witch. Syntax: sho w ip alias [ name ] name Alias string. Defaults: If you do not specify an alias name , all aliases are displa y ed. Access: Enab led.
D-Link DWS-1008 CLI Manual 158 sho w ip dns Displa ys the DNS ser v ers the s witch is configured to use. Syntax: sho w ip dns Defaults: None. Access: All. Examples: The follo wing command displa ys the DNS inf or mation: DWS-1008# show ip dns Domain Name: example.
D-Link DWS-1008 CLI Manual 159 sho w ip https Displa ys inf or mation about the HTTPS management por t. Syntax: sho w ip https Defaults: None. Access: All.
D-Link DWS-1008 CLI Manual 160 sho w ip r oute Displa ys the IP route table . Syntax: sho w ip route [ destination ] destination Route destination IP address, in dotted decimal notation. Defaults: None. Access: All. Usage: When y ou add an IP interf ace to a VLAN that is up , MSS adds direct and local routes f or the interf ace to the route tab le.
D-Link DWS-1008 CLI Manual 161 Field Description Gatew a y Next-hop router f or reaching the route destination. Note: This field applies only to static routes. VLAN:Interf ace Destination VLAN, protocol type, and IP address of the route. Because direct routes are f or local interf aces, a destination IP address is not listed.
D-Link DWS-1008 CLI Manual 162 sho w ntp Displa ys NTP client inf or mation. Syntax: sho w ntp Defaults: None. Access: All. Examples: T o display NTP inf or mation for a D WS-1008 s witch, type the f .
D-Link DWS-1008 CLI Manual 163 sho w snmp comm unity Displa ys the configured SNMP community strings. Syntax: sho w snmp community Defaults: None. Access: Enab led. See Also: • clear snmp community • set snmp community sho w snmp counters Displa ys SNMP statistics counters.
D-Link DWS-1008 CLI Manual 164 sho w snmp status Displa ys SNMP v ersion and status inf or mation. Syntax: sho w snmp status Defaults: None . Access: Enabled.
D-Link DWS-1008 CLI Manual 165 sho w summer time Shows a s witch’ s offset from its real-time cloc k. Syntax: sho w summer time Defaults: There is no summer time offset by def ault.
D-Link DWS-1008 CLI Manual 166 sho w timezone Shows the time offset f or the real-time clock from UTC on a s witch. Syntax: sho w timezone Defaults: None.
D-Link DWS-1008 CLI Manual 167 Examples: In the f ollowing e xample, an administrator estab lishes a T elnet session with another s witch and enters a command on the remote s witch: DWS-1008# telnet 10.10.10.90 Session 0 pty tty2.d T rying 10.10.10.90.
D-Link DWS-1008 CLI Manual 168 tracer oute T races the route to an IP host. Syntax: tracer oute host [dnf] [no-dns] [port por t-num ] [queries num ] [size size ] [ttl hops ] [wait ms ] host IP address, hostname , or alias of the destination host. Specify the IP address in dotted decimal notation.
D-Link DWS-1008 CLI Manual 169 The first row of the display indicates the target host, the maximum number of hops , and the pack et size. Each numbered row displa ys information about one hop. The rows are display ed in the order in which the hops occur , beginning with the hop closest to the switch.
D-Link DWS-1008 CLI Manual 170 AAA Commands Use authentication, authorization, and accounting (AAA) commands to pro vide a secure netw ork connection and a record of user activity . Location policy commands o v erride any vir tual LAN (VLAN) or security ACL assignment b y AAA or the local database to help y ou control access locally .
D-Link DWS-1008 CLI Manual 171 c lear accounting Remov es accounting services f or specified wireless users with administrativ e access or network access. Syntax: c lear accounting {admin | dot1x | system} { user-glob } admin Users with administrativ e access to the s witch through a console connection or through a T elnet or W eb View connection.
D-Link DWS-1008 CLI Manual 172 c lear authentication admin Remov es an authentication rule f or administrativ e access through T elnet or W eb View . Syntax: c lear authentication admin user-glob user-glob A single user or set of users.
D-Link DWS-1008 CLI Manual 173 Defaults: None. Access: Enab led. Note: The syntax descriptions for the clear authentication commands hav e been separated for clarity . Howe ver , the options and behavior for the clear authentication console command are the same as in pre vious releases.
D-Link DWS-1008 CLI Manual 174 c lear authentication mac Remov es a MA C authentication rule. Syntax: c lear authentication mac {ssid ssid-name | wired} mac-addr-glob ssid ssid-name SSID name to which this authentication rule applies. wired Clears a rule used for access o v er a s witch’ s wired-authentication por t.
D-Link DWS-1008 CLI Manual 175 c lear authentication web Remov es a WebAAA rule. Syntax: c lear authentication web {ssid ssid-name | wired} user-glob ssid ssid-name SSID name to which this authentication rule applies. wired Clears a rule used for access o v er a s witch’ s wired-authentication por t.
D-Link DWS-1008 CLI Manual 176 c lear mac-user Remov es a user profile from the local database on the s witch, f or a user who is authenticated by a MA C address. (T o remov e a user profile in RADIUS , see the documentation for your RADIUS ser v er .
D-Link DWS-1008 CLI Manual 177 Defaults: None . Access: Enabled. Examples: The follo wing command remov es an access control list (ACL) from the profile of a user at MA C address 01:02:03:04:05:06: DWS-1008# clear mac-user 01:02:03:04:05:06 attr filter -id success: change accepted.
D-Link DWS-1008 CLI Manual 178 c lear mac-user gr oup Remov es a user group from the local database on the D WS-1008 switch, for a group of users who are authenticated by a MAC address. (T o delete a MA C user group in RADIUS , see the documentation f or your RADIUS server .
D-Link DWS-1008 CLI Manual 179 Examples: The f ollowing command remo ves the members of the MA C user group eastcoasters from a VLAN assignment by deleting the VLAN-Name attribute from the group: DWS-1008# clear mac-user group eastcoaster s attr vlan-name success: change accepted.
D-Link DWS-1008 CLI Manual 180 c lear user attr Remov es an authorization attribute from the user profile in the local database on the s witch, f or a user with a pass word. (T o remov e an authorization attr ib ute from a RADIUS user profile , see the documentation f or your RADIUS server .
D-Link DWS-1008 CLI Manual 181 Examples: The follo wing command remov es the user Nin from the user group Nin is in: DWS-1008# clear user Nin gr oup success: change accepted.
D-Link DWS-1008 CLI Manual 182 c lear user gr oup attr Remov es an author ization attribute from a user group in the local database on the switch. (T o remov e an authorization attribute in RADIUS, see the documentation f or your RADIUS ser v er .) Syntax: c lear usergr oup group-name attr attribute-name group-name Name of an existing user group .
D-Link DWS-1008 CLI Manual 183 star t-stop Sends accounting records at the star t and end of a network session. stop-only Sends accounting records only at the end of a networ k session. method1-4 At least one of up to four methods that MSS uses to process accounting records.
D-Link DWS-1008 CLI Manual 184 dot1x Users with network access through the s witch who are authenticated b y 802.1X. mac Users with network access through the s witch who are authenticated by MA C authentication. web Users with network access through the s witch who are authenticated by W ebAAA.
D-Link DWS-1008 CLI Manual 185 Defaults: Accounting is disab led f or all users by def ault. Access: Enab led. Usage: For network users with star t-stop accounting whose records are sent to a RADIUS ser v er , MSS sends interim updates to the RADIUS ser ver when the user roams .
D-Link DWS-1008 CLI Manual 186 set authentication admin Configures authentication and defines where it is perf ormed for specified users with administrativ e access through T elnet or W eb View .
D-Link DWS-1008 CLI Manual 187 Usage: Y ou can configure diff erent authentication methods f or diff erent groups of users. (For details, see “User Globs, MA C Address Globs, and VLAN Globs” on page 7.
D-Link DWS-1008 CLI Manual 188 user-glob Single user or set of users with administrativ e access ov er the network through T elnet or Web View . Specify a user name, use the doub le-asterisk wildcard .
D-Link DWS-1008 CLI Manual 189 Usage: Y ou can configure diff erent authentication methods f or diff erent groups of users. (For details, see “User Globs, MA C Address Globs, and VLAN Globs” on page 7.
D-Link DWS-1008 CLI Manual 190 bonded Enab les Bonded Auth™ (bonded authentication). When this f eature is enabled, MSS authenticates the user only if the machine the user is on has already been authenticated. protocol Protocol used f or authentication.
D-Link DWS-1008 CLI Manual 191 method1-4 At least one of up to four methods that MSS uses to handle authentication. Specify one or more of the follo wing methods in prior ity order .
D-Link DWS-1008 CLI Manual 192 If the user name does not match an authentication r ule f or the SSID the user is attempting to access , MSS uses the f allthru authentication type configured f or the SSID , which can be last-resor t, web-por tal (for W ebAAA), or none.
D-Link DWS-1008 CLI Manual 193 method1-4 At least one of up to four methods that MSS uses to handle authentication. Specify one or more of the follo wing methods in prior ity order .
D-Link DWS-1008 CLI Manual 194 set authentication pr o xy Configures a pro xy authentication rule for a third-par ty AP’ s wireless users. Syntax: set authentication pr o xy ssid ssid-name user-glob radius-server-gr oup ssid ssid-name SSID name to which this authentication r ule applies .
D-Link DWS-1008 CLI Manual 195 set authentication web Configures an authentication rule to allow a user to log in to the network using a web page ser v ed by the s witch. The r ule can be activated if the user is not otherwise granted or denied access by 802.
D-Link DWS-1008 CLI Manual 196 Usage: Y ou can configure diff erent authentication methods f or different groups of users by “globbing. ” Y ou can configure a rule either for wireless access to an SSID , or f or wired access through a s witch’ s wired authentication por t.
D-Link DWS-1008 CLI Manual 197 set location policy Creates and enables a location policy on a s witch. A location policy enab les you to locally set or change authorization attributes f or a user after the user is authorized by AAA, without making changes to the AAA ser v er .
D-Link DWS-1008 CLI Manual 198 Replace operator with one of the f ollo wing operands: • eq —Applies the location policy rule to all users assigned VLAN names matching vlan-glob . • neq —Applies the location policy rule to all users assigned VLAN names not matching vlan-glob .
D-Link DWS-1008 CLI Manual 199 Conditions within a rule are ANDed. All conditions in the rule m ust match in order f or MSS to take the specified action.
D-Link DWS-1008 CLI Manual 200 set mac-user Configures a user profile in the local database on the s witch f or a user who can be authenticated by a MA C address , and optionally adds the user to a MA C user group . (T o configure a MA C user profile in RADIUS, see the documentation f or your RADIUS ser v er .
D-Link DWS-1008 CLI Manual 201 Defaults: None. Access: Enabled. Usage: T o change the v alue of an attrib ute, enter set mac-user attr with the new v alue. T o delete an attribute, use c lear mac-user attr . Y ou can assign attr ib utes to individual MAC users and to MA C user groups.
D-Link DWS-1008 CLI Manual 202 Attribute Description V alid V alue(s) filter-id (network access mode only) Security access control list (ACL), to per mit or deny traffic receiv ed (input) or sent (output) by the s witch. Name of an e xisting secur ity ACL, up to 253 alphanumeric characters , with no tabs or spaces.
D-Link DWS-1008 CLI Manual 203 Attribute Description V alid V alue(s) time-of-da y (network access mode only) Da y(s) and time(s) dur ing which the user is permitted to log into the network.
D-Link DWS-1008 CLI Manual 204 Attribute Description V alid V alue(s) vlan-name (network access mode only) Vir tual LAN (VLAN) assignment. Note: On some RADIUS ser v ers, you might need to use the standard RADIUS attribute T unnel-Pvt-Group-ID , instead of VLAN-Name.
D-Link DWS-1008 CLI Manual 205 set mac-user gr oup attr Creates a user group in the local database on the s witch for users who are authenticated by a MA C address, and assigns authorization attributes f or the group . (T o configure a user group and assign author ization attr ibutes through RADIUS, see the documentation f or your RADIUS server .
