D-Link DWS-4000 Series Cli Command Reference Download

Page: 409 / 566

401

IP Access Control List Commands

IP Standard ACL:

IP Extended ACL:

no access-list

This command deletes an IP ACL that is identified by the parameter

accesslistnumber>

from the system. The range

for

accesslistnumber>

1-99 for standard access lists and 100-199 for extended access lists.

Format

access-list

<1-99> {deny | permit} {every | <srcip> <srcmask>} [log] [assign-

queue <queue-id>] [mirror <slot/port>]

Mode

Global Config

Format

access-list

<100-199> {deny | permit} {every | {{icmp | igmp | ip | tcp | udp

| <number>} <srcip> <srcmask>[{eq {<portkey> | <0-65535>} <dstip> <dstmask>

[{eq {<portkey>| <0-65535>}] [precedence <precedence> | tos <tos> <tosmask> |

dscp <dscp>] [log] [assign-queue <queue-id>] [mirror <slot/port>]

Mode

Global Config

Table 10: ACL Command Parameters

Parameter

Description

<1-99> or <100-199>

Range 1 to 99 is the access list number for an IP standard ACL. Range 100 to
199 is the access list number for an IP extended ACL.

{deny | permit}

Specifies whether the IP ACL rule permits or denies an action.

Note:

Assign-queue and mirror attributes are configurable for a deny rule,

but they have no operational effect.

every

Match every packet.

{icmp | igmp | ip | tcp | udp |

<number>}

Specifies the protocol to filter for an extended IP ACL rule.

<srcip> <srcmask>

Specifies a source IP address and source netmask for match condition of the
IP ACL rule.

[{eq {<portkey> |

<0-65535>}]

Specifies the source layer 4 port match condition for the IP ACL rule. You can
use the port number, which ranges from 0-65535, or you specify the

<portkey>

, which can be one of the following keywords:

domain, echo,

ftp, ftpdata, http, smtp, snmp, telnet, tftp

, and

www

. Each of

these keywords translates into its equivalent port number, which is used as
both the start and end of a port range.

<dstip> <dstmask>

Specifies a destination IP address and netmask for match condition of the IP
ACL rule.

[precedence <precedence> | tos

<tos> <tosmask> | dscp <dscp>]

Specifies the TOS for an IP ACL rule depending on a match of precedence or
DSCP values using the parameters

dscp

precedence

tos/tosmask

[log]

Specifies that this rule is to be logged.

[assign-queue <queue-id>]

Specifies the assign-queue, which is the queue identifier to which packets
matching this rule are assigned.

[mirror <slot/port>]

Specifies the mirror interface which is the slot/port to which packets matching
this rule are copied.

Format

no access-list

<accesslistnumber>

Mode

Global Config

Summary of Contents for DWS-4000 Series

Page 2: ...omestic environment this product may cause radio interference in which case the user may be required to take adequate measures Warnung Dies ist ein Produkt der Klasse A Im Wohnbereich kann dieses Produkt Funkstoerungen verursachen In diesem Fall kann vom Benutzer verlangt werden angemessene Massnahmen zu ergreifen Precaución Este es un producto de Clase A En un entorno doméstico puede causar inter...

Page 3: ...h Modules 6 Command Modes 6 Command Completion and Abbreviation 8 CLI Error Messages 9 CLI Line Editing Conventions 9 Using CLI Help 10 Accessing the CLI 11 Section 3 Switching Commands 13 Port Configuration Commands 14 Spanning Tree Protocol Commands 18 VLAN Commands 32 Double VLAN Commands 43 Voice VLAN Commands 45 Provisioning IEEE 802 1p Commands 47 Protected Ports Commands 47 GARP Commands 49...

Page 4: ...f Service Commands 146 MAC Database Commands 154 ISDP Commands 156 Section 4 Routing Commands 163 Address Resolution Protocol Commands 163 IP Routing Commands 168 Router Discovery Protocol Commands 177 Virtual LAN Routing Commands 180 Virtual Router Redundancy Protocol Commands 181 DHCP and BOOTP Relay Commands 187 IP Helper Commands 189 Routing Information Protocol Commands 190 ICMP Throttling Co...

Page 5: ...ortal Status Commands 359 Captive Portal Client Connection Commands 362 Captive Portal Interface Commands 365 Captive Portal Local User Commands 367 Captive Portal User Group Commands 374 Section 7 Quality of Service Commands 375 Class of Service Commands 375 Differentiated Services Commands 381 DiffServ Class Commands 382 DiffServ Policy Commands 387 DiffServ Service Commands 390 DiffServ Show Co...

Page 6: ...Network Interface Commands 473 Console Port Access Commands 476 Telnet Commands 478 Secure Shell Commands 481 Management Security Commands 483 Hypertext Transfer Protocol Commands 485 Access Commands 489 User Account Commands 490 SNMP Commands 496 RADIUS Commands 504 TACACS Commands 515 Configuration Scripting Commands 517 Pre login Banner and System Prompt Commands 519 Section 10 Unified Switch L...

Page 7: ...522 Table 15 Trap Mgr Log Message 523 Table 16 DHCP Filtering Log Messages 523 Table 17 NVStore Log Messages 523 Table 18 RADIUS Log Messages 523 Table 19 TACACS Log Messages 524 Table 20 LLDP Log Message 525 Table 21 SNTP Log Message 525 Table 22 EmWeb Log Messages 525 Table 23 CLI_UTIL Log Messages 525 Table 24 WEB Log Messages 526 Table 25 CLI_WEB_MGR Log Messages 526 Table 26 SSHD Log Messages...

Page 8: ...Q Log Messages 531 Table 40 802 1S Log Messages 531 Table 41 Port Mac Locking Log Message 531 Table 42 Protocol based VLANs Log Messages 531 Table 43 ACL Log Messages 532 Table 44 CoS Log Message 532 Table 45 DiffServ Log Messages 532 Table 46 DHCP Relay Log Messages 533 Table 47 Routing Table Manager Log Messages 533 Table 48 VRRP Log Messages 533 Table 49 ARP Log Message 534 Table 50 RIP Log Mes...

Page 9: ...nagement and other packages ABOUT UNIFIED SWITCH SOFTWARE The Unified Switch software has two purposes Assist attached hardware in switching frames based on Layer 2 3 or 4 information contained in the frames Provide a complete device management portfolio to the network administrator SCOPE Unified Switch software encompasses both hardware and software support The software is partitioned to run in t...

Page 10: ...s for managing both Unified Switch software and the network You can manage the Unified Switch software by using one of the following three methods Command Line Interface CLI Simple Network Management Protocol SNMP Web based Each of the Unified Switch management methods enables you to configure manage and control the software locally or remotely using in band or out of band mechanisms Management is...

Page 11: ...s such as show network or clear vlan do not require parameters Other commands such as network parms require that you supply a value after the command You must type the parameter values in a specific order and optional parameters follow required parameters The following example describes the network parms command syntax Format network parms ipaddr netmask gateway network parms is the command name i...

Page 12: ...that you can enter in place of the brackets and text inside them curly braces choice1 choice2 Indicates that you must select a parameter from the list of choices Vertical bars choice1 choice2 Separates the mutually exclusive choices Braces within square brackets choice1 choice2 Indicates a choice within an optional element Table 2 Parameter Descriptions Parameter Description ipaddr This parameter ...

Page 13: ... the command without the keyword no to re enable a disabled feature or to enable a feature that is disabled by default Only the configuration commands are available in the no form Table 3 Type of Slots Slot Type Description Physical slot numbers Physical slot numbers begin with zero and are allocated up to the maximum number of physical slots Logical slot numbers Logical slots immediately follow p...

Page 14: ...g DWS 4026 Vlan Groups all the VLAN commands Interface Config DWS 4026 Interface slot port DWS 4026 Interface Loopback id Manages the operation of an interface and provides access to the router interface configuration commands Use this mode to set up a physical port for a specific logical connection operation Line Config DWS 4026 line Contains commands to configure outbound telnet settings and con...

Page 15: ...s Ctrl Z Interface Config From the Global Config mode enter interface slot port or interface loopback id or To exit to the Global Config mode enter exit To return to the Privileged EXEC mode enter Ctrl Z Line Config From the Global Config mode enter lineconfig To exit to the Global Config mode enter exit To return to the Privileged EXEC mode enter Ctrl Z Policy Map Config From the Global Config mo...

Page 16: ...ap profile 1 16 where 1 16 is the profile ID To exit to Wireless Config mode enter exit To return to User EXEC mode enter Ctrl Z AP Profile Radio Config Mode From the AP Profile Config mode enter radio 1 2 To exit to AP Profile Config mode enter exit To return to User EXEC mode enter Ctrl Z AP Profile VAP Config Mode From the AP Profile Radio Config mode enter vap 0 15 where 0 15 is the VAP ID To ...

Page 17: ...Command not found Incomplete command Use to list commands Indicates that you did not enter the required keywords or values Ambiguous command Indicates that you did not enter enough letters to uniquely identify the command Table 8 CLI Editing Conventions Key Sequence Description Delete or Backspace Delete previous character Ctrl A Go to beginning of line Ctrl E Go to end of line Ctrl F Go forward o...

Page 18: ...nfigure the Management VLAN ID of the switch parms Configure Network Parameters of the router protocol Select DHCP BootP or None as the network config protocol If the help output shows a parameter in angle brackets you must replace the parameter with a value DWS 4026 network parms ipaddr Enter the IP address If there are no additional command keywords or parameters or if additional parameters are ...

Page 19: ...nection you must use a direct connection to the console port You cannot access the system remotely until the system has an IP address subnet mask and default gateway You can set the network configuration information manually or you can configure the system to accept these settings from a BOOTP or DHCP server on your network For more information see Network Interface Commands on page 473 ...

Page 21: ...9 Port Mirroring on page 94 Static MAC Filtering on page 95 L2 DHCP Relay Agent Commands on page 99 DHCP Client Commands on page 104 DHCP Snooping Configuration Commands on page 105 Dynamic ARP Inspection Commands on page 112 IGMP Snooping Configuration Commands on page 119 IGMP Snooping Querier Commands on page 125 Port Security Commands on page 129 LLDP 802 1AB Commands on page 132 LLDP MED Comm...

Page 22: ...c negotiation on a port no auto negotiate This command disables automatic negotiation on a port auto negotiate all This command enables automatic negotiation on all ports no auto negotiate all This command disables automatic negotiation on all ports Format interface slot port Mode Global Config Default enabled Format auto negotiate Mode Interface Config Note Automatic sensing is disabled when auto...

Page 23: ...mmand sets the default MTU size in bytes for the interface shutdown This command disables a port no shutdown This command enables a port Format description description Mode Interface Config Note To receive and process packets the Ethernet MTU must include any extra bytes that Layer 2 headers might require To configure the IP MTU size which is the maximum size of the IP packet IP Header IP payload ...

Page 24: ...on physical and port channel LAG interfaces but not on VLAN routing interfaces Default enabled Format shutdown all Mode Global Config Format no shutdown all Mode Global Config Format speed 100 10 half duplex full duplex Mode Interface Config Acceptable Values Definition 100h 100BASE T half duplex 100f 100BASE T full duplex 10h 10BASE T half duplex 10f 10BASE T full duplex Format speed all 100 10 h...

Page 25: ...s enabled Physical Mode The desired port speed and duplex mode If auto negotiation support is selected then the duplex mode and speed is set from the auto negotiation process Note that the maximum capability of the port full duplex 100M is advertised Otherwise this object determines the port s duplex mode and transmission rate The factory default is Auto Physical Status The port speed and duplex m...

Page 26: ...e changed but is not activated spanning tree bpdufilter Use this command to enable BPDU Filter on the interface no spanning tree bpdufilter Use this command to disable BPDU Filter on the interface spanning tree bpdufilter default Use this command to enable BPDU Filter on all the edge port interfaces Note STP is disabled by default When you enable STP on the switch STP is still disabled on each por...

Page 27: ...nd to enable BPDU Guard on the switch no spanning tree bpduguard Use this command to disable BPDU Guard on the switch Default disabled Format spanning tree bpdufilter Mode Global Config Default disabled Format no spanning tree bpdufilter default Mode Global Config Default disabled Format spanning tree bpduflood Mode Interface Config Default disabled Format no spanning tree bpduflood Mode Interface...

Page 28: ...uration name This command resets the Configuration Identifier Name to its default spanning tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using The Configuration Identifier Revision Level is a number in the range of 0 to 65535 no spanning tree configuration revision This command sets t...

Page 29: ... 1s functionality supported Use 802 1w to specify that the switch transmits RST BPDUs rather than MST BPDUs IEEE 802 1w functionality supported no spanning tree forceversion This command sets the Force Protocol Version parameter to the default value spanning tree forward time This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree The forward t...

Page 30: ... is in whole seconds within a range of 1 to 10 with the value being less than or equal to Bridge Max Age 2 1 no spanning tree hello time This command sets the admin Hello Time parameter for the common and internal spanning tree to the default value spanning tree max age This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree The max age value is in s...

Page 31: ... cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance depending on the mstid parameter You can set the path cost as a number in the range of 1 to 200000000 or auto If you select auto the path cost value is set based on Link Speed If you specify the external cost option this command sets the external path cost for MST instance 0 i e CIST inst...

Page 32: ... the mstid parameter to the default value spanning tree mst instance This command adds a multiple spanning tree instance to the switch The parameter mstid is a number within a range of 1 to 4094 that corresponds to the new instance ID to be added The maximum number of multiple instances supported by the switch is 4 no spanning tree mst instance This command removes a multiple spanning tree instanc...

