manualshive.com logo in svg

D-Link DWL-3500AP, Command Reference Manual

The D-Link DWL-3500AP is a high-performance wireless access point designed to provide seamless and reliable internet connectivity. Enhance your network by accessing its user manual, available for free download at manualshive.com. This comprehensive manual is packed with valuable instructions and troubleshooting tips to maximize the potential of your DWL-3500AP.

Share
Download
background image

Denial of Service Protection Commands    111

2   Switching Commands

Format  

show lldp local-device

 

{<slot/port> | all}

Mode  

Privileged EXEC

Interface  

The interface in a slot/port format.

Port ID  

The port ID associated with this interface.

Port Description  

The port description associated with the interface.

show lldp local-device detail

Use this command to display detailed information about the LLDP data a specific interface 
transmits. 

Format  

show lldp local-device detail

 

<slot/port>

Mode  

Privileged EXEC

Interface  

The interface that sends the LLDPDU. 

Chassis ID Subtype  

The type of identification used in the Chassis ID field.

Chassis ID  

The chassis of the local device.

Port ID Subtype  

The type of port on the local device.

Port ID  

The port number that transmitted the LLDPDU.

System Name  

The system name of the local device.

System Description  

Describes the local system by identifying the system name and versions of 

hardware, operating system, and networking software supported in the device. 

Port Description  

Describes the port in an alpha-numeric format. 

System Capabilities Supported  

Indicates the primary function(s) of the device.

System Capabilities Enabled  

Shows which of the supported system capabilities are enabled.

Management Address  

The type of address and the specific address the local LLDP agent 

uses to send and receive information.

Denial of Service Protection Commands

NOTE:

Denial of Service (DataPlane) is not supported on the XGSII Tucana Plat-
form. DoS is supported on XGSIII platforms only.

This section describes the commands you use to configure Denial of Service (DoS) Control. 
D-Link Unified Wired/Wireless Access System software provides support for classifying and 
blocking specific types of Denial of Service attacks. You can configure your system to monitor 
and block six types of attacks:

SIP=DIP: 

Source IP address = Destination IP address.

First Fragment:

TCP Header size smaller then configured value.

TCP Fragment:

 IP Fragment Offset = 1.

TCP Flag: 

TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP 

Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence Number 
= 0 or TCP Flags SYN and FIN set.

Summary of Contents for DWL-3500AP

Page 1: ...CLI Command Reference Product Model DWS 3000 Series DWL 3500AP 8500AP Unified Wired Wireless Access System Release 2 1 Copyright 2008 All rights reserved ...

Page 2: ...of D Link Computer Corporation is strictly forbidden Trademarks used in this text D Link and the D Link logo are trademarks of D Link Computer Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Computer Corporation dis...

Page 3: ...ce Commands on page 218 Captive Portal Local User Commands on page 219 Captive Portal Activity Log Commands on page 224 radius server attribute 4 on page 319 authorization network radius on page 321 Updated Command Modes on page 30 network mgmt_vlan on page 53 vlan on page 53 vlan makestatic on page 54 vlan name on page 54 vlan participation on page 55 vlan participation all on page 55 vlan port p...

Page 4: ...4 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference ...

Page 5: ... CLI Help 35 Accessing the CLI 36 2 Switching Commands 37 Port Configuration Commands 38 interface 38 auto negotiate 38 auto negotiate all 38 description 38 mtu 39 shutdown 39 shutdown all 39 speed 40 speed all 40 show port 40 show port protocol 41 Spanning Tree Protocol STP Commands 41 spanning tree 41 spanning tree bpdumigrationcheck 42 spanning tree configuration name 42 spanning tree configura...

Page 6: ... database 53 network mgmt_vlan 53 vlan 53 vlan acceptframe 53 vlan ingressfilter 54 vlan makestatic 54 vlan name 54 vlan participation 55 vlan participation all 55 vlan port acceptframe all 55 vlan port ingressfilter all 56 vlan port pvid all 56 vlan port tagging all 56 vlan protocol group 57 vlan protocol group add protocol 57 vlan protocol group remove 57 protocol group 58 protocol vlan group 58...

Page 7: ...emode 69 show gvrp configuration 69 GMRP Commands 70 set gmrp adminmode 70 set gmrp interfacemode 71 show gmrp configuration 71 show mac address table gmrp 72 Port Based Network Access Control Commands 72 authentication login 73 clear dot1x statistics 73 clear radius statistics 74 dot1x default login 74 dot1x guest vlan 74 dot1x guest vlan supplicant 74 dot1x initialize 75 dot1x login 75 dot1x max...

Page 8: ...control flowcontrol 87 show storm control 88 Port Channel LAG 802 3ad Commands 88 port channel 89 addport 89 deleteport Interface Config 89 deleteport Global Config 89 port channel static 90 port lacpmode 90 port lacpmode all 90 port lacptimeout Interface Config 91 port lacptimeout Global Config 91 port channel adminmode 91 port channel linktrap 92 port channel name 92 show port channel brief 92 s...

Page 9: ...w port security static 105 show port security violation 105 LLDP 802 1AB Commands 105 lldp transmit 105 lldp receive 106 lldp timers 106 lldp transmit tlv 106 lldp transmit mgmt 107 lldp notification 107 lldp notification interval 108 clear lldp statistics 108 clear lldp remote data 108 show lldp 108 show lldp interface 108 show lldp statistics 109 show lldp remote device 110 show lldp remote devi...

Page 10: ...w arp switch 121 IP Routing Commands 121 routing 122 ip routing 122 ip address 122 ip route 123 ip route default 123 ip route distance 124 ip netdirbcast 124 ip mtu 124 encapsulation 125 show ip brief 125 show ip interface 126 show ip interface brief 127 show ip route 127 show ip route summary 128 show ip route preferences 128 show ip stats 129 Virtual LAN Routing Commands 129 vlan routing 129 sho...

Page 11: ...142 ap validation 142 ap authentication 142 snmp server enable traps wireless 143 trapflags Wireless Config Mode 143 agetime 144 client roam timeout 144 tunnel mtu 145 show wireless 145 show wireless country code 146 show wireless country code channels 146 show wireless discovery 146 show wireless discovery ip list 146 show wireless discovery vlan list 147 show wireless status 147 show wireless st...

Page 12: ...6 password AP Config Mode 156 profile 157 radio 157 show wireless ap database 157 Wireless Network Commands 158 network Wireless Config Mode 158 ssid 158 vlan Network Config Mode 159 hide ssid 159 security mode 159 wep authentication 160 wep tx key 160 mac authentication 161 radius use ap profile 161 radius server host 161 radius server secret 162 radius accounting 162 wpa versions 162 wpa ciphers...

Page 13: ...ry 174 rf scan duration 174 station isolation 175 super a 175 super g 175 antenna 176 beacon interval 176 dtim period 176 fragmentation threshold 177 rts threshold 177 max clients 178 channel auto 178 power auto 178 power default 179 rate 179 wmm 180 load balance 180 show wireless ap profile radio 181 show wireless rates 182 Access Point Profile QoS Commands 183 qos ap edca 183 qos station edca 18...

Page 14: ...less ap failure list 197 show wireless ap failure status 197 RF Scan Access Point Status Commands 198 clear wireless ap rf scan list 198 show wireless ap rf scan status 198 Client Association Status and Statistics Commands 199 wireless client disassociate 199 show wireless client status 199 show wireless client statistics 200 show wireless client neighbor ap status 201 show wireless vap client sta...

Page 15: ... Connection Commands 215 show captive portal client status 215 show captive portal client statistics 215 show captive portal interface client status 216 show captive portal configuration client status 216 show captive portal client failure status 217 clear captive portal client failure 217 captive portal client deauthenticate 217 Captive Portal Interface Commands 218 show captive portal interface ...

Page 16: ...in bandwidth 229 cos queue strict 229 traffic shape 229 show classofservice dot1p mapping 230 show classofservice ip precedence mapping 230 show classofservice ip dscp mapping 230 show classofservice trust 231 show interfaces cos queue 231 Differentiated Services DiffServ Commands 232 diffserv 232 DiffServ Class Commands 233 class map 233 class map rename 234 match any 234 match class map 234 matc...

Page 17: ... mac access lists 249 IP Access Control List ACL Commands 249 access list 249 ip access group 251 acl trapflags 251 show ip access lists 251 show access lists 252 6 Utility Commands 253 Power Over Ethernet Commands 253 poe limit 253 poe priority 254 poe usagethreshold 254 show poe 255 show poe port 255 Dual Image Commands 256 delete 256 boot system 256 show bootvar 256 filedescr 256 update bootcod...

Page 18: ...onfig 272 clear counters 273 clear igmpsnooping 273 clear pass 273 clear port channel 273 clear traplog 273 clear vlan 273 enable passwd 273 logout 274 ping 274 quit 274 reload 274 copy 275 Keying for Advanced Features 276 license advanced 276 show key features 276 Simple Network Time Protocol SNTP Commands 277 sntp broadcast client poll interval 277 sntp client mode 277 sntp client port 277 sntp ...

Page 19: ...statistics 288 clear ip dhcp conflict 288 show ip dhcp binding 288 show ip dhcp global configuration 289 show ip dhcp pool configuration 289 show ip dhcp server statistics 290 show ip dhcp conflict 290 DHCP Filtering 290 ip dhcp filtering 291 ip dhcp filtering trust 291 show ip dhcp filtering 291 7 Management Commands 293 Network Interface Commands 293 enable Privileged EXEC access 293 serviceport...

Page 20: ... sshcon maxsessions 303 sshcon timeout 303 show ip ssh 304 Hypertext Transfer Protocol HTTP Commands 304 ip http server 304 ip http secure server 304 ip http secure port 305 ip http secure protocol 305 show ip http 305 Access Commands 306 disconnect 306 show loginsession 306 User Account Commands 306 users name 306 users passwd 307 write memory 307 users snmpv3 accessmode 308 users snmpv3 authenti...

Page 21: ...ccounting mode 318 radius server host 318 radius server attribute 4 319 radius server key 319 radius server msgauth 319 radius server primary 320 radius server retransmit 320 radius server timeout 320 authorization network radius 321 show radius 321 show radius accounting 322 show radius statistics 323 TACACS Commands 324 tacacs server host 324 tacacs server key 324 tacacs server timeout 325 key 3...

Page 22: ...22 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference A List of Commands 329 ...

Page 23: ...able 3 Type of Slots 29 Table 4 Type of Ports 30 Table 5 CLI Command Modes 31 Table 6 CLI Mode Access and Exit 32 Table 7 CLI Error Messages 34 Table 8 CLI Editing Conventions 34 Table 9 Ethertype Keyword and 4 digit Hexadecimal Value 247 Table 10 ACL Command Parameters 250 Table 11 Copy Parameters 275 ...

Page 24: ...24 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference ...

Page 25: ...ontinues to decline while performance and feature sets continue to improve Devices that are capable of switching Layers 2 3 and 4 are increasingly in demand D Link Unified Wired Wireless Access System provides a flexible solution to these ever increasing needs D Link Unified Wired Wireless Access System includes a set of comprehensive management functions for managing both wired and wireless netwo...

Page 26: ...26 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference ...

Page 27: ...ventions on page 34 Using CLI Help on page 35 Accessing the CLI on page 36 Command Syntax A command is one or more words that might be followed by one or more parameters Parameters can be required or optional values Some commands such as show network or clear vlan do not require parameters Other commands such as network parms require that you supply a value after the command You must type the para...

Page 28: ...might be a name or number Parameters are order dependent The parameters for a command might include mandatory values optional values or keyword choices Table 1 describes the conventions this document uses to distinguish between value types Common Parameter Values Parameter values might be names strings or numbers To use spaces as part of a name parameter enclose the name value in double quotes For...

Page 29: ...b c 8 8 16 bits a b c d 8 8 8 8 In addition to these formats the CLI accepts decimal hexidecimal and octal formats through the following input formats where n is any valid hexidecimal octal or decimal number 0xn CLI assumes hexidecimal format 0n CLI assumes octal format with leading zeros n CLI assumes decimal format Interface or slot port Valid slot and port number separated by forward slashes Fo...

Page 30: ...the no form Command Modes The CLI groups commands into modes according to the command function Each of the command modes supports specific D Link Unified Wired Wireless Access System software commands The commands in one mode are not available until you switch to that particular mode with the exception of the User EXEC mode commands You can execute the User EXEC mode commands in the Privileged EXE...

Page 31: ...de to set up a physi cal port for a specific logical connection operation Line Config Switch line Contains commands to config ure outbound telnet settings and console interface settings Policy Map Config Switch Config policy map Contains the QoS Policy Map configuration commands Policy Class Config Switch Config policy class map Consists of class creation dele tion and matching commands The class ...

Page 32: ...rent networks Captive Portal Config Mode Switch Config CP Contains commands to config ure global captive portal settings Captive Portal Instance Mode Switch Config CP 1 Contains commands to config ure a captive portal instance Table 6 CLI Mode Access and Exit Command Mode Access Method Exit or Access Previous Mode User EXEC This is the first level of access To exit enter logout Privileged EXEC Fro...

Page 33: ...er Ctrl Z AP Config Mode From the Wireless Config mode enter ap database macaddr where macaddr is the MAC address of the AP to configure To exit to Wireless Config mode enter exit To return to the User EXEC mode enter Ctrl Z AP Profile Con fig Mode From the Wireless Config mode enter ap profile 1 16 where 1 16 is the profile ID To exit to Wireless Config mode enter exit To return to User EXEC mode...

Page 34: ...e to edit commands or increase the speed of command entry You can access this list from the CLI by entering help from the User or Privileged EXEC modes Table 7 CLI Error Messages Message Text Description Invalid input detected at marker Indicates that you entered an incorrect or unavail able command The carat shows where the invalid text is detected This message also appears if any of the paramete...

Page 35: ... switch parms Configure Network Parameters of the router protocol Select DHCP BootP or None as the network config protocol If the help output shows a parameter in angle brackets you must replace the parameter with a value switch network parms ipaddr Enter the IP address If there are no additional command keywords or parameters or if additional parameters are optional the following message appears ...

Page 36: ...itor Accessing the CLI You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote management host For the initial connection you must use a direct connection to the console port You cannot access the system remotely until the system has an IP address subnet mask and default gateway You can set the network configuration information manually or y...