D-Link DWS-1008 CLI Manual 206 set user Configures a user profile in the local database on the s witch f or a user with a pass word. (T o configure a user profile in RADIUS, see the documentation f or your RADIUS ser v er .) Syntax: set user username passwor d [encrypted] string user name User name of a user with a pass word.
D-Link DWS-1008 CLI Manual 207 set user attr Configures an authorization attr ib ute in the local database on the s witch f or a user with a pass word. (T o assign authorization attr ibutes in RADIUS , see the documentation f or y our RADIUS ser v er .
D-Link DWS-1008 CLI Manual 208 set user gr oup Adds a user to a user group . The user m ust ha v e a pass word and a profile that e xists in the local database on the s witch. (T o configure a user in RADIUS, see the documentation f or your RADIUS ser v er .
D-Link DWS-1008 CLI Manual 209 Defaults: None. Access: Enab led. Usage: T o change the v alue of an attribute , enter set usergroup attr with the new value . T o delete an attr ibute , use clear usergr oup attr . T o add a user to a group , user the command set user group .
D-Link DWS-1008 CLI Manual 210 sho w aaa Displa ys all current AAA settings. Syntax: sho w aaa Defaults: None . Access: Enab led. Examples: T o display all current AAA settings , type the f ollowing c.
D-Link DWS-1008 CLI Manual 211 The table belo w describes the fields that can appear in show aaa output. Field Description Default V alues RADIUS default v alues f or all parameters. authport UDP por t on the s witch for transmission of RADIUS author ization and authentication messages.
D-Link DWS-1008 CLI Manual 212 sho w accounting statistics Displa ys the AAA accounting records f or wireless users. The records are stored in the local database on the s witch. (T o displa y RADIUS accounting records, see the documentation f or your RADIUS ser v er .
D-Link DWS-1008 CLI Manual 213 The table belo w describes the fields that can appear in show accounting statistics output. Field Description Date and time Date and time of the accounting record.
D-Link DWS-1008 CLI Manual 214 Cr yptography Commands A digital cer tificate is a f or m of electronic identification for computers. The s witch requires digital cer tificates to authenticate its c.
D-Link DWS-1008 CLI Manual 215 crypto ca-cer tificate Installs a cer tificate authority’ s o wn PKCS#7 cer tificate into the s witch cer tificate and ke y storage area.
D-Link DWS-1008 CLI Manual 216 Examples The follo wing command adds the cer tificate authority’ s cer tificate to s witch cer tificate and ke y storage: DWS-1008# crypto ca-cer tificate admin En.
D-Link DWS-1008 CLI Manual 217 1. Open the PKCS#7 object file with an ASCII text editor such as Notepad or vi. 2. Enter the crypto cer tificate command on the CLI command line. 3. When MSS prompts you for the PEM-formatted cer tificate, paste the PKCS#7 object file onto the command line.
D-Link DWS-1008 CLI Manual 218 128 | 512 | 1024 | Length of the ke y pair in bits. 2048 Note: The minimum ke y length f or SSH is 1024. The length 128 applies only to domain and is the only valid option f or it. Defaults: None. Access: Enabled. Usage: Y ou can ov erwrite a ke y by gener ating another ke y of the same type .
D-Link DWS-1008 CLI Manual 219 State Name string (Op tio nal ) Spec ify th e name of the st ate , in up to 64 alp han um eric cha ra cte rs . S pac es are al lo w ed. Locality Name string (Opt ion al) Spec ify the nam e of the loca lit y , in up to 80 alp han um eric cha ra cte rs wit h n o s pac es .
D-Link DWS-1008 CLI Manual 220 CSR for admin is -----BEGIN CERTIFICA TE REQUEST ----- MIIBuzCCASQCAQA wezELMAkGA1UEBhMCdXMxCzAJBgNVBAgT AmNhMQswCQYDVQQH EwJjYTELMAkGA1UEChMCY2ExCzAJBgNVBAsT AmNhMQswCQ.
D-Link DWS-1008 CLI Manual 221 Common Name Spec ify a uniq ue n ame f or th e s witch , in up to 8 0 alp han um eric string cha ra cte rs wit h no spa ces . Use a full y qual ifie d nam e if suc h name s are su ppo r ted on y ou r n etw ork. Thi s fi eld is re qui red .
D-Link DWS-1008 CLI Manual 222 crypto otp Sets a one-time pass word (O TP) for use with the crypto pkcs12 command. Syntax: crypto otp {admin | eap | web} one-time-pass word admin Creates a one-time pa.
D-Link DWS-1008 CLI Manual 223 crypto pkcs12 Unpacks a PKCS#12 object file into the cer tificate and ke y storage area on the switch. This object file contains a public-priv ate ke y pair , a s witch cer tificate signed by a cer tificate authority , and the cer tificate author ity’ s cer tificate.
D-Link DWS-1008 CLI Manual 224 sho w cr ypto ca-cer tificate Displa ys inf or mation about the cer tificate authority’ s PEM-encoded PKCS#7 cer tificate.
D-Link DWS-1008 CLI Manual 225 sho w cr ypto cer tificate Displa ys inf or mation about one of the cr yptogr aphic cer tificates installed on the switch. Syntax: sho w crypto cer tificate {admin | eap | web} admin Displays information about the administrativ e cer tificate that authenticates the s witch to W eb View .
D-Link DWS-1008 CLI Manual 226 sho w cr ypto ke y domain Displa ys the chec ksum (also called a finger pr int) of the public k e y used to authenticate management traffic between s witches. Syntax: sho w crypto key domain Defaults: None. Access: Enabled.
D-Link DWS-1008 CLI Manual 227 RADIUS and Ser ver Groups Commands Use RADIUS commands to set up communication betw een a switch and groups of up to f our RADIUS ser v ers for remote authentication, author ization, and accounting (AAA) of administrators and networ k users.
D-Link DWS-1008 CLI Manual 228 c lear radius Resets parameters that were globally configured f or RADIUS ser vers to their def ault values . Syntax: c lear radius {deadtime | key | retransmit | timeout} deadtime Number of minutes to wait after declar ing an unresponsive RADIUS ser v er unav ailab le bef ore retr ying the RADIUS ser v er .
D-Link DWS-1008 CLI Manual 229 c lear radius c lient system-ip Remov es the s witch’ s system IP address from use as the permanent source address in RADIUS client requests from the s witch to its RADIUS ser v er(s).
D-Link DWS-1008 CLI Manual 230 c lear radius pr o xy client Remov es RADIUS pro xy client entries f or third-par ty APs. Syntax: c lear radius pro xy client all Defaults: None Access: Enabled.
D-Link DWS-1008 CLI Manual 231 c lear radius server Remov es the named RADIUS server from the s witch configuration. Syntax: c lear radius server ser ver-name ser v er-name Name of a RADIUS ser ver configured to perform remote AAA ser vices f or the s witch.
D-Link DWS-1008 CLI Manual 232 T o disable load balancing in a server g roup shorebirds , type the f ollowing command: DWS-1008# set server group shorebir ds load-balance disable success: change accepted.
D-Link DWS-1008 CLI Manual 233 Defaults: Global RADIUS parameters ha v e the f ollowing def ault v alues: • deadtime —0 (zero) minutes (The s witch does not designate unresponsiv e RADIUS ser vers as una v ailab le.
D-Link DWS-1008 CLI Manual 234 set radius c lient system-ip C a u s e s al l R A D I U S r e q u e s t s to b e s o u r c e d fr om t h e IP a d d r e s s s p e c i fi e d b y t h e s e t s y s t e m ip -a dd re ss command, providing a permanent source IP address for RADIUS pac k ets sent from the s witch.
D-Link DWS-1008 CLI Manual 235 Access: Enabled. Usage: AAA f or third-par ty AP users has additional configuration requirements. Examples: The f ollo wing command configures a RADIUS pro xy entry f or a third-party AP RADIUS client at 10.
D-Link DWS-1008 CLI Manual 236 set radius server Configures RADIUS ser vers and their parameters. By def ault, the s witch automatically sets all these v alues e xcept the pass word (k ey).
D-Link DWS-1008 CLI Manual 237 Defaults: Def ault v alues are listed below: • auth-por t —UDP por t1812 • acct-por t —UDP por t1813 • timeout —5 seconds • retransmit —3 (the total numb.
D-Link DWS-1008 CLI Manual 238 set server group Configures a group of one to f our RADIUS servers. Syntax: set server group g roup-name members server-name1 [ server-name2 ] [ ser v er-name3 ] [ ser ver-name4 ] group-name Ser v er group name of up to 32 characters , with no spaces or tabs.
D-Link DWS-1008 CLI Manual 239 set server group load-balance Enables or disab les load balancing among the RADIUS servers in a ser v er group . Syntax: set server group g roup-name load-balance {enable | disable} group-name Ser v er group name of up to 32 characters .
D-Link DWS-1008 CLI Manual 240 802.1X Management Commands Use 802. IEEE X management commands to modify the default settings f or IEEE 802.1X sessions on a D WS-1008 switch. F or best results, change the settings only if you are aware of a problem with the s witch’ s 802.
D-Link DWS-1008 CLI Manual 241 c lear dot1x bonded-period Resets the Bonded A uth period to its default v alue . Syntax: c lear dot1x max-req Defaults: The default bonded authentication period is 0 seconds.
D-Link DWS-1008 CLI Manual 242 c lear dot1x por t-contr ol Resets all wired authentication por ts on the switch to def ault 802.1X authentication. Syntax: c lear dot1x port-control Defaults: By def ault, all wired authentication por ts are set to auto and the y process authentication requests as deter mined b y the set authentication dot1X command.
D-Link DWS-1008 CLI Manual 243 c lear dot1x reauth-max Resets the maximum number of reauthorization attempts to the def ault setting. Syntax: c lear dot1x reauth-max Defaults: The default is 2 attempts .
D-Link DWS-1008 CLI Manual 244 c lear dot1x timeout auth-server Resets to the def ault setting the number of seconds that m ust elapse bef ore the s witch times out a request to a RADIUS ser v er . Syntax: c lear dot1x reauth-period Defaults: The default is 30 seconds .
D-Link DWS-1008 CLI Manual 245 c lear dot1x tx-period Resets to the def ault setting the number of seconds that must elapse bef ore the switch retransmits an EAP ov er LAN (EAP oL) pack et. Syntax: c lear dot1x tx-period Defaults: The default is 5 seconds .
D-Link DWS-1008 CLI Manual 246 set dot1x bonded-period Changes the Bonded A uth™ (bonded authentication) per iod. The Bonded Auth per iod is the number of seconds MSS allo ws a Bonded A uth user to reauthenticate.
D-Link DWS-1008 CLI Manual 247 set dot1x ke y-tx Enables or disables the transmission of encr yption ke y inf or mation to the supplicant (client) in EAP ov er LAN (EAP oL) ke y messages , after authentication is successful. Syntax: set dot1x ke y-tx {enable | disable} enable Enab les transmission of encryption key inf or mation to clients.
D-Link DWS-1008 CLI Manual 248 See Also: • clear dot1x max-req • show dot1x set dot1x por t-contr ol Deter mines the 802.1X authentication behavior on individual wired authentication por ts or groups of por ts.
D-Link DWS-1008 CLI Manual 249 set dot1x quiet-period Sets the number of seconds a s witch remains quiet and does not respond to a supplicant after a f ailed authentication. Syntax: set dot1x quiet-period seconds seconds Specify a v alue between 0 and 65,535.
D-Link DWS-1008 CLI Manual 250 set dot1x reauth-period Sets the number of seconds that must elapse bef ore the switch attempts reauthentication. Syntax: set dot1x reauth-period seconds seconds Specify a v alue between 60 (1 minute) and 1,641,600 (19 da ys).
D-Link DWS-1008 CLI Manual 251 set dot1x timeout supplicant Sets the number of seconds that must elapse before the s witch times out an authentication session with a supplicant (client). Syntax: set dot1x timeout supplicant seconds seconds Specify a v alue between 1 and 65,535.
D-Link DWS-1008 CLI Manual 252 set dot1x wep-reke y Enables or disables Wired Equivalency Privacy (WEP) rek eying f or broadcast and multicast encr yption ke ys .