Page 33: ... The parameter mstid is a number that corresponds to the desired existing multiple spanning tree instance The vlan range can be specified as a list or as a range of values To specify a list of VLANs enter a list of VLAN IDs each separated by a comma with no spaces in between To specify a range of VLANs separate the beginning and ending VLAN ID with a dash no spanning tree mst vlan This command rem...

Page 34: ...ree Mode Privileged EXEC User EXEC Term Definition Bridge Priority Specifies the bridge priority for the Common and Internal Spanning tree CST The value lies between 0 and 61440 It is displayed in multiples of 4096 Bridge Identifier The bridge identifier for the CST It is made up using the bridge priority and the base MAC address of the bridge Time Since Topology Change Time in seconds Topology Ch...

Page 35: ...and the base MAC address of the bridge Regional Root Path Cost Path Cost to the CST Regional Root Associated FIDs List of forwarding database identifiers currently associated with this instance Associated VLANs List of VLAN IDs currently associated with this instance Format show spanning tree brief Mode Privileged EXEC User EXEC Term Definition Bridge Priority Configured value Bridge Identifier Th...

Page 36: ...g Tree Protocol Bridge Protocol Data Units sent STP BPDUs Received Spanning Tree Protocol Bridge Protocol Data Units received RSTP BPDUs Transmitted Rapid Spanning Tree Protocol Bridge Protocol Data Units sent RSTP BPDUs Received Rapid Spanning Tree Protocol Bridge Protocol Data Units received MSTP BPDUs Transmitted Multiple Spanning Tree Protocol Bridge Protocol Data Units sent MSTP BPDUs Receive...

Page 37: ...ansitions Out of Loop Inconsistent State The number of times this interface has transitioned out of loop inconsistent state Term Definition Port Identifier The port identifier for this port within the CST Port Priority The priority of the port within the CST Port Forwarding State The forwarding state of the port within the CST Port Role The role of the specified interface within the CST Auto Calcu...

Page 38: ...consistent state of this port in this MST instance When in loop inconsistent state the port has failed to receive BPDUs while configured with loop guard enabled Loop inconsistent state maintains the port in a blocking state until a subsequent BPDU is received Transitions Into Loop Inconsistent State The number of times this interface has transitioned into loop inconsistent state Transitions Out of...

Page 39: ...of VLAN IDs associated with this instance Format show spanning tree summary Mode Privileged EXEC User EXEC Term Definition Spanning Tree Adminmode Enabled or disabled Spanning Tree Version Version of 802 1 currently supported IEEE 802 1s IEEE 802 1w or IEEE 802 1d based upon the Force Protocol Version parameter BPDU Guard Mode Enabled or disabled BPDU Filter Mode Enabled or disabled Configuration ...

Page 40: ... configure VLAN characteristics network mgmt_vlan This command configures the Management VLAN ID no network mgmt_vlan This command sets the Management VLAN ID to the default Format show spanning tree vlan vlanid Mode Privileged EXEC User EXEC Term Definition VLAN Identifier The VLANs associated with the selected MST instance Associated Instance Identifier for the associated multiple spanning tree ...

Page 41: ...cepted and assigned the value of the interface VLAN ID for this port With either option VLAN tagged frames are forwarded in accordance with the IEEE 802 1Q VLAN Specification no vlan acceptframe This command resets the frame acceptance mode for the interface to the default value vlan ingressfilter This command enables ingress filtering If ingress filtering is disabled frames received with VLAN IDs...

Page 42: ...the ID is a valid VLAN identification number ID range is 1 3965 no vlan name This command sets the name of a VLAN to a blank string vlan participation This command configures the degree of participation for a specific interface in a VLAN The ID is a valid VLAN identification number and the interface is a valid interface number Participation options are Format no vlan ingressfilter Mode Interface C...

Page 43: ...e interface will not participate in this VLAN unless a join request is received on this interface This is equivalent to registration normal Format vlan participation all exclude include auto 1 3965 Mode Global Config Participation Options Definition include The interface is always a member of this VLAN This is equivalent to registration fixed exclude The interface is never a member of this VLAN Th...

Page 44: ...re admitted and forwarded to ports that are members of that VLAN vlan port pvid all This command changes the VLAN ID for all interface no vlan port pvid all This command sets the VLAN ID for all interfaces to 1 vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to enabled If tagging is enabled traffic is transmitted as tagged frames If tagging is disabl...

Page 45: ...licts with interfaces currently associated with the group this command fails and the protocol is not added to the group The possible values for protocol are ip arp and ipx no vlan protocol group add protocol This command removes the protocol from this protocol based VLAN group that is identified by this groupid The possible values for protocol are ip arp and ipx vlan protocol group remove This com...

Page 46: ...upid protocol vlan group all This command adds all physical interfaces to the protocol based VLAN identified by groupid You can associate multiple interfaces with a group but you can only associate each interface and protocol combination with one group If adding an interface to a group causes any conflicts with protocols currently associated with the group this command will fail and the interface ...

Page 47: ...vior for a specific interface in a VLAN to disabled If tagging is disabled traffic is transmitted as untagged frames The ID is a valid VLAN identification number vlan association subnet This command associates a VLAN to a specific IP subnet no vlan association subnet This command removes association of a specific IP subnet to a VLAN Default 1 Format vlan pvid 1 3965 Mode Interface Config Format no...

Page 48: ...and port number separated by a forward slash It is possible to set the parameters for all ports by using the selectors on the top line Current The degree of participation of this port in this VLAN The permissible values are Include This port is always a member of this VLAN This is equivalent to registration fixed in the IEEE 802 1Q standard Exclude This port is never a member of this VLAN This is ...

Page 49: ...ing the selectors on the top line Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port The value must be for an existing VLAN The factory default is 1 Acceptable Frame Types The types of frames that may be received on this port The options are VLAN only and Admit All When set to VLAN only untagged frames or priority tagged frames re...

Page 50: ... of all the configured MAC addresses are displayed Format show vlan association subnet ipaddr netmask Mode Privileged EXEC Term Definition IP Address The IP address assigned to each interface Net Mask The subnet mask VLAN ID There is a VLAN Identifier VID associated with each VLAN Format show vlan association mac macaddr Mode Privileged EXEC Term Definition Mac Address A MAC address for which the ...

Page 51: ...al value of the custom ether type must be set to a value from 0 to 65535 mode dot1q tunnel This command is used to enable Double VLAN Tunneling on the specified interface no mode dot1q tunnel This command is used to disable Double VLAN Tunneling on the specified interface By default Double VLAN Tunneling is disabled mode dvlan tunnel Use this command to enable Double VLAN Tunneling on the specifie...

Page 52: ...ode through which Double VLAN Tunneling can be enabled or disabled The default value for this field is disabled EtherType A 2 byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel There are three different EtherType tags The first is 802 1Q which represents the commonly used value of 0x8100 The second is vMAN which represents the commonly used value of 0x88A8 If EtherType is not o...

Page 53: ...IP phone data flow voice vlan Global Config Use this command to enable the Voice VLAN capability on the switch no voice vlan Global Config Use this command to disable the Voice VLAN capability on the switch voice vlan Interface Config Use this command to enable the Voice VLAN capability on the interface You can configure Voice VLAN in one of four different ways Default disabled Format voice vlan M...

Page 54: ...Format no voice vlan Mode Interface Config Default trust Format voice vlan data priority untrust trust Mode Interface Config Format show voice vlan interface slot port all Mode Privileged EXEC Term Definition Administrative Mode The Global Voice VLAN mode Term Definition Voice VLAN Mode The admin mode of the Voice VLAN on the interface Voice VLAN ID The Voice VLAN ID Voice VLAN Priority The do1p p...

Page 55: ...d by default If an interface is configured as a protected port and you add that interface to a Port Channel or Link Aggregation Group LAG the protected port status becomes operationally disabled on the interface and the interface follows the configuration of the LAG port However the protected port configuration for the interface remains unchanged Once the interface is no longer a member of a LAG t...

Page 56: ...protected and unprotected interfaces show interfaces switchport This command displays the status of the interface protected unprotected under the groupid Format NO switchport protected groupid name Mode Global Config Note Port protection occurs within a single switch Protected port configuration does not affect traffic between ports on two different switches No traffic forwarding is possible betwe...

Page 57: ...efault and only has an effect when GVRP is enabled set garp timer leave This command sets the GVRP leave time for one port Interface Config mode or all ports Global Config mode and only has an effect when GVRP is enabled Leave time is the time to wait after receiving an unregister request for a VLAN or a multicast group before deleting the VLAN entry This can be considered a buffer time for anothe...

Page 58: ...fig mode or a single port Interface Config mode and it only has an effect only when GVRP is enabled no set garp timer leaveall This command sets how frequently Leave All PDUs are generated the default and only has an effect when GVRP is enabled show garp This command displays GARP information Default 60 Format set garp timer leave 20 600 Mode Interface Config Global Config Format no set garp timer...

Page 59: ...e or all ports Global Config mode no set gvrp interfacemode This command disables GVRP on a single port Interface Config mode or all ports Global Config mode If GVRP is disabled Join Time Leave Time and Leave All Time have no effect show gvrp configuration This command displays Generic Attributes Registration Protocol GARP information for one or all interfaces Note If GVRP is disabled the system d...

Page 60: ... factory default is 20 centiseconds 0 2 seconds The finest granularity of specification is one centisecond 0 01 seconds Leave Timer The period of time to wait after receiving an unregister request for an attribute before deleting the attribute Current attributes are a VLAN or multicast group This may be considered a buffer time for another station to assert registration for the same attribute in o...

Page 61: ...ivileged EXEC Default disabled Format set gmrp interfacemode Mode Interface Config Global Config Format no set gmrp interfacemode Mode Interface Config Global Config Format show gmrp configuration slot port all Mode Privileged EXEC User EXEC Term Definition Interface The slot port of the interface that this row in the table describes Join Timer The interval between the transmission of GARP PDUs re...

Page 62: ...dicates that the user s ID and password will be authenticated using the RADIUS server The value of reject indicates the user is never authenticated LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration There is an instance ...

Page 63: ...hentication login The default login list cannot be deleted clear dot1x statistics This command resets the 802 1x statistics for the specified port or for all ports clear radius statistics This command is used to clear all RADIUS statistics dot1x default login This command assigns the authentication login list to use for non configured users for 802 1x port security This setting is over ridden by t...

Page 64: ...t to the specified user for 802 1x port security The user parameter must be a configured user and the listname parameter must be a configured authentication login list dot1x max req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request Identity frame before timing out the supplicant The count value must be in the range 1 10 no...

Page 65: ...t mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the authentication server If the mac based option is specified then MAC based dot1x authentication is enabled on the port no dot1x port control This command sets the 802 1x port control mode on the specified port to the default value dot1x port control all This command sets the authentication mod...

Page 66: ...rol mode for the specified port is auto or mac based If the control mode is not auto or mac based an error will be returned dot1x re authentication This command enables re authentication of the supplicant for the specified port no dot1x re authentication This command disables re authentication of the supplicant for the specified port Note MAC based dot1x authentication is supported on the BCM56224...

Page 67: ...The guest vlan timer is only relevant when guest vlan has been configured on that specific port reauth period The value in seconds of the timer used by the authenticator state machine on this port to determine when re authentication of the supplicant takes place The reauth period must be a value in the range 1 65535 quiet period The value in seconds of the timer used by the authenticator state mac...

Page 68: ...nticated vlan This command resets the unauthenticated vlan associated with the port to its default value dot1x user This command adds the specified user to the list of users with access to the specified port or all ports The user parameter must be a configured user Default guest vlan period 90 seconds reauth period 3600 seconds quiet period 60 seconds tx period 30 seconds supp timeout 30 seconds s...

Page 69: ...et sessions will be blocked until the authentication is complete Note that the login list associated with the admin user can not be changed to prevent accidental lockout from the switch show authentication This command displays the ordered authentication methods for all authentication login lists show authentication users This command displays information about the users assigned to the specified ...

Page 70: ...ation login list Component The component User or 802 1x for which the authentication login list is assigned Format show dot1x summary slot port all detail slot port statistics slot port Mode Privileged EXEC Term Definition Administrative Mode Indicates whether authentication control on the switch is enabled or disabled VLAN Assignment Mode Indicates whether assignment of an authorized port to a RA...

Page 71: ...henticator waits before authorizing and placing the port in the Guest VLAN if no EAPOL packets are detected on that port Supplicant Timeout The timer used by the authenticator state machine on this port to timeout the supplicant The value is expressed in seconds and will be in the range of 1 and 65535 Server Timeout The timer used by the authenticator on this port to timeout the authentication ser...

Page 72: ...ed on the BCM56224 BCM56514 BCM56624 and BCM56820 platforms Term Definition Supplicant MAC Address The MAC address of the supplicant Authenticator PAE State Current state of the authenticator PAE state machine Possible values are Initialize Disconnected Connecting Authenticating Authenticated Aborting Held ForceAuthorized and ForceUnauthorized Backend Authentication State Current state of the back...

Page 73: ... is associated User Name The user name used by the client to authenticate to the server Supplicant MAC Address The supplicant device MAC address Session Time The time since the supplicant is logged on Filter ID Identifies the Filter ID returned by the RADIUS server when the client was authenticated This is a configured DiffServ policy name on the switch VLAN ID The VLAN assigned to the port VLAN A...

Page 74: ...thenticator to supplicant or supplicant to authenticator use this command Term Definition Users Users configured locally to have access to the specified port Format show users authentication Mode Privileged EXEC Term Definition User Lists every user that has an authentication login list assigned System Login The authentication login list assigned to the user for system login 802 1x Port Security T...

Page 75: ...icator no dot1x supplicant timeout start period This command sets the start period value to the default dot1x supplicant timeout held period This command configures the held period timer interval to wait for the next authentication on previous authentication fail Default auto Format no dot1x supplicant port control Mode Interface Config Default 3 Format dot1x supplicant max start 1 10 Mode Interfa...