Page 37: ...ccess Control Commands on page 72 Storm Control Commands on page 82 Port Channel LAG 802 3ad Commands on page 88 Port Mirroring on page 93 IGMP Snooping Configuration Commands on page 97 Port Security Commands on page 103 LLDP 802 1AB Commands on page 105 Denial of Service Protection Commands on page 111 MAC Database Commands on page 114 CAUTION The commands in this chapter are in one of three fun...

Page 38: ...port Default enabled Format auto negotiate Mode Interface Config no auto negotiate This command disables automatic negotiation on a port NOTE Automatic sensing is disabled when automatic negotiation is disabled Format no auto negotiate Mode Interface Config auto negotiate all This command enables automatic negotiation on all ports Default enabled Format auto negotiate all Mode Global Config no aut...

Page 39: ... headers might require To configure the IP MTU size which is the maximum size of the IP packet IP Header IP payload see ip mtu on page 124 Default 1518 untagged Format mtu 1518 9216 Mode Interface Config no mtu This command sets the default MTU size in bytes for the interface Format no mtu Mode Interface Config shutdown This command disables a port NOTE You can use the shutdown command on physical...

Page 40: ... 100BASE T full duplex 10h 10BASE T half duplex 10f 10BASE T full duplex speed all This command sets the speed and duplex setting for all interfaces Format speed all 100 10 half duplex full duplex Mode Global Config Acceptable values are 100h 100BASE T half duplex 100f 100BASE T full duplex 10h 10BASE T half duplex 10f 10BASE T full duplex show port This command displays port information Format sh...

Page 41: ...hether or not to send a trap when link status changes The factory default is enabled LACP Mode LACP is enabled or disabled on this port show port protocol This command displays the Protocol Based VLAN information for either the entire system or for the indicated group Format show port protocol groupid all Mode Privileged EXEC Group Name The group name of an entry in the Protocol based VLAN table G...

Page 42: ...the system configuration or have a no version Format spanning tree bpdumigrationcheck slot port all Mode Global Config spanning tree configuration name This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using The name is a string of up to 32 characters Default base MAC address in hexadecimal notation Format spanning tree confi...

Page 43: ...fig spanning tree forceversion This command sets the Force Protocol Version parameter to a new value Use 802 1d to specify that the switch transmits ST BPDUs rather than MST BPDUs IEEE 802 1d functionality supported Use 802 1w to specify that the switch transmits RST BPDUs rather than MST BPDUs IEEE 802 1w functionality supported Use 802 1s to specify that the switch transmits MST BPDUs IEEE 802 1...

Page 44: ... to Bridge Max Age 2 1 Default 2 Format spanning tree hello time 1 10 Mode Interface Config no spanning tree hello time This command sets the admin Hello Time parameter for the common and internal spanning tree to the default value Format no spanning tree hello time Mode Interface Config spanning tree max age This command sets the Bridge Max Age parameter to a new value for the common and internal...

Page 45: ...rt within a multiple spanning tree instance or the common and internal spanning tree instance depending on the mstid parameter You can set the path cost as a number in the range of 1 to 200000000 or auto If you select auto the path cost value is set based on Link Speed If you specify the external cost option this command sets the external path cost for MST instance 0 i e CIST instance You can set ...

Page 46: ...iple spanning tree instance to the switch The parameter mstid is a number within a range of 1 to 4094 that corresponds to the new instance ID to be added The maximum number of multiple instances supported by the switch is 4 Default none Format spanning tree mst instance mstid Mode Global Config no spanning tree mst instance This command removes a multiple spanning tree instance from the switch and...

Page 47: ...ternal spanning tree The parameter mstid is a number that corresponds to the desired existing multiple spanning tree instance The vlanid corresponds to an existing VLAN ID Format spanning tree mst vlan mstid vlanid Mode Global Config no spanning tree mst vlan This command removes an association between a multiple spanning tree instance and a VLAN so that the VLAN is again be associated with the co...

Page 48: ...idge Identifier The bridge identifier for the CST It is made up using the bridge priority and the base MAC address of the bridge Time Since Topology Change Time in seconds Topology Change Count Number of times changed Topology Change Boolean value of the Topology Change parameter for the switch indicating if a topology change is in progress on any port assigned to the common and internal spanning ...

Page 49: ...dge max hops count for the device Bridge Hello Time Configured value Bridge Forward Delay Configured value Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units BPDUs show spanning tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree The slot port is the desired switch port ...

Page 50: ...rt Role for each spanning tree The port role is one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Auto Calculate Port Path Cost Indicates whether auto calculation for port path cost is enabled Port Path Cost Configured value of the Internal Port Path Cost parameter Auto Calculate External Port Path Cost Indicates whether auto calculation ...

Page 51: ...t CST Port Cost The configured path cost for this port show spanning tree mst port summary This command displays the settings of one or all ports within the specified multiple spanning tree instance The parameter mstid indicates a particular MST instance The parameter slot port all indicates the desired switch port or all ports If you specify 0 defined as the default CIST ID as the mstid the statu...

Page 52: ... 802 1w or IEEE 802 1d based upon the Force Protocol Version parameter Configuration Name Identifier used to identify the configuration currently being used Configuration Revision Level Identifier used to identify the configuration currently being used Configuration Digest Key Identifier used to identify the configuration currently being used MST Instances List of all multiple spanning tree instan...

Page 53: ... for the default VLAN VLAN range is 2 3965 Format vlan 2 3965 Mode VLAN Config no vlan This command deletes an existing VLAN The ID is a valid VLAN identification number ID 1 is reserved for the default VLAN The VLAN range is 2 3965 Format no vlan 2 3965 Mode VLAN Config vlan acceptframe This command sets the frame acceptance mode per interface For VLAN Only mode untagged frames or priority frames...

Page 54: ...ceived with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN Format no vlan ingressfilter Mode Interface Config vlan makestatic This command changes a dynamically created VLAN one that is created by GVRP registration to a static VLAN one that is permanently configured and defined The ID is a valid VLAN ident...

Page 55: ...on number You can use the following participation options include The interface is always a member of this VLAN This is equivalent to registra tion fixed exclude The interface is never a member of this VLAN This is equivalent to registration forbidden auto The interface is dynamically registered in this VLAN by GVRP The interface will not participate in this VLAN unless a join request is received ...

Page 56: ...t VLAN Default disabled Format vlan port ingressfilter all Mode Global Config no vlan port ingressfilter all This command disables ingress filtering for all ports If ingress filtering is disabled frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN Format no vlan port ingressfilter all Mode ...

Page 57: ... may have more than one protocol associated with it Each interface and protocol combination can only be associated with one group If adding a protocol to a group causes any conflicts with interfaces currently associated with the group this command fails and the protocol is not added to the group The possible values for protocol are ip arp and ipx NOTE D Link Unified Wired Wireless Access System so...

Page 58: ...ociate each interface and protocol combination with one group If adding an interface to a group causes any conflicts with protocols currently associated with the group this command fails and the interface s are not added to the group You should create the referenced VLAN before you create the protocol based VLAN except when you configure GVRP to create the VLAN Default none Format protocol vlan gr...

Page 59: ...his command sets the VLAN ID per interface to 1 Format no vlan pvid Mode Interface Config vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to enabled If tagging is enabled traffic is transmitted as tagged frames If tagging is disabled traffic is transmitted as untagged frames The ID is a valid VLAN identification number Format vlan tagging 1 3965 Mode In...

Page 60: ...vileged EXEC User EXEC VLAN ID There is a VLAN Identifier VID associated with each VLAN The range of the VLAN ID is 1 to 3965 VLAN Name A string associated with this VLAN as a convenience It can be up to 32 alphanumeric characters long including blanks The default is blank VLAN ID 1 always has a name of Default This field is optional VLAN Type Type of VLAN which can be Default VLAN ID 1 or static ...

Page 61: ... VLAN as tagged frames Untagged Transmit traffic for this VLAN as untagged frames show vlan brief This command displays a list of all configured VLANs Format show vlan brief Modes Privileged EXEC User EXEC VLAN ID There is a VLAN Identifier vlanid associated with each VLAN The range of the VLAN ID is 1 to 3965 VLAN Name A string associated with this VLAN as a convenience It can be up to 32 alphanu...

Page 62: ...signed to tagged packets arriving on the port show vlan association subnet This command displays the VLAN associated with a specific configured IP Address and net mask If no IP address and net mask are specified the VLAN associations of all the configured IP subnets are displayed Format show vlan association subnet ipaddr netmask Mode Privileged EXEC IP Address The IP address assigned to each inte...

Page 63: ... command is used to enable Double VLAN Tunneling on the specified interface Default disabled Format mode dot1q tunnel Mode Interface Config no mode dot1q tunnel This command is used to disable Double VLAN Tunneling on the specified interface By default Double VLAN Tunneling is disabled Format no mode dot1q tunnel Mode Interface Config mode dvlan tunnel Use this command to enable Double VLAN Tunnel...

Page 64: ...t is a custom tunnel value representing any value in the range of 0 to 65535 show dvlan tunnel Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling Use the optional parameters to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces Format show dvlan tunnel interface slot port all Modes Privile...

Page 65: ...tected and unprotected ports Ports are unprotected by default If an interface is configured as a protected port and you add that interface to a Port Channel or Link Aggregation Group LAG the protected port status becomes operationally disabled on the interface and the interface follows the configuration of the LAG port However the protected port configuration for the interface remains unchanged On...

Page 66: ...witchport protected groupid Mode Interface Config no switchport protected Interface Config Use this command to configure a port as unprotected The groupid parameter identifies the set of protected ports to which this interface is assigned Format no switchport protected groupid Mode Interface Config show switchport protected This command displays the status of all the interfaces including protected...

Page 67: ... Join time is the interval between the transmission of GARP Protocol Data Units PDUs registering or re registering membership for a VLAN or multicast group This command has an effect only when GVRP is enabled The time is from 10 to 100 centiseconds The value 20 centiseconds is 0 2 seconds Default 20 Format set garp timer join 10 100 Modes Interface Config Global Config no set garp timer join This ...

Page 68: ...articipation The time may range from 200 to 6000 centiseconds The value 1000 centiseconds is 10 seconds You can use this command on all ports Global Config mode or a single port Interface Config mode and it only has an effect only when GVRP is enabled Default 1000 Format set garp timer leaveall 200 6000 Modes Interface Config Global Config no set garp timer leaveall This command sets how frequentl...

Page 69: ...nmode This command disables GVRP Format no set gvrp adminmode Mode Privileged EXEC set gvrp interfacemode This command enables GVRP on a single port Interface Config mode or all ports Global Config mode Default disabled Format set gvrp interfacemode Modes Interface Config Global Config no set gvrp interfacemode This command disables GVRP on a single port Interface Config mode or all ports Global C...

Page 70: ...frequently LeaveAll PDUs are gener ated A LeaveAll PDU indicates that all registrations will shortly be deregis tered Participants will need to rejoin in order to maintain registration There is an instance of this timer on a per Port per GARP participant basis The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1 5 LeaveAllTime Permissible values are 200 to 6000 cen...

Page 71: ...n interface which has GARP enabled is enabled for routing or is enlisted as a member of a port channel LAG GARP functionality is disabled GARP functionality is subsequently re enabled if routing is disabled and port channel LAG membership is removed from an interface that has GARP enabled Format no set gmrp interfacemode Modes Interface Config Global Config show gmrp configuration This command dis...

Page 72: ...conds The factory default is 1000 centiseconds 10 seconds Port GMRP Mode The GMRP administrative mode for the port It may be enabled or dis abled If this parameter is disabled Join Time Leave Time and Leave All Time have no effect show mac address table gmrp This command displays the GMRP entries in the Multicast Forwarding Database MFDB table Format show mac address table gmrp Mode Privileged EXE...

Page 73: ...ver authenticated To authenticate a user the first authentication method in the user s login authentication login list is attempted D Link Unified Wired Wireless Access System software does not utilize multiple entries in the user s login If the first entry returns a timeout the user authentication attempt fails NOTE The default login list included with the default configuration can not be changed...

Page 74: ... dot1x default login listname Mode Global Config dot1x guest vlan This command specifies an active VLAN as an IEEE 802 1x guest VLAN The vlan id range is 1 to the maximum VLAN ID Format dot1x guest vlan vlan id Mode Interface Config no dot1x guest vlan This command removes the specified VLAN an IEEE 802 1x guest VLAN The vlan id range is 1 to the maximum VLAN ID Format no dot1x guest vlan vlan id ...

Page 75: ...e timing out the supplicant The count value must be in the range 1 10 Default 2 Format dot1x max req count Mode Interface Config no dot1x max req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request Identity frame before timing out the supplicant Format no dot1x max req Mode Interface Config dot1x port control This command se...

Page 76: ...t authenticator and the authentication server Default auto Format dot1x port control all force unauthorized force authorized auto Mode Global Config no dot1x port control all This command sets the authentication mode on all ports to the default value Format no dot1x port control all Mode Global Config dot1x re authenticate This command begins the re authentication sequence on the specified port Th...

Page 77: ...a value in the range 1 65535 quiet period The value in seconds of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a sup plicant The quiet period must be a value in the range 0 65535 tx period The value in seconds of the timer used by the authenticator state machine on this port to determine when to send an EAPOL EAP R...

Page 78: ... Mode Global Config users defaultlogin This command assigns the authentication login list to use for non configured users when attempting to log in to the system This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally If this value is not configured users will be authenticated using local authentication only Format users defaultlogi...

Page 79: ...user assigned to the specified authentication login list Component The component User or 802 1x for which the authentication login list is assigned show dot1x This command is used to show a summary of the global dot1x configuration summary information of the dot1x configuration for a specified port or all ports the detailed dot1x configuration for a specified port and the dot1x statistics for a sp...

Page 80: ...te of the authenticator PAE state machine Possible val ues are Initialize Disconnected Connecting Authenticating Authenticated Aborting Held ForceAuthorized and ForceUnauthorized Backend Authentication State Current state of the backend authentication state machine Possible values are Request Response Success Fail Timeout Idle and Ini tialize Quiet Period The timer used by the authenticator state ...

Page 81: ...ction The control direction for the specified port or ports Possible values are both or in Example The following shows example CLI display output for the command DWS 3026 show dot1x detail 0 1 Port 0 1 Protocol Version 1 PAE Capabilities Authenticator Authenticator PAE State Initialize Backend Authentication State Initialize Quiet Period 60 Transmit Period 30 Guest VLAN ID 0 Guest Vlan Period 90 S...