D-Link DWS-1008 CLI Manual 253 sho w dot1x Displa ys 802.1X client inf or mation f or statistics and configuration settings . Syntax: sho w dot1x {clients | stats | config} clients Displays inf or mation about active 802.1X clients, including client name, MA C address, and state .
D-Link DWS-1008 CLI Manual 254 T ype the f ollowing command to displa y the 802.1X clients: DWS-1008# show dot1x config 802.1X user policy ---------------------- ‘host/bob-laptop.mycorp.com’ on ssid ‘mycorp’ doing P ASSTHRU ’bob.mycorp.com’ on ssid ‘mycorp’ doing P ASSTHRU (bonded) 802.
D-Link DWS-1008 CLI Manual 255 T ype the f ollowing command to displa y 802.1X statistics: DWS-1008# show dot1x stats 802.1X statistic value ---------------------- ---------------------- Enters Connec.
D-Link DWS-1008 CLI Manual 256 Session Management Commands Use session management commands to displa y and clear administrative and network user sessions. This chapter presents session management commands alphabetically . Use the f ollowing table to locate commands in this chapter based on their use.
D-Link DWS-1008 CLI Manual 257 T o clear all administrativ e T elnet sessions, type the f ollo wing command: DWS-1008# clear sessions telnet This will ter minate manager sessions, do you wish to conti.
D-Link DWS-1008 CLI Manual 258 Examples: T o clear all sessions f or MA C address 00:01:02:03:04:05, type the f ollowing command: DWS-1008# clear sessions netw ork mac-addr 00:01:02:03:04:05 This will.
D-Link DWS-1008 CLI Manual 259 Defaults: None. Access: All, e xcept f or show sessions telnet c lient , which has enab led access. Examples: T o view information about sessions of administr ative user.
D-Link DWS-1008 CLI Manual 260 The table below describes the fields of the show sessions admin , show sessions console , and show sessions telnet displa ys.
D-Link DWS-1008 CLI Manual 261 ssid ssid-name Displa ys all network sessions f or an SSID . vlan vlan-glob Displa ys all network sessions on a single VLAN or a set of VLANs .
D-Link DWS-1008 CLI Manual 262 The f ollo wing command displa ys summar y inf or mation about the sessions f or MA C address 00:05:5d:7e:98:1a : DWS-1008# show sessions netw ork mac-addr 00:05:5d:7e:9.
D-Link DWS-1008 CLI Manual 263 The f ollowing command displa ys information about network session 88: DWS-1008# show sessions netw ork session-id 88 Local Id: 88 Global Id: SESS-88-00040f-876766-623fd6 State: ACTIVE SSID: Rack-39-PM Por t/Radio: 10/1 MAC Address: 00:0f:66:f4:71:6d User Name: last-resort-Rack-39-PM IP Address: 10.
D-Link DWS-1008 CLI Manual 264 Additional sho w sessions netw ork verbose Output Field Description Client MA C MA C address of the session user . GID Global session ID , a unique session number . State Status of the session: • A UTH, ASSOC REQ—Client is being associated by the 802.
D-Link DWS-1008 CLI Manual 265 sho w sessions network session-id Output Field Description Local Id Identifier for the session on this par ticular s witch. (This is the session ID you specify when entering the show sessions network session-id command.
D-Link DWS-1008 CLI Manual 266 Unicast bytes out T otal number of unicast bytes sent b y the s witch to the user (64-bit counter). Mul tica st pac k ets in T otal number of m ulticast pack ets received from the user b y the s witch (64-bit counter).
D-Link DWS-1008 CLI Manual 267 RF Detection Commands MSS automatically perf or ms RF detection scans on enab led and disabled radios to detect rogue access points. A rogue access point is a BSSID (MA C address associated with an SSID) that does not belong to a D-Link de vice and is not a member of the ignore list configured on the seed s witch.
D-Link DWS-1008 CLI Manual 268 c lear rfdetect attac k-list Remov es a MA C address from the attac k list. Syntax: c lear rfdetect attack-list mac-addr mac-addr MA C address you w ant to remov e from the attack list.
D-Link DWS-1008 CLI Manual 269 c lear rfdetect ssid-list Remov es an SSID from the permitted SSID list. Syntax: c lear rfdetect ssid-list ssid-name ssid-name SSID name you w ant to remov e from the per mitted SSID list. Defaults: None. Access: Enabled.
D-Link DWS-1008 CLI Manual 270 set rfdetect attac k-list Adds an entry to the attac k list. The attack list specifies the MA C addresses of de vices that MSS should issue counter measures against whene v er the de vices are detected on the network. The attack list can contain the MA C addresses of APs and clients.
D-Link DWS-1008 CLI Manual 271 MSS can place a client in the b lack list due to an association, reassociation or disassociation flood from the client. The client b lack list applies only to the s witch on which the list is configured. Switches do not share client blac k lists .
D-Link DWS-1008 CLI Manual 272 See Also: • clear rfdetect ignore • show rfdetect ignore set rfdetect log Disables or reenables generation of log messages when rogues are detected or when the y disappear . Syntax: set rfdetect log {enable | disab le} enable Enab les logging of rogues.
D-Link DWS-1008 CLI Manual 273 Usage: The command applies only to APs managed by the s witch on which y ou enter the command. T o enable signatures on all APs , enter the command on each s witch. Note: Y ou must use the same AP signature setting (enab led or disab led) on all s witches.
D-Link DWS-1008 CLI Manual 274 set rfdetect vendor -list Adds an entr y to the per mitted v endor list. The per mitted v endor list specifies the third-par ty AP or client vendors that are allowed on the network. MSS does not list a device as a rogue or interf ering device if the de vice’ s OUI is in the per mitted v endor list.
D-Link DWS-1008 CLI Manual 275 Examples: The follo wing e xample shows the attac k list on s witch: DWS-1008# show rfdetect attac k-list T otal number of entries: 1 Attacklist MA C P or t/Radio/Chan R.
D-Link DWS-1008 CLI Manual 276 Examples: The f ollowing command shows information about all wireless clients detected by a s witch’ s APs: DWS-1008# show rfdetect c lients T otal number of entries: .
D-Link DWS-1008 CLI Manual 277 T ype Classification of the rogue de vice: • rogue—Wireless de vice that is on the network b ut is not supposed to be on the network. • intfr—Wireless device that is not par t of your network and is not a rogue , but might be causing RF interf erence with AP radios.
D-Link DWS-1008 CLI Manual 278 Usage: This command is v alid only on the seed s witch Examples: The follo wing e xample displa ys counter measures status: DWS-1008# show rfdetect countermeasures T ota.
D-Link DWS-1008 CLI Manual 279 Examples: The follo wing command shows counters f or rogue activity detected by a s witch: DWS-1008# show rfdetect countermeasures T ype Current T otal -----------------.
D-Link DWS-1008 CLI Manual 280 sho w rfdetect data Displa ys inf or mation about the APs detected b y a s witch. Syntax: sho w rfdetect data Defaults: None. Access: Enabled. Usage: Y ou can enter this command on any switch. The output applies only to the s witch on which you enter the command.
D-Link DWS-1008 CLI Manual 281 The table belo w describes the fields in this display . Field Description BSSID MA C address of the SSID used by the detected de vice. V endor Company that manuf actures or sells the rogue de vice. T ype Classification of the rogue de vice: • rogue—Wireless de vice that is not supposed to be on the network.
D-Link DWS-1008 CLI Manual 282 sho w rfdetect ssid-list Displa ys the entries in the per mitted SSID list. Syntax: sho w rfdetect ssid-list Defaults: None.
D-Link DWS-1008 CLI Manual 283 sho w rfdetect visible Displa ys the BSSIDs discov ered by a specific D-Link radio . The data includes BSSIDs transmitted by other D-Link r adios as well as b y third-par ty access points.
D-Link DWS-1008 CLI Manual 284 The table belo w describes the fields in this display . Field Description T ransmit MAC MA C address the rogue de vice that sent the 802.11 pack et detected by the AP r adio V endor Company that man ufactures or sells the rogue de vice.
D-Link DWS-1008 CLI Manual 285 Examples: The f ollowing command tests the RF link between the s witch and the client with MA C address 00:0e:9b:bf:ad:13: DWS-1008# test rflink mac 00:0e:9b:bf:ad:13 R.
D-Link DWS-1008 CLI Manual 286 File Management Commands Use file management commands to manage system files and to displa y software and boot inf or mation. This chapter presents file management commands alphabetically . Use the f ollowing tab le to locate commands in this chapter based on their use.
D-Link DWS-1008 CLI Manual 287 bac kup Creates an archiv e of s witch system files and optionally , user file, in Unix tape archiv e ( tar ) f or mat. Syntax: bac kup system [tftp:/ ip-addr /] filename [all | critical] [ tftp:/ ip-addr/]filename Name of the archiv e file to create .
D-Link DWS-1008 CLI Manual 288 Examples: The f ollowing command creates an archiv e of the system-critical files and copies the archiv e directly to a TFTP ser ver . The filename in this example includes a TFTP ser ver IP address, so the archiv e is not stored locally on the s witch.
D-Link DWS-1008 CLI Manual 289 Examples: The follo wing commands bac k up the configuration file on a s witch, reset the s witch to its f actor y def ault configuration, and reboot the s witch: DWS-1008# copy configuration tftp://10.1.1.1/bac kupcfg success: sent 365 bytes in 0.
D-Link DWS-1008 CLI Manual 290 Usage: The filename and file: filename URLs are equivalent. Y ou can use either URL to ref er to a file in a s witch’ s nonv olatile memory . The tftp: //ip-addr/filename URL ref ers to a file on a TFTP ser v er .
D-Link DWS-1008 CLI Manual 291 delete Caution: MSS does not prompt y ou to verify whether you want to delete a file . When you press Enter after typing a delete command, MSS immediately deletes the specified file. Note: MSS does not allow you to delete the currently running software image file or the r unning configuration.
D-Link DWS-1008 CLI Manual 292 dir Displa ys a list of the files in nonv olatile storage and temporar y files. Syntax: dir [ subdirname ] | [file:] | [core:] | [boot0:] | [boot1:] subdir name Subdirector y name. If you specify a subdirector y name, the command lists the files in that subdirector y .
D-Link DWS-1008 CLI Manual 293 core:command_audit.cur 37 bytes Aug 28 2005, 21:11:41 T otal: 37 bytes used, 91707 Kbytes free The f ollowing command displa ys the files in the root director y: DWS-10.
D-Link DWS-1008 CLI Manual 294 The table belo w describes the fields in the dir output. Field Description Filename Filename or subdirector y name. F or files, the director y name is shown in front of the filename (for example , file: configuration).
D-Link DWS-1008 CLI Manual 295 load config Caution: This command completely remov es the running configuration and replaces it with the configuration contained in the file . D-Link recommends that you sav e a copy of the current r unning configuration to a bac kup configuration file bef ore loading a ne w configuration.
D-Link DWS-1008 CLI Manual 296 md5 Calculates the MD5 checksum f or a file in the switch’ s non v olatile storage. Syntax: md5 [boot0: | boot1:] filename boot0: | boot1: Boot par tition into which you copied the file . filename: Name of the file.
D-Link DWS-1008 CLI Manual 297 DWS-1008# dir ========================================================== file: Filename Size Created file:configuration 17 KB May 21 2004, 18:20:53 file:configuration.
D-Link DWS-1008 CLI Manual 298 Examples: The follo wing command restar ts a s witch that does not hav e any unsa ved configuration changes: DWS-1008# reset system This will reset the entir e system.
D-Link DWS-1008 CLI Manual 299 Usage: If a file in the archive has a counter par t on the switch, the archive v ersion of the file replaces the file on the s witch. The restore command does not delete files that do not hav e counter par ts in the archive.
D-Link DWS-1008 CLI Manual 300 Examples: The follo wing e xample remov es subdirector y cor p2 : DWS-1008# rmdir corp2 success: change accepted. See Also: • dir • mkdir sa ve config Sav es the r unning configuration to a configuration file . Syntax: sa ve config [ filename ] filename Name of the configuration file .
D-Link DWS-1008 CLI Manual 301 set boot bac kup-configuration Specifies the name of a bac kup configuration file to be used in the e v ent that MSS cannot read the s witch’ s configuration file at boot time.