Page 76: ...is command to map the given user to the port show dot1x users This command displays the dot1x supplicant user information for the specified interface Example The following shows example CLI display output for the command DWS 4026 show dot1x users 0 6 user name admin guest show dot1x summary This command displays the dot1x port status Format no dot1x supplicant timeout held period Mode Interface Co...

Page 77: ... auto Supplicant PAE State Initialize Supplicant Backend Authentication State Initialize Maximum Start trails 3 Start Period secs 30 Held Period secs 60 Authentication Period secs 30 EAP Method MD5 Challenge See show dot1x on page 62 for a description of these fields show dot1x statistics This command displays the dot1x port statistics in detail Example The following shows example CLI display outp...

Page 78: ... be dropped The Storm Control feature allows you to limit the rate of specific types of packets through the switch on a per port per type basis Configuring a storm control level also enables that form of storm control Disabling a storm control level using the no version of the command sets the storm control level back to the default value and disables that form of storm control Using the no versio...

Page 79: ...st storm recovery storm control broadcast rate Use this command to configure the broadcast storm recovery threshold for an interface in packets per second If the mode is enabled broadcast storm recovery is active and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped Therefore the rate of broadcast traffic is limited to t...

Page 80: ...old the traffic will be dropped Therefore the rate of broadcast traffic will be limited to the configured threshold This command also enables broadcast storm recovery mode for all interfaces no storm control broadcast all level This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery storm control broadcast all rate Use ...

Page 81: ...figures the multicast storm recovery threshold for an interface as a percentage of link speed and enables multicast storm recovery mode If the mode is enabled multicast storm recovery is active and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold the traffic will be dropped Therefore the rate of multicast traffic will be limited to the config...

Page 82: ...interface increases beyond the configured threshold the traffic will be dropped Therefore the rate of multicast traffic will be limited to the configured threshold no storm control multicast all This command disables multicast storm recovery mode for all interfaces storm control multicast all level This command configures the multicast storm recovery threshold for all interfaces as a percentage of...

Page 83: ...old to the default value for all interfaces and disables broadcast storm recovery storm control unicast This command enables unicast storm recovery mode for an interface If the mode is enabled unicast storm recovery is active and if the rate of unknown L2 unicast destination lookup failure traffic ingressing on an interface increases beyond the configured threshold the traffic will be dropped Ther...

Page 84: ...n packets per second If the mode is enabled unicast storm recovery is active and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped Therefore the rate of unicast traffic is limited to the configured threshold no storm control unicast rate This command sets the unicast storm recovery threshold to the default value for an i...

Page 85: ...erfaces storm control unicast all rate Use this command to configure the unicast storm recovery threshold for all interfaces in packets per second If the mode is enabled unicast storm recovery is active and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold the traffic is dropped Therefore the rate of unicast traffic is limited to the configure...

Page 86: ...t a specific interface Note 802 3x flow control works by pausing a port when the port becomes oversubscribed and dropping all traffic for small bursts of time during the congestion condition This can lead to high priority and or network control traffic loss Default disabled Format storm control flowcontrol Mode Global Config Note This command only applies to full duplex mode ports Format no storm ...

Page 87: ... the aggregation as if it were a single link which increases fault tolerance and provides load sharing The LAG feature initially load shares traffic based upon the source and destination MAC address Assign the port channel LAG VLAN membership after you create a port channel If you do not assign VLAN membership the port channel might become a member of the management VLAN which can result in learni...

Page 88: ...The interface is a logical slot port number of a configured port channel To clear the port channels see clear port channel on page 432 lacp admin key Use this command to configure the administrative value of the key for the port channel The value range of key is 0 to 65535 Format port channel name Mode Global Config Format no port channel logical slot port all Mode Global Config Note Before adding...

Page 89: ...actor admin parameters lacp actor admin key Use this command to configure the administrative value of the LACP actor admin key The valid range for key is 0 65535 Note This command is only applicable to port channel interfaces Format no lacp admin key Mode Interface Config Default 0x8000 Format lacp collector max delay delay Mode Interface Config Note This command is only applicable to port channel...

Page 90: ...in LACPDUs lacp actor admin state individual Use this command to set LACP actor admin state to individual no lacp actor admin state individual Use this command to set the LACP actor admin state to aggregation Format no lacp actor admin key Mode Interface Config Default 0x07 Format lacp actor admin state individual longtimeout passive Mode Interface Config Note This command is only applicable to ph...

Page 91: ...actor port priority key lacp actor port priority Use this command to configure the priority value assigned to the Aggregation Port The valid range for priority is 0 to 255 Format lacp actor admin state longtimeout Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp actor admin state longtimeout Mode Interface Config Note This command is only applicable ...

Page 92: ...configure the administrative value of the Key for the protocol partner The valid range for key is 0 to 65535 no lacp partner admin key Use this command to configure the administrative value of the Key for the protocol partner Note This command is only applicable to physical interfaces Format no lacp actor port priority Mode Interface Config Default 0x80 Format lacp actor system priority priority M...

Page 93: ...al Use this command to set the LACP partner admin state to aggregation lacp partner admin state longtimeout Use this command to set LACP partner admin state to longtimeout Default 0x07 Format lacp partner admin state individual longtimeout passive Mode Interface Config Note This command is only applicable to physical interfaces Format no lacp partner admin state individual longtimeout passive Mode...

Page 94: ...lid range for port id is 0 to 65535 no lacp partner port id Use this command to set the LACP partner port id to the default Note This command is only applicable to physical interfaces Format no lacp partner admin state longtimeout Mode Interface Config Note This command is only applicable to physical interfaces Format lacp partner admin state passive Mode Interface Config Note This command is only...

Page 95: ... default value representing the administrative value of the Aggregation Port s protocol Partner s System ID lacp partner system priority Use this command to configure the administrative value of the priority associated with the Partner s System ID The valid range for priority is 0 to 255 Default 0x0 Format lacp partner port priority priority Mode Interface Config Note This command is only applicab...

Page 96: ... port channel is static You can only use this command on port channel interfaces no port channel static This command sets the static mode on a particular port channel LAG interface to the default value This command will be executed only for interfaces of type port channel LAG port lacpmode This command enables Link Aggregation Control Protocol LACP on a port no port lacpmode This command disables ...

Page 97: ...o its default value on a physical interface of a particular device type actor or partner port lacptimeout Global Config This command sets the timeout for all interfaces of a particular device type actor or partner to either long or short timeout Default long Format port lacptimeout actor partner long short Mode Global Config Format port lacpmode all Mode Global Config Format no port lacpmode all M...

Page 98: ...me administrative mode setting no port channel linktrap This command disables link trap notifications for the port channel LAG The interface is a logical slot and port for a configured port channel The option all sets every configured port channel with the same administrative mode setting port channel load balance This command selects the load balancing option used on a port channel LAG Traffic is...

Page 99: ...nation MAC VLAN EtherType and incoming port associated with the packet 3 Source Destination MAC VLAN EtherType and incoming port associated with the packet 4 Source IP and Source TCP UDP fields of the packet 5 Destination IP and Destination TCP UDP Port fields of the packet 6 Source Destination IP and source destination TCP UDP Port fields of the packet slot port all Global Config Mode only The in...

Page 100: ... the Key Actor Admin Key The administrative value of the Key Port Priority The priority value assigned to the Aggregation Port Admin State The administrative values of the actor state as transmitted by the Actor in LACPDUs Format show lacp actor slot port all Mode Privileged EXEC Parameter Description System Priority The administrative value of priority associated with the Partner s System ID Syst...

Page 101: ...ical slot port all Mode Privileged EXEC User EXEC Term Definition Logical Interface Valid slot and port number separated by a forward slash Port Channel Name The name of this port channel LAG You may enter any string of up to 15 alphanumeric characters Link State Indicates whether the Link is up or down Admin Mode May be enabled or disabled The factory default is enabled Type The status designatin...

Page 102: ...sion Use this command without optional parameters to remove the monitor session port monitoring designation from the source probe port the destination monitored port and all VLANs Once the port is removed from the VLAN you must manually add the port to any desired VLANs Use the source interface slot port parameter or destination interface slot port to remove the specified interface from the port m...

Page 103: ...er of static MAC filters supported is 20 For multicast MAC address filters with destination ports configured the maximum number of static filters supported is 256 Default enabled Format no monitor Mode Global Config Note The session id parameter is an integer value used to identify the session In the current version of the software the session id parameter is always one 1 Format show monitor sessi...

Page 104: ...he interface to the destination filter set for the MAC filter with the given macaddr and VLAN of vlanid The macaddr parameter must be specified as a 6 byte hexadecimal number in the format of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN no macfilter adddest This command removes a port from the destination filter set for the MAC filter with the given macaddr and VLAN of vlanid ...

Page 105: ...ormat of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN no macfilter addsrc This command removes a port from the source filter set for the MAC filter with the MAC address of macaddr and VLAN of vlanid The macaddr parameter must be specified as a 6 byte hexadecimal number in the format of b1 b2 b3 b4 b5 b6 The vlanid parameter must identify a valid VLAN macfilter addsrc all This ...

Page 106: ...acaddr vlanid Mode Global Config Format show mac address table static macaddr vlanid all Mode Privileged EXEC Term Definition MAC Address The MAC Address of the static MAC filter entry VLAN ID The VLAN ID of the static MAC filter entry Source Port s The source port filter set s slot and port s Note Only multicast address filters will have destination port lists Format show mac address table static...

Page 107: ... command disables Layer 2 DHCP relay agent for an interface dhcp l2relay circuit id vlan This parameter sets the DHCP Option 82 Circuit ID for a VLAN When enabled the interface number is added as the Circuit ID in DHCP option 82 no dhcp l2relay circuit id vlan This parameter clears the DHCP Option 82 Circuit ID for a VLAN dhcp l2relay remote id vlan This parameter sets the DHCP Option 82 Remote ID...

Page 108: ...le the L2 DHCP Relay agent for a set of VLANs All DHCP packets which arrive on interfaces in the configured VLAN are subject to L2 Relay processing no dhcp l2relay vlan Use this command to disable the L2 DHCP Relay agent for a set of VLANs show dhcp l2relay all This command displays the summary of DHCP L2 Relay configuration Format no dhcp l2relay remote id vlan vlan range Mode Global Config Defau...

Page 109: ...ic to interfaces Example The following shows example CLI display output for the command DWS 4026 show dhcp l2relay interface all DHCP L2 Relay is Enabled Interface L2RelayMode TrustMode 0 2 Enabled untrusted 0 4 Disabled trusted show dhcp l2relay stats interface This command displays statistics specific to DHCP L2 Relay configured interface Example The following shows example CLI display output fo...

Page 110: ...HCP L2 Relay Option 82 configuration specific to VLAN Example The following shows example CLI display output for the command DWS 4026 show dhcp l2relay agent option vlan 5 10 DHCP L2 Relay is Enabled VLAN Id L2 Relay CircuitId RemoteId 5 Enabled Enabled NULL 6 Enabled Enabled EnterpriseSwitch 7 Enabled Disabled NULL 8 Enabled Disabled NULL 9 Enabled Disabled NULL 10 Enabled Disabled NULL Format sh...

Page 111: ... following shows example CLI display output for the command DWS 4026 show dhcp l2relay circuit id vlan 1 3 DHCP L2 Relay is Enabled DHCP Circuit Id option is enabled on the following VLANs 2 3 show dhcp l2relay remote id vlan This command shows whether DHCP L2 Relay is enabled globally and shows the remote ID associated with each VLAN on which DHCP relay is enabled The DHCP Option 82 Remote ID ide...

Page 112: ...s transmitted to the DHCP server by the DHCP client operating in the Unified Switch switch dhcp client vendor id option string This parameter sets the DHCP Vendor Option 60 string to be included in the requests transmitted to the DHCP server by the DHCP client operating in the Unified Switch switch no dhcp client vendor id option string This parameter clears the DHCP Vendor Option 60 string show d...

Page 113: ... snooping Use this command to disable DHCP Snooping globally ip dhcp snooping vlan Use this command to enable DHCP Snooping on a list of comma separated VLAN ranges no ip dhcp snooping vlan Use this command to disable DHCP Snooping on VLANs ip dhcp snooping verify mac address Use this command to enable verification of the source MAC address with the client hardware address in the received DCHP mes...

Page 114: ...e interval value ranges from 15 to 86400 seconds no ip dhcp snooping database write delay Use this command to set the write delay value to the default value ip dhcp snooping binding Use this command to configure static DHCP Snooping binding Default enabled Format ip dhcp snooping verify mac address Mode Global Config Format no ip dhcp snooping verify mac address Mode Global Config Default local Fo...

Page 115: ...it Use this command to set the rate at which the DHCP Snooping messages come and the burst level to the defaults ip dhcp snooping log invalid Use this command to control the logging DHCP messages filtration by the DHCP Snooping application Format no ip dhcp snooping binding mac address Mode Global Config Format ip verify binding mac address vlan vlan id ip address interface interface id Mode Globa...

Page 116: ...iltration based on the IP address With the port security option the data traffic will be filtered based on the IP and MAC addresses no ip verify source Use this command to disable the IPSG configuration in the hardware You cannot disable port security alone if it is configured show ip dhcp snooping Use this command to display the DHCP Snooping global configurations and per port configurations Form...

Page 117: ... following shows example CLI display output for the command DWS 4026 show ip dhcp snooping binding Term Definition Interface The interface for which data is displayed Trusted If it is enabled DHCP snooping considers the port as trusted The factory default is disabled Log Invalid Pkts If it is enabled DHCP snooping application logs invalid packets on the specified interface Format show ip dhcp snoo...