Page 82: ...ngth Error Frames Received The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized show dot1x users This command displays 802 1x port security user information for locally configured users Format show dot1x users slot port Mode Privileged EXEC User Users configured locally to have access to the specified port show users authentication This...

Page 83: ...d broadcast storm recovery mode is enabled on the interface and broadcast storm recovery is active If the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped Therefore the rate of broadcast traffic is limited to the configured threshold Default 5 Format storm control broadcast level 0 100 Mode Interface Config no storm control br...

Page 84: ...ig no storm control broadcast all level This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery Format no storm control broadcast all level Mode Global Config storm control multicast This command enables multicast storm recovery mode for an interface If the mode is enabled multicast storm recovery is active and if the r...

Page 85: ...L2 multicast traffic ingressing on an interface increases beyond the configured threshold the traffic will be dropped Therefore the rate of multicast traffic will be limited to the configured threshold Default disabled Format storm control multicast all Mode Global Config no storm control multicast all This command disables multicast storm recovery mode for all interfaces Format no storm control m...

Page 86: ...orm control unicast This command disables unicast storm recovery mode for an interface Format no storm control unicast Mode Interface Config storm control unicast level This command configures the unicast storm recovery threshold in terms of percentage of the interface speed for an interface and enables unicast storm recovery If the mode is enabled unicast storm recovery is active and if the rate ...

Page 87: ...bles unicast storm recovery for all interfaces If the mode is enabled unicast storm recovery is active and if the rate of unknown L2 unicast destination lookup failure traffic ingressing on an interface increases beyond the configured threshold the traffic will be dropped Therefore the rate of unknown unicast traffic will be limited to the configured threshold Default 5 Format storm control unicas...

Page 88: ...ation Lookup Failure storm control mode is enabled or disabled Ucast Level The Unknown Unicast or DLF Destination Lookup Failure storm control level Port Channel LAG 802 3ad Commands This section describes the commands you use to configure port channels which are also known as link aggregation groups LAGs Link aggregation allows you to combine multiple full duplex Ethernet links into a single logi...

Page 89: ...all Mode Global Config addport This command adds one port to the port channel LAG The first interface is a logical slot port number of a configured port channel NOTE Before adding a port to a port channel set the physical mode of the port For more information see speed on page 40 Format addport logical slot port Mode Interface Config deleteport Interface Config This command deletes the port from t...

Page 90: ...ort channel static This command sets the static mode on a particular port channel LAG interface to the default value This command will be executed only for interfaces of type port channel LAG Format no port channel static Mode Interface Config port lacpmode This command enables Link Aggregation Control Protocol LACP on a port Default enabled Format port lacpmode Mode Interface Config no port lacpm...

Page 91: ...s of a particular device type actor or partner to either long or short timeout Default long Format port lacptimeout actor partner long short Mode Global Config no port lacptimeout This command sets the timeout for all physical interfaces of a particular device type actor or partner back to their default values Format no port lacptimeout actor partner Mode Global Config port channel adminmode This ...

Page 92: ...command defines a name for the port channel LAG The interface is a logical slot port for a configured port channel and name is an alphanumeric string up to 15 characters Format port channel name logical slot port all name Mode Global Config show port channel brief This command displays the static capability of all port channel LAG interfaces on the device as well as a summary of individual port ch...

Page 93: ...hannel is statically maintained Dynamic The port channel is dynamically maintained Active Ports This field lists ports that are actively participating in the port channel LAG Port Mirroring Port mirroring which is also known as port monitoring selects network traffic that you can analyze with a network analyzer such as a SwitchProbe device or other Remote Monitoring RMON probe monitor session This...

Page 94: ...mode Mode Global Config no monitor This command removes all the source ports and a destination port for the and restores the default value for mirroring session mode for all the configured sessions NOTE This is a stand alone no command This command does not have a nor mal form Default enabled Format no monitor Mode Global Config show monitor session This command displays the Port monitoring inform...

Page 95: ...to 100 static MAC filters Format macfilter macaddr vlanid Mode Global Config no macfilter This command removes all filtering restrictions and the static MAC filter entry for the MAC address macaddr on the VLAN vlanid The macaddr parameter must be specified as a 6 byte hexadecimal number in the format of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN Format no macfilter macaddr v...

Page 96: ...Config show mac address table static This command displays the Static MAC Filtering information for all Static MAC Filters If you select all all the Static MAC Filters in the system are displayed If you supply a value for macaddr you must also enter a value for vlanid and the system displays Static MAC Filter information only for that MAC address and VLAN Format show mac address table static macad...

Page 97: ...face Interface Config Mode This command also enables IGMP snooping on a particular VLAN VLAN Config Mode and can enable IGMP snooping on all interfaces participating in a VLAN If an interface has IGMP Snooping enabled and you enable this interface for routing or enlist it as a member of a port channel LAG IGMP Snooping functionality is disabled on that interface IGMP Snooping functionality is re e...

Page 98: ...nooping fast leave admin mode on a selected interface or VLAN Enabling fast leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC based general queries to the interface You should enable fast leave admin mode only on VLANs where only one host is connected to...

Page 99: ...up Membership Interval time to the default value Format no set igmp groupmembership interval Modes Interface Config Global Config Format no set igmp groupmembership interval vlan_id Mode VLAN Config set igmp maxresponse This command sets the IGMP Maximum Response time for the system or on a particular interface or VLAN The Maximum Response time is the amount of time in seconds that a switch will w...

Page 100: ...at set igmp mcrtrexpiretime vlan_id 0 3600 Mode VLAN Config no set igmp mcrtrexpiretime This command sets the Multicast Router Present Expiration time to 0 The time is set for the system on a particular interface or a VLAN Format no set igmp mcrtrexpiretime Modes Global Config Interface Config Format no set igmp mcrtrexpiretime vlan_id Mode VLAN Config set igmp mrouter This command configures the ...

Page 101: ...r IGMP Snooping The list of VLANS on which IGMP Snooping is enabled When you specify the slot port values the following information appears IGMP Snooping Admin Mode Indicates whether IGMP Snooping is active on the interface Fast Leave Mode Indicates whether IGMP Snooping Fast leave is active on the interface Group Membership Interval The amount of time in seconds that a switch will wait for a repo...

Page 102: ... interface slot port Mode Privileged EXEC Interface The port on which multicast router information is being displayed Multicast Router Attached Indicates whether multicast router is statically enabled on the interface VLAN ID The list of VLANs of which the interface is a member show igmpsnooping mrouter vlan This command displays information about statically configured ports Format show igmpsnoopi...

Page 103: ...on on page 312 port security This command enables port locking at the system level Global Config or port level Interface Config Default disabled Format port security Modes Global Config Interface Config no port security This command disables port locking for one Interface Config or all Global Config ports Format no port security Modes Global Config Interface Config port security max dynamic This c...

Page 104: ...This command removes a MAC address from the list of statically locked MAC addresses Format no port security mac address mac address vid Mode Interface Config port security mac address move This command converts dynamically locked MAC addresses to statically locked addresses Format port security mac address move Mode Interface Config show port security This command displays the port security settin...

Page 105: ...d MAC show port security violation This command displays the source MAC address of the last packet discarded on a locked port Format show port security violation slot port Mode Privileged EXEC MAC Address MAC Address of discarded packet on locked port LLDP 802 1AB Commands This section describes the command you use to configure Link Layer Discovery Protocol LLDP which is defined in the IEEE 802 1A...

Page 106: ...transmit interval that sets the TTL in local data LLDPDUs The multiplier range is 2 10 The reinit seconds is the delay before re initialization and the range is 1 0 seconds Default interval 30 seconds hold 4 reinit 2 seconds Format lldp timers interval interval seconds hold hold value reinit reinit seconds Mode Global Config no lldp timers Use this command to return any or all timing parameters fo...

Page 107: ...erface Config lldp transmit mgmt Use this command to include transmission of the local system management address information in the LLDPDUs Format lldp transmit mgmt Mode Interface Config no lldp transmit mgmt Use this command to include transmission of the local system management address information in the LLDPDUs Use this command to cancel inclusion of the management information in LLDPDUs Forma...

Page 108: ... LLDP statistics Format clear lldp statistics Mode Privileged Exec clear lldp remote data Use this command to delete all information from the LLDP remote data table Format clear lldp remote data Mode Global Config show lldp Use this command to display a summary of the current LLDP configuration Format show lldp Mode Privileged EXEC Transmit Interval How frequently the system transmits local data L...

Page 109: ...nce the last update to the remote table in days hours minutes and seconds Total Inserts Total number of inserts to the remote data table Total Deletes Total number of deletes from the remote data table Total Drops Total number of times the complete remote data received was not inserted due to insufficient resources Total Ageouts Total number of times a complete remote data entry was deleted becaus...

Page 110: ... Chassis ID field Chassis ID The chassis of the remote device Port ID Subtype The type of port on the remote device Port ID The port number that transmitted the LLDPDU System Name The system name of the remote device System Description Describes the remote system by identifying the system name and ver sions of hardware operating system and networking software supported in the device Port Descripti...

Page 111: ...ted in the device Port Description Describes the port in an alpha numeric format System Capabilities Supported Indicates the primary function s of the device System Capabilities Enabled Shows which of the supported system capabilities are enabled Management Address The type of address and the specific address the local LLDP agent uses to send and receive information Denial of Service Protection Co...

Page 112: ...Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having a TCP Header Size smaller then the configured value the packets will be dropped if the mode is enabled The default is disabled If you enable dos control firstfrag but do not provide a Minimum TCP Header Size the system sets that value to 20 Default disabled 2...

Page 113: ...at dos control tcpflag Mode Global Config no dos control tcpflag This command sets disables TCP Flag Denial of Service protections Format no dos control tcpflag Mode Global Config dos control l4port This command enables L4 Port Denial of Service protections If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having Source TCP UDP Port Number equ...

Page 114: ...trol Mod Privileged EXEC SIPDIP Mode May be enabled or disabled The factory default is disabled First Fragment Mode May be enabled or disabled The factory default is disabled Min TCP Hdr Size 0 255 The factory default is 20 TCP Fragment Mode May be enabled or disabled The factory default is disabled TCP Flag Mode May be enabled or disabled The factory default is disabled L4 Port Mode May be enable...

Page 115: ...isplayed You can display the table entry for one MAC Address by specifying the MAC address as an optional parameter Format show mac address table multicast macaddr Mode Privileged EXEC MAC Address A multicast MAC address for which the switch has forwarding and or filter ing information The format is two digit hexadecimal numbers separated by colons for example 01 23 45 67 89 AB In an IVL system th...

Page 116: ...Format show mac address table stats Mode Privileged EXEC Total Entries The total number of entries that can possibly be in the Multicast Forwarding Database table Most MFDB Entries Ever Used The largest number of entries that have been present in the Multicast Forwarding Database table This value is also known as the MFDB high water mark Current Entries The current number of entries in the MFDB ...

Page 117: ...ration Commands are used to configure features and options of the switch For every configuration command there is a show command that will display the configuration setting Clear commands clear some or all of the settings to factory defaults Address Resolution Protocol ARP Commands This section describes the commands you use to configure ARP and to view ARP information on the switch ARP associates...

Page 118: ...P address is reachable The device only responds if all next hops in its route to the destination are through interfaces other than the interface that received the ARP request Default enabled Format ip proxy arp Mode Interface Config no ip proxy arp This command disables proxy ARP on a router interface Format no ip proxy arp Mode Interface Config arp cachesize This command configures the ARP cache ...

Page 119: ...ve integer which represents the IP ARP entry response timeout time in seconds The range for seconds is between 1 10 seconds Default 1 Format arp resptime 1 10 Mode Global Config no arp resptime This command configures the default ARP request response timeout Format no arp resptime Mode Global Config arp retries This command configures the ARP count of maximum request for retries The value for retr...

Page 120: ...ARP cache The displayed results are not the total ARP entries To view the total ARP entries the operator should view the show arp results in conjunction with the show arp switch results Format show arp Mode Privileged EXEC Age Time seconds The time it takes for an ARP entry to age out This is configurable Age time is measured in seconds Response Time seconds The time it takes for an ARP request ti...

Page 121: ...able Response time is measured in seconds Retries The maximum number of times an ARP request is retried This value is con figurable Cache Size The maximum number of entries in the ARP table This value is configurable Dynamic Renew Mode Displays whether the ARP component automatically attempts to renew dynamic ARP entries when they age out Total Entry Count Current Peak The total entries in the ARP...

Page 122: ...Admin Mode for the master switch Format no ip routing Mode Global Config ip address This command configures an IP address on an interface You can also use this command to configure one or more secondary IP addresses on the interface The value for ipaddr is the IP address of the interface The value for subnetmask is a 4 digit dotted decimal number which represents the subnet mask of the interface T...

Page 123: ...rm the following steps Enable ip routing globally Enable ip routing for the interface Confirm that the associated link is also up Default preference 1 Format ip route ipaddr subnetmask nexthopip preference Mode Global Config no ip route This command deletes a single next hop to a destination static route If you use the nexthopip parameter the next hop is deleted If you use the preference value the...

Page 124: ...te distance 1 255 Mode Global Config no ip route distance This command sets the default static route preference value in the router Lower route preference values are preferred when determining the best route Format no ip route distance Mode Global Config ip netdirbcast This command enables the forwarding of network directed broadcasts When enabled network directed broadcasts are forwarded When dis...

Page 125: ...sets the ip mtu to the default value Format no ip mtu mtu Mode Interface Config encapsulation This command configures the link layer encapsulation type for the packet The encapsulation type can be ethernet or snap Default ethernet Format encapsulation ethernet snap Mode Interface Config NOTE Routed frames are always ethernet encapsulated when a frame is routed to a VLAN show ip brief This command ...

Page 126: ...n is enabled or disabled on the system Interface Configuration Status Displays whether the Interface Configuration is enabled or disabled on the system Forward Net Directed Broadcasts Displays whether forwarding of network directed broadcasts is enabled or disabled This value is configurable Proxy ARP Displays whether Proxy ARP is enabled or disabled on the system Local Proxy ARP Displays whether ...

Page 127: ... are Enable or Disable MultiCast Fwd The multicast forwarding administrative mode on the interface Possible val ues are Enable or Disable show ip route This command displays the routing table The ip address specifies the network for which the route is to be displayed and displays the best matching best route for the address The mask specifies the subnet mask for the given ip address When you use t...