D-Link DWS-1008 CLI Manual 302 set boot par tition Specifies the boot par tition in which to look f or the system image file follo wing the next system reset, software reload, or po wer cycle . Syntax: set boot partition {boot0 | boot1} boot0 Boot par tition 0.
D-Link DWS-1008 CLI Manual 303 The table belo w describes the fields in the show boot output. Field Description Configured boot v ersion Software version the s witch will run ne xt time the software is rebooted. Configured boot image Boot par tition and image filename MSS will use to boot next time the software is rebooted.
D-Link DWS-1008 CLI Manual 304 • spantree • system • trace • vlan • vlan-fdb If you do not specify a configur ation area, nondef ault inf or mation f or all areas is displa yed. all Includes configuration items that are set to their def ault values .
D-Link DWS-1008 CLI Manual 305 Examples: The follo wing command displa ys v ersion inf or mation f or a s witch: DWS-1008# show ver sion Mobility System Software, V ersion: 4.1.0 QA 67 Copyright (c) 2002, 2003, 2004, 2005 D-Link, Inc. All rights reserved.
D-Link DWS-1008 CLI Manual 306 The table belo w describes the fields in the show version output. Field Description Build Inf or mation F actor y timestamp of the image file. Label Software v ersion and build date . Build Suffix Build suffix. Model Build model.
D-Link DWS-1008 CLI Manual 307 Access Point Commands Use D WL-8220AP access point commands to configure and manage D WL-8220AP access points. Be sure to do the f ollowing bef ore using the commands: • Define the countr y-specific IEEE 802.11 regulations on the D WS-1008 s witch.
D-Link DWS-1008 CLI Manual 308 Examples The f ollo wing command disab les and resets radio 2 on the DWL-8220AP access point connected to por t 3: D WS-1008# c lear ap 3 radio 2 c lear dap boot-configuration Remov es the static IP address configuration f or a Distr ib uted AP .
D-Link DWS-1008 CLI Manual 309 c lear radio-pr ofile Remov es a radio profile or resets one of the profile’ s parameters to its def ault value . Syntax: clear radio-pr ofile name [parameter] name parameter Defaults If you reset an individual par ameter , the parameter is retur ned to it’ s def ault value .
D-Link DWS-1008 CLI Manual 310 See Also: • set {ap | dap} radio radio-profile • set radio-profile mode • show {ap | dap} config • show radio-profile c lear service-profile Remov es a service profile or resets one of the profile’ s parameters to its def ault v alue.
D-Link DWS-1008 CLI Manual 311 Examples: The f ollowing commands disable the radios that are using radio profile r p6 , remo ve ser vice-profile svcprof6 from r p6 , then clear svcprof6 from the configuration. DWS-1008# set radio-profile rp6 mode disab le DWS-1008# clear radio-pr ofile rp6 service-profile svcpr of6 success: change accepted.
D-Link DWS-1008 CLI Manual 312 set dap auto Creates a profile f or automatic configuration of Distributed APs . Syntax: set dap auto Defaults: None. Access: Enabled. The follo wing T ab le lists the configurab le profile parameters and their def aults.
D-Link DWS-1008 CLI Manual 313 Examples: The follo wing command creates a profile f or automatic Distr ibuted AP configuration: DWS-1008# set dap auto success: change accepted.
D-Link DWS-1008 CLI Manual 314 set dap auto per sistent Conv er ts a temporar y AP configuration created by the AP configuration profile into a persistent AP configuration on the D WS-1008. Syntax: set dap auto per sistent [ dap-num | all] dap-num all Defaults: None.
D-Link DWS-1008 CLI Manual 315 Defaults: The def ault radio type f or the D WL-8220AP is 802.11g. Access: Enabled Examples: The follo wing command sets the radio type to 802.
D-Link DWS-1008 CLI Manual 316 If AP por t 1 is indirectly connected to D WS-1008 s witches through the network, the AP boots from the s witch with the high bias for the AP . If the bias for all connections is the same, the AP selects the switch that has the greatest capacity to add more active APs.
D-Link DWS-1008 CLI Manual 317 Examples: The f ollowing command enab les LED b link mode on the access points connected to por ts 3 and 4: D WS-1008# set ap 3-4 blink enable success: change accepted. set dap boot-ip Specifies static IP address inf or mation f or a Distributed AP .
D-Link DWS-1008 CLI Manual 318 Examples: The f ollo wing command configures Distributed AP 1 to use IP address 172.16.0.42 with a 24-bit netmask, and use 172.16.0.20 as its def ault gatew a y: D WS-1008# set dap 1 boot-ip ip 172.16.0.42 netmask 255.255.
D-Link DWS-1008 CLI Manual 319 When a static IP address is specified f or a Distributed AP , there is no preconfigured DNS inf or mation or DNS name for the D WS-1008 the Distr ibuted AP attempts to use as its boot de vice.
D-Link DWS-1008 CLI Manual 320 Usage: When this command is configured, all Ether net frames emitted from the Distributed AP are formatted with an 802.1Q tag with a specified VLAN number . F rames sent to the Distributed AP that are not tagged with this v alue are ignored.
D-Link DWS-1008 CLI Manual 321 set dap fingerprint V er ifies an AP’ s finger pr int on an D WS-1008. If AP-D WS security is required by an D WS-1008, an AP can establish a management session with the switch only if you hav e v erified the AP’ s identity by v er ifying its finger print on the switch.
D-Link DWS-1008 CLI Manual 322 set {ap | dap} f or ce-image-do wnload Configures an AP to download its software image from the D WS-1008 instead of loading the image that is locally stored on the AP .
D-Link DWS-1008 CLI Manual 323 set {ap | dap} gr oup Configures a named g roup of AP access points. MSS automatically load balances sessions among the access points in a group .
D-Link DWS-1008 CLI Manual 324 set {ap | dap} location Specifies location inf or mation f or an AP . Syntax: set {ap por t-list | dap { dap-num } location string ap por t-list dap dap-num location string Defaults: None . Access: Enabled Usage: Use this command to specify inf ormation about the location of the AP .
D-Link DWS-1008 CLI Manual 325 set {ap | dap} name Changes an AP name. Syntax: set {ap por t-list | dap dap-num } name name ap por t-list dap dap-num name Defaults: The default name of a directly attached AP is based on the por t number of the AP access por t attached to the AP .
D-Link DWS-1008 CLI Manual 326 indoors outdoors Defaults: The def ault antenna location is indoors. Access: Enabled Examples: The f ollowing command sets the antenna location f or radio 1 on Distr ib uted AP 22 to outdoors : DWS-1008# set dap 22 radio 1 antenna-location outdoors success: change accepted.
D-Link DWS-1008 CLI Manual 327 Defaults: All radios use the internal antenna by def ault. Access: Enabled Examples: The f ollo wing command configures the 802.11b/g radio on Distributed AP 1 to use antenna model ANT1060: DWS-1008# set dap 1 radio 1 antennatype ANT1060 success: change accepted.
D-Link DWS-1008 CLI Manual 328 Example: The follo wing command sets the maximum pow er that RF Auto-T uning can set on radio 1 on the D WL-8220AP access point on por t 5 to 12 dBm. DWS-1008# set ap 5 radio 1 auto-tune max-power 12 success: change accepted.
D-Link DWS-1008 CLI Manual 329 Examples: The f ollo wing command configures the channel on the 802.11a radio on the D WL-8220AP access point connected to por t 5: DWS-1008# set ap 5 radio 1 channel 36 success: change accepted. The f ollowing command configures the channel and transmit po wer on the 802.
D-Link DWS-1008 CLI Manual 330 Usage: T o enable or disable one or more radios to which a profile is assigned, use the set ap radio radio-profile command. T o enable or disable all radios that use a specific radio profile , use the set radio-profile command.
D-Link DWS-1008 CLI Manual 331 Defaults: When you create a new profile , the radio parameters in the profile are set to their f actor y def ault v alues . T o enable or disable all radios that use a specific radio profile , use set radio-profile .
D-Link DWS-1008 CLI Manual 332 Examples: The follo wing command configures the transmit power on the 802.11a radio on the D WL-8220AP access point connected to por t 5: DWS-1008# set ap 5 radio 1 tx-power 10 success: change accepted. The f ollowing command configures the channel and transmit po wer on the 802.
D-Link DWS-1008 CLI Manual 333 AP can estab lish a management session with the D WS-1008 s witch only if its finger pr int has been confir med b y you in MSS . A change to D WL-8220AP security suppor t does not affect management sessions that are already established.
D-Link DWS-1008 CLI Manual 334 set radio-pr ofile active-scan Disables or reenables activ e RF detection scanning on the D WL-8220AP radios managed by a radio profile.
D-Link DWS-1008 CLI Manual 335 name enable disable no-client Defaults: Dynamic channel assignment is enab led by def ault. Access: Enab led. Usage: If y ou disab le RF A uto-T uning f or channels, MSS does not dynamically set the channels when radios are first enab led and also does not tune the channels during operation.
D-Link DWS-1008 CLI Manual 336 name rate Defaults: The def ault RF A uto-T uning channel holddown is 900 seconds. Access: Enab led. Usage: The channel holddown applies e ven if RF anomalies occur that nor mally cause an immediate channel change.
D-Link DWS-1008 CLI Manual 337 If y ou set the inter val to 0, RF A uto-T uning does not ree valuate the channel at regular inter vals . How e ver , RF A uto-T uning can still change the channel in response to RF anomalies.
D-Link DWS-1008 CLI Manual 338 set radio-pr ofile auto-tune po wer -config Enables or disables dynamic power tuning (RF A uto-T uning) f or the D WL-8220AP radios in a radio profile . Syntax: set radio-profile name auto-tune po wer -config {enable | disable} name enable disable Defaults: Dynamic po wer assignment is disab led by def ault.
D-Link DWS-1008 CLI Manual 339 set radio-pr ofile auto-tune po wer -inter v al Sets the inter v al at which RF A uto-T uning decides whether to change the pow er lev el on radios in a radio profile.
D-Link DWS-1008 CLI Manual 340 set radio-pr ofile auto-tune po wer -loc kdown Locks down the current po wer settings on all radios in a radio profile . The pow er settings that are in effect when the command is entered are changed into statically configured pow er settings on the radios .
D-Link DWS-1008 CLI Manual 341 Defaults: The def ault interval is 60 seconds. Access: Enab led. Examples: The follo wing command changes the power ramp inter v al f or radios in radio profile r p2 to 120 seconds: DWS-1008# set radio-profile rp2 auto-tune po wer-ramp-interv al 120 success: change accepted.
D-Link DWS-1008 CLI Manual 342 set radio-pr ofile countermeasures Counter measures aff ect wireless service on a radio . When an AP radio is sending counter measures, the radio is disabled f or use b y network traffic , until the r adio finishes sending the counter measures.
D-Link DWS-1008 CLI Manual 343 The f ollowing command causes radios managed b y radio profile r adprof3 to issue countermeasures against de vices in the D WS-1008’ s attack list: DWS-1008# radio-profile radpr of3 countermeasures configured success: change accepted.
D-Link DWS-1008 CLI Manual 344 set radio-pr ofile frag-threshold Changes the fragmentation threshold f or the D WL-8220AP radios in a radio profile . The fragmentation threshold is the threshold at which the long-retr y-count is applicab le instead of the shor t-retr y-count.
D-Link DWS-1008 CLI Manual 345 set radio-pr ofile max-rx-lifetime Changes the maximum receive threshold f or the D WL-8220AP radios in a radio profile. The maximum receive threshold specifies the number of milliseconds that a frame receiv ed by a radio can remain in buff er memor y .
D-Link DWS-1008 CLI Manual 346 Defaults: The default maximum receive threshold for D WL-8220AP radios is 2000ms (2 seconds). Access: Enab led. Usage: Y ou must disab le all radios that are using a radio profile bef ore you can change parameters in the profile.
D-Link DWS-1008 CLI Manual 347 P arameter Default V alue Radio Beha vior When P arameter Set to Default V alue activ e-scan enable Sends probe any requests (probe requests with a null SSID name) to solicit probe responses from other access points. auto-tune enable Allo ws dynamic configuration of channel and power settings by MMS.