Page 118: ...ample CLI display output for the command DWS 4026 show ip dhcp snooping statistics Interface MAC Verify Client Ifc DHCP Server Failures Mismatch Msgs Rec d Format show ip dhcp snooping database Mode Privileged EXEC User EXEC Term Definition Agent URL Bindings database agent URL Write Delay The maximum write time to write the database into local or remote Format show ip dhcp snooping statistics Mod...

Page 119: ...oping statistics Use this command to clear all DHCP Snooping statistics show ip verify source Use this command to display the IPSG configurations on all ports Format clear ip dhcp snooping binding interface slot port Mode Privileged EXEC User EXEC Format clear ip dhcp snooping statistics Mode Privileged EXEC User EXEC Format show ip verify source Mode Privileged EXEC User EXEC Term Definition Inte...

Page 120: ... ARP Inspection DAI is a security feature that rejects invalid and malicious ARP packets DAI prevents a class of man in the middle attacks where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of IP Address IP address of the interface MAC Address If MAC address filtering is not configured on the interface the MAC Address field is empty If port security is di...

Page 121: ...nspection validate Use this command to enable additional validation checks like source mac validation destination mac validation and ip address validation on the received ARP packets Each command overrides the configuration of the previous command For example if a command enables src mac and dst mac validations and a second command enables IP validation only the src mac and dst mac validations are...

Page 122: ...Dynamic ARP Inspections no ip arp inspection limit Use this command to set the rate limit and burst interval values for an interface to the default values of 15 pps and 1 second respectively Default enabled Format ip arp inspection vlan vlan list logging Mode Global Config Format no ip arp inspection vlan vlan list logging Mode Global Config Default enabled Format ip arp inspection trust Mode Inte...

Page 123: ...nd to delete a configured ARP ACL permit ip host mac host Use this command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation no permit ip host mac host Use this command to delete a rule for a valid IP and MAC combination Default No ARP ACL is configured on a VLAN Format ip arp inspection filter acl name vlan vlan list static Mode Global Config For...

Page 124: ...ion statistics Use this command to display the statistics of the ARP packets processed by Dynamic ARP Inspection Give the vlan list argument and the command displays the statistics on all DAI enabled VLANs in that list Give the single vlan argument and the command displays the statistics on that VLAN If no argument is included the command lists a summary of the forwarded and dropped ARP packets Fo...

Page 125: ...nabled for DAI Given a slot port interface argument the command displays the values for that interface whether the interface is enabled for DAI or not Format show ip arp inspection statistics vlan vlan list Mode Privileged EXEC User EXEC Term Definition VLAN The VLAN ID for each displayed row Forwarded The total number of valid ARP packets forwarded in this VLAN Dropped The total number of not val...

Page 126: ...ng shows example CLI display output for the command DWS 4026 show arp access list ARP access list H2 permit ip host 1 1 1 1 mac host 00 01 02 03 04 05 permit ip host 1 1 1 2 mac host 00 03 04 05 06 07 ARP access list H3 ARP access list H4 permit ip host 2 1 1 2 mac host 00 03 04 05 06 08 Format show ip arp inspection interfaces slot port Mode Privileged EXEC User EXEC Term Definition Interface The...

Page 127: ...is disabled on that interface IGMP Snooping functionality is re enabled if you disable routing or remove port channel LAG membership from an interface that has IGMP Snooping enabled The IGMP application supports the following activities Validation of the IP header checksum as well as the IGMP header checksum and discarding of the frame upon checksum error Maintenance of the forwarding table entrie...

Page 128: ...o each layer 2 LAN port This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port but were still interested in receiving multicast traffic directed to that group Also fast leave processing is supported only with IGMP version 2 hosts no set igmp fast leave This command disables IGMP Snooping fast leave admin mode on a selected interface set igmp grou...

Page 129: ...ive a report for a particular group in that interface This value must be less than the IGMP Query Interval time value The range is 1 to 25 seconds no set igmp maxresponse This command sets the max response time on the interface or VLAN to the default value Default 260 seconds Format set igmp groupmembership interval 2 3600 Mode Interface Config Global Config Format set igmp groupmembership interva...

Page 130: ...nd sets the Multicast Router Present Expiration time to 0 The time is set for the system on a particular interface or a VLAN set igmp mrouter This command configures the VLAN ID vlanId that has the multicast router mode enabled no set igmp mrouter This command disables multicast router mode for a particular VLAN ID vlan_id Format no set igmp maxresponse vlan_id Mode VLAN Config Default 0 Format se...

Page 131: ...r or not IGMP Snooping is active on the switch Multicast Control Frame Count The number of multicast control frames that are processed by the CPU Interface Enabled for IGMP Snooping The list of interfaces on which IGMP Snooping is enabled VLANS Enabled for IGMP Snooping The list of VLANS on which IGMP Snooping is enabled Term Definition IGMP Snooping Admin Mode Indicates whether IGMP Snooping is a...

Page 132: ...ponse Time The amount of time the switch waits after it sends a query on an interface participating in the VLAN because it did not receive a report for a particular group on that interface This value may be configured Multicast Router Expiry Time The amount of time to wait before removing an interface that is participating in the VLAN from the list of interfaces with multicast routers attached The...

Page 133: ... periodic queries If a VLAN has IGMP Snooping Querier enabled and IGMP Snooping is operationally disabled on it IGMP Snooping Querier functionality is disabled on that VLAN IGMP Snooping functionality is re enabled if IGMP Snooping is operational on the VLAN The IGMP Snooping Querier application supports sending periodic general queries on the VLAN to solicit membership reports Format show mac add...

Page 134: ...r expiration period It is the time period that the switch remains in Non Querier mode once it has discovered that there is a Multicast Querier in the network no set igmp querier timer expiry Use this command to set the IGMP Querier timer expiration period to its default value set igmp querier version Use this command to set the IGMP version of the query that the snooping switch is going to send pe...

Page 135: ...mand to display IGMP Snooping Querier information Configured information is displayed whether or not IGMP Snooping Querier is enabled When the optional argument vlanid is not used the command displays the following information Format no set igmp querier version Mode Global Config Default disabled Format set igmp querier election participate Mode VLAN Config Format no set igmp querier election part...

Page 136: ... Time Indicates the time to wait before removing a Leave from a host upon receiving a Leave request This value is calculated dynamically from the Queries received from the network If the Snooping Switch is in Querier state then it is equal to the configured value Querier Election Participation Indicates whether the IGMP Snooping Querier participates in querier election if it discovers the presence...

Page 137: ...ables port locking for one Interface Config or all Global Config ports port security max dynamic This command sets the maximum number of dynamically locked MAC addresses allowed on a specific port no port security max dynamic This command resets the maximum number of dynamically locked MAC addresses allowed on a specific port to its default value Note To enable the SNMP trap specific to port secur...

Page 138: ...ally locked MAC addresses to statically locked addresses show port security This command displays the port security settings If you do not use a parameter the command displays the settings for the entire system Use the optional parameters to display the settings on a specific interface or on all interfaces Default 20 Format port security max static maxvalue Mode Interface Config Format no port sec...

Page 139: ... Definition Admin Mode Port Locking mode for the Interface Dynamic Limit Maximum dynamically allocated MAC Addresses Static Limit Maximum statically allocated MAC Addresses Violation Trap Mode Whether violation traps are enabled Format show port security dynamic slot port Mode Privileged EXEC Term Definition MAC Address MAC Address of dynamically locked MAC Format show port security static slot po...

Page 140: ...pability no lldp transmit Use this command to return the local data transmission capability to the default lldp receive Use this command to enable the LLDP receive capability no lldp receive Use this command to return the reception of LLDPDUs to the default value lldp timers Use this command to set the timing parameters for local data transmission on ports enabled for LLDP The interval seconds det...

Page 141: ...to transmit the system capabilities TLV Use port desc to transmit the port description TLV To configure the port description see See description on page 15 no lldp transmit tlv Use this command to remove an optional TLV from the LLDPDUs Use the command without parameters to remove all optional TLVs from the LLDPDU lldp transmit mgmt Use this command to include transmission of the local system mana...

Page 142: ...s remote data change notifications The interval parameter is the number of seconds to wait between sending notifications The valid interval range is 5 3600 seconds no lldp notification interval Use this command to return the notification interval to the default value clear lldp statistics Use this command to reset all LLDP statistics including MED related information Format no lldp transmit mgmt M...

Page 143: ...Multiplier The multiplier on the transmit interval that sets the TTL in local data LLDPDUs Re initialization Delay The delay before re initialization in seconds Notification Interval How frequently the system sends remote data change notifications in seconds Format show lldp interface slot port all Mode Privileged Exec Term Definition Interface The interface in a slot port format Link Shows whethe...

Page 144: ...ry was deleted because the Time to Live interval expired Term Definition Interface The interface in slot port format Transmit Total Total number of LLDP packets transmitted on the port Receive Total Total number of LLDP packets received on the port Discards Total number of LLDP frames discarded on the port for any reason Errors The number of invalid LLDP frames received on the port Ageouts Total n...

Page 145: ...switch to mark each remote device to the system Chassis ID Subtype The type of identification used in the Chassis ID field Chassis ID The chassis of the remote device Port ID Subtype The type of port on the remote device Port ID The port number that transmitted the LLDPDU System Name The system name of the remote device System Description Describes the remote system by identifying the system name ...

Page 146: ...ocal data This command can display summary information or detail for each interface show lldp local device detail Use this command to display detailed information about the LLDP data a specific interface transmits Time To Live The amount of time in seconds the remote device s information received in the LLDPDU should be treated as valid information Format show lldp local device slot port all Mode ...

Page 147: ... ID Subtype The type of port on the local device Port ID The port number that transmitted the LLDPDU System Name The system name of the local device System Description Describes the local system by identifying the system name and versions of hardware operating system and networking software supported in the device Port Description Describes the port in an alpha numeric format System Capabilities S...

Page 148: ... topology change notification Format no lldp med confignotification Mode Interface Config Default By default the capabilities and network policy TLVs are included Format lldp med transmit tlv capabilities ex pd ex pse inventory location network policy Mode Interface Config Term Definition capabilities Transmit the LLDP capabilities TLV ex pd Transmit the LLDP extended PD TLV ex pse Transmit the LL...

Page 149: ...is command to remove a TLV Default 3 Format lldp med faststartrepeatcount count Mode Global Config Format no lldp med faststartrepeatcount Mode Global Config Default By default the capabilities and network policy TLVs are included Format lldp med transmit tlv all capabilities ex pd ex pse inventory location network policy Mode Global Config Term Definition capabilities Transmit the LLDP capabiliti...

Page 150: ...ink configMED operMED ConfigNotify TLVsTx 0 1 Down Disabled Disabled Disabled 0 1 0 2 Up Disabled Disabled Disabled 0 1 0 3 Down Disabled Disabled Disabled 0 1 0 4 Down Disabled Disabled Disabled 0 1 0 5 Down Disabled Disabled Disabled 0 1 0 6 Down Disabled Disabled Disabled 0 1 0 7 Down Disabled Disabled Disabled 0 1 0 8 Down Disabled Disabled Disabled 0 1 0 9 Down Disabled Disabled Disabled 0 1 ...

Page 151: ...mmand DWS 4026 show lldp med local device detail 0 8 LLDP MED Local Device Detail Interface 0 8 Network Policies Media Policy Application Type voice Vlan ID 10 Priority 5 DSCP 1 Unknown False Tagged True Media Policy Application Type streamingvideo Vlan ID 20 Priority 1 DSCP 2 Unknown False Tagged True Inventory Hardware Rev xxx xxx xxx Firmware Rev xxx xxx xxx Software Rev xxx xxx xxx Serial Num ...

Page 152: ... the command DWS 4026 show lldp med remote device all LLDP MED Remote Device Summary Local Interface Remote ID Device Class 0 8 1 Class I 0 9 2 Not Defined 0 10 3 Class II 0 11 4 Class III 0 12 5 Network Con show lldp med remote device detail Use this command to display detailed information about remote devices that transmit current LLDP MED data to an interface on the system Format show lldp med ...

Page 153: ...etwork Policies Media Policy Application Type voice Vlan ID 10 Priority 5 DSCP 1 Unknown False Tagged True Media Policy Application Type streamingvideo Vlan ID 20 Priority 1 DSCP 2 Unknown False Tagged True Inventory Hardware Rev xxx xxx xxx Firmware Rev xxx xxx xxx Software Rev xxx xxx xxx Serial Num xxx xxx xxx Mfg Name xxx xxx xxx Model Name xxx xxx xxx Asset ID xxx xxx xxx Location Subtype eli...

Page 154: ...s SYN and FIN set L4 Port Source TCP UDP Port Destination TCP UDP Port ICMP Limiting the size of ICMP Ping packets dos control all This command enables Denial of Service protection checks globally no dos control all This command disables Denial of Service prevention checks globally dos control sipdip This command enables Source IP address Destination IP address SIP DIP Denial of Service protection...

Page 155: ...k If packets ingress having IP Fragment Offset equal to one 1 the packets will be dropped if the mode is enabled no dos control tcpfrag This command disabled TCP Fragment Denial of Service protection dos control tcpflag This command enables TCP Flag Denial of Service protections If the mode is enabled Denial of Service prevention is active for this type of attacks If packets ingress having TCP Fla...

Page 156: ...Service protections If the mode is enabled Denial of Service prevention is active for this type of attack If ICMP Echo Request PING packets ingress having a size greater than the configured value the packets will be dropped if the mode is enabled no dos control icmp This command disables Maximum ICMP Packet Size Denial of Service protections Format no dos control tcpflag Mode Global Config Note So...