Page 128: ...g router interface to use when forwarding traffic to the next desti nation show ip route summary Use this command to display the routing table summary Use the optional all parameter to show the number of all routes including best and non best routes To include only the number of best routes do not use the optional parameter Format show ip route summary all Mode Privileged EXEC User EXEC Connected ...

Page 129: ...SSA preferences is not supported in this release show ip stats This command displays IP statistical information Refer to RFC 1213 for more information about the fields that are displayed Format show ip stats Modes Privileged EXEC User EXEC Virtual LAN Routing Commands This section describes the commands you use to view and configure VLAN routing and to view VLAN routing status information vlan rou...

Page 130: ...Router Redundancy Protocol VRRP and to view VRRP status information VRRP helps provide failover and load balancing when you configure two devices as a VRRP pair ip vrrp Global Config Use this command in Global Config mode to enable the administrative mode of VRRP on the router Default none Format ip vrrp Mode Global Config no ip vrrp Use this command in Global Config mode to disable the default ad...

Page 131: ...al router ID which has an integer value range from 1 to 255 You can use the optional secondary parameter to designate the IP address as a secondary IP address Default none Format ip vrrp vrid ip ipaddr secondary Mode Interface Config no ip vrrp ip Use this command in Interface Config mode to delete a secondary IP address value from the interface To delete the primary IP address you must delete the...

Page 132: ...e priority of a router within a VRRP group Higher values equal higher priority The range is from 1 to 254 The parameter vrid is the virtual router ID whose range is from 1 to 255 The router with the highest priority is elected master If a router is configured with the address used as the address of the virtual router the router is called the address owner The priority of the address owner is alway...

Page 133: ... onds Protocol The protocol configured on the interface State Transitioned to Master The total number of times virtual router state has changed to MASTER Advertisement Received The total number of VRRP advertisements received by this virtual router Advertisement Interval Errors The total number of VRRP advertisements received for which advertisement interval is different than the configured value ...

Page 134: ... for VRRP functionality on the switch Router Checksum Errors The total number of VRRP packets received with an invalid VRRP checksum value Router Version Errors The total number of VRRP packets received with Unknown or unsupported version number Router VRID Errors The total number of VRRP packets received with invalid VRID for this virtual router show ip vrrp interface This command displays all co...

Page 135: ...nds you use to configure BootP DHCP Relay on the switch A DHCP relay agent operates at Layer 3 and forwards DHCP requests and replies between clients and servers when they are not on the same physical subnet bootpdhcprelay cidoptmode This command enables the circuit ID option mode for BootP DHCP Relay on the system Default disabled Format bootpdhcprelay cidoptmode Mode Global Config no bootpdhcpre...

Page 136: ...figures the minimum wait time in seconds for BootP DHCP Relay on the system When the BOOTP relay agent receives a BOOTREQUEST message it MAY use the seconds since client began booting field of the request as a factor in deciding whether to relay the request or not The parameter has a range of 0 to 100 seconds Default 0 Format bootpdhcprelay minwaittime 0 100 Mode Global Config no bootpdhcprelay mi...

Page 137: ...dhcprelay Modes Privileged EXEC User EXEC Maximum Hop Count The maximum allowable relay agent hops Minimum Wait Time Seconds The minimum wait time Admin Mode Indicates whether relaying of requests is enabled or disabled Server IP Address The IP address for the BootP DHCP Relay server Circuit Id Option Mode The DHCP circuit Id option which may be enabled or disabled Requests Received The number or ...

Page 138: ...138 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference ...

Page 139: ...page 197 RF Scan Access Point Status Commands on page 198 Client Association Status and Statistics Commands on page 199 Client Failure and Ad Hoc Status Commands on page 202 Captive Portal Global Commands on page 204 Captive Portal Configuration Commands on page 206 Captive Portal Status Commands on page 213 Captive Portal Client Connection Commands on page 215 Captive Portal Interface Commands on...

Page 140: ... of this command disables the Unified Switch functionality Format no enable Mode Wireless Config country code This command globally configures the country code for the Unified Switch and all managed access points The code may be entered in either upper or lower case When you change the country code the wireless function is disabled and re enabled automatically The show country code command display...

Page 141: ...o method is specified then it enables all the discovery methods Default IP Polling Enable L2 Multicast Enable Format discovery method ip poll l2 multicast Mode Wireless Config ip poll Enable IP based discovery of APs and peer switches l2 multicast Enable L2 based discovery of APs and peer switches no discovery method The no version of this command disables the specified discovery method If no meth...

Page 142: ...no discovery vlan list The no version of this command deletes the VLAN ID from the discovery list If no arguments are specified all VLANs are deleted from the list except for the first entry At least one entry must be configured in the list Format no discovery vlan list 1 4094 Mode Wireless Config ap validation This command configures whether to use the local valid AP database or a RADIUS server t...

Page 143: ...reless Config Mode This command enables Unified Switch SNMP trap groups for wireless system events If no parameters are specified then all traps are enabled Default All Disable Format trapflags ap failure ap state client state peer ws rf scan rogue ap ws status Mode Wireless Config ap failure Enable Disable SNMP traps associated with AP association authentication failures ap state Enable Disable S...

Page 144: ...k list ap failure Time in hours to maintain an entry in the AP association and authentication failure list client failure Time in hours to maintain an entry in the client association and authentication failure list rf scan Time in hours to maintain an entry obtained from an RF scan 0 168 Time in hours from 0 to 168 A value of 0 indicates that entries should never age out no agetime The no version ...

Page 145: ... mtu 1500 Set the Tunnel MTU value to 1500 bytes 1520 Set the Tunnel MTU value to 1520 bytes show wireless This show command displays the configured Unified Switch global parameters and the operational status Format show wireless Mode Privileged EXEC User EXEC Administrative Mode Shows whether the administrative mode is enabled WLAN Switch Operational Mode Shows whether the wireless function on th...

Page 146: ... be configured for different physical radio modes for the configured country code and regulatory domain Format show wireless country code channels Mode Privileged EXEC Channel Lists the available RF channel Mode Shows which mode is allowed for the corresponding channel Possible values are B 802 11b G 802 11g Atheros Atheros 2 4 GHz or 5 GHz modes including Dynamic A 802 11A show wireless discovery...

Page 147: ...ated configured and have an active connection with the Unified Switch Connection Failed Access Points The number of APs that were previously authenticated and managed but lost connection with the Unified Switch Discovered Access Points APs that have a connection with the switch but have not yet been completely configured i e managed APs with a discovered or authenticated status Total Clients This ...

Page 148: ...reless trapflags Mode Privileged EXEC AP Failure Traps Shows whether AP Failure Traps are enabled AP State Change Traps Shows whether AP State Change Traps are enabled Client Failure Traps Shows whether Client Failure Traps are enabled Client State Change Traps Shows whether Client State Change Traps are enabled Peer Switch Traps Shows whether Peer Switch Traps are enabled RF Scan Traps Shows whet...

Page 149: ...ireless tunnel mtu Mode Privileged EXEC Example show wireless tunnel mtu DWS 3024 show wireless tunnel mtu tunnel mtu 1500 clear wireless statistics This clear command resets the global Unified Switch statistics Format clear wireless statistics Mode Privileged EXEC Unified Switch Channel and Power Commands The commands in this section provide status and configuration for automatic channel planning...

Page 150: ...l plan mode for 802 11a bg Configure channel plan mode for 802 11b g 6 24 The channel plan interval in hours no channel plan interval The no version of this command returns the configured channel plan interval to the default Format no channel plan a bg interval Mode Wireless Config channel plan time This command configures the channel plan time for each 802 11a and 802 11b g frequency band When th...

Page 151: ...mand returns the history depth for the channel plan to the default Format no channel plan a bg history depth Mode Wireless Config power plan mode This command configures the power plan mode for managed APs If it is interval power adjustments are computed and applied at every defined interval If it is manual you must start and apply proposed power adjustments manually Default manual Format power pl...

Page 152: ...roposed channel plan clear Clear the current proposed channel plan apply Apply the entire proposed channel plan wireless power plan This command allows you to manage manual power adjustments for the managed APs Format wireless power plan apply clear start Mode Privileged EXEC start Compute new proposed power adjustments clear Clear the proposed power adjustments apply Apply the proposed power adju...

Page 153: ...lgorithm maintains a configured number of iterations of applied channel changes to avoid frequent channel changes to the same managed AP radio Format show wireless channel plan history a bg Mode Privileged EXEC a Configure channel plan mode for 802 11a bg Configure channel plan mode for 802 11b g Current Iteration Indicates the current iteration of the channel plan Operational Status Indicates whe...

Page 154: ...nterval If the mode is manual the power algorithm will not run unless you request it Power Plan Interval If the power adjustment mode is interval this indicates the frequency in minutes that power adjustments are computed and applied show wireless power plan proposed This command displays the proposed power adjustments for a manual request to run the power algorithm The command does not accept any...

Page 155: ...pdate was received from the switch Local Access Point Database Commands The commands in this section provide configuration of the local valid AP database These configurations may also be performed on an external RADIUS server ap database This command adds an AP to the local valid AP database if not already present and enters the AP configuration mode identified by the AP MAC address In AP configur...

Page 156: ...value Mode AP Config value This parameter is an AP location string It should not be more than 32 charac ters long To use spaces in the location enclose the value with quotes for example Conference Room A no location The no version of this command deletes the current location string for the AP Format no location Mode AP Config password AP Config Mode This command configures the password that this A...

Page 157: ...el is not valid for the physical mode configured within the AP configuration profile this configuration is ignored Default channel 0 auto power 0 auto Format radio 1 2 channel channel power 0 100 Mode AP Config 1 2 The radio interface on the AP channel 0 auto or a fixed channel for the radio The valid range is based on the con figured country code 0 100 0 auto or a fixed transmit power for the rad...

Page 158: ...ommands The commands in this section provide configuration of wireless networks network Wireless Config Mode This command adds a network configuration if not already present and enters the network configuration mode In this mode you can modify the network configuration parameters Default Networks 1 8 are created by default Format network 1 64 Mode Wireless Config 1 64 Integer ID for the network no...

Page 159: ...Config 1 4094 A valid VLAN ID no vlan The no version of this command sets the default VLAN ID for the network to its default value Format no vlan Mode Network Config hide ssid This command enables hiding of the SSID for this network If enabled the SSID is not included in the AP beacon frames Default Disable Format hide ssid Mode Network Config no hide ssid The no version of this command disables h...

Page 160: ...lue is applicable only when the security mode is configured for static WEP authentication and encryption Default Open System Format wep authentication open system shared key shared key Mode Network Config open system No authentication required shared key Clients are required to authenticate to the network using a shared key no wep authentication The no version of this command sets WEP authenticati...

Page 161: ...thentication The no version of this command disables MAC authentication on the network Format no mac authentication Mode Network Config radius use ap profile This command indicates to use the global AP profile RADIUS configuration for authentication on this network Default Enable Format radius use ap profile Mode Network Config no radius use ap profile The no version of this command indicates to o...

Page 162: ...ret and then again to confirm the secret Format radius server secret Mode Network Config radius accounting This command enables RADIUS accounting mode for authentication on this network Default Disable Format radius accounting Mode Network Config no radius accounting The no version of this command disables RADIUS accounting mode for authentication on this network Format no radius accounting Mode N...

Page 163: ...CCMP encryption no wpa ciphers The no version of this command WPA returns supported cipher suites to the default value Format no wpa ciphers Mode Network Config wpa key This command configures the WPA shared key This is an alphanumeric string in the range 8 64 characters The configured key is used when the network security mode is set to WPA shared key Default None Format wpa key value Mode Networ...

Page 164: ...ess mask A valid subnet mask no tunnel subnet The no version of this command deletes the configured tunnel subnet parameters Format no tunnel subnet Mode Network Config wpa2 pre authentication This command enables WPA2 pre authentication support for client roaming Default Enable Format wpa2 pre authentication Mode Network Config no wpa2 pre authentication The no version of this command disables WP...

Page 165: ... a limit on the number of APs within the peer group to which one client is allowed to pre authenticate Default 0 no limit Format wpa2 pre authentication limit 0 192 Mode Network Config 0 192 Valid WPA2 pre authentication limit no wpa2 pre authentication limit The no version of this command sets the configured WPA2 pre authentication limit to its default value Format no wpa2 pre authentication limi...

Page 166: ...nfigured WEP transfer key index The number of characters required depends on the configured WEP key type and length Format wep key 1 4 value Mode Network Config 1 4 A valid WEP key index value The WEP key itself entered in ASCII or HEX format The following list shows the number of keys to enter in the field 64 bit ASCII 5 characters Hex 10 characters 128 bit ASCII 13 characters Hex 26 characters 1...

Page 167: ...ork security mode is set to WEP shared key The WEP key length affects the number of characters required for a valid WEP key and therefore changing the WEP key length will reset all keys Default 128 Format wep key length 64 128 152 Mode Network Config no wep key length The no version of this command returns the WEP key length to its default value Format no wep key length Mode Network Config clear N...

Page 168: ...uthentication RADIUS Server Secret Configured Indicates whether a value is configured for the RADIUS secret RADIUS Accounting Mode Indicates whether RADIUS accounting is enabled WEP Transfer Key Index If WEP Shared Key security mode is enabled indicates which WEP key will be used for encryption WEP Key Type If WEP Shared Key security mode is enabled specifies the type of the WEP keys configured WE...

Page 169: ... modify an AP profile at any time If the profile is associated with one or more Managed APs you must use the wireless ap profile apply command to send the changes to those APs Default 1 Default Format ap profile 1 16 Mode Wireless Config 1 16 Identifier for the AP Profile no ap profile The no version of this command deletes a configured AP profile If the profile is referenced by an entry in the va...

Page 170: ...d RADIUS server IP address Format no radius server host Mode AP Profile Config radius server secret This command configures a RADIUS server secret global to the AP profile This is an alphanumeric string in the range 0 64 characters The secret can be overridden within each VAP via the network configuration Default None Format radius server secret Mode AP Profile Config radius accounting This comman...

Page 171: ...client This command configures a client MAC address in the MAC authentication list Format mac authentication client macaddr Mode AP Profile Config macaddr A valid MAC address no mac authentication client The no version of this command deletes an entry from the MAC authentication list Format no mac authentication client macaddr Mode AP Profile Config ap profile copy This command copies an entire ex...

Page 172: ...s ap profile 1 16 mac authentication client macaddr Mode Privileged EXEC macaddr MAC address of a physical AP AP Profile ID Existing AP profile ID Profile Name A descriptive name for the corresponding AP profile ID Profile Status Indicates the current AP profile status Configured the profile exists no managed APs are configured with the pro file Associated one or more managed APs are configured wi...