D-Link DWS-1008 CLI Manual 348 Access: Enab led. Usage: Use the command without any optional parameters to create ne w profile. If the radio profile does not already e xist, MSS creates a ne w radio profile . Use the enable or disab le option to enab le or disable all the r adios using a profile.
D-Link DWS-1008 CLI Manual 349 set radio-pr ofile preamble-length Changes the preamb le length f or which an 802.11b/g D WL-8220AP radio adver tises suppor t. This command does not apply to 802.11a. Syntax: set radio-profile name preamb le-length {long | short} name long short Defaults: The def ault is short .
D-Link DWS-1008 CLI Manual 350 set radio-pr ofile qos-mode Sets the prior itization mode f or f orwarding queues on AP r adios managed by the r adio profile. Syntax: set radio-profile name qos-mode {svp | wmm} name svp wmm Defaults: The def ault QoS mode is wmm .
D-Link DWS-1008 CLI Manual 351 Syntax: set radio-profile name rfid-mode {enab le | disable} name enable disable Defaults: The def ault is disable . Access: Enab led.
D-Link DWS-1008 CLI Manual 352 Examples: The f ollowing command changes the R TS threshold f or radio profile r p1 to 1500 bytes: DWS-1008# set radio-profile rp1 rts-threshold 1500 success: change accepted.
D-Link DWS-1008 CLI Manual 353 P arameter Default V alue Radio Behavior When P arameter Set to Default V alue cac-mode none Does not limit the number of active user sessions based on Call Admission Control. cac-session 14 If session-based CAC is enabled ( cac-mode is set to session ), limits the number of activ e user sessions on a radio to 14.
D-Link DWS-1008 CLI Manual 354 P arameter Default V alue Radio Behavior When P arameter Set to Default V alue psk-phrase No passphrase defined Uses dynamically generated ke ys rather than statically configured ke ys to authenticate WP A clients.
D-Link DWS-1008 CLI Manual 355 P arameter Default V alue Radio Behavior When P arameter Set to Default V alue user-idle-timeout 180 Allows a client to remain idle for 180 seconds (3 minutes) before MSS changes the client’ s session to the Disassociated state.
D-Link DWS-1008 CLI Manual 356 Access: Enab led. Usage: Y ou must configure the ser vice profile bef ore you can map it to a radio profile. Y ou can map the same ser vice profile to more than one radio profile . Y ou must disable all radios that use a radio profile bef ore y ou can change parameters in the profile.
D-Link DWS-1008 CLI Manual 357 set service-profile attr Configures authorization attr ib utes that are applied b y def ault to users accessing the SSID managed by the ser vice profile. These SSID def ault attributes are applied in addition to any supplied by the RADIUS server or from the local database .
D-Link DWS-1008 CLI Manual 358 Defaults: By def ault, a service profile does not hav e any authorization attributes set. Access: Enab led. Usage: T o change the v alue of a def ault attr ib ute for a ser vice profile, use the set service- profile attr command and specify a ne w v alue.
D-Link DWS-1008 CLI Manual 359 set service-profile auth-dot1x Disables or reenables 802.1X authentication of Wi-Fi Protected Access (WP A) clients b y AP radios , when the WP A inf or mation element (IE) is enabled in the ser vice profile that is mapped to the radio profile that the radios are using.
D-Link DWS-1008 CLI Manual 360 set service-profile auth-fallthru Specifies the authentication type for users who do not match an 802.1X or MAC authentication rule f or an SSID managed by the ser vice profile.
D-Link DWS-1008 CLI Manual 361 the ser vice profile r nd_lab to web-por tal: DWS-1008# set service-profile rnd_lab auth-fallthru web-portal success: change accepted.
D-Link DWS-1008 CLI Manual 362 set service-profile beacon Disables or reenab les beaconing of the SSID managed b y the ser vice profile. An AP radio responds to an 802.11 probe any request with only the beaconed SSID(s). F or a nonbeaconed SSID , radios respond only to directed 802.
D-Link DWS-1008 CLI Manual 363 name none session Defaults: The def ault CA C mode is none . Access: Enab led. Examples: The f ollo wing command enables session-based CA C on ser vice profile sp1 : DWS-1008# set service-profile sp1 cac-mode session success: change accepted.
D-Link DWS-1008 CLI Manual 364 Examples: The f ollo wing command changes the maximum number of sessions f or radios used by service profile sp1 to 10: DWS-1008# set service-profile sp1 cac-session 10 success: change accepted.
D-Link DWS-1008 CLI Manual 365 set service-profile cipher -tkip Disables or reenab les T emporal K ey Integrity Protocol (TKIP) encr yption in a ser vice profile. Syntax: set service-profile name cipher -ccmp {enable | disable} name enable disable Defaults: When the WP A IE is enabled, TKIP encr yption is enabled b y def ault.
D-Link DWS-1008 CLI Manual 366 Defaults: 104-bit WEP encr yption is disabled b y def ault. Access: Enab led. Usage: T o use 104-bit WEP with WP A clients, you m ust also enable the WP A IE.
D-Link DWS-1008 CLI Manual 367 Defaults: 40-bit WEP encr yption is disabled b y def ault. Access: Enab led. Usage: T o use 40-bit WEP with WP A clients, you m ust also enable the WP A IE.
D-Link DWS-1008 CLI Manual 368 Usage: This command applies only when static CoS is enabled. If static CoS is disabled, prior itization is based on the QoS mode configured in the radio profile, and on any A CLs that set CoS. T o enable static CoS , use the set service-profile static-cos command.
D-Link DWS-1008 CLI Manual 369 set service-profile idle-c lient-probing Disables or reenables periodic keepaliv es from AP radios to clients on a ser vice profile’ s SSID . When idle-client probing is enabled, the AP radio sends a unicast null-data frame to each client e v er y 10 seconds.
D-Link DWS-1008 CLI Manual 370 name enable disable Defaults: This option is disab led by def ault. Access: Enab led. Usage: Ev en when this option is enabled, the D WS-1008 to which a user roams (the .
D-Link DWS-1008 CLI Manual 371 Access: Enab led. Usage: The length of time a client can remain idle (unresponsiv e to idle-client probes) is specified by the user -idle-timeout command.
D-Link DWS-1008 CLI Manual 372 name enable disable Defaults: The no-broadcast mode is disab led by def ault. (Broadcast traffic not disabled.) Access: Enab led. Usage: T o fur ther reduce ARP traffic on a service profile , use the set service-pr ofile pro xy-arp command to enable Pro xy ARP .
D-Link DWS-1008 CLI Manual 373 Defaults: Pro xy ARP is disab led by def ault. Access: Enab led. Usage: T o fur ther reduce broadcast traffic on a ser vice profile, use the set ser vice-profile no- broadcast command to disable DHCP and ARP request broadcasts .
D-Link DWS-1008 CLI Manual 374 Examples: The follo wing command configures service profile sp3 to use passphrase “1234567890123<>?=+&% The quick bro wn f o x jumps ov er the lazy sl”: .
D-Link DWS-1008 CLI Manual 375 set service-profile r sn-ie Enables the Rob ust Security Network (RSN) Information Element (IE). The RSN IE adver tises the RSN (sometimes called WP A2) authentication methods and cipher suites suppor ted by radios in the r adio profile mapped to the ser vice profile.
D-Link DWS-1008 CLI Manual 376 set service-profile short-retr y-count Changes the shor t retr y threshold f or a ser vice profile. The shor t retr y threshold specifies the number of times a radio can send a shor t unicast fr ame without receiving an ackno wledgment.
D-Link DWS-1008 CLI Manual 377 name threshold Defaults: The def ault shor t unicast retr y threshold is 5 attempts. Access: Enab led. Examples: The f ollowing command changes the shor t retr y threshold for ser vice profile sp1 to 3: DWS-1008# set service-profile sp1 short-retr y-count 3 success: change accepted.
D-Link DWS-1008 CLI Manual 378 set service-profile soda enf orce-c hec ks Specifies whether a client is allow ed access to the network after it has do wnloaded and r un the SOD A agent security checks .
D-Link DWS-1008 CLI Manual 379 set service-profile soda failure-pa ge Specifies a page on the DWS-1008 that is loaded when a client f ails the secur ity checks performed by the SOD A agent.
D-Link DWS-1008 CLI Manual 380 set service-profile soda logout-pa ge Specifies a page on the D WS-1008 that is loaded when a client logs out of the network by closing the SOD A vir tual desktop . Syntax: set service-profile name soda logout-page page name page Defaults: None .
D-Link DWS-1008 CLI Manual 381 set service-profile soda mode Enables or disab les Sygate On-Demand (SOD A) functionality for a service profile. Syntax: set service-profile name soda mode {enable | disab le} name enable disable Defaults: Disab led. Access: Enab led.
D-Link DWS-1008 CLI Manual 382 Defaults: Disab led. Access: Enab led. Usage: If the SOD A agent checks f ail on a client, by def ault the client is disconnected from the network. Optionally , you can specify a f ailure page for the client to load (with the set ser vice-profile soda f ailure-page command).
D-Link DWS-1008 CLI Manual 383 The page is assumed to reside in the root director y on the D WS-1008. optionally specify a diff erent director y where the page resides. This functionality occurs only when the enf orce checks option is enabled f or the ser vice profile.
D-Link DWS-1008 CLI Manual 384 Examples: The f ollowing command applies the name guest to the SSID managed by ser vice profile clear_wlan : DWS-1008# set service-profile c lear_wlan ssid-name guest success: change accepted.
D-Link DWS-1008 CLI Manual 385 set service-profile static-cos Enables or disables static CoS on a ser vice profile. Static CoS assigns the same CoS le vel to all traffic on the ser vice profile’ s SSID , regardless of 802.1p or DSCP mar kings in the pack ets themselv es, and regardless of any A CLs that mar k CoS.
D-Link DWS-1008 CLI Manual 386 set service-profile tkip-mc-time Changes the length of time that AP radios use counter measures if two message integrity code (MIC) f ailures occur within 60 seconds.
D-Link DWS-1008 CLI Manual 387 name 11a | 11b | 11g mandantory rate-list disabled rate-list beacon-rate rate multicast-rate { rate | auto } Ser vice profile name. Radio type. Set of data transmission rates that clients are required to suppor t in order to associate with an SSID on an AP .
D-Link DWS-1008 CLI Manual 388 Defaults: This command has the f ollo wing def aults: • mandantory: • 11a - 6.0,12.0,24.0 • 11b - 1.0,2.0 • 11g - 1.0,2.0,5.5,11.0 • disabled - None. All rates applicable to the r adio type are suppor ted by def ault.
D-Link DWS-1008 CLI Manual 389 Syntax: set service-profile name user -idle-timeout seconds name seconds Defaults: The def ault user idle timeout is 180 seconds (3 minutes).
D-Link DWS-1008 CLI Manual 390 Access: Enab led. Usage: The first time you set the ser vice profile’ s auth-fallthru option to web-por tal , MSS sets the web-portal-acl option to por talacl . The value remains por talacl e v en if you change the auth-fallthru option again.
D-Link DWS-1008 CLI Manual 391 Note: T o use W ebAAA, the fallthru authentication type in the ser vice profile that manages the SSID must be set to web-por tal. T o use W ebAAA for a wired authentication por t, edit the por t configuration with the set por t type wired-auth command.
D-Link DWS-1008 CLI Manual 392 set service-profile web-portal-session-timeout Changes the number of seconds MSS allows Web P or tal W ebAAA sessions to remain in the Deassociated state bef ore being ter minated automatically .
D-Link DWS-1008 CLI Manual 393 set service-profile wep active-m ulticast-index Specifies the static Wired-Equivalent Privacy (WEP) ke y (one of f our) to use for encr ypting multicast frames .
D-Link DWS-1008 CLI Manual 394 Access: Enab led. Usage: Bef ore using this command, you must configure values f or the WEP ke ys you plan to use. Use the set ser vice-profile wep ke y-inde x command.
D-Link DWS-1008 CLI Manual 395 Examples: The f ollowing command configures a 5-b yte WEP ke y f or key inde x 1 on service profile sp2 to aabbccddee : DWS-1008# set service-profile sp2 wep key-inde x 1 key aabbccd dee success: change accepted.