Page 157: ...ervice prevention is active for this type of attack If packets ingress with Source TCP Port Destination TCP Port the packets will be dropped if the mode is enabled no dos control tcpport This command disables TCP L4 source destination port number Source TCP Port Destination TCP Port Denial of Service protection dos control udpport Note This command is only supported on the BCM56224 BCM56514 BCM566...

Page 158: ...ice prevention is active for this type of attack If packets ingress having TCP Flag SYN set and a source port less than 1024 or having TCP Control Flags set to 0 and TCP Sequence Number set to 0 or having TCP Flags FIN URG and PSH set and TCP Sequence Number set to 0 or having TCP Flags SYN and FIN both set the packets will be dropped if the mode is enabled no dos control tcpflagseq This command s...

Page 159: ... mode is enabled no dos control tcpsyn This command sets disables TCP SYN and L4 source 0 1023 Denial of Service protection dos control tcpsynfin This command enables TCP SYN and FIN Denial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having TCP flags SYN and FIN set the packets will be dropped if the mode is enabled...

Page 160: ... command enables Maximum ICMPv4 Packet Size Denial of Service protections If the mode is enabled Denial of Service prevention is active for this type of attack If ICMPv4 Echo Request PING packets ingress having a size greater than the configured value the packets will be dropped if the mode is enabled no dos control icmpv4 This command disables Maximum ICMP Packet Size Denial of Service protection...

Page 161: ... prevention is active for this type of attack If packets ingress having fragmented ICMP packets the packets will be dropped if the mode is enabled no dos control icmpfrag This command disabled ICMP Fragment Denial of Service protection show dos control This command displays Denial of Service configuration information Note This command is only supported on the BCM56224 BCM56514 BCM56624 and BCM5682...

Page 162: ... The factory default is disabled L4 Port Mode May be enabled or disabled The factory default is disabled TCP Port Mode May be enabled or disabled The factory default is disabled UDP Port Mode May be enabled or disabled The factory default is disabled SIPDIP Mode May be enabled or disabled The factory default is disabled SMACDMAC Mode May be enabled or disabled The factory default is disabled TCP F...

Page 163: ...ig Default all Format show forwardingdb agetime fdbid all Mode Privileged EXEC Term Definition Forwarding DB ID Fdbid Forwarding database ID indicates the forwarding database whose aging timeout is to be shown The all option is used to display the aging timeouts associated with all forwarding databases This field displays the forwarding database ID in an IVL system Agetime In an IVL system this pa...

Page 164: ...table entry Interfaces The list of interfaces that are designated for forwarding Fwd and filtering Flt Forwarding Interfaces The resultant forwarding list is derived from combining all the component s forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces Format show mac address table stats Mode Privileged EXEC Term Definition Total Entries The total n...

Page 165: ... the sending of ISDP version 2 packets from the device isdp enable This command enables ISDP on the interface Default 180 seconds Format isdp holdtime 10 255 Mode Global Config Default 30 seconds Format isdp timer 5 254 Mode Global Config Default Enabled Format isdp advertise v2 Mode Global Config Format no isdp advertise v2 Mode Global Config Note ISDP must be enabled both globally and on the int...

Page 166: ...led version 1 packets are transmitted Device ID The Device ID advertised by this device The format of this Device ID is characterized by the value of the Device ID Format object Device ID Format Capability Indicates the Device ID format capability of the device serialNumber indicates that the device uses a serial number as the format for its Device ID macAddress indicates that the device uses a La...

Page 167: ...tion Device ID The device ID associated with the neighbor which advertised the information IP Addresses The IP address es associated with the neighbor Platform The hardware platform advertised by the neighbor Interface The interface slot port on which the neighbor s advertisement was received Port ID The port ID of the interface from which the neighbor sent the advertisement Hold Time The hold tim...

Page 168: ... IP Addresses The IP addresses associated with the neighbor Capability ISDP functional capabilities advertised by the neighbor Platform The hardware platform advertised by the neighbor Interface The interface slot port on which the neighbor s advertisement was received Port ID The port ID of the interface from which the neighbor sent the advertisement Hold Time The hold time advertised by the neig...

Page 169: ...f ISDPv2 packets received ISDPv2 Packets Transmitted Total number of ISDPv2 packets transmitted ISDP Bad Header Number of packets received with a bad header ISDP Checksum Error Number of packets received with a checksum error ISDP Transmission Failure Number of packets which failed to transmit ISDP Invalid Format Number of invalid packets received ISDP Table Full Number of times a neighbor entry w...

Page 171: ...ol ARP and to view ARP information on the switch ARP associates IP addresses with MAC addresses and stores the information as ARP entries in the ARP cache arp This command creates an ARP entry The value for ipaddress is the IP address of a device on a subnet attached to an existing routing interface macaddr is a unicast MAC address for that device The format of the MAC address is 6 two digit hexad...

Page 172: ...ll next hops in its route to the destination are through interfaces other than the interface that received the ARP request no ip proxy arp This command disables proxy ARP on a router interface arp cachesize This command configures the ARP cache size The ARP cache size value is a platform specific integer value The default size also varies depending on the platform no arp cachesize This command con...

Page 173: ... entry response timeout time in seconds The range for seconds is between 1 10 seconds no arp resptime This command configures the default ARP request response timeout arp retries This command configures the ARP count of maximum request for retries The value for retries is an integer which represents the maximum number of request for retries The range for retries is an integer between 0 10 retries ...

Page 174: ...the ARP cache If the gateway keyword is specified the dynamic entries of type gateway are purged as well clear arp switch Use this command to clear the contents of the switch s Address Resolution Protocol ARP table that contains entries learned through the Management port To observe whether this command is successful ping from the remote system to the DUT Issue the show arp switch command to see t...

Page 175: ...ically attempts to renew dynamic ARP entries when they age out Total Entry Count Current Peak The total entries in the ARP table and the peak entry count in the ARP table Static Entry Count Current Max The static entry count in the ARP table and maximum static entry count in the ARP table Term Definition IP Address The IP address of a device on a subnet attached to an existing routing interface MA...

Page 176: ...on with the show ip brief command The value is labeled as Routing Mode Dynamic Renew Mode Displays whether the ARP component automatically attempts to renew dynamic ARP entries when they age out Total Entry Count Current Peak The total entries in the ARP table and the peak entry count in the ARP table Static Entry Count Current Max The static entry count in the ARP table and maximum static entry c...

Page 177: ...secondary configured on the interface enter the command no ip address ip route This command configures a static route The ipaddr parameter is a valid IP address and subnetmask is a valid subnet mask The nexthopip parameter is a valid IP address of the next hop router Specifying Null0 as nexthop parameter adds a static reject route The optional preference parameter is an integer value from 1 to 255...

Page 178: ...te and if the optional preference value is designated the preference of the configured default route is reset to its default ip route distance This command sets the default distance preference for static routes Lower route distance values are preferred when determining the best route The ip route and ip route default commands allow you to optionally set the distance preference of an individual sta...

Page 179: ...hout fragmentation Unified Switch software currently does not fragment IP packets Packets forwarded in hardware ignore the IP MTU Packets forwarded in software are dropped if they exceed the IP MTU of the outgoing interface Packets originated on the router may be fragmented by the IP stack The IP stack uses its default IP MTU and ignores the value set using the ip mtu command Format no ip route di...

Page 180: ...hernet encapsulated when a frame is routed to a VLAN Format show ip brief Modes Privileged EXEC User EXEC Term Definition Default Time to Live The computed TTL Time to Live of forwarding a packet from the local router to the final destination Routing Mode Shows whether the routing mode is enabled or disabled Maximum Next Hops The maximum number of next hops the packet can travel Maximum Routes The...

Page 181: ...ative Mode The administrative mode of the specified interface The possible values of this field are enable or disable This value is configurable Forward Net Directed Broadcasts Displays whether forwarding of network directed broadcasts is enabled or disabled This value is configurable Proxy ARP Displays whether Proxy ARP is enabled or disabled on the system Local Proxy ARP Displays whether Local P...

Page 182: ...longer prefixes keyword the ip address and mask pair becomes the prefix and the command displays the routes to the addresses that match that prefix Use the protocol parameter to specify the protocol that installed the routes The value for protocol can be connected rip or static Use the all parameter to display all routes including best and non best routes If you do not use the all parameter the co...

Page 183: ...via 5 5 5 2 00h 00m 01s 0 5 C 11 11 11 0 24 0 1 directly connected 0 11 S 12 0 0 0 8 5 0 directly connected Null0 S 23 0 0 0 8 3 0 directly connected Null0 Format show ip route ip address protocol ip address mask longer prefixes protocol protocol all all Modes Privileged EXEC User EXEC Term Definition Route Codes The key for the routing protocol codes that might appear in the routing table output ...

Page 184: ...router preference values are preferred over higher router preference values A route with a preference of 255 cannot be used to forward traffic show ip stats This command displays IP statistical information Refer to RFC 1213 for more information about the fields that are displayed Format show ip route summary all Modes Privileged EXEC User EXEC Term Definition Connected Routes The total number of c...

Page 185: ...ess This command configures the address that the interface uses to send the router discovery advertisements The valid values for ipaddr are 224 0 0 1 which is the all hosts IP multicast address and 255 255 255 255 which is the limited broadcast address no ip irdp address This command configures the default address used to advertise the router for the interface Format show ip stats Modes Privileged...

Page 186: ...econds no ip irdp maxadvertinterval This command configures the default maximum time in seconds ip irdp minadvertinterval This command configures the minimum time in seconds allowed between sending router advertisements from the interface The range for minadvertinterval is three to the value of maxadvertinterval no ip irdp minadvertinterval This command sets the default minimum time to the default...

Page 187: ...port all Modes Privileged EXEC User EXEC Term Definition Interface The slot port that matches the rest of the information in the row Ad Mode The advertise mode which indicates whether router discovery is enabled or disabled on this interface Advertise Address The IP address to which the interface sends the advertisement Max Int The maximum advertise interval which is the maximum time in seconds al...

Page 188: ... the VLAN routing information for all VLANs with routing enabled Format vlan routing vlanid Mode VLAN Config Format no vlan routing vlanid Mode VLAN Config Format show ip vlan Modes Privileged EXEC User EXEC Term Definition MAC Address used by Routing VLANs The MAC Address associated with the internal bridge router interface IBRI The same MAC Address is used by all VLAN routing interfaces It will ...

Page 189: ... Config mode to create a virtual router associated with the interface The parameter vrid is the virtual router ID which has an integer value range from 1 to 255 no ip vrrp Use this command in Interface Config mode to delete the virtual router associated with the interface The virtual Router ID vrid is an integer value that ranges from 1 to 255 ip vrrp mode This command enables the virtual router c...

Page 190: ... the virtual router on the interface ip vrrp authentication This command sets the authorization details value for the virtual router configured on a specified interface The parameter none simple specifies the authorization type for virtual router configured on the specified interface The parameter key is optional it is only required when authorization type is simple text password The parameter vri...

Page 191: ...dress owner is always 255 so that the address owner is always master If the master has a priority less than 255 it is not the address owner and you configure the priority of another router in the group higher than the master s priority the router will take over as master only if preempt mode is enabled no ip vrrp priority This command sets the default priority value for the virtual router configur...

Page 192: ... tracked If you specify just the interface to be tracked without giving the optional priority then the default priority will be set The default priority decrement is 10 no ip vrrp track interface Use this command to remove the interface from the tracked list or to restore the priority decrement to its default ip vrrp track ip route Use this command to track the route reachability When the tracked ...

Page 193: ...f VRRP advertisements received for which advertisement interval is different than the configured value for this virtual router Authentication Failure The total number of VRRP packets received that don t pass the authentication check IP TTL errors The total number of VRRP packets received by the virtual router with IP TTL time to live not equal to 255 Zero Priority Packets Received The total number...

Page 194: ...al number of VRRP packets received with an invalid VRRP checksum value Router Version Errors The total number of VRRP packets received with Unknown or unsupported version number Router VRID Errors The total number of VRRP packets received with invalid VRID for this virtual router Format show ip vrrp interface slot port vrid Modes Privileged EXEC User EXEC Term Definition IP Address The configured ...

Page 195: ...n describes the commands you use to configure BootP DHCP Relay on the switch A DHCP relay agent operates at Layer 3 and forwards DHCP requests and replies between clients and servers when they are not on the same physical subnet bootpdhcprelay cidoptmode This command enables the circuit ID option mode for BootP DHCP Relay on the system Format show ip vrrp interface brief Modes Privileged EXEC User...

Page 196: ...nt This command configures the default maximum allowable relay agent hops for BootP DHCP Relay on the system bootpdhcprelay minwaittime This command configures the minimum wait time in seconds for BootP DHCP Relay on the system When the BOOTP relay agent receives a BOOTREQUEST message it MAY use the seconds since client began booting field of the request as a factor in deciding whether to relay th...

Page 197: ...rver This command can be applied multiple times on the routing interface to form the helper addresses list until the list reaches the maximum supported helper addresses Format no bootpdhcprelay minwaittime Mode Global Config Format show bootpdhcprelay Modes Privileged EXEC User EXEC Term Definition Maximum Hop Count The maximum allowable relay agent hops Minimum Wait Time Seconds The minimum wait ...

Page 198: ...and DWS 4026 show ip helper address 0 1 Helper IP Address 1 2 3 4 1 2 3 5 ROUTING INFORMATION PROTOCOL COMMANDS This section describes the commands you use to view and configure Routing Information Protocol RIP which is a distance vector routing protocol that you use to route traffic within a small network router rip Use this command to enter Router RIP mode enable RIP This command resets the defa...