Page 173: ...trative mode of the radio interface to the on state Default on Format enable Mode AP Profile Radio Config no enable The no version of this command configures the administrative mode of the radio interface to the off state Format no enable Mode AP Profile Radio Config rf scan other channels This command enables the radio to perform RF scanning on channels other than its operating channel The option...

Page 174: ...n channels within specified mode frequency a Perform RF scan on all 802 11a channels 5 GHz frequency bg Perform RF scan on all 802 11b g channels 2 4 GHz frequency all Perform RF scan on all channels no rf scan sentry The no version of this command disables dedicated scanning and enables normal operation of the radio Format no rf scan sentry Mode AP Profile Radio Config rf scan duration This comma...

Page 175: ...Radio Config super a This command enables the Super A mode on the radio Super A mode enables Atheros frame compression and fast frames mode In order to use channel aggregation the radio must be set to Atheros Dynamic Turbo mode Default Disabled Format super a Mode AP Profile Radio Config no super a The no version of this command disables the Super A mode on the radio Format no super a Mode AP Prof...

Page 176: ...condary Select primary antenna for transmit receive Default primary Format antenna auto primary secondary Mode AP Profile Radio Config no antenna Use this command to set the Antenna Diversity feature on the AP to the default value Format no antenna Mode AP Profile Radio Config beacon interval The command configures the beacon interval for the radio The beacon interval indicates the interval at whi...

Page 177: ...gmentation Default 2346 no fragmentation Format fragmentation threshold 256 2346 Mode AP Profile Radio Config 256 2346 Fragmentation threshold for the radio even values no fragmentation threshold The no version of this command configures the fragmentation threshold to the default value Format no fragmentation threshold Mode AP Profile Radio Config rts threshold This command configures the RTS thre...

Page 178: ...channel adjustment for the radio This indicates the initial AP channel assignment can be automatically adjusted by the switch If the optional parameter is specified selection for the 802 11a channels is limited to a pre defined subset of channels this only applies to a radio in 802 11a mode Default Disabled Format channel auto limit a channels Mode AP Profile Radio Config no channel auto The no ve...

Page 179: ... to its default value Format no power default Mode AP Profile Radio Config rate This command is used to configure the list of supported and advertised client data rates for the radio The supported rates are those the AP will allow when setting up communications with client stations The advertised rates are those the AP will advertise to clients in its beacons Default 802 11a supported 6 9 12 18 24...

Page 180: ...traffic Default Enabled Format wmm Mode AP Profile Radio Config no wmm The no version of this command disables WMM mode for the radio Format no wmm Mode AP Profile Radio Config load balance This command enables load balancing The optional utilization parameter indicates the percentage of network utilization allowed on the radio before clients are denied 0 indicates that no load balancing is perfor...

Page 181: ...adio does not allow any client associations RF Scan Sentry Scan Channels Indicates which set of channels are scanned when sentry scan mode is enabled for example 802 11a indicates the radio will scan all channels within the 802 11a frequency band 5 GHz RF Scan Duration Indicates how long the radio will scan on one channel This configura tion applies to both scan other channels mode and sentry scan...

Page 182: ...alue is only displayed for 802 11a mode Automatic Power Adjustment Indicates if automatic power adjustment is enabled If enabled the switch may modify the power on the radio due to changes in per formance Default Power Indicates a default power setting for the radio If automatic power adjustment is disabled this indicates a fixed power setting otherwise it indicates the ini tial power setting befo...

Page 183: ...aximum Contention Window 7 msecs Maximum Burst Duration 1500 usec Video AIFS 1 msec Minimum Contention Window 7 msecs Maximum Contention Window 15 msecs Maximum Burst Duration 3000 usec Best Effort AIFS 3 msec Minimum Contention Window 15 msecs Maximum Contention Window 63 msecs Maximum Burst Duration 0 usec Background AIFS 7 msec Minimum Contention Window 15 msecs Maximum Contention Window 1023 m...

Page 184: ... for each of these queues Default Voice AIFS 2 msec Minimum Contention Window 3 msecs Maximum Contention Window 7 msecs Transmission Opportunity Limit 47 msecs Video AIFS 2 msec Minimum Contention Window 7 msecs Maximum Contention Window 15 msecs Transmission Opportunity Limit 94 msecs Best Effort AIFS 3 msec Minimum Contention Window 15 msecs Maximum Contention Window 1023 msecs Transmission Oppo...

Page 185: ...red AP profile ID Profile Name Name associated with the AP Profile ID Radio Index AP profile radio interface Mode The configured physical mode for the radio WMM Mode Indicates the Wireless Multimedia mode of the radio Arbitration Inter frame Spacing AP EDCA and station EDCA wait time for data frames ranges 1 255 milliseconds Minimum Contention Window AP EDCA and station EDCA upper limit of a range...

Page 186: ...es the configured VAP on the radio This command is not valid for VAP 0 Format no enable Mode AP Profile VAP Config network AP Profile VAP Config Mode This command configures the network to apply to the VAP A VAP must be configured with a network therefore the network cannot be deleted Default The default networks 1 8 are applied to VAP0 VAP7 in order Format network 1 64 Mode AP Profile VAP Config ...

Page 187: ...y maintained until the next time the AP is discovered AP or switch reset This command prompts for the debug password each time it is invoked NOTE The AP admin user password will remain changed on the AP Default Disable Format wireless ap debug macaddr Mode Privileged EXEC macaddr Managed AP MAC Address no wireless ap debug The no version of this command disables AP debug mode The managed AP UI wil...

Page 188: ...ion it is maintained until the next time the AP is discovered AP or switch reset Format wireless ap power set macaddr radio 1 2 0 100 Mode Privileged EXEC macaddr Managed AP MAC Address 1 2 Radio Index to be configured on the managed AP 0 100 Power to be configured for the radio on the managed AP wireless ap reset This command requests the switch to reset the managed AP indicated by the MAC addres...

Page 189: ...plied to the managed AP the profile is assigned to the AP in the valid AP database Note Once an AP is discov ered and managed by the Unified Switch if the profile is changed in the valid AP database either locally or on the RADIUS server the AP must be reset to configure with the new profile Vendor ID Vendor of the AP software this is learned from the AP during discovery Protocol Version Indicates...

Page 190: ...covery Protocol Status The current managed state of the AP The possible values are Discovered The AP is discovered and by the switch but is not yet authenti cated Authenticated The AP has been validated and authenticated if authentica tion is enabled but it is not configured Managed The AP profile configuration has been applied to the AP and it is operating in managed mode Failed The Unified Switc...

Page 191: ...nfigured and assigned to the radio A fixed channel can be configured in the valid AP database locally or on a RADIUS server Manual Channel Adjustment Status Indicates the current state of a manual request to change the channel on this radio Fixed Power Indicator This flag indicates if a fixed power setting is configured and assigned to the radio A fixed transmit power can be configured in the vali...

Page 192: ...anaged AP is displayed If a VAP ID is specified the detailed status is displayed Format show wireless ap macaddr radio 1 2 vap 0 7 status Mode Privileged EXEC macaddr Switch managed AP MAC address 1 2 The radio interface on the AP 0 7 VAP ID MAC Address The Ethernet address of the switch managed AP Location A location description for the AP this is the value configured in the valid AP database eit...

Page 193: ...cates the managed status of the AP whether this is a valid AP known to the switch or a Rogue on the network The valid values are WS Managed The neighbor AP is managed by this switch The neighbor AP status can be referenced using its base MAC address Peer WS Managed The neighbor AP is managed by another switch within the peer group Standalone The AP is managed in standalone mode and configured as a...

Page 194: ...methods are more common for client neighbor detection Probe Request The managed AP received a probe request from the client Associated This neighbor is associated to another managed AP Associated to this AP The client is associated to this managed AP on the dis played radio Ad Hoc Rogue The client was detected as part of an Ad Hoc network Age Indicates the time since this client was last reported ...

Page 195: ... on the AP MAC Address The Ethernet address of the switch managed AP Location A description for the AP this is the value configured in the valid AP database either locally or on the RADIUS server Radio Indicates a radio interface on the AP WLAN Packets Received Total packets received by the AP on this radio interface WLAN Bytes Received Total bytes received by the AP on this radio interface WLAN P...

Page 196: ...tatistics for each VAP on a switch managed AP radio All parameters are required and the command displays a detailed view of the current statistics Format show wireless ap macaddr radio 1 2 vap 0 7 statistics Mode Privileged EXEC macaddr Switch managed AP MAC address 1 2 The radio interface on the AP 0 7 VAP ID MAC Address The Ethernet address of the switch managed AP Location A description for the...

Page 197: ...ed APs that have successfully down loaded their code for the current code download request Failure Count Indicates the total number of managed APs that have failed to download their code for the current code download request Access Point Failure Status Commands The commands in this section provide views and management of data maintained for access point association and authentication failures clea...

Page 198: ...an data obtained from the managed access points clear wireless ap rf scan list This command deletes all entries from the RF scan list entries normally age out according to the configured age time Format clear wireless ap rf scan list Mode Privileged EXEC show wireless ap rf scan status This command displays summary or detailed data for APs detected via RF scan on the managed APs If the optional MA...

Page 199: ...nd Statistics Commands The commands in this section provide views and management of all status and statistics for wireless clients In addition to commands to display data from the associated client perspective this section includes commands to display a view of all clients associated to a specific VAP and to display a view of all clients associated to a specific SSID wireless client disassociate T...

Page 200: ...ata forwarding mode indicates the current assigned VLAN User Name Indicates the user name of clients that have authenticated via 802 1x Clients on networks with other security modes will not have a user name Transmit Data Rate Indicates the rate at which the client station is currently transmitting data Inactive Period For current association period of time that the AP has not seen any traffic for...

Page 201: ...nt macaddr neighbor ap status Mode Privileged EXEC macaddr Client MAC address MAC Address The Ethernet address of the client station AP MAC Address The base Ethernet address of the switch managed AP Location The configured descriptive location for the managed AP Radio The radio on the managed AP that detected this client as a neighbor Discovery Reason Indicates one or more discovery methods for th...

Page 202: ...cified the display will only show clients associated to that network The SSID network may exist on one or more managed AP VAPs Format show wireless ssid ssid client status Mode Privileged EXEC ssid Service Set Identifier for the network MAC Address The Ethernet address of the client station SSID Indicates the network on which the client is connected Client Failure and Ad Hoc Status Commands The co...

Page 203: ...is client Age Time since failure occurred show wireless client adhoc status This command displays summary or detailed data for Ad Hoc clients detected on the network by a managed AP Format show wireless client macaddr adhoc status Mode Privileged EXEC macaddr Client MAC address MAC Address The Ethernet address of the client If the Detection Mode is Beacon then the client is represented as an AP in...

Page 204: ...onfig enable This command globally enables or disables the captive portal feature on the switch Default Disable Format enable Mode Captive Portal Config Mode no enable The no version of this command disables the captive portal functionality Default Disable Format no enable Mode Captive Portal Config Mode http port This command configures an additional HTTP port Valid port numbers are in the range ...

Page 205: ...ample of the command Switch Config CP no statistics interval cr authentication timeout This command configures the authentication timeout If the captive portal user does not enter valid credentials within this time limit the authentication page needs to be served again in order for the client to gain access to the network The timeout variable is the authentication timeout which is a number in the ...

Page 206: ...als Shows the number of supported captive portals in the system Active Captive Portals Shows the number of captive portal instances that are operationally enabled Captive Portal Configuration Commands The commands in this section are related to captive portal configurations configuration Captive Portal Use this command to enter the Captive Portal Instance Mode The captive portal configuration iden...

Page 207: ...s Mode Captive Portal Instance Mode verification This command configures the verification mode for a captive portal configuration The type of user verification to perform can be one of the following Guest The user does not need to be authenticated by a database Local The switch uses a local database to authenticated users RADIUS The switch uses a database on a remote RADIUS server to authenticate ...

Page 208: ...ct url mode This command enables or disables the redirect mode for a captive portal configuration Default Disable Format redirect url mode Mode Captive Portal Instance Mode no redirect url mode This command disables the redirect mode for a captive portal configuration Format no redirect url mode Mode Captive Portal Instance Mode redirect url Use this command to specify the URL to which the newly a...

Page 209: ...e maximum rate at which a client can receive data from the network Default 0 Format rate limit down rate Mode Captive Portal Instance Mode Rate Rate in bps 0 indicates the limit is not enforced Example The following shows an example of the command Switch Config CP rate limit down 100 cr no rate limit down Use this command to set the rate limit down to the default value Format no rate limit down Mo...

Page 210: ... After this limit has been reached the user will be disconnected If the value is set to 0 then the limit is not enforced Default 0 Format rate limit output octets bytes Mode Captive Portal Instance Mode Bytes Output octets in bytes 0 indicates the limit is not enforced Example The following shows an example of the command Switch Config CP rate limit output octets 100 cr no rate limit output octets...

Page 211: ...n timeout for a captive portal configuration The timeout variable is a number that represents the session timeout in seconds Use 0 to indicate that the timeout is not enforced Default 0 Format session timeout timeout Mode Captive Portal Instance Mode no session timeout Use this command to set the session timeout for a captive portal configuration to the default value Format no session timeout Mode...

Page 212: ...efault value Format intrusion threshold time Mode Captive Portal Instance Mode Example The following shows an example of the command Switch Config CP no intrusion threshold cr locale This command is not intended to be a user command The administrator must use the WEB UI to create and customize captive portal web content This command is primarily used by the FASTPATH show running config command and...

Page 213: ...rmat show captive portal configuration cp id Mode Privileged EXEC CP ID Shows the captive portal ID CP Name Shows the captive portal name Operational Status Shows whether the captive portal is enabled or disabled Disable Reason If the captive portal is disabled this field indicates the reason Blocked Status Shows the blocked status which is Blocked or Not Blocked Authenticated Users Shows the numb...

Page 214: ... or disabled Protocol Shows the current connection protocol which is either HTTP or HTTPS Verification Shows the current account type which is Guest Local or RADIUS If you include the optional cp id status keywords the following additional information appears Group Name Identifies the group to which the user belongs Session Timeout seconds Shows the number of seconds a user is permitted to remain ...

Page 215: ...AC Address Identifies the MAC address of the wireless client if applicable Client IP Address Identifies the IP address of the wireless client if applicable Protocol Shows the current connection protocol which is either HTTP or HTTPS Verification Shows the current account type which is Guest Local or RADIUS Session Time Shows the amount of time that has passed since the client was authorized If you...