D-Link DWS-1008 CLI Manual 396 List of por ts connected to the D WL-8220AP access point(s) f or which to displa y configuration settings . Number of a Distributed AP f or which to displa y configuration settings . Shows configur ation inf or mation f or radio 1.
D-Link DWS-1008 CLI Manual 397 The f ollowing T ab le descr ibes the fields in this displa y . Field Description por t D WS-1008 por t number . Note: This field is applicable only if the DWL-8220AP is directly connected to the D WS-1008 and the D WS-1008’ s por t is configured as an AP access por t.
D-Link DWS-1008 CLI Manual 398 sho w {ap | dap} counters Displa ys D WL-8220AP access point and radio statistics counters . Syntax: show ap counter s [ por t-list [radio {1 | 2}]] Syntax: show dap counter s [ dap-num [radio {1 | 2}]] por t-list dap-num radio 1 radio 2 Defaults: None .
D-Link DWS-1008 CLI Manual 399 TxUniPkt TxUniByte RxPkt UndcrptPkt TxMultiPkt TxMultiByte RxByte UndcrptByte PhyErr 1.0: 1017 0 10170 0 14 8347 0 0 3964 2.0: 5643 55683 822545 8697520 3 1670 0 0 8695 5.5: 0 0 0 0 5 258 0 0 4 6.0: 0 0 0 0 0 0 0 0 51 9.
D-Link DWS-1008 CLI Manual 400 Field Description TKIP Pkt Repla ys Number of TKIP packets that w ere resent to the AP by a client. A low value (under about one hundred) does not necessar ily indicate a problem.
D-Link DWS-1008 CLI Manual 401 Field Description User Sessions Number of clients currently associated with the radio . Generally , this counter is equal to the number of sessions listed for the radio in show sessions output.
D-Link DWS-1008 CLI Manual 402 Field Description TxUniPkt Number of unicast pack ets transmitted b y the radio . TxMultiPkt Number of multicast pac kets transmitted b y the radio . TxUniByte Number of unicast bytes tr ansmitted by the radio . TxMultiByte Number of multicast bytes transmitted b y the radio .
D-Link DWS-1008 CLI Manual 403 sho w {ap | dap} qos-stats Displa ys statistics f or D WL-8220AP f orw arding queues. Syntax: show dap qos-stats [ dap-n um ] [clear] Syntax: show ap qos-stats [ por t-list ] [c lear] dap-num por t-list clear Defaults: None .
D-Link DWS-1008 CLI Manual 404 Field Description CoS CoS v alue associated with the forw arding queues. Queue F orwarding queue. D AP or P or t Distr ibuted AP n umber or D WL-8220AP por t number . radio Radio number . Tx Number of pack ets transmitted to the air from the queue .
D-Link DWS-1008 CLI Manual 405 Examples: The follo wing command displa ys Ethernet statistics f or the Ether net por ts on Distributed AP 1: DWS-1008# show dap ether stats 1 DAP: 1 ether: 1 ==========.
D-Link DWS-1008 CLI Manual 406 Field Description RxOv err uns Number of frames known to be lost due to a temporary lack of hardw are resources. RxDiscards Number of frames known to be lost due to a temporar y lac k of software resources. TxGoodF rames Number of fr ames transmitted properly on the link.
D-Link DWS-1008 CLI Manual 407 Examples: The f ollowing command displa ys inf or mation for D WL-8220AP access point group loadbalance1 : DWS-1008# set service-profile sp2 wpa-ie enable The f ollowing T ab le descr ibes the fields in this displa y: Field Description Load Balance Gr p Name of the D WL-8220AP access point group .
D-Link DWS-1008 CLI Manual 408 sho w {ap | dap} status Displa ys D WL-8220AP access point and radio status inf or mation. Syntax: show ap status [ter se] | [ por t-list | all [radio {1 | 2}]] Syntax: sho w dap status [terse] | [ dap-num | all [radio {1 | 2}]] terse por t-list dap-num all radio1 radio2 Defaults: None .
D-Link DWS-1008 CLI Manual 409 The f ollowing command displa ys the status of a Distr ibuted AP access point: DWS-1008# show ap status 1 The f ollowing command uses the terse option to displa y br ief.
D-Link DWS-1008 CLI Manual 410 Field Description D AP Connection ID f or the Distributed AP . Note: This field is applicable only if the AP is configured on the D WS-1008 as a Distributed AP .
D-Link DWS-1008 CLI Manual 411 Field Description Radio 1 type Radio 2 type 802.11 type and configuration state of the radio . • The configure succeed state indicates that the AP has received configuration parameters f or the radio and the radio is ready to accept client connections .
D-Link DWS-1008 CLI Manual 412 Output f or show ap status ter se and show dap status ter se Field Description P or t D WS-1008AP por t number connected to the AP . Flg Operational status flags f or the AP . F or flag definitions, see the k ey in the command output.
D-Link DWS-1008 CLI Manual 413 DWS-1008# show auto-tune attrib utes ap 2 radio 1 Auto-tune attributes for por t 2 radio 1: Noise: -92 Packet Retransmission Count: 0 Utilization: 0 Phy Errors Count: 0 .
D-Link DWS-1008 CLI Manual 414 sho w auto-tune neighbors Displa ys the other D-Link access point and third-par ty 802.11 access points that a D-Link access point can hear .
D-Link DWS-1008 CLI Manual 415 The f ollowing tab le describes the fields in the display: Field Description Channel Channel on which the BSSID is detected. Neighbor BSS/MA C BSSID detected by the r adio . RSSI Receiv ed signal strength indication (RSSI), in decibels referred to 1 milliwatt (dBm).
D-Link DWS-1008 CLI Manual 416 Examples: The f ollowing command displa ys static IP configuration information f or Distributed AP 1: DWS-1008# show dap boot-configuration 1 Field Description D AP Distributed AP number . IP Address Whether static IP address assignment is enabled f or this Distributed AP .
D-Link DWS-1008 CLI Manual 417 sho w dap connection Displa ys the system IP address of the D WS-1008 that booted a Distributed AP . Syntax: show dap connection [ dap-n um | serial-id serial-ID ] dap-num serial-id Defaults: None .
D-Link DWS-1008 CLI Manual 418 sho w dap global Displa ys connection inf or mation f or Distributed APs configured on an D WS-1008. Syntax: show dap global [ dap-n um | serial-id serial-ID ] dap-num serial-id Defaults: None .
D-Link DWS-1008 CLI Manual 419 T o show information only f or Distributed APs that hav e active connections, use the show dap connection command. Examples: T o show information only for Distr ibuted APs that hav e active connections, use the show dap connection command.
D-Link DWS-1008 CLI Manual 420 sho w dap unconfigured Displa ys Distributed APs that are ph ysically connected to the network b ut that are not configured on any D WS-1008s.
D-Link DWS-1008 CLI Manual 421 sho w radio-pr ofile Displa ys radio profile inf ormation. Syntax: show radio-pr ofile { name | ?} name ? Defaults: None . Access: Enab led. Usage: MSS contains a def ault radio profile. D-Link recommends that you do not change this profile but instead k eep the profile f or ref erence .
D-Link DWS-1008 CLI Manual 422 Field Description R TS Threshold Minimum length (in bytes) a frame can be f or a radio in the radio profile to use the RTS/CTS method to send the frame. The RTS/CTS method clears the air of other traffic to av oid corr uption of the frame due to a collision with another frame.
D-Link DWS-1008 CLI Manual 423 See Also: • set radio-profile activ e-scan • set radio-profile auto-tune channel-config • set radio-profile auto-tune channel-holddo wn • set radio-profile .
D-Link DWS-1008 CLI Manual 424 sho w ser vice-pr ofile Displa ys ser vice profile inf or mation. Syntax show service-pr ofile { name | ?} name ? Defaults None.
D-Link DWS-1008 CLI Manual 425 Field Description ssid-name Ser vice set identifier (SSID) managed b y this ser vice profile. ssid-type SSID type: • cr ypto—Wireless traffic f or the SSID is encrypted. • clear—Wireless traffic f or the SSID is unencr ypted.
D-Link DWS-1008 CLI Manual 426 Field Description Custom logout web-page The name of the user-specified page that the client loads upon logging out of the networ k, either by closing the SOD A vir tual desktop , or by requesting the page. If no page is specified, then the client is disconnected without loading a logout page.
D-Link DWS-1008 CLI Manual 427 Field Description Shared K ey A uth Indicates whether shared-k ey authentication is enab led. WP A enabled or RSN enabled Indicates that the Wi-Fi Protected Access (WP A) or Robust Secur ity Network (RSN) inf or mation element (IE) is enabled.
D-Link DWS-1008 CLI Manual 428 STP Commands Use Spanning T ree Protocol (STP) commands to configure and manage spanning trees on the vir tual LANs (VLANs) configured on a switch, to maintain a loop-free network. This chapter presents STP commands alphabetically .
D-Link DWS-1008 CLI Manual 429 c lear spantree por tcost Resets to the def ault value the cost of a netw ork por t or por ts on paths to the STP root bridge in all VLANs on a D WS-1008 s witch. Syntax: c lear spantree portcost por t-list por t-list List of por ts.
D-Link DWS-1008 CLI Manual 430 c lear spantree por tvlancost Resets to the default v alue the cost of a network por t or por ts on paths to the STP root bridge f or a specific VLAN on a D WS-1008 s witch, or f or all VLANs. Syntax: c lear spantree portvlancost por t-list {all | vlan vlan-id } por t-list List of ports.
D-Link DWS-1008 CLI Manual 431 Defaults: None. Access: Enabled. Usage: MSS does not change a por t’ s priority for VLANs other than the one(s) you specify . Examples: The follo wing command resets the STP prior ity f or por t 5 in VLAN av ocado : DWS-1008# clear spantree portvlanpri 5 vlan av ocado success: change accepted.
D-Link DWS-1008 CLI Manual 432 set spantree Enables or disab les STP on one VLAN or all VLANs configured on a D WS-1008 s witch. Syntax: set spantree {enable | disab le} [{all | vlan vlan-id | port por t-list vlan-id }] enable Enables STP . disable Disables STP .
D-Link DWS-1008 CLI Manual 433 Defaults: STP backbone f ast path conv ergence is disab led by def ault. Access: Enabled. Usage: If you plan to use the backbone fast con v ergence feature , you must enable it on all the bridges in the spanning tree.
D-Link DWS-1008 CLI Manual 434 set spantree hello Changes the inter val betw een STP hello messages sent by a s witch when operating as the root bridge, on one or all of its configured VLANs. Syntax: set spantree hello interval {all | vlan vlan-id } interval Inter v al v alue.
D-Link DWS-1008 CLI Manual 435 Examples: The follo wing command changes the maximum acceptable age for root br idge hello pack ets on all VLANs to 15 seconds: DWS-1008# set spantree maxage 15 all success: change accepted.
D-Link DWS-1008 CLI Manual 436 set spantree por tfast Enables or disab les STP por t f ast conv ergence on one or more por ts on a s witch. Syntax: set spantree portfast por t por t-list {enable | disable} port por t-list List of por ts. MSS enables the f eature on the specified por ts.
D-Link DWS-1008 CLI Manual 437 set spantree por tvlancost Changes the cost of a network por t or por ts on paths to the STP root br idge f or a specific VLAN on an s witch. Syntax: set spantree portvlancost por t-list cost cost {all | vlan vlan-id } por t-list List of ports.
D-Link DWS-1008 CLI Manual 438 Defaults: The default STP priority for all netw ork por ts is 128. Access: Enabled. Examples: The follo wing command sets the prior ity of por ts 3 and 4 to 48 on VLAN mauve : DWS-1008# set spantree por tvlanpri 3-4 priority 48 vlan mauve success: change accepted.
D-Link DWS-1008 CLI Manual 439 set spantree uplinkfast Enables or disables STP uplink f ast con v ergence on a s witch. This f eature enab les a s witch with redundant links to the network backbone to immediately s witch to the backup link to the root bridge if the pr imar y link f ails.