Page 199: ...o summarization mode no auto summary This command disables the RIP auto summarization mode default information originate RIP This command is used to control the advertisement of default routes Format no enable Mode Router RIP Config Default disabled Format ip rip Mode Interface Config Format no ip rip Mode Interface Config Default disabled Format auto summary Mode Router RIP Config Format no auto ...

Page 200: ...e preference values are preferred when determining the best route A route with a preference of 255 cannot be used to forward traffic no distance rip This command sets the default route preference value of RIP in the router distribute list out RIP This command is used to specify the access list to filter routes received from the source protocol Format no default information originate Mode Router RI...

Page 201: ...o allow RIP control packets of the specified version s to be received The value for mode is one of rip1 to receive only RIP version 1 formatted packets rip2 for RIP version 2 both to receive packets from either format or none to not allow any RIP control packets to be received no ip rip receive version This command configures the interface to allow RIP control packets of the default version s to b...

Page 202: ... including routes in updates sent to the router from which the route was originally learned The options are None no special processing for this case Simple a route will not be included in updates sent to the router from which it was learned Poisoned reverse a route will be included in updates sent to the router from which it was learned but the metric will be set to infinity no split horizon This ...

Page 203: ... nssa external 2 Mode Router RIP Config Format show ip rip Modes Privileged EXEC User EXEC Term Definition RIP Admin Mode Enable or disable Split Horizon Mode None simple or poison reverse Auto Summary Mode Enable or disable If enabled groups of adjacent routes are summarized into single entries in order to reduce the total number of entries The default is enable Host Routes Accept Mode Enable or ...

Page 204: ... enabled or disabled Link State The mode of the interface up or down Format show ip rip interface slot port Modes Privileged EXEC User EXEC Term Definition Interface Valid slot and port number separated by a forward slash This is a configured value IP Address The IP source address used by the specified RIP interface This is a configured value Send Version The RIP version s used when sending update...

Page 205: ... router By default the generation of ICMP Redirect messages is enabled no ip redirects Use this command to prevent the generation of ICMP Redirect messages by the router Term Definition Bad Packets Received The number of RIP response packets received by the RIP process which were subsequently discarded for any reason Bad Routes Received The number of routes contained in valid RIP packets that were...

Page 206: ... interval The burst interval specifies how often the token bucket is initialized with burst size tokens burst interval is from 0 to 2147483647 milliseconds msec The burst size is the number of ICMP error messages that can be sent during one burst interval The range is from 1 to 200 messages To disable ICMP rate limiting set burst interval to zero 0 no ip icmp error interval Use the no form of the ...

Page 207: ... Commands on page 282 Access Point Profile VAP Commands on page 286 WS Managed Access Point Commands on page 287 Access Point Failure Status Commands on page 305 RF Scan Access Point Status Commands on page 307 Client Association Status and Statistics Commands on page 311 Client Failure and Ad Hoc Status Commands on page 320 WIDS Access Point RF Security Commands on page 322 Detected Clients Datab...

Page 208: ...res the country code for the Unified Switch and all managed access points The code may be entered in either upper or lower case When you change the country code the wireless function is disabled and re enabled automatically The show country code command displays all valid country codes Example The following shows an example of the command DWS 4026 Config wireless country code au cr Are you sure yo...

Page 209: ...OUI database The no version of this command deletes the OUI entry for the specified OUI Value from the local OUI database peer group This command indicates the peer group for this switch There may be more than one group of peer switches on the same WLAN A peer group is created by configuring all peers within the group with the same identifier Format no country code Mode Wireless Config Format oui ...

Page 210: ...he Unified Switch The switch polls each address in the list to discover new access points and peers The list is used when discovery via IP polling is enabled no discovery ip list The no version of this command deletes the specified IP address from the polling list If an argument is not specified all entries are deleted from the polling list Format no peer group Mode Wireless Config Default IP Poll...

Page 211: ... or a RADIUS server to validate newly discovered APs ap authentication This command enables AP authentication When enabled all APs are required to authenticate to the Unified Switch using a password upon discovery Format no discovery ip list ipaddr Mode Wireless Config Default 1 Default VLAN Format discovery vlan list 1 4094 Mode Wireless Config Parameter Description 1 4094 A VLAN ID in the range ...

Page 212: ...his command disables AP client QoS operation globally Client traffic is not subject to QoS processing in any APs attached to this Unified Switch snmp server enable traps wireless This command globally enables the Unified Switch SNMP traps The specific wireless trap groups are configured using the trapflags command in Wireless Config Mode no snmp server enable traps wireless The no version of this ...

Page 213: ...es client failure Enable Disable SNMP traps associated with client association authentication failures client state Enable Disable SNMP traps associated with client state changes peer ws Enable Disable SNMP traps associated with peer Unified Switch events rf scan Enable Disable SNMP traps associated with RF scan related events rogue ap Enable Disable SNMP traps associated with rogue access points ...

Page 214: ...indicates that entries should never age out Format no agetime ad hoc ap failure client failure rf scan detected client Mode Wireless Config Default ap database Enable ap profile Enable captive portal Enable channel power Enable discovery Disable global Enable known client Enable radius client Enable Format peer switch configuration ap database ap profile captive portal channel power discovery glob...

Page 215: ... the network MTU size for all access points This configuration is only used for tunneled networks and is therefore only available if the wireless tunneling feature is enabled Note that the physical ports on the Unified Switch and the rest of the network devices must also be configured with the appropriate MTU size This configuration applies only to the managed access points Format no peer switch c...

Page 216: ...ontain alphanumeric characters plus _ and space no radius server name The no version of this command sets the global RADIUS authentication accounting server name to the default value Default 1500 Format tunnel mtu 1500 1520 Mode Wireless Config Parameter Description 1500 Maximum IP frame size is 1518 tagged 1522 untagged 1520 Maximum IP frame size is 1538 tagged 1542 untagged Format no tunnel mtu ...

Page 217: ... shows examples of the commands DWS 4026 radius accounting cr Press Enter to execute the command DWS 4026 no radius accounting cr Press Enter to execute the command mac authentication mode This command configures the client MAC authentication mode for the switch The mode indicates whether MAC addresses in the Known Client database are granted or denied access The MAC authentication mode is applied...

Page 218: ...ly global action to the client grant Grant access to the client deny Deny access to the client Format no known client macaddr Mode Wireless Config Format show wireless Mode Privileged EXEC User EXEC Field Description Administrative Mode Shows whether the administrative mode is enabled WLAN Switch Operational Mode Shows whether the wireless function on the switch is enabled WS IP Address Shows the ...

Page 219: ...show wireless OUI database This show command displays all the OUI entries created by the admin in the local OUI database Country Code Shows the country in which the WLAN is operating Peer Group ID Shows the Peer group ID Cluster Priority Priority of this switch for the Cluster election Cluster Controller Indicates whether or not this switch is the Cluster controller Cluster Controller IP Address T...

Page 220: ...polling status for each configured IP address for discovery Example The following shows example CLI display output for the command DWS 4026 show wireless discovery ip list Field Description ouival OUI Value of the vendor of AP Client oui Organization name for the OUI Format show wireless discovery Mode Privileged EXEC Field Description IP Polling Mode Shows whether the L3 IP Polling discovery meth...

Page 221: ...e managed AP database This value is always equal to the sum of Managed Access Points Connection Failed Access Points and Discovered Access Points Managed Access Points The total number of APs in the managed AP database that are authenticated configured and have an active connection with the Unified Switch Connection Failed Access Points The number of APs that were previously authenticated and mana...

Page 222: ...se Maximum Detected Clients The maximum number of detected clients that can be stored in the database Peer Switches Total number of peer WLAN switches detected on the network Unknown Access Points Total number of APs currently detected but not known to the switch These includes rogue APs and APs not connected to the network Rogue Access Points Total number of rogue APs currently detected on the WL...

Page 223: ...oller then this command shows per switch status parameters for all the switches in the wireless network For the switch that is not acting as a Cluster Controller only the local status parameters are displayed Format show wireless statistics Mode Privileged EXEC Field Description WLAN Bytes Received Shows the total bytes received across all APs managed by the switch WLAN Bytes Transmitted Shows the...

Page 224: ...ority of this switch for the Cluster election Total Access Points The total number of access points in the managed AP database This value is always equal to the sum of Managed Access Points Connection Failed Access Points and Discovered Access Points Managed Access Points The total number of APs in the managed AP database that are authenticated configured and have an active connection with the Uni...

Page 225: ...all the switches in the wireless system For the switch that is not acting as a Cluster controller only the local statistics are displayed Example The following shows example CLI display output for the command If a network consists of two switches 192 168 37 60 and 192 168 37 61 respectively and former is the Cluster Controller this command works differently at Cluster Controller and the peer switc...

Page 226: ...nsmit Dropped 0 WLAN Packets Receive Dropped 0 WLAN Packets Transmit Dropped 0 The local switch statistics can also be displayed using the following command format DWS 4026 show wireless switch local statistics cr WLAN Bytes Received 320 WLAN Bytes Transmitted 560 WLAN Packets Received 45 WLAN Packets Transmitted 78 WLAN Bytes Receive Dropped 0 WLAN Bytes Transmit Dropped 0 WLAN Packets Receive Dr...

Page 227: ...his show command displays the configured age times for the status database entries RF Scan Traps Shows whether RF Scan Traps are enabled Rogue AP Traps Shows whether Rogue AP Traps are enabled WIDS Status Traps Shows whether WIDS Status Traps are enabled Wireless Status Traps Shows whether Wireless Status Traps are enabled Format show wireless tunnel mtu Mode Privileged EXEC Format show wireless a...

Page 228: ... switch configuration Mode Privileged EXEC Field Description AP Database Displays whether the AP database configuration push to peer switches is enabled or disabled AP Profile Displays whether the AP profile and network configuration push to peer switches is enabled or disabled Channel Power Displays whether the channel and power configuration push to peer switches is enabled or disabled Discovery...

Page 229: ...on push request This may be to one peer switch or to the total number of peer switches at the time the configuration push request is started Success Count Indicates the total number of peer switches to which the configuration has been pushed successfully for the current configuration push request Failure Count Indicates the total number of peer switches to which the configuration push request fail...

Page 230: ...w_dwl8600 is suported DWS 4026 show wireless ap capability Hardware Hardware Radio VAP Count Image Type ID Type Description Count Per Radio Type hw_dw18600 DWL 8600AP Dual Radio a b g n 2 16 img_dwl8600 DWS 4026 Format show wireless ap capability hw_dwl8600 radio 1 2 Mode Privileged EXEC Field Description hw_dwl8600 The AP hardware type ID 1 2 The radio index on the AP hardware type Hardware Type ...

Page 231: ... ID Image Type Description hw_dwl8600 DWL 8600AP image show wireless radius This show command displays the configured global RADIUS configuration for wireless clients Format show wireless ap capability image table Mode Privileged EXEC Field Description Image Type ID AP image type ID Image Type Description Descriptive name of the AP image type Format show wireless radius Mode Privileged EXEC Field ...

Page 232: ...cal Know Client database Example The following shows example CLI display output for the command DWS 4026 show wireless known client MAC Address Nickname Action 10 10 10 10 10 10 client1 grant RADIUS Accounting Server Name The name of the RADIUS server used for reporting wireless client associations and disassociations when a network level RADIUS accounting server is not defined RADIUS Accounting S...

Page 233: ...rogue AP state will be cleared for all rogue APs dist tunnel idle timeout Use this command to globally configure the time interval for which L2 distributed tunneled clients can stay idle Beyond this time interval the tunnel is terminated The parameter idle timeout is a numeric value in seconds dist tunnel max timeout Use this command to globally configure the maximum time for the L2 distributed tu...

Page 234: ...imum number of clients that can be tunneled using L2 distributed tunnels The parameter max clients value is a numeric value Parameter Description max timeout The identifier for max timeout The range is 30 to 86400 seconds Default 128 Format dist tunnel mcast repl 1 1024 Mode Wireless Config Parameter Description mcast repl The identifier for multicast replications The range is 1 to 1024 Default 12...

Page 235: ...configured for interval this parameter indicates how often new channel plans are computed and applied no channel plan interval The no version of this command returns the configured channel plan interval to the default Default manual Format channel plan an bgn mode interval manual time Mode Wireless Config Parameter Description an Configure channel plan mode for 802 11a n bgn Configure channel plan...

Page 236: ... maintained for each 802 11a n and 802 11b g n frequency band The number of iterations stored for each channel plan affects channel assignment the channel algorithm will not assign the same channel to an AP more than once within the number of stored iterations of the channel plan no channel plan history depth The no version of this command returns the history depth for the channel plan to the defa...

Page 237: ... the configured power adjustment interval to the default wireless channel plan This command allows you to request manual channel plan actions for each 802 11n and 802 11b g n frequency band Format no channel plan an bgn history depth Mode Wireless Config Default manual Format power plan mode interval manual Mode Wireless Config Parameter Description interval Compute and apply power adjustments at ...

Page 238: ...adjustments clear Clear the proposed power adjustments start Compute new proposed power adjustments Format show wireless channel plan an bgn Mode Privileged EXEC Field Description an Configure channel plan mode for 802 11a n bgn Configure channel plan mode for 802 11b g n Channel Plan The channel plan type or mode managed AP radios operating in the specified mode will be considered for this channe...

Page 239: ...ireless channel plan history a 10 254 22 15 Switch IP Address 10 254 22 15 Current Iteration 0 Operational Status Active Last Algorithm Time JAN 03 23 32 06 1970 AP MAC Address Location Radio Iteration Channel 00 00 85 00 50 00 Third floor 1 1 6 Format show wireless channel plan history an bgn ipaddr Mode Privileged EXEC Field Description ipaddr The ipaddr is a valid IP address an Configure channe...