Page 216: ...nt connection protocol which is either HTTP or HTTPS Verification Mode Shows the current account type which is Guest Local or RADIUS CP ID Shows the captive portal ID the connected client is using CP Name Shows the name of the captive portal the connected client is using User Name Displays the user name or Guest ID of the connected client show captive portal configuration client status This comman...

Page 217: ...ch is Guest Local or RADIUS Attempts Shows the number of times the client has unsuccessfully tried to log on to the captive portal Last Attempt Shows the time when the client last tried to log on If you use the optional macaddr information the following additional information appears CP ID Shows the captive portal ID the connected client is using CP Name Shows the name of the captive portal the co...

Page 218: ...nterface configuration cp id status Mode Privileged EXEC Intf Valid slot and port number separated by forward slashes Intf Description Describes the interface CP ID Shows the captive portal ID the connected client is using CP Name Shows the name of the captive portal the connected client is using Type Shows the type of interface show captive portal interface capability This command displays all th...

Page 219: ...atabase If the user has an existing session it is disconnected Format no user user id Mode Captive Portal Config Mode Example The following shows an example of the command Switch Config CP no user 1 cr user password encrypted This command modifies the password for the associated captive portal user The command accepts the password in an encrypted format The encrypt pwd variable is the password in ...

Page 220: ... Config Mode user idle timeout This command sets the session idle timeout value for the associated captive portal user The user name variable is a user configured in the local database The timeout variable is a number that represents the idle timeout in seconds Use 0 to indicate that the timeout is not enforced Default 0 Format user user name idle timeout timeout Mode Captive Portal Config Mode no...

Page 221: ...the captive portal The user id variable is the user ID which can be from 1 to 128 alphanumeric characters The bps variable is the client receive rate in bits per second bps 0 denotes unlimited bandwidth Default 0 Format user user id rate limit down bps Mode Captive Portal Config Mode Example The following shows an example of the command Switch Config CP user 1 rate limit down 128000 cr no user rat...

Page 222: ... no user 1 rate limit input octets cr user rate limit output octets Use this command to limit the number of octets the user is allowed to receive After this limit has been reached the user will be disconnected 0 octets denote unlimited transmission The user id variable is the user ID which can be from 1 to 128 alphanumeric characters The octets variable is the number of bytes Default 0 Format user...

Page 223: ... to the default value Format no user user id rate limit total octets Mode Captive Portal Config Mode Example The following shows an example of the command Switch Config CP no user 1 rate limit total octets cr show captive portal user This command displays all configured users or a specific user in the captive portal local user database Enter the optional username to view information about the spec...

Page 224: ... Config Mode no user group Use this command to delete a user group Format no user group group name Mode Captive Portal Config Mode user group name Use this command to configure a group name The group id variable is a number in the range of 1 10 The name variable can be up to 32 alphanumeric characters Format user group group id name name Mode Captive Portal Config Mode user group rename This comma...

Page 225: ...is command displays the information in the captive portal activity log Format show captive portal activity log Mode Privileged EXEC clear captive portal activity log This command deletes all entries from the captive portal activity log Format clear captive portal activity log Mode Privileged EXEC ...

Page 226: ...226 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference ...

Page 227: ...switch For every configuration command there is a show command that will display the configuration setting Show commands are used to display device settings statistics and other information Class of Service CoS Commands This section describes the commands you use to configure and view Class of Service CoS settings for the switch The commands in this section allow you to control the priority and tr...

Page 228: ...lasses depends on the platform Format classofservice ip dscp mapping ipdscp trafficclass Mode Global Config no classofservice ip dscp mapping This command maps each IP DSCP value to its default internal traffic class value Format no classofservice ip dscp mapping Mode Global Config classofservice trust This command sets the class of service trust mode of an interface You can set the mode to trust ...

Page 229: ...s queue min bandwidth This command restores the default for each queue s minimum bandwidth value Format no cos queue min bandwidth Modes Global Config Interface Config cos queue strict This command activates the strict priority scheduler mode for each specified queue Format cos queue strict queue id 1 queue id 2 queue id n Modes Global Config Interface Config no cos queue strict This command resto...

Page 230: ...riority value Traffic Class The traffic class internal queue identifier to which the user priority value is mapped show classofservice ip precedence mapping This command displays the current IP Precedence mapping to internal traffic classes for a specific interface The slot port parameter is optional and is only valid on platforms that support independent per port class of service mappings If spec...

Page 231: ... port parameter is optional and is only valid on platforms that support independent per port class of service mappings If specified the class of service queue configuration of the interface is displayed If omitted the most recent global configuration settings are displayed Format show interfaces cos queue slot port Mode Privileged EXEC Queue Id An interface supports n queues numbered 0 to n 1 The ...

Page 232: ...f one referenced nested class Class definitions do not support hierarchical service policies A given class definition can contain a maximum of one reference to another class You can combine the reference with other match criteria The referenced class is truly a reference and not a copy since additions to a referenced class affect all classes that reference it Changes to any class definition curren...

Page 233: ...ngs to the class NOTE Once you create a class match criterion for a class you cannot change or delete the criterion To change or delete a class match criterion you must delete and re create the entire class The CLI command root is class map class map This command defines a DiffServ class of type match all When used without any match condition this command enters the class map mode The class map na...

Page 234: ...lass map This command adds to the specified class definition the set of match conditions defined for another class The refclassname is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition There is no default value Format match class map refclassname Mode Class Map Config NOTE The parameters refclassname and class map name can not be t...

Page 235: ...y is one of the supported port name keywords The currently supported portkey values are domain echo ftp ftpdata http smtp snmp telnet tftp www Each of these translates into its equivalent port number To specify the match condition using a numeric notation one layer 4 port number is required The port number is an integer from 0 to 65535 Default none Format match dstl4port portkey 0 65535 Mode Class...

Page 236: ...n a packet For example to check for an IP TOS value having bits 7 and 5 set and bit 1 clear where bit 7 is most significant use a tosbits value of a0 hex and a tosmask of a2 hex NOTE The IP DSCP IP Precedence and IP ToS match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation NOTE This free form ...

Page 237: ...t number which is used as both the start and end of a port range To specify the match condition as a numeric value one layer 4 port number is required The port number is an integer from 0 to 65535 Default none Format match srcl4port portkey 0 65535 Mode Class Map Config DiffServ Policy Commands Use the DiffServ policy commands to specify traffic conditioning actions such as policing and marking to...

Page 238: ...op Mode Policy Class Map Config Incompatibilities Assign Queue Mark all forms Police conform color Use this command to enable color aware traffic policing and define the conform color class map Used in conjunction with the police command where the fields for the conform level are specified The class map name parameter is the name of an existing Diffserv class map NOTE This command may only be used...

Page 239: ...e is inserted The CoS value is an integer from 0 to 7 Default 1 Format mark cos 0 7 Mode Policy Class Map Config Incompatibilities Drop Mark IP DSCP IP Precedence Police mark ip dscp This command marks all packets for the associated traffic stream with the specified IP DSCP value The dscpval value is specified as either an integer from 0 to 63 or symbolically through one of the following keywords ...

Page 240: ...an IP Precedence value is required and is specified as an integer from 0 7 For set cos transmit an 802 1p priority value is required and is specified as an integer from 0 7 Format police simple 1 4294967295 1 128 conform action drop set prec transmit 0 7 set dscp transmit 0 63 set cos transmit 0 7 transmit violate action drop set prec transmit 0 7 set dscp transmit 0 63 set cos transmit 0 7 transm...

Page 241: ...in the inbound direction The policyname parameter is the name of an existing DiffServ policy This command causes a service to create a reference to the policy NOTE This command effectively enables DiffServ on an interface in the inbound direction There is no separate interface administrative mode command for DiffServ NOTE This command fails if any attributes within the policy definition exceed the...

Page 242: ... Match Criteria The Match Criteria fields are only displayed if they have been configured Not all platforms support all match criteria values They are displayed in the order entered by the user The fields are evaluated in accordance with the class type The possible Match Criteria fields are Destination IP Address Destina tion Layer 4 Port Destination MAC Address Ethertype Source MAC Address VLAN C...

Page 243: ...ance Table Policy Attribute Table Size Current number of entries rows in the Policy Attribute Table Policy Attribute Table Max Maximum allowed entries rows for the Policy Attribute Table Service Table Size The current number of entries rows in the Service Table Service Table Max The maximum allowed entries rows for the Service Table show policy map This command displays all configuration informati...

Page 244: ...The current setting for the action taken on a packet considered to not conform to the policing parameters This is not displayed if policing not in use for the class under this policy Non Conform COS The CoS mark value if the non conform action is set cos transmit Non Conform DSCP Value The DSCP mark value if the non conform action is set dscp transmit Non Conform IP Precedence Value The IP Precede...

Page 245: ... Valid slot and port number separated by forward slashes Direction The traffic direction of this interface service OperStatus The current operational status of this DiffServ service interface Policy Name The name of the policy attached to the interface in the indicated direction show policy map interface This command displays policy oriented statistics information for the specified interface and d...

Page 246: ...etwork resources The following rules apply to MAC ACLs The maximum number of ACLs you create is 100 regardless of type The system supports only Ethernet II frame types The maximum number of rules per MAC ACL is hardware dependent If you configure an IP ACL on an interface you cannot configure a MAC ACL on the same interface mac access list extended This command creates a MAC Access Control List AC...

Page 247: ...ist NOTE For assign queue attributes are configurable for a deny rule but they have no operational effect A rule may either deny or permit traffic according to the specified classification fields At a minimum the source and destination MAC value must be specified each of which may be substituted using the keyword any to indicate a match on any value in that field The remaining command parameters a...

Page 248: ...ied by name to an interface in a given direction The name parameter must be the name of an existing MAC ACL An optional sequence number may be specified to indicate the order of this mac access list relative to other mac access lists already assigned to this interface and direction A lower number indicates higher precedence order If a sequence number is already in use for this interface and direct...

Page 249: ...t only authorized users have access to specific resources and block any unwarranted attempts to reach network resources The following rules apply to IP ACLs D Link Unified Wired Wireless Access System software does not support IP ACL config uration for IP packet fragments The maximum number of ACLs you can create is 100 regardless of type The maximum number of rules per IP ACL is hardware dependen...

Page 250: ...eue attributes are configurable for a deny rule but they have no operational effect every Match every packet icmp igmp ip tcp udp number Specifies the protocol to filter for an extended IP ACL rule srcip srcmask Specifies a source IP address and source netmask for match condition of the IP ACL rule eq portkey 0 65535 Specifies the source layer 4 port match condition for the IP ACL rule You can use...

Page 251: ...nce number is not specified for this command a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used Default none Format ip access group accesslistnumber in sequence 1 4294967295 Modes Interface Config Global Config no ip access group This command removes a specified IP ACL from an interface Default none Format no ip access g...

Page 252: ...he value specified for IP TOS Log Displays when you enable logging for the rule Assign Queue The queue identifier to which packets matching this rule are assigned show access lists This command displays IP ACLs and MAC access control lists information for a designated interface and direction Format show access lists interface slot port in Mode Privileged EXEC ACL Type Type of access list IP or MAC...

Page 253: ...gs statistics and other information Configuration commands configure features and options of the switch For every configu ration command there is a show command that displays the configuration setting Copy commands transfer or save configuration and informational files to and from the switch Clear commands clear some or all of the settings to factory defaults Power Over Ethernet Commands This sect...

Page 254: ... to determine which ports will supply power if adequate power capacity is not available for all enabled ports For ports that have the same priority level the lower numbered port will have higher priority Default low Format poe priority low high critical Mode Global Config Interface Config no poe priority This command resets the priority level to the default Format no poe priority Mode Global Confi...

Page 255: ... of N A Format show poe port slot port all Mode Privileged EXEC Slot Port The slot and port number associated with the rest of the data in the row Admin Mode The admin mode of the port Class The class of the powered device according to IEEE802 3af definition as shown in the following table Priority The priority defined by the poe priority command which can be low high or critical Output Power The ...

Page 256: ...command activates the specified image It will be the active image for subsequent reboots and will be loaded by the boot loader The current active image is marked as the backup image for subsequent reboots Format boot system image file name Mode Privileged EXEC show bootvar This command displays the version information and the activation status for the current active and backup images The command a...

Page 257: ...rface For a service port the output is Management For a network port the output is the slot port of the physical interface show eventlog This command displays the event log which contains error messages from the system The event log is not cleared on a system reset Format show eventlog Mode Privileged EXEC File The file in which the event originated Line The line number of the event Task Id The ta...

Page 258: ... switch Operating System The operating system currently running on the switch Network Processing Device The type of the processor microcode Additional Packages The additional packages incorporated into this system show interface This command displays a summary of statistics for a specific interface or a count of all CPU traffic based upon the argument Format show interface slot port switchport Mod...

Page 259: ...rding Database Address Table entries now active on the switch including learned and static entries VLAN Entries Currently In Use The number of VLAN entries presently occupying the VLAN table Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this switch were last cleared show interface ethernet This command displays detailed statistics for ...

Page 260: ... received that were longer than 1522 octets excluding framing bits but including FCS octets and were otherwise well formed Packets RX and TX 64 Octets The total number of packets including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets Packets RX and TX 65 127 Octets The total number of packets including bad packets received and t...

Page 261: ... packets Packets Received with MAC Errors Total The total number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Jabbers Received The total number of packets received that were longer than 1518 octets excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or...

Page 262: ...scarded that are des tined for FF FF FF FF FF FF when Broadcast Storm Recovery is enabled CFI Discards The number of frames discarded that have CFI bit set and the addresses in RIF are in non canonical format Upstream Threshold The number of frames discarded due to lack of cell descriptors available for that packet s priority level Packets Transmitted Octets Total Bytes The total number of octets ...

Page 263: ... be transmitted to the Broadcast address including those that were discarded or not sent Transmit Errors Total Errors The sum of Single Multiple and Excessive Collisions Tx FCS Errors The total number of packets transmitted that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octe...

Page 264: ... number of times attempted GVRP regis trations could not be completed GMRP PDUs Received The count of GMRP PDU s received in the GARP layer GMRP PDUs Transmitted The count of GMRP PDU s transmitted from the GARP layer GMRP Failed Registrations The number of times attempted GMRP regis trations could not be completed STP BPDUs Transmitted Spanning Tree Protocol Bridge Protocol Data Units sent STP BP...