D-Link DWS-1008 CLI Manual 440 Defaults: None. Access: All. Examples: The follo wing command displa ys STP inf or mation f or VLAN def ault : DWS-1008# show spantree vlan default VLAN 1 Spanning T ree.
D-Link DWS-1008 CLI Manual 441 Field Description Bridge ID Pr iority This switch’ s bridge pr iority . Bridge Max Age This s witch’ s maximum acceptable age f or hello pac kets . Bridge Hello Time This s witch’ s hello interval. Bridge Forw ard Delay This switch’ s f orwarding dela y v alue.
D-Link DWS-1008 CLI Manual 442 sho w spantree bac kbonefast Indicates whether the STP backbone f ast conv ergence f eature is enab led or disabled. Syntax: sho w spantree backbonefast Defaults: None.
D-Link DWS-1008 CLI Manual 443 sho w spantree por tfast Displa ys STP uplink f ast conv ergence inf or mation f or all network por ts or f or one or more network por ts. Syntax: sho w spantree por tfast [ por t-list ] por t-list List of por ts. If you do not specify an y por ts, MSS displa ys uplink f ast conv ergence inf or mation f or all por ts.
D-Link DWS-1008 CLI Manual 444 sho w spantree por tvlancost Displa ys the cost of a por t on a path to the STP root br idge, f or each of the por t’ s VLANs . Syntax: sho w spantree por tvlancost por t-list por t-list List of ports. Defaults: None. Access: All.
D-Link DWS-1008 CLI Manual 445 Examples: The follo wing command shows STP statistics f or por t 1: DWS-1008# show spantree statistics 1 BPDU related parameters Port 1 VLAN 1 spanning tree enabled for .
D-Link DWS-1008 CLI Manual 446 VLAN based information & statistics spanning tree type ieee spanning tree multicast addr ess 01-00-0c-cc-cc-cd bridge priority 32768 bridge MAC address 00-0b-0e-12-34-56 bridge hello time 2 bridge forward delay 15 topology change initiator: 0 last topology change occured: T ue Jul 01 2003 22:33:36.
D-Link DWS-1008 CLI Manual 447 Field Description message age Age of the protocol information f or a por t and the value of the maxim um age parameter (sho wn in parenthesis) recorded by the s witch. designated_root MAC address of the root bridge. designated cost T otal path cost to reach the root br idge.
D-Link DWS-1008 CLI Manual 448 Field Description bridge forw ard delay V alue of the f orwarding dela y interval, in seconds, when this s witch is the root or is attempting to become the root. topology change initiator P or t number that initiated the most recent topology change.
D-Link DWS-1008 CLI Manual 449 Examples: The follo wing command shows uplink f ast conv ergence inf or mation f or all VLANs: DWS-1008# show spantree uplinkfast VLAN por t list ----------------------------------------- 1 1(fwd),2,3 The table belo w describes the fields in this display .
D-Link DWS-1008 CLI Manual 450 IGMP Snooping Commands Use Inter net Group Management Protocol (IGMP) snooping commands to configure and manage multicast traffic reduction on a s witch. This chapter presents IGMP snooping commands alphabetically . Use the f ollowing tab le to locate commands in this chapter based on their use.
D-Link DWS-1008 CLI Manual 451 c lear igmp statistics Clears IGMP statistics counters on one VLAN or all VLANs on a s witch and resets them to 0. Syntax: c lear igmp statistics [vlan vlan-id ] vlan vlan-id VLAN name or number . If you do not specify a VLAN, IGMP statistics are cleared f or all VLANs.
D-Link DWS-1008 CLI Manual 452 set igmp lmqi Changes the IGMP last member quer y inter v al timer on one VLAN or all VLANs on a s witch. Syntax: set igmp lmqi tenth-seconds [vlan vlan-id ] lmqi tenth-.
D-Link DWS-1008 CLI Manual 453 Defaults: By def ault, no por ts are static multicast router por ts. Access: Enab led. Usage: Y ou cannot add AP access por ts or wired authentication por ts as static multicast por ts. How e ver , MSS can dynamically add these por t types to the list of m ulticast por ts based on multicast traffic.
D-Link DWS-1008 CLI Manual 454 set igmp mr sol mrsi Changes the inter v al between multicast router solicitations by a switch on one VLAN or all VLANs. Syntax: set igmp mr sol mrsi seconds [vlan vlan-id ] seconds Number of seconds between multicast router solicitations.
D-Link DWS-1008 CLI Manual 455 Examples: The f ollowing command changes the other-querier-present inter v al on VLAN orange to 200 seconds: DWS-1008# set igmp oqi 200 vlan orange success: change accepted.
D-Link DWS-1008 CLI Manual 456 set igmp qi Changes the IGMP quer y inter v al timer on one VLAN or all VLANs on a s witch. Syntax: set igmp qi seconds [vlan vlan-id ] qi seconds Number of seconds that elapse between general queries sent by the s witch when the s witch is the quer ier for the subnet.
D-Link DWS-1008 CLI Manual 457 set igmp qri Changes the IGMP quer y response inter v al timer on one VLAN or all VLANs on a s witch. Syntax: set igmp qri tenth-seconds [vlan vlan-id ] qri tenth-second.
D-Link DWS-1008 CLI Manual 458 set igmp querier Enables or disables the IGMP pseudo-querier on a D WS-1008 switch, on one VLAN or all VLANs. Syntax: set igmp querier {enable | disab le} [vlan vlan-id ] enable Enab les the pseudo-quer ier . disable Disables the pseudo-querier .
D-Link DWS-1008 CLI Manual 459 Usage: Y ou cannot add AP access por ts or wired authentication por ts as static multicast por ts. How e ver , MSS can dynamically add these por t types to the list of m ulticast por ts based on multicast traffic.
D-Link DWS-1008 CLI Manual 460 sho w igmp Displa ys IGMP configuration inf ormation and statistics for one VLAN or all VLANs. Syntax: sho w igmp [vlan vlan-id] vlan vlan-id VLAN name or number . If you do not specify a VLAN, MSS displays IGMP inf or mation f or all VLANs.
D-Link DWS-1008 CLI Manual 461 IGMP message type Received T ransmitted Dropped ---------------------------------------------------------------------------------------- General-Queries 0 0 0 GS-Queries.
D-Link DWS-1008 CLI Manual 462 Field Description TTL Number of seconds before this entry ages out if not refreshed. F or static multicast router entries, the time-to-liv e (TTL) value is undef. Static multicast router entries do not age out. Group IP address of a multicast group .
D-Link DWS-1008 CLI Manual 463 vlan vlan-id VLAN name or number . If y ou do not specify a VLAN, MSS displa ys the multicast routers in all VLANs. Defaults: None.
D-Link DWS-1008 CLI Manual 464 sho w igmp querier Displa ys inf or mation about the activ e multicast querier , on one VLAN or all VLANs. Quer iers are listed separately f or each VLAN. Each VLAN can hav e only one querier . Syntax: sho w igmp querier [vlan vlan-id ] vlan vlan-id VLAN name or number .
D-Link DWS-1008 CLI Manual 465 The table belo w describes the fields in the display when a querier other than the s witch is present. Field Description Querier for vlan VLAN containing the querier . Information is listed separately f or each VLAN. Querier-IP IP address of the querier interf ace.
D-Link DWS-1008 CLI Manual 466 The follo wing command lists all receiv ers for multicast g roups 237.255.255.1 through 237.255.255.255, in all VLANs: DWS-1008# show igmp receiver -table gr oup 237.
D-Link DWS-1008 CLI Manual 467 Examples: The f ollo wing command displa ys IGMP statistics f or VLAN orange : DWS-1008# show igmp statistics vlan orange IGMP statistics for vlan orange: IGMP message t.
D-Link DWS-1008 CLI Manual 468 Field Description Received Number of pack ets received. T ransmitted Number of pack ets transmitted. This number includes both multicast pack ets originated by the s witch and multicast pac kets received and then f orwarded b y the s witch.
D-Link DWS-1008 CLI Manual 469 Security ACL Commands Use secur ity ACL commands to configure and monitor security access control lists (A CLs). Secur ity A CLs filter pack ets to restr ict or per mi.
D-Link DWS-1008 CLI Manual 470 c lear security ac l Clears a specified secur ity A CL, an access control entr y (ACE), or all secur ity ACLs , from the edit buff er . When used with the command commit security ac l , clears the A CE from the running configuration.
D-Link DWS-1008 CLI Manual 471 DWS-1008# show security ac l inf o all ACL information for all set security acl ip acl_134 (hits #3 0) --------------------------------------------------------- 1.
D-Link DWS-1008 CLI Manual 472 in Remov es the security A CL from traffic coming into the s witch. out Remov es the security ACL from tr affic going out of the s witch.
D-Link DWS-1008 CLI Manual 473 Defaults: None. Access: Enabled. Usage: Use the commit security ac l command to sav e security A CLs into , or delete them from, the permanent configuration. Until you commit the creation or deletion of a security A CL, it is stored in an edit buff er and is not enf orced.
D-Link DWS-1008 CLI Manual 474 r ollbac k security ac l Clears changes made to the security ACL edit buff er since it was last sav ed. The ACL is rolled back to its state after the last commit security acl command was entered. All uncommitted A CLs in the edit buff er are cleared.
D-Link DWS-1008 CLI Manual 475 set security ac l In the edit b uff er , creates a secur ity access control list (A CL), adds one access control entr y (A CE) to a security A CL, and/or reorders A CEs in the A CL. The A CEs in an A CL filter IP pac k ets by source IP address , a La y er 4 protocol, or IP , ICMP , TCP , or UDP pack et inf ormation.
D-Link DWS-1008 CLI Manual 476 acl-name Secur ity A CL name . A CL names m ust be unique within the s witch, m ust star t with a letter , and are case-insensitive . Specify an A CL name of up to 32 of the f ollowing char acters: • Letters a through z and A through Z • Numbers 0 through 9 • Hyphen (-), underscore (_), and period (.
D-Link DWS-1008 CLI Manual 477 source-ip-addr IP address and wildcard mask of the network or host from which the pack et is being sent. Specify both address and mask in dotted decimal notation. T o match on any address , specify any or 0.0.0.0 255.255.
D-Link DWS-1008 CLI Manual 478 dscp codepoint Filters pack ets b y Diff erentiated Ser vices Code P oint (DSCP) value. Y ou can specify a number from 0 to 63, in decimal or binar y f or mat. Note: Y ou cannot use the dscp option along with the precedence and tos options in the same A CE.
D-Link DWS-1008 CLI Manual 479 The follo wing command creates acl_125 by defining an A CE that denies TCP packets from source IP address 192.168.0.1 to destination IP address 192.168.0.2 f or established sessions only , and counts the hits: DWS-1008# set security acl ip ac l_125 den y tcp 192.
D-Link DWS-1008 CLI Manual 480 tag tag-list One or more values that identify a vir tual por t in a VLAN. Specify a single tag v alue from 1 through 4095. Or specify a comma-separ ated list of values , a h yphen-separated range , or any combination, with no spaces.
D-Link DWS-1008 CLI Manual 481 set security ac l hit-sample-rate Specifies the time inter val, in seconds, at which the pack et counter f or each secur ity ACL is sampled f or display . The counter counts the number of pack ets filtered by the secur ity A CL—or “hits.
D-Link DWS-1008 CLI Manual 482 sho w security ac l Displa ys a summar y of the security ACLs that are mapped. Syntax: sho w security acl Defaults: None. Access: Enabled. Usage: This command lists only the A CLs that ha v e been mapped to something (a user , or VLAN, or por t, and so on).
D-Link DWS-1008 CLI Manual 483 sho w security ac l editb uffer Displa ys a summar y of the security A CLs that ha ve not yet been committed to the configuration. Syntax: sho w security acl [inf o all] editb uffer info all Displays the A CEs in each uncommitted ACL.
D-Link DWS-1008 CLI Manual 484 sho w security ac l hits Displa ys the n umber of pac kets filtered by security A CLs (“hits”) on the s witch. Each time a pack et is filtered b y a security ACL, the hit counter increments . Syntax: sho w security acl hits Defaults: None.