Page 240: ...254 22 1 Apply Complete 10 254 22 15 Apply Complete DWS 4026 show wireless channel plan proposed a 10 254 22 15 Current Status Apply Complete Current New AP MAC Address Location Radio Channel Channel 00 00 85 00 50 00 Third floor 1 11 1 show wireless power plan This command displays status and configuration for automatic power adjustment The command does not accept any arguments Format show wirele...

Page 241: ...ted DWS 4026 show wireless power plan proposed 10 254 22 15 Current Status Algorithm Complete No proposed power adjustments to display Field Description Power Plan Mode The mode for automatic power adjustment manual or interval If the mode is manual the power algorithm will not run unless you request it Power Plan Interval If the power adjustment mode is interval this indicates the frequency in mi...

Page 242: ...0 254 22 1 Vendor ID D Link Software Version D 5 28 1 Protocol Version 2 Discovery Reason L2 Poll Managed AP Count 3 Age 0d 00 00 11 show wireless peer switch configure status This command displays config push status information for peer Unified Switches If no parameters are entered the command will display summary status for all peer switches If a peer switch IP address is entered detailed status...

Page 243: ...ireless peer switch ap status This command displays the operational status for a peer Unified Switch managed AP If no parameters are specified the command will display a summary of all Unified Switch managed APs If an AP MAC address is specified the detailed status is displayed Format show wireless peer switch ipaddr configure status Mode Privileged EXEC Field Description ipaddr The ipaddr is a va...

Page 244: ...Floor 1 Default DWL 8600AP Dual Radio a b g n 00 01 01 02 02 01 192 168 0 100 Ground Floor 1 Default DWL 8600AP Dual Radio a b g n DWS 4026 show wireless peer switch ap 00 01 01 02 02 01 status MAC Address 00 01 01 02 01 01 Peer Switch IP Address 192 168 0 100 IP Address 192 168 0 1 Location Conf Room Bldg 200 Profile 2 L3 Roaming Profile Hardware Type D Link macaddr Unified Switch managed AP MAC ...

Page 245: ...hen the AP is validated during discovery no ap database The no version of this command deletes the AP entry for the specified MAC address from the local database or all the entries present in the database mode AP Config Mode This command configures the managed mode for an AP location This command configures a descriptive string for the AP location Format ap database macaddr Mode Wireless Config Pa...

Page 246: ... ap password cr Press Enter to execute the command DWS 4026 Config ap password cr Enter Password 8 63 characters enter here Re enter password enter same here DWS 4026 Config ap no password cr DWS 4026 Config ap password encrypted This command configures the password that this AP must use to authenticate to the Unified Switch The password is only verified if global AP authentication is enabled The ...

Page 247: ...d channel This command configures the expected channel for an AP in stand alone mode Default The default password is blank Format password encrypted password Mode AP Config Parameter Description password The password in encrypted format 128 hexadecimal characters Default 1 Default Format profile 1 16 Mode AP Config Parameter Description 1 16 Indicates the AP profile ID for AP configuration Format ...

Page 248: ...lowed standalone ssid Stand alone AP expected SSID This command configures the expected SSID for an AP in stand alone mode Default 0 any channel Format standalone channel channel Mode AP Config Parameter Description channel A valid channel from 0 to 161 from the all country aggregate channel list Channel zero indicates that any valid channel is allowed Format no standalone channel Mode AP Config D...

Page 249: ...MAC address to display detailed information for a specific AP Default empty string any SSID is allowed Format standalone ssid name Mode AP Config Parameter Description name The service set ID must be between 1 and 32 characters Use the no form of the command to configure the AP to operate on any SSID Format no standalone ssid Mode AP Config Default any Format standalone wds mode any bridge normal ...

Page 250: ...onfiguration profile If the AP is in managed mode this is the profile sent to the AP Password Configured If the authentication password is configured the value displayed will be Yes otherwise it will be No Radio 1 Channel This indicates Auto or a fixed channel for radio 1 Radio 2 Channel This indicates Auto or a fixed channel for radio 2 Radio 1 Transmit Power This indicates Auto or a fixed power ...

Page 251: ...l Auto Radio 2 Power Auto Stand alone Expected Channel 0 Stand alone Expected Security Mode Any Stand alone Expected SSID Stand alone Expected WDS Mode Any DWS 4026 show wireless ap database MAC Address Location AP Mode 00 77 77 77 52 00 lab ws managed 11 10 10 10 10 10 conference room standalone ...

Page 252: ...twork must be configured with an SSID of one or more characters The SSID can be modified but cannot be deleted Except for the default Guest Network the default SSID for each network is Managed SSID followed by the unique Network ID vlan Network Config Mode This command configures the default VLAN ID for the network If there is no RADIUS server configured or a client is not associated with a VLAN v...

Page 253: ... via RADIUS The acl name parameter is a case sensitive alphanumeric string from 1 to 31 characters The access list specified in this command must currently exist in the Unified Switch no client qos access control The no version of this command removes the client QoS default access control list parameter configured for this network Default 1 Default VLAN Format vlan 1 4094 Mode Network Config Param...

Page 254: ...ified Switch no client qos diffserv policy The no version of this command removes the client QoS default Diffserv policy parameter configured for this network client qos enable This command enables AP client QoS operation for the network When enabled and when the wireless global client QoS mode is also enabled clients associated to this network may have one or more of the following QoS facilities ...

Page 255: ... This command enables and configures the mode for redirection of wireless client traffic on this network If HTTP redirection is enabled initial client requests are redirected to the configured URL no redirect mode The no version of this command disables redirect on the network redirect url This command configures a URL for HTTP redirection When HTTP redirection is enabled on the network each initi...

Page 256: ... mode is configured for static WEP authentication and encryption Default None The default is blank Format redirect url url Mode Network Config Parameter Description url A Uniform Resource Locator for example www cnn com The URL must be 0 128 characters Format no redirect url Mode Network Config Default none Format security mode none static wep wep dot1x wpa enterprise wpa personal Mode Network Con...

Page 257: ...n the security mode is configured for WEP shared key authentication and encryption Default Open System Format wep authentication open system shared key shared key Mode Network Config Parameter Description open system No authentication required shared key Clients are required to authenticate to the network using a shared key Format no wep authentication Mode Network Config Format wep key 1 4 value ...

Page 258: ...P key type to its default value wep key length This command configures the WEP key length in bits for the network The configured key length is used when the network security mode is set to WEP shared key The WEP key length affects the number of characters required for a valid WEP key and therefore changing the WEP key length will reset all keys Default 1 Format wep tx key 1 4 Mode Network Config P...

Page 259: ...then again to confirm the secret Example The following shows an example of the command DWS 4026 Config network radius server secret Enter Secret 65 characters max enter here Re enter Secret enter same here radius server name This command configures the RADIUS authentication accounting server name for wireless clients authenticating to this network The server name can contain alphanumeric character...

Page 260: ...configures the system to use the network RADIUS configuration for wireless client s authentication on this network or to use global RADIUS configuration no radius use network configuration The no version of this command configures the system to use the network RADIUS configuration for authentication of wireless clients on this network Example The following shows an example of the command DWS 4026 ...

Page 261: ...ust be specified This configuration only applies when the configured security mode is WPA no wpa versions The no version of this command configures the supported WPA versions to the default value wpa ciphers This command configures the WPA cipher suites supported on the network one or both parameters must be specified This configuration only applies when the configured security mode is WPA Default...

Page 262: ...routing must be enabled on the switch and the tunnel subnet and mask must be configured and match a valid routing interface no tunnel The no version of this command disables client traffic tunneling on the network tunnel subnet This command configures the tunnel subnet IP address for the network This must match a configured routing interface in order for the tunnel to be operational Default tkip F...

Page 263: ...etwork wpa2 pre authentication This command enables WPA2 pre authentication support for client roaming no wpa2 pre authentication The no version of this command disables WPA2 pre authentication support Default Subnet IP None Subnet mask 255 255 255 0 Format tunnel subnet ipaddr mask mask Mode Network Config Parameter Description ipaddr A valid IP address mask A valid subnet mask Format no tunnel s...

Page 264: ... client roaming on the network no wpa2 key forwarding The no version of this command disables WPA2 key forwarding support on the network wpa2 key caching holdtime This command configures the length of time a PMK will be cached by an AP for either client roaming or key forwarding Format no wpa2 pre authentication Mode Network Config Default 0 no limit Format wpa2 pre authentication limit 0 192 Mode...

Page 265: ...ion keys are changed no dot1x session key refresh rate The no version of this command returns the session key refresh rate to its default value Parameter Description 0 1440 WPA2 key caching hold time in minutes Format no wpa2 key caching holdtime Mode Network Config Default 300 seconds Format dot1x bcast key refresh rate 0 86400 Mode Network Config Parameter Description 0 86400 The bcast key refre...

Page 266: ...ether L2 distributed tunneling mode is enabled on the switch Bcast Key Refresh Rate The interval after which the broadcast keys are changed Session Key Refresh Rate the interval after which the Unicast session keys are changed L3 Tunnel Mode If tunneling feature is enabled indicates if L3 roaming is enabled on the network L3 Tunnel Status Indicates the if the tunnel is up or down L3 Tunnel Subnet ...

Page 267: ... for encryption WEP Key1 4 If WEP Shared Key security mode is enabled indicates the WEP keys configured for encryption Up to 4 keys can be configured Client QoS Mode Indicates whether client QoS operation is enabled on this network Client QoS Bandwidth Limit Down Defines the default maximum rate limit in bits per second for traffic flowing from the AP to the client A value of 0 disables rate limit...

Page 268: ...net IP 0 0 0 0 L3 Tunnel Subnet Mask 255 255 255 0 Wireless ARP Suppression Disable Security Mode None MAC Authentication Disable RADIUS Authentication Server Name Default RADIUS Server RADIUS Authentication Server Status Not Configured RADIUS Accounting Server Name Default RADIUS Server RADIUS Accounting Server Status Not Configured WPA Versions WPA WPA2 WPA Ciphers TKIP CCMP WPA Key Type ASCII P...

Page 269: ...s command deletes a configured AP profile If the profile is referenced by an entry in the valid AP database or is applied to one or more managed APs it cannot be deleted The default profile 1 Default can never be deleted Example The following shows an example of the command DWS 4026 Config wireless ap profile 1 DWS 4026 Config ap profile If the profile is in use DWS 4026 Config wireless no ap prof...

Page 270: ... no hwtype cr Press Enter to execute the command vlan AP Profile Config Mode This command allows you to configure the VLAN ID used to send tracer packets by wired network detection algorithm If VLAN is 0 the tracer packets will be sent untagged Parameter Description name AP Profile name it must be less than 32 characters Use quotes around a name that contains spaces Format no name Mode AP Profile ...

Page 271: ...lowing shows an example of the command If the destination AP Profile is associated with Managed APs DWS 4026 Config wireless ap profile copy 1 2 cr The destination profile is associated with WS Managed APs Do you want to overwrite the existing profile y n enter y or n wireless ap profile apply This command requests for the switch to resend the AP profile configuration to all managed APs associated...

Page 272: ...rameters a summary of all AP profiles is displayed You can enter an AP profile ID to display detailed configuration for a specific profile Example The following shows example CLI display output for the command DWS 4026 show wireless ap profile 1 AP Profile ID 1 Profile Name Default Format clear Mode AP Profile Config Format show wireless ap profile 1 16 radio 1 2 Mode Privileged EXEC Field Descrip...

Page 273: ...265 Access Point Profile Commands Hardware Type 0 Any Wired Network Detection Vlan ID 0 Any Profile Status Configured Valid APs Configured 0 Managed APs Configured 2 ...

Page 274: ... this command configures the administrative mode of the radio interface to the off state mode AP Profile Radio Config Mode This command configures the physical layer technology to use on the radio Format radio 1 2 Mode AP Profile Config Parameter Description 1 2 The radio interface within the AP profile Default on Format enable Mode AP Profile Radio Config Format no enable Mode AP Profile Radio Co...

Page 275: ...ersion of this command disables scanning on other channels the radio will always scan on its operational channel rf scan sentry This command enables dedicated RF scanning and disables normal operation of the radio The radio will not allow any client associations when sentry mode is enabled bgn Indicates 802 11b g n as physical mode Only applicable for radio 2 n only a Indicates 802 11n in 5GHz ban...

Page 276: ...s point blocks communication between wireless clients The access point still allows data traffic between its wireless clients and wired devices on the network but not among wireless clients Default Disabled Channels all Format rf scan sentry channels a bg all Mode AP Profile Radio Config Parameter Description channels Indicates to scan channels within specified mode frequency a Perform RF scan on ...

Page 277: ...fault value beacon interval The command configures the beacon interval for the radio The beacon interval indicates the interval at which the AP radio transmits beacon frames Default Disabled Format station isolation Mode AP Profile Radio Config Format no station isolation Mode AP Profile Radio Config Default rate limit Disabled rate limit normal 50 packets per second rate limit burst 75 packets pe...

Page 278: ...or the radio The fragmentation threshold indicates a limit on the size of packets that can be fragmented A threshold of 2346 indicates there should be no fragmentation no fragmentation threshold The no version of this command configures the fragmentation threshold to the default value Parameter Description 20 2000 Time interval in milliseconds at which the radio sends beacon frames Format no beaco...

Page 279: ...ce no max clients The no version of this command configures the maximum number of simultaneous client associations allowed on the radio interface to the default value Format no fragmentation threshold Mode AP Profile Radio Config Default 2347 Format rts threshold 0 2347 Mode AP Profile Radio Config Parameter Description 0 2347 RTS threshold for the radio Format no rts threshold Mode AP Profile Rad...