Page 265: ...haracters Packets Transmitted without Errors The total number of packets transmitted out of the interface Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transm...

Page 266: ...ble macaddr vlan_id all count inter face slot port vlan vlan_id Mode Privileged EXEC The following information displays if you do not enter a parameter the keyword all or the MAC address and VLAN ID If you enter vlan vlan_id only the Mac Address Interface and Status fields appear Mac Address A unicast MAC address for which the switch has forwarding and or filtering information The format is 6 or 8...

Page 267: ...ing config Use this command to display or capture the current setting of different protocol packages supported on the switch This command displays or captures commands with settings and configurations that differ from the default value To display or capture the commands with settings and configurations that are equal to the default value include the all option NOTE Show running config does not dis...

Page 268: ...tch reboot MIBs Supported A list of MIBs supported by this agent show tech support Use the show tech support command to display system and configuration information when you contact technical support The output of the show tech support command combines the output of the following commands show version show sysinfo show port all show logging show event log show logging buffered show trap log show r...

Page 269: ...ables the D Link Unified Wired Wireless Access System software to log all CLI commands issued on the system Default enabled Format logging cli command Mode Global Config no logging cli command This command disables the CLI command Logging feature Format no logging cli command Mode Global Config logging console This command enables logging to the console You can specify the severitylevel value as e...

Page 270: ...eritylevel Mode Global Config logging host remove This command disables logging to host See show logging hosts on page 271 for a list of host indexes Format logging host remove hostindex Mode Global Config logging port This command sets the local port number of the LOG client for logging messages The portid can be in the range from 1 to 65535 Default 514 Format logging port portid Mode Global Conf...

Page 271: ...re dropped or ignored Log Messages Dropped Number of messages that could not be processed due to error or lack of resources Log Messages Relayed Number of messages sent to the collector relay show logging buffered This command displays buffered logging system startup and system operation logs Format show logging buffered Mode Privileged EXEC Buffered In Memory Logging Shows whether the In Memory l...

Page 272: ...scribes the commands you use to help troubleshoot connectivity issues and to restore various configurations to their factory defaults traceroute Use the traceroute command to discover the routes that packets actually take when traveling to their destination through the network on a hop by hop basis The ipaddr value should be a valid IP address The port value should be a valid decimal integer in th...

Page 273: ... command resets all user passwords to the factory defaults without powering off the switch You are prompted to confirm that the password reset should proceed Format clear pass Mode Privileged EXEC clear port channel This command clears all port channels LAGs Format clear port channel Mode Privileged EXEC clear traplog This command clears the trap log Format clear traplog Mode Privileged EXEC clear...

Page 274: ...station the switch is connected to through the default VLAN VLAN 1 as long as there is a physical path between the switch and the workstation The terminal interface sends three pings to the target station Format ping ipaddr Modes Privileged EXEC User EXEC quit This command closes the current telnet connection or resets the current serial connection The system asks you whether to save configuration...

Page 275: ...m log url Copies the log file to a server nvram script scriptname url Copies a specified configuration script file to a server nvram startup con fig url Copies the startup configuration to a server nvram traplog url Copies the trap log file to a server system running con fig nvram startup con fig Saves the running configuration to nvram url nvram clibanner Downloads the CLI banner to the system ur...

Page 276: ...lar feature This command also disables the corresponding show commands The key parameter specifies the hexadecimal key for the feature Format no license advanced key Mode Privileged EXEC show key features This command displays the enabled or disabled status for all keyable features url nvram sslpem root Downloads an HTTP secure server certif icate For more information see Hyper text Transfer Proto...

Page 277: ...m 6 to 16 Default 6 Format sntp broadcast client poll interval poll interval Mode Global Config no sntp broadcast client poll interval This command resets the poll interval for SNTP broadcast client back to the default value Format no sntp broadcast client poll interval Mode Global Config sntp client mode This command enables Simple Network Time Protocol SNTP client mode and may set the mode to ei...

Page 278: ...nt poll interval This command resets the poll interval for SNTP unicast clients to its default value Format no sntp unicast client poll interval Mode Global Config sntp unicast client poll timeout This command will set the poll timeout for SNTP unicast clients in seconds to a value from 1 30 Default 5 Format sntp unicast client poll timeout poll timeout Mode Global Config no sntp unicast client po...

Page 279: ...cast clients to its default value Format no sntp multicast client poll interval Mode Global Config sntp server This command configures an SNTP server a maximum of three The optional priority can be a value of 1 3 the version a value of 1 4 and the port id a value of 1 65535 Format sntp server ipaddress priority version portid Mode Global Config no sntp server This command deletes an server from th...

Page 280: ...tp server Mode Privileged EXEC Server IP Address IP address of configured SNTP Server Server Type Address Type of Server Server Stratum Claimed stratum of the server for the last received valid packet Server Reference ID Reference clock identifier of the server for the last received valid packet Server Mode SNTP Server mode Server Maximum Entries Total number of SNTP Servers allowed Server Current...

Page 281: ...ier for a DHCP client Unique identifier is a valid notation in hexadecimal format In some systems such as Microsoft DHCP clients the client identifier is required instead of hardware addresses The unique identifier is a concatenation of the media type and the MAC address For example the Microsoft client identifier for Ethernet address c819 2488 f177 is 01c8 1924 88f1 77 where 01 represents the Eth...

Page 282: ...nd removes the default router list Format no default router Mode DHCP Pool Config dns server This command specifies the IP servers available to a DHCP client Address parameters are valid IP addresses each made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid Default none Format dns server address1 address2 address8 Mode DHCP Pool Config no dns server This command remove...

Page 283: ...e Format host address mask prefix length Mode DHCP Pool Config no host This command removes the IP address of the DHCP client Format no host Mode DHCP Pool Config lease This command configures the duration of the lease for an IP address that is assigned from a DHCP server to a DHCP client The overall lease time should be between 1 86400 minutes If you specify infinite the lease is set for 60 days ...

Page 284: ...prefixlength Mode DHCP Pool Config no network This command removes the subnet number and mask Format no network Mode DHCP Pool Config bootfile The command specifies the name of the default boot image for a DHCP client The filename specifies the boot image file Format bootfile filename Mode DHCP Pool Config no bootfile This command deletes the boot image name Format no bootfile Mode DHCP Pool Confi...

Page 285: ...at no netbios name server Mode DHCP Pool Config netbios node type The command configures the NetBIOS node type for Microsoft Dynamic Host Configuration Protocol DHCP clients type Specifies the NetBIOS node type Valid types are b node Broadcast p node Peer to peer m node Mixed h node Hybrid recommended Default none Format netbios node type type Mode DHCP Pool Config no netbios node type This comman...

Page 286: ...fault none Format option code ascii string hex string1 string2 string8 ip address1 address2 address8 Mode DHCP Pool Config no option This command removes the DHCP Server options The code parameter specifies the DHCP option code Format no option code Mode DHCP Pool Config ip dhcp excluded address This command specifies the IP addresses that a DHCP server should not assign to DHCP clients Low addres...

Page 287: ...dresses and sets the number of packets to 0 Default 0 Format no ip dhcp ping packets Mode Global Config service dhcp This command enables the DHCP server Default disabled Format service dhcp Mode Global Config no service dhcp This command disables the DHCP server Format no service dhcp Mode Global Config ip dhcp bootp automatic This command enables the allocation of the addresses to the bootp clie...

Page 288: ... from 0 to 255 IP address 0 0 0 0 is invalid Format clear ip dhcp binding address Mode Privileged EXEC clear ip dhcp server statistics This command clears DHCP server statistics counters Format clear ip dhcp server statistics Mode Privileged EXEC clear ip dhcp conflict The command is used to clear an address conflict from the DHCP Server database The server detects conflicts using a ping DHCP serv...

Page 289: ...atic Shows whether BootP for dynamic pools is enabled or disabled show ip dhcp pool configuration This command displays pool configuration If all is specified configuration for all the pools is displayed Format show ip dhcp pool configuration name all Modes Privileged EXEC User EXEC Pool Name The name of the configured pool Pool Type The pool type Lease Time The lease expiration time of the IP add...

Page 290: ... number of DHCPINFORM messages the server has received Message Sent DHCP OFFER The number of DHCPOFFER messages the server sent DHCP ACK The number of DHCPACK messages the server sent DHCP NACK The number of DHCPNACK messages the server sent show ip dhcp conflict This command displays address conflicts logged by the DHCP Server If no IP address is specified all the conflicting addresses are displa...

Page 291: ...ip dhcp filtering This command disables DHCP filtering Format no ip dhcp filtering Mode Global Config ip dhcp filtering trust This command configures an interface as trusted Default untrusted Format ip dhcp filtering trust Mode Interface Config no ip dhcp filtering trust This command returns an interface to the default value for DHCP filtering Format no ip dhcp filtering trust Mode Interface Confi...

Page 292: ...292 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference ...

Page 293: ... Pre login Banner and System Prompt Commands on page 328 The commands in this chapter are divided into three functional groups Show commands display switch settings statistics and other information Configuration commands configure features and options of the switch For every configu ration command there is a show command that displays the configuration setting Copy commands transfer or save config...

Page 294: ...p dhcp Mode Privileged EXEC network parms This command sets the IP address subnet mask and gateway of the device The IP address and the gateway must be on the same subnet Format network parms ipaddr netmask gateway Mode Privileged EXEC network protocol This command specifies the network configuration protocol to be used If you modify this value change is effective immediately If you use the bootp ...

Page 295: ...specifies whether or not the switch should allow access to the Java applet in the header frame of the Web interface When access is enabled the Java applet can be viewed from the Web interface When access is disabled the user cannot view the Java applet Default enabled Format network javamode Mode Privileged EXEC no network javamode This command disallows access to the Java applet in the header fra...

Page 296: ...uired to be unique When concatenated with dot1dStpPriority a unique BridgeIdentifier is formed which is used in the Spanning Tree Protocol MAC Address Type The MAC address which should be used for in band connectivity The choices are the burned in or the Locally Administered address The factory default is to use the burned in MAC address Network Configuration Protocol Current The network protocol ...

Page 297: ...ives you access to the Line Config mode which allows you to configure various Telnet settings and the console port Format lineconfig Mode Global Config serial baudrate This command specifies the communication rate of the terminal interface The supported rates are 1200 2400 4800 9600 19200 38400 57600 115200 Default 9600 Format serial baudrate 1200 2400 4800 9600 19200 38400 57600 115200 Mode Line ...

Page 298: ...is 9600 baud Character Size bits The number of bits in a character The number of bits is always 8 Flow Control Whether Hardware Flow Control is enabled or disabled Hardware Flow Con trol is always disabled Stop Bits The number of Stop bits per character The number of Stop bits is always 1 Parity Type The Parity Method used on the Serial Port The Parity Method is always None Telnet Commands This se...

Page 299: ...ns can be established until there are no more sessions available An established session remains active until the session is ended or an abnormal network error ends the session NOTE If the Telnet Server Admin Mode is disabled Telnet sessions cannot be estab lished Use the ip telnet server enable command to enable Telnet Server Admin Mode Default enabled Format transport input telnet Mode Line Confi...

Page 300: ...aximum number of simultaneous outbound Telnet sessions to the default value Format no session limit Mode Line Config session timeout This command sets the Telnet session timeout value The timeout value unit of time is minutes Default 5 Format session timeout 1 160 Mode Line Config no session timeout This command sets the Telnet session timeout value to the default The timeout value unit of time is...

Page 301: ...60 Mode Privileged EXEC no telnetcon timeout This command sets the Telnet connection session timeout value to the default NOTE Changing the timeout value for active sessions does not become effective until the session is reaccessed Also any keystroke activates the new timeout duration Format no telnetcon timeout Mode Privileged EXEC show telnet This command displays the current outbound Telnet set...

Page 302: ...ultaneous remote connection sessions allowed The factory default is 5 Allow New Telnet Sessions New Telnet sessions will not be allowed when this field is set to no The factory default value is yes Secure Shell SSH Command This section describes the commands you use to configure SSH access to the switch Use SSH to access the switch from a remote management host NOTE The system allows a maximum of ...

Page 303: ... the maximum number of allowed SSH connection sessions to the default value Format no sshcon maxsessions Mode Privileged EXEC sshcon timeout This command sets the SSH connection session timeout value in minutes A session is active as long as the session has been idle for the value set The time is a decimal value from 1 to 160 Changing the timeout value for active sessions does not become effective...

Page 304: ...using a Web browser is enabled by default Everything you can view and configure by using the CLI is also available by using the Web ip http server This command enables access to the switch through the Web interface When access is enabled the user can login to the switch from the Web interface When access is disabled the user cannot login to the switch s Web server Disabling the Web interface takes...

Page 305: ...e default value Format no ip http secure port Mode Privileged EXEC ip http secure protocol This command is used to set protocol levels versions The protocol level can be set to TLS1 SSL3 or to both TLS1 and SSL3 Default SSL3 and TLS1 Format ip http secure protocol SSL3 TLS1 Mode Privileged EXEC show ip http This command displays the http settings for the switch Format show ip http Mode Privileged ...

Page 306: ...me this session has been idle Session Time Total time this session has been connected Session Type Shows the type of session which can be telnet serial or SSH User Account Commands This section describes the commands you use to add manage and delete system users D Link Unified Wired Wireless Access System software has two default users admin and guest The admin user can view and configure system s...

Page 307: ...nter You must enter the username in the same case you used when you added the user To see the case of the username enter the show users command NOTE To specify a blank password in the configuration script you must specify it as a space within quotes for example For more information about creating configuration scripts see Configuration Scripting Commands on page 326 Default no password Format user...

Page 308: ...ol to be used for the specified user The valid authentication protocols are none md5 or sha If you specify md5 or sha the login password is also used as the snmpv3 authentication password and therefore must be at least eight characters in length The username is the user name associated with the authentication protocol You must enter the username in the same case you used when you added the user To...

Page 309: ...tem Format show users Mode Privileged EXEC User Name The name the user enters to login using the serial port Telnet or Web Access Mode Shows whether the user is able to change parameters on the switch Read Write or is only able to view them Read Only As a factory default the admin user has Read Write access and the guest has Read Only access There can only be one Read Write user and up to five Rea...

Page 310: ...ic and private which you can rename default values for the remaining four community names are blank Format snmp server community name Mode Global Config no snmp server community This command removes this community name from the table The name is the community name to be deleted Format no snmp server community name Mode Global Config snmp server community ipaddr This command sets a client IP addres...