D-Link DWS-1008 CLI Manual 485 Defaults: None. Access: Enab led. Examples: T o displa y the contents of all security A CLs committed on a switch, type the f ollowing command: DWS-1008# show security ac l inf o ACL information for all set security acl ip acl_123 (hits #5 462) --------------------------------------------------------- 1.
D-Link DWS-1008 CLI Manual 486 sho w security ac l map Displa ys the VLANs, por ts, and vir tual por ts on the switch to which a security A CL is assigned. Syntax: sho w security acl map acl-name acl-name Name of an existing security A CL for which to sho w static mapping.
D-Link DWS-1008 CLI Manual 487 Examples T o display security A CL resource usage, type the f ollowing command: DWS-1008# show security ac l resour ce-usage ACL resour ces Classifier tree counters ---.
D-Link DWS-1008 CLI Manual 488 Field Description Number of rules Number of security A CEs currently mapped to por ts or VLANs. Number of leaf nodes Number of secur ity A CL data entries stored in the r ule tree. Stored rule count Number of security ACEs stored in the rule tree.
D-Link DWS-1008 CLI Manual 489 Field Description Static def ault action Definition of a def ault action: • T r ue—A def ault action types is defined.
D-Link DWS-1008 CLI Manual 490 T race Commands Use trace commands to perform diagnostic routines. While MSS allows you to r un many types of traces, this chapter descr ibes commands for those traces you are most lik ely to use. F or a complete listing of the types of traces MSS allo ws, type the set trace ? command.
D-Link DWS-1008 CLI Manual 491 c lear trace Deletes running trace commands and ends trace processes. Syntax: c lear trace { trace-area | all} trace-area Ends a par ticular trace process. Specify one of the follo wing k e ywords to end the traces documented in this chapter: • authorization —Ends an author ization trace • dot1x —Ends an 802.
D-Link DWS-1008 CLI Manual 492 sa ve trace Sav es the accumulated trace data f or enab led traces to a file in the s witch’ s nonv olatile storage . Syntax: sa ve trace filename filename Name for the trace file. T o sav e the file in a subdirector y , specify the subdirector y name, then a slash.
D-Link DWS-1008 CLI Manual 493 set trace authorization T races authorization inf or mation. Syntax: set trace authorization [mac-addr mac-address ] [port por t-num ] [user user name ] [level le vel ] mac-addr mac-address T races a MA C address. Specify a MAC address, using colons to separate the octets (f or e xample , 00:11:22:aa:bb:cc).
D-Link DWS-1008 CLI Manual 494 port por t-num T races a por t number . Specify a por t number between 1 and 22. user user name T races a user . Specify a username of up to 80 alphanumeric characters with no spaces. level le vel Deter mines the quantity of inf or mation included in the output.
D-Link DWS-1008 CLI Manual 495 Defaults: The default tr ace le v el is 5. Access: Enabled. Examples: T ype the follo wing command to trace session manager activity for MA C address 00:01:02:03:04:05: DWS-1008# set trace sm mac-addr 00:01:02:03:04:05: success: change accepted.
D-Link DWS-1008 CLI Manual 496 Snoop Commands Use snoop commands to monitor wireless traffic, by using a Distributed AP as a sniffing device . The AP copies the sniff ed 802.11 pac k ets and sends the copies to an obser ver , which is typically a protocol analyzer such as Ethereal or T ethereal.
D-Link DWS-1008 CLI Manual 497 c lear snoop map Remov es a snoop filter from an AP radio . Examples: c lear snoop map filter-name dap dap-num radio {1 | 2} filter-name Name of the snoop filter . dap dap-num Number of a Distr ib uted AP to which to snoop filter is mapped.
D-Link DWS-1008 CLI Manual 498 condition-list Match criteria f or pac kets . Conditions in the list are ANDed. Theref ore, to be copied and sent to an obser v er , a pack et must match all cr iteria in the condition-list .
D-Link DWS-1008 CLI Manual 499 Usage T raffic that matches a snoop filter is copied after it is decr ypted. The decr ypted (clear) v ersion is sent to the obser ver . F or best results: • Do not specify an observer that is associated with the AP where the snoop filter is running.
D-Link DWS-1008 CLI Manual 500 set snoop map Maps a snoop filter to a r adio on a Distributed AP . A snoop filter does tak e eff ect until y ou map it to a radio and enab le the filter . Examples: set snoop map filter-name dap dap-num radio {1 | 2} filter-name Name of the snoop filter .
D-Link DWS-1008 CLI Manual 501 set snoop mode Enables a snoop filter . A snoop filter does not take eff ect until y ou map it to an AP radio and enable the filter . Examples: set snoop { filter-name | all} mode {enable [stop-after num-pkts ] | disab le} {filter-name | all } Name of the snoop filter .
D-Link DWS-1008 CLI Manual 502 sho w snoop Displa ys the AP radio mapping f or all snoop filters . Syntax: sho w snoop Defaults: None . Access: Enab led.
D-Link DWS-1008 CLI Manual 503 sho w snoop map Shows the AP r adios that are mapped to a specific snoop filter . Syntax: sho w snoop map filter-name filter-name Name of the snoop filter . Defaults: None. Access: Enabled. Usage: T o display the mappings f or all snoop filters, use the show snoop command.
D-Link DWS-1008 CLI Manual 504 The table belo w describes the fields in this display . Field Description Filter Name of the snoop filter . Dap Distr ibuted AP containing the r adio to which the filter is mapped. Radio Radio to which the filter is mapped.
D-Link DWS-1008 CLI Manual 505 System Log Commands Use the system log commands to record information f or monitor ing and troubleshooting. MSS system logs are based on RFC 3164, which defines the log protocol. This chapter presents system log commands alphabetically .
D-Link DWS-1008 CLI Manual 506 set log Enables or disables logging of D WS-1008 and AP ev ents to the log b uff er or other logging destination and sets the lev el of the ev ents logged. For logging to a syslog ser v er only , you can also set the f acility logged.
D-Link DWS-1008 CLI Manual 507 local-facility f acility-le v el For messages sent to a syslog ser v er , maps all messages of the se v erity you specify to one of the standard local log f acilities defined in RFC 3164. Y ou can specify one of the f ollowing v alues: • 0—maps all messages to local0.
D-Link DWS-1008 CLI Manual 508 set log mark Configures MSS to generate mar k messages at regular inter v als. The mar k messages indicate the current system time and date. D-Link can use the mark messages to determine the appro ximate time when a system restar t or other ev ent causing a system outage occurred.
D-Link DWS-1008 CLI Manual 509 sho w log b uffer Displa ys system inf or mation stored in the non volatile log b uff er or the trace b uff er . Syntax: sho w log buff er [{ +|- } number-of-messages ] [facility f acility-name ] [matching string ] [severity se v erity-lev el ] buff er Displa ys the log messages in nonv olatile storage.
D-Link DWS-1008 CLI Manual 510 Usage: The deb ug le v el produces a lot of messages, man y of which can appear to be some what cr yptic. Deb ug messages are used primar ily b y D-Link f or troubleshooting and are not intended f or administrator use .
D-Link DWS-1008 CLI Manual 511 sho w log trace Displa ys system inf or mation stored in the non volatile log b uff er or the trace b uff er . Syntax: sho w log trace [{ +|-|/ } number-of-messages ] [facility f acility-name ] [matching string ] [severity se v erity-lev el ] trace Displa ys the log messages in the trace b uff er .
D-Link DWS-1008 CLI Manual 512 Examples: T ype the f ollowing command to see the facilities f or which y ou can vie w e vent messages archiv ed in the buff er : DWS-1008# show log trace facility ? <.
D-Link DWS-1008 CLI Manual 513 Boot Prompt Commands Boot prompt commands enab le y ou to perf orm basic tasks , including booting a system image file, from the boot prompt (boot>). A CLI session enters the boot prompt if MSS does not boot successfully or you intentionally interrupt the boot process.
D-Link DWS-1008 CLI Manual 514 autoboot Displa ys or changes the state of the autoboot option. The autoboot option controls whether a D WS-1008 s witch automatically boots a system image after initializing the hardw are, f ollowing a system reset or pow er cycle.
D-Link DWS-1008 CLI Manual 515 HA = ip-addr Host address (IP address) of a TFTP ser v er . This parameter applies only when the boot type is n (network). FL = num Number representing the bit settings of boot flags to pass to the booted system image. Use this parameter only if advised to do so by D-Link.
D-Link DWS-1008 CLI Manual 516 change Changes parameters in the currently activ e boot profile. Syntax: change Defaults: The default boot type is c (compact flash). The default filename is def ault. The default flags setting is 0x00000000 (all flags disabled) and the default options list is run=nos;boot=0.
D-Link DWS-1008 CLI Manual 517 create Creates a new boot profile . Syntax: create Defaults: The new boot profile has the same settings as the currently active boot profile by def ault. Access: Boot prompt. Usage: A D WS-1008 s witch can ha v e up to f our boot profiles.
D-Link DWS-1008 CLI Manual 518 delete Remov es the currently activ e boot profile. Syntax: delete Defaults: None. Access: Boot prompt. Usage: When y ou type the delete command, the ne xt-lower n umbered boot profile becomes the activ e profile.
D-Link DWS-1008 CLI Manual 519 Defaults: The DHCP option is disabled b y def ault. Access: Boot prompt. Examples: The follo wing command displa ys the current setting of the DHCP option: boot> dhcp DHCP is currently enabled. The f ollowing command disab les the DHCP option: boot> dhcp DHCP is currently disabled.
D-Link DWS-1008 CLI Manual 520 Defaults: None. Access: Boot prompt. Usage: T o display the system image software v ersions , use the fver command. This command does not list the boot code v ersions. T o displa y the boot code v ersions, use the v ersion command.
D-Link DWS-1008 CLI Manual 521 Examples: The f ollowing command displa ys the system image v ersion installed in boot par tition 1: boot> fver boot1 File boot1:default version is 1.1.0.98. See Also: • dir • v ersion help Displa ys a list of all the boot prompt commands or detailed inf or mation f or an individual command.
D-Link DWS-1008 CLI Manual 522 ls Displa ys a list of the boot prompt commands. Syntax: ls Defaults: None . Access: Boot prompt. Usage: T o displa y help f or an individual command, type help f ollow ed b y the command name (f or e xample, help boot).
D-Link DWS-1008 CLI Manual 523 ne xt Activ ates and displa ys the boot profile in the ne xt boot profile slot. Syntax: ne xt Defaults: None. Access: Boot prompt. Usage: A D WS-1008 switch contains 4 boot profile slots, numbered 0 through 3. This command activ ates the boot profile in the ne xt slot, in ascending numerical order .
D-Link DWS-1008 CLI Manual 524 reset Resets a D WS-1008 s witch’ s hardware . Syntax: reset Defaults: None. Access: Boot prompt. Usage: After resetting the hardware , the reset command attempts to load a system image file only if other boot settings are configured to do so .
D-Link DWS-1008 CLI Manual 525 sho w Displa ys the currently active boot profile. A boot profile is a set of parameters that a switch uses to control the boot process.
D-Link DWS-1008 CLI Manual 526 The table belo w describes the fields in the display . Field Description BOO T Inde x Boot profile slot, which can be a number from 0 to 3. BOO T TYPE Boot type: • c—Compact flash. Boots using nonv olatile storage or a flash card.
D-Link DWS-1008 CLI Manual 527 test Displa ys or changes the state of the poweron test flag. The po weron test flag controls whether an perf or ms a set of self tests prior to the boot process. Syntax: test [ON | on | OFF | off] ON Enables the po weron test flag.
D-Link DWS-1008 CLI Manual 528 Examples: T o displa y hardw are and boot code v ersion inf or mation, type the f ollowing command at the boot prompt: boot> version D-Link Systems Bootstrap/Bootloader V ersion 1.6.5 Release Bootstrap 0 version: 1.17 Active Bootloader 0 version: 1.
デバイスD-Link dws-1008の購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
D-Link dws-1008をまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはD-Link dws-1008の技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。D-Link dws-1008の取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。D-Link dws-1008で得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
D-Link dws-1008を既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はD-Link dws-1008の不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、D-Link dws-1008に関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちD-Link dws-1008デバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。