Page 311: ...be up to 16 alphanumeric characters Format no snmp server community ipmask name Mode Global Config snmp server community mode This command activates an SNMP community If a community is enabled an SNMP manager associated with this community manages the switch according to its access right If the community is disabled no SNMP requests using this community are accepted In this case the SNMP manager a...

Page 312: ...rotected Ports Commands on page 65 Default disabled Format snmp server enable traps violation Mode Interface Config no snmp server enable traps violation This command disables the sending of new violation traps Format no snmp server enable traps violation Mode Interface Config snmp server enable traps This command enables the Authentication Flag Default enabled Format snmp server enable traps Mode...

Page 313: ...s are sent only if the Link Trap flag setting associated with the port is enabled See snmp trap link status on page 315 Default enabled Format snmp server enable traps linkmode Mode Global Config no snmp server enable traps linkmode This command disables Link Up Down traps for the entire switch Format no snmp server enable traps linkmode Mode Global Config snmp server enable traps multiusers This ...

Page 314: ...s not need to be unique however the name and ipaddr pair must be unique Multiple entries can exist with the same name as long as they are associated with a different ipaddr The reverse scenario is also acceptable The name is the community name used when sending the trap to the receiver but the name is not directly associated with the SNMP Community Table See snmp server community on page39 Default...

Page 315: ...trap mode name ipaddr Mode Global Config no snmptrap mode This command deactivates an SNMP trap Disabled trap receivers are unable to receive traps Format no snmptrap mode name ipaddr Mode Global Config snmp trap link status This command enables link status traps by interface NOTE This command is valid only when the Link Up Down Flag is enabled See snmp server enable traps linkmode on page 313 For...

Page 316: ...nsitive alphanumeric string of up to 16 characters Each row of this table must contain a unique community name Client IP Address An IP address or portion thereof from which this device will accept SNMP packets with the associated community The requesting entity s IP address is ANDed with the Subnet Mask before being compared to the IP address Note If the Subnet Mask is set to 0 0 0 0 an IP address...

Page 317: ...bled The factory default is enabled Indicates whether link status traps will be sent Multiple Users Flag Can be enabled or disabled The factory default is enabled Indicates whether a trap will be sent when the same user ID is logged into the switch more than once at the same time either through Telnet or the serial port Spanning Tree Flag Can be enabled or disabled The factory default is enabled I...

Page 318: ... one of the servers by issuing the no form of the command If you use the optional port parameter the command configures the UDP port number to use when connecting to the configured RADIUS server The port number range is 1 65535 with 1812 being the default value NOTE To re configure a RADIUS authentication server to use the default UDP port set the port parameter to 1812 If you use the acct token t...

Page 319: ...dr variable then the outgoing interface IP address that is used to send the packet to the RADIUS server is added as NAS IP Address Default disabled Format radius server attribute 4 ipaddr Mode Global Config no radius server attribute 4 Use this command to disable the Radius Attribute 4 NAS IP Address inclusion in RADIUS requests Format radius server attribute 4 Mode Global Config radius server key...

Page 320: ... used in this command will become the new primary server The IP address must match that of a previously configured RADIUS authentication server Format radius server primary ipaddr Mode Global Config radius server retransmit This command sets the maximum number of times a request packet is re transmitted when no response is received from the RADIUS server The retries value is an integer in the rang...

Page 321: ... servers If the optional token servers is not included the following RADIUS configuration items are displayed Format show radius servers Mode Privileged EXEC Primary Server IP Address The configured server currently in use for authentication Number of configured servers The configured IP address of the authentication server Max number of retransmits The configured value of the maximum number of ti...

Page 322: ... between the most recent Accounting Response and the Accounting Request that matched it from the RADIUS accounting server Requests The number of RADIUS Accounting Request packets sent to this accounting server This number does not include retransmissions Retransmission The number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server Responses The number of RADIUS pack...

Page 323: ... Access Accepts The number of RADIUS Access Accept packets including both valid and invalid packets which were received from this server Access Rejects The number of RADIUS Access Reject packets including both valid and invalid packets which were received from this server Access Challenges The number of RADIUS Access Challenge packets including both valid and invalid packets which were received fr...

Page 324: ...y multiple hosts multiple tacacs server host commands can be used Format tacacs server host ip address Mode Global Config no tacacs server host Use the no tacacs server host command to delete the specified hostname or IP address The ip address parameter is the IP address of the TACACS server Format no tacacs server host ip address Mode Global Config tacacs server key Use the tacacs server key comm...

Page 325: ...and encryption key for all TACACS communications between the device and the TACACS server This key must match the key used on the TACACS daemon The key string parameter specifies the key name For an empty string use Range 0 128 characters Format key key string Mode TACACS Config port Use the port command in TACACS Configuration mode to specify a server port number The server port number range is 0...

Page 326: ...and edit them Then you can download the edited files to the system and apply the new configuration You can apply configuration scripts to one or more switches with no or minor modifications Use the show running config command see show running config on page 267 to capture the running configuration into a script Use the copy command see copy on page 275 to transfer the configuration script to or fr...

Page 327: ...lies the commands in the script to the switch The scriptname parameter is the name of the script to apply Format script apply scriptname Mode Privileged EXEC script delete This command deletes a specified script where the scriptname parameter is the name of the script to delete The all option deletes all the scripts present on the switch Format script delete scriptname all Mode Privileged EXEC scr...

Page 328: ...er and System Prompt Commands This section describes the commands you use to configure the pre login banner and the system prompt The pre login banner is the text that displays before you login at the User prompt copy pre login banner The copy command includes the option to upload or download the CLI Banner to or from the switch You can specify local URLs by using TFTP Xmodem Ymodem or Zmodem Defa...

Page 329: ... cachesize 118 arp dynamicrenew 118 arp purge 119 arp resptime 119 arp retries 119 arp timeout 120 arp 117 assign queue 238 authentication login 73 authentication timeout 205 authorization network radius 321 auto negotiate all 38 auto negotiate 38 beacon interval 176 block 213 boot system 256 bootfile 284 bootpdhcprelay cidoptmode 135 bootpdhcprelay enable 135 bootpdhcprelay maxhopcount 136 bootpd...

Page 330: ...ar captive portal activity log 225 clear captive portal client failure 217 clear captive portal users 224 clear config 272 clear counters 273 clear dot1x statistics 73 clear igmpsnooping 273 clear ip dhcp binding 288 clear ip dhcp conflict 288 clear ip dhcp server statistics 288 clear lldp remote data 108 clear lldp statistics 108 clear pass 273 clear port channel 273 clear radius statistics 74 cl...

Page 331: ...rstfrag 112 dos control icmp 114 dos control l4port 113 dos control sipdip 112 dos control tcpflag 113 dos control tcpfrag 112 dot1x default login 74 dot1x guest vlan supplicant 74 dot1x guest vlan 74 dot1x initialize 75 dot1x login 75 dot1x max req 75 dot1x port control all 76 dot1x port control 75 dot1x re authenticate 76 dot1x re authentication 76 dot1x system auth control 77 dot1x timeout 77 d...

Page 332: ...logging 288 ip dhcp excluded address 286 ip dhcp filtering trust 291 ip dhcp filtering 291 ip dhcp ping packets 287 ip dhcp pool 281 ip http secure port 305 ip http secure protocol 305 ip http secure server 304 ip http server 304 ip mtu 124 ip netdirbcast 124 ip proxy arp 118 ip route default 123 ip route distance 124 ip route 123 ip routing 122 ip ssh protocol 302 ip ssh server enable 303 ip ssh ...

Page 333: ...ing host remove 270 logging host 270 logging port 270 logging syslog 270 logout 274 mac access group 248 mac access list extended rename 247 mac access list extended 246 mac authentication action 171 mac authentication client 171 mac authentication 161 macfilter addsrc all 96 macfilter addsrc 95 macfilter 95 mark cos 239 mark ip dscp 239 mark ip precedence 239 match any 234 match class map 234 mat...

Page 334: ...lan 53 network parms 294 network protocol 294 next server 285 no monitor 94 option 286 password AP Config Mode 156 peer group 141 ping 274 poe limit 253 poe priority 254 poe usagethreshold 254 police simple 240 policy map rename 241 policy map 240 port lacpmode all 90 port lacpmode 90 port lacptimeout Global Config 91 port lacptimeout Interface Config 91 port 325 port channel adminmode 91 port cha...

Page 335: ...us server host 161 radius server host 170 radius server host 318 radius server key 319 radius server msgauth 319 radius server primary 320 radius server retransmit 320 radius server secret 162 radius server secret 170 radius server timeout 320 radius use ap profile 161 rate 179 rate limit down 209 rate limit input octets 209 rate limit output octets 210 rate limit total octets 210 rate limit up 20...

Page 336: ...set igmp groupmembership interval 99 set igmp interfacemode 98 set igmp maxresponse 99 set igmp mcrtrexpiretime 100 set igmp mrouter interface 100 set igmp mrouter 100 set igmp 97 set prompt 328 show access lists 252 show arp brief 121 show arp switch 121 show arp switch 257 show arp 120 show authentication users 79 show authentication 79 show bootpdhcprelay 137 show bootvar 256 show captive porta...

Page 337: ...how dot1q tunnel 64 show dot1x users 82 show dot1x 79 show dvlan tunnel 64 show eventlog 257 show forwardingdb agetime 115 show garp 68 show gmrp configuration 71 show gvrp configuration 69 show hardware 257 show igmpsnooping mrouter interface 102 show igmpsnooping mrouter vlan 102 show igmpsnooping 101 show interface ethernet 259 show interface 258 show interfaces cos queue 231 show interfaces sw...

Page 338: ... 271 show logging traplogs 272 show logging 271 show loginsession 306 show mac access lists 249 show mac address table gmrp 72 show mac address table igmpsnooping 102 show mac address table multicast 115 show mac address table static 96 show mac address table staticfiltering 96 show mac address table stats 116 show mac addr table 266 show monitor session 94 show network 295 show poe port 255 show ...

Page 339: ...tacacs 326 show tech support 268 show telnet 301 show telnetcon 302 show trapflags modified command 148 show trapflags 317 show users authentication 82 show users 309 show version 258 show vlan association mac 62 show vlan association subnet 62 show vlan brief 61 show vlan port 61 show vlan 60 show wireless agetime 148 show wireless ap database 157 show wireless ap download 196 show wireless ap fa...

Page 340: ...46 show wireless discovery ip list 146 show wireless discovery vlan list 147 show wireless discovery 146 show wireless network 167 show wireless peer switch 155 show wireless power plan proposed 154 show wireless power plan 154 show wireless rates 182 show wireless ssid client status 202 show wireless statistics 148 show wireless status 147 show wireless trapflags 148 show wireless tunnel mtu 149 ...

Page 341: ...e 42 spanning tree configuration revision 42 spanning tree edgeport 43 spanning tree forceversion 43 spanning tree forward time 43 spanning tree hello time 44 spanning tree max age 44 spanning tree max hops 45 spanning tree mst instance 46 spanning tree mst priority 46 spanning tree mst vlan 47 spanning tree mst 45 spanning tree port mode all 48 spanning tree port mode 47 spanning tree 41 speed al...

Page 342: ...sions 300 telnetcon timeout 301 timeout 326 traceroute 272 traffic shape 229 transport input telnet 299 transport output telnet 299 trapflags Wireless Config Mode 143 tunnel subnet 164 tunnel 163 tunnel mtu 145 update bootcode 256 user group name 224 user group 219 user group 224 user idle timeout 220 user password encrypted 219 user rate limit down 221 user rate limit input octets 221 user rate l...

Page 343: ...n protocol group add protocol 57 vlan protocol group remove 57 vlan protocol group 57 vlan pvid 59 vlan routing 129 vlan tagging 59 vlan 53 wep authentication 160 wep key length 167 wep key type 166 wep key 166 wep tx key 160 wireless ap channel set 187 wireless ap debug 187 wireless ap download start 188 wireless ap download 187 wireless ap power set 188 wireless ap profile apply 171 wireless ap ...

Page 344: ... 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference wpa2 pre authentication limit 165 wpa2 pre authentication timeout 164 wpa2 pre authentication 164 write memory 307 ...

Reviews:

No comments

Related manuals for DWL-3500AP

3Com NBX 100 Release Note preview
NBX 100
Brand: 3Com Pages: 8
Field Controls 46112100 Manual preview
46112100
Brand: Field Controls Pages: 4
ADDER GEMAV2GEM Installation And Use Manual preview
GEMAV2GEM
Brand: ADDER Pages: 46
Network Technologies VEEMUX SM-nXm-15V-LC Installation And Operation Manual preview
VEEMUX SM-nXm-15V-LC
Brand: Network Technologies Pages: 46
LOVATO ELECTRIC ATL900 Instruction Manual preview
ATL900
Brand: LOVATO ELECTRIC Pages: 37
FCI FS10A Installation & Operation Manual preview
FS10A
Brand: FCI Pages: 78
Alpha Cordex HP CXRF 48-2.4kW Manual preview
Cordex HP CXRF 48-2.4kW
Brand: Alpha Pages: 56
Versa Technology VX-GPH8245 User Manual preview
VX-GPH8245
Brand: Versa Technology Pages: 26
Eagle E301DA Product Manual preview
E301DA
Brand: Eagle Pages: 2
Horstmann ServicePlus S11 User Operating Instructions Manual preview
ServicePlus S11
Brand: Horstmann Pages: 8
MLis MLB-E4203-28-F User Manual preview
MLB-E4203-28-F
Brand: MLis Pages: 85
Good Way USB 2-to-6 User Manual preview
USB 2-to-6
Brand: Good Way Pages: 13
Campbell HUB-SDM8 Instruction Manual preview
HUB-SDM8
Brand: Campbell Pages: 10
A SYSTEMS AV800HD User Manual preview
AV800HD
Brand: A SYSTEMS Pages: 80
Shure WA360 Quick Start Manual preview
WA360
Brand: Shure Pages: 3
IOGear MiniView G-CS12 Owner'S Manual preview
MiniView G-CS12
Brand: IOGear Pages: 18
Nortek GoControl WA00Z-1 Instruction Manual preview
GoControl WA00Z-1
Brand: Nortek Pages: 4
3Com SuperStack 3 3C16440A User Manual preview
SuperStack 3 3C16440A
Brand: 3Com Pages: 8

Brands by name

Popular brands

Load more brands