Page 280: ...ic selection no channel auto eligible The no version of this command removes either one or all of the channels currently available for automatic selection from consideration on the radio If you specify one channel the command will succeed only if this channel is currently available for automatic selection on the radio If you supply all as the argument for this command all channels currently availa...

Page 281: ...ing up communications with client stations The basic rates are the list of data rates that all stations associating with the AP must support no rate The no version of this command is used to remove a basic or supported data rate from the corresponding list Format no power auto Mode AP Profile Radio Config Default 100 Format power default 0 100 Mode AP Profile Radio Config Parameter Description 0 1...

Page 282: ...twork utilization allowed on the radio before clients are denied 0 indicates that no load balancing is performed no load balance The no version of this command disables load balancing or resets the utilization to its default value If no parameters are entered load balancing is disabled Format no rate basic supported value Mode AP Profile Radio Config Parameter Description value A valid rate based ...

Page 283: ... to use when operating in 802 11n mode When the protection mode is enabled AP and stations ensure transmission is protected if there are legacy stations using the same radio frequency Default 40 MHz Format dot11n channel bandwidth 20 40 Mode AP Profile Radio Config Parameter Description 20 The Radio operates in 20 MHz bandwidth 40 The Radio operates in 40 MHz bandwidth Format no dot11n channel ban...

Page 284: ...e radio transmits the multicast frames Default auto Format protection auto off Mode AP Profile Radio Config Parameter Description auto The protection mechanism is set to automatic mode off The protection mechanism is set to off mode Format no protection Mode AP Profile Radio Config Default enable Format dot11n short guard interval enable disable Mode AP Profile Radio Config Parameter Description e...

Page 285: ... displays the radio configuration for an AP profile When you enter the required profile ID a summary view of the radio configuration is displayed If you enter a radio index the radio configuration detail is displayed Parameter Description rate A valid rate based on the radio mode When the radio is operating in the 5 GHz band values are 6 11 12 18 24 36 48 and 54 Mbps When the radio is operating in...

Page 286: ...Rate Limit If rate limiting is enabled broadcast multicast traffic below this limit is transmitted normally Broadcast Multicast Rate Limit Burst If rate limiting is enabled broadcast multicast traffic can occur in bursts up to this value before all traffic is considered to exceed the limit Beacon Interval Interval at which the AP transmits beacon frames DTIM Period Indicates the number of beacons ...

Page 287: ...ates a default power setting for the radio If automatic power adjustment is disabled this indicates a fixed power setting otherwise it indicates the initial power setting before any automatic adjustments Load Balancing Indicates if the AP will load balance users on this radio Load Utilization If load balancing is enabled of network utilization allowed on the radio before clients are denied Station...

Page 288: ...nnels AP Profile ID 1 Profile Name Default Radio 2 802 11b g Mode 802 11b g Supported Channels Auto Eligible 1 2 3 4 5 6 7 8 9 10 11 show wireless rates This command displays the rates valid for a specified physical mode This is intended to help you determine valid values for the radio configuration command Example The following shows example CLI display output for the command DWS 4026 show wirele...

Page 289: ...r the radio configuration command Example The following shows example CLI display output for the command DWS 4026 show wireless rates a Mode IEEE 802 11a Valid Rates 6 Mbps 9 Mbps 12 Mbps 18 Mbps 24 Mbps 36 Mbps 48 Mbps 54 Mbps Format show wireless multicast tx rates a bg Mode Privileged EXEC Field Description Mode Indicates the physical layer technology to use on the radio Valid Rates Indicates d...

Page 290: ...oice AIFS 1 msec Minimum Contention Window 3 msecs Maximum Contention Window 7 msecs Maximum Burst Duration 1500 usec Video AIFS 1 msec Minimum Contention Window 7 msecs Maximum Contention Window 15 msecs Maximum Burst Duration 3000 usec Best Effort AIFS 3 msec Minimum Contention Window 15 msecs Maximum Contention Window 63 msecs Maximum Burst Duration 0 usec Background AIFS 7 msec Minimum Content...

Page 291: ...msecs Video AIFS 2 msec Minimum Contention Window 7 msecs Maximum Contention Window 15 msecs Transmission Opportunity Limit 94 msecs Best Effort AIFS 3 msec Minimum Contention Window 15 msecs Maximum Contention Window 1023 msecs Transmission Opportunity Limit 0 msecs Background AIFS 7 msec Minimum Contention Window 15 msecs Maximum Contention Window 1023 msecs Transmission Opportunity Limit 0 msec...

Page 292: ...le 1 radio 1 qos station edca Format show wireless ap profile 1 16 radio 1 2 qos ap edca station edca Mode Privileged EXEC Parameter Description AP Profile ID Configured AP profile ID Profile Name Name associated with the AP Profile ID Radio Index AP profile radio interface Mode The configured physical mode for the radio WMM Mode Indicates the Wireless Multimedia mode of the radio Arbitration Inte...

Page 293: ...ofile ID 1 Profile Name profile1 Radio Index 1 Mode IEEE 802 11g WMM Mode Disable QoS AIFS Minimum Maximum Tx Op Queues Contention Window Contention Window Limit Voice 0 2 3 7 47 Video 1 2 7 15 94 Best Effort 2 3 15 63 0 Background 3 7 15 1023 0 ...

Page 294: ... if you want to disable VAP0 you must turn off the radio no enable The no version of this command disables the configured VAP on the radio This command is not valid for VAP 0 network AP Profile VAP Config Mode This command configures the network to apply to the VAP A VAP must be configured with a network therefore the network cannot be deleted Format vap 0 15 Mode AP Profile Radio Config Parameter...

Page 295: ...t access to the AP which is normally disabled in managed mode The debug mode and required password are not saved in the configuration on the switch they are only maintained until the next time the AP is discovered AP or switch reset This command prompts for the debug password each time it is invoked no wireless ap debug The no version of this command disables AP debug mode The managed AP UI will b...

Page 296: ...ple of the command DWS 4026 wireless ap download group size 3 wireless ap download abort This command aborts the AP image download process If the process is aborted the code download still continues on the remaining APs in the current download group but not on APs in the next download group wireless ap download start This command initiates the AP image download process to a all managed APs running...

Page 297: ...ing is not saved in the configuration it is maintained until the next time the AP is discovered AP or switch reset wireless ap reset This command requests the switch to reset the managed AP indicated by the MAC address Format wireless ap download start image type img_dwl8600 macaddr Mode Privileged EXEC Parameter Description img_dwl8600 The image type macaddr Managed AP MAC Address Format wireless...

Page 298: ... DWS 4026 clear wireless ap neighbors Are you sure you want to clear managed AP neighbors associated client neighbors will not be cleared y n y Managed AP neighbor entries cleared show wireless ap status This command displays operational status for a WS managed AP If no parameters are specified a summary of all managed APs is displayed If an AP MAC address is specified the detailed status is displ...

Page 299: ...tion status indicates a partial or complete failure this field indicates the last element that failed during configuration Configuration Failure Error An ASCII string provided by the AP containing an error message for the last failing configuration element Debug Mode Indicates whether or not debug mode is enabled on the AP Debug mode allows you telnet access to the device Code Download Status Iind...

Page 300: ...ne Configuration Failure Error Debug Mode Disable Code Download Status Not Started Reset Status Not Started Discovery Reason This status value indicates how the managed AP was discovered The status is one of the following values IP Poll Received The AP was discovered via an IP poll from the Unified Switch its IP address is configured in the IP polling list Peer Redirect The AP was discovered throu...

Page 301: ...he current channel bandwidth in use Transmit Power If the radio is operational the current transmit power for the radio Associated Clients Total count of clients associated on the physical radio this is a sum of all the clients associated to each VAP enabled on the radio Total Neighbors Total number of neighbors both APs and clients that can be seen by this radio in its RF area Supported Channels ...

Page 302: ...ual Channel Adjustment Status Success Transmit Power 100 Fixed Power Indicator No Manual Power Adjustment Status Not Started Authenticated Clients 0 Total Neighbors 22 WLAN Utilization 4 show wireless ap radio channel status This command displays the manual channel adjustment status for a radio on a WS managed AP This indicates the individual AP status for a wireless channel plan apply request or ...

Page 303: ... 2 Radio Interface Transmit Power If the radio is operational the current transmit power for the radio Manual Power Adjustment Status Indicates the current state of a manual request to change the power setting on this radio Format show wireless ap macaddr radio 1 2 vap 0 15 status Mode Privileged EXEC Field Description macaddr WS managed AP MAC address 1 2 The radio interface on the AP 0 15 VAP ID...

Page 304: ...D 2 VAP MAC Address 00 22 B0 3A C1 80 SSID dlink1 Client Authentications 0 show wireless ap radio neighbor ap status This command displays the status parameters for each neighbor AP detected through an RF scan on the specified managed AP radio Format show wireless ap macaddr radio 1 2 neighbor ap status Mode Privileged EXEC Field Description macaddr WS managed AP MAC address 1 2 The radio interfac...

Page 305: ...id values are Managed The neighbor AP is managed by this switch or another switch within the peer group The neighbor AP status can be referenced using its base MAC address Unknown The neighbor APs detected in the RF scan are initially categorized as Unknown APs Standalone The AP is managed in standalone mode and configured as a valid AP entry local or RADIUS Rogue The AP intrusion Detection functi...

Page 306: ...g abbreviated values may be displayed RF Scan RF The client was reported from an RF scan on the radio Note that client stations are difficult to detect via RF scan the other methods are more common for client neighbor detection Probe Request Probe The managed AP received a probe request from the client Associated to Managed AP Assoc Managed AP This neighbor client is associated to another managed ...

Page 307: ...ission on the wireless network WLAN Bytes Transmitted Total bytes discarded by the AP prior to transmission on the wireless network Ethernet Packets Received Total packets received by the AP on the wired network Ethernet Bytes Received Total bytes received by the AP on the wired network Ethernet Multicast Packets Received Total multicast packets received by the AP on the wired network Ethernet Pac...

Page 308: ...ither locally or on the RADIUS server Radio Indicates a radio interface on the AP WLAN Packets Received Total packets received by the AP on this radio interface WLAN Bytes Received Total bytes received by the AP on this radio interface WLAN Packets Transmitted Total packets transmitted by the AP on this radio interface WLAN Bytes Transmitted Total bytes transmitted by the AP on this radio interfac...

Page 309: ...ount Number of time an MSDU is successfully transmitted after one or more retries Multiple Retry Count Number of times an MSDU is successfully transmitted after more than one retry Frame Duplicate Count Number of times a frame is received and the Sequence Control field indicates it is a duplicate RTS Success Count Count of CTS frames received in response to an RTS frame RTS Failure Count Count of ...

Page 310: ...A location description for the AP this is the value configured in the valid AP database either locally or on the RADIUS server Radio Indicates a radio interface on the AP VAP Indicates the VAP ID on the radio WLAN Packets Received Total packets received by the AP on this VAP WLAN Bytes Received Total bytes received by the AP on this VAP WLAN Packets Transmitted Total packets transmitted by the AP ...

Page 311: ... file path on the TFTP server Server Address The TFTP server IP address Group Size If a code download request is for all managed APs the switch processes the request for one group of APs at a time before starting the next group The group size indicates the maximum number of APs the switch will send the code download request to at one time Download Type The last download type requested Download Sta...

Page 312: ... No 0d 00 00 00 108 Yes No 0d 00 00 00 116 Yes No 0d 00 00 00 124 Yes No 0d 00 00 00 132 Yes No 0d 00 00 00 149 No No 0d 00 00 00 157 No No 0d 00 00 00 Format show wireless ap mac addr radio 1 2 radar status Mode Privileged EXEC Field Description macaddr WS managed AP MAC address 1 2 The radio interface on the AP Channel The list of channels available on the specified radio Radar Detection Require...

Page 313: ...alidate or authenticate an AP When acting as a Cluster Controller the peer Unified Switch reported AP failures are also displayed To identify such entries in the summary command display a asterisk is used alongside the peer Unified Switch reported AP MAC Address Format clear wireless ap failure list Mode Privileged EXEC Format show wireless ap macaddr failure status Mode Privileged EXEC Field Desc...

Page 314: ...d 00 02 02 00 00 86 00 50 00 192 168 37 74 No Database Entry 0d 00 00 03 DWS 4026 show wireless ap 00 22 B0 3A C8 40 failure status MAC address 00 22 B0 3A C8 40 IP Address 10 27 64 163 Reporting Switch Local Switch Switch MAC Address 00 02 BC 00 00 77 Switch IP Address 10 27 65 8 Last Failure Type No Database Entry Validation Failure Count 6 Authentication Failure Count 0 Vendor ID D Link Protoco...

Page 315: ...AP this could be a physical radio interface or VAP MAC For D Link APs this is always a VAP MAC address BSSID Basic Service Set Identifier advertised by the AP in the beacon frames SSID Service Set ID of the network this is broadcast in the detected beacon frame OUI Vendor name for the MAC address Physical Mode Indicates the 802 11 mode being used on the AP Channel Transmit channel of the AP Status...

Page 316: ...tandalone The AP is managed in standalone mode and configured as a valid AP entry local or RADIUS AP MAC Address If status indicates a managed AP this indicates the base MAC address of the AP Radio Interface If status indicates a managed AP this indicates the radio interface on the AP Discovered Age Time in seconds since this AP was first detected in an RF scan Security Mode Security used by this ...

Page 317: ...xample CLI display output for the command DWS 4026 show wireless ap 00 02 BC 00 17 D0 rf scan triangulation RSSI Signal Noise Sentry MAC Address Radio dBm dBm Age Non Sentry 00 22 B0 3A C1 80 2 15 80 92 0d 15 48 19 show wireless ap rf scan rogue classification This command displays the WIDS AP rogue classification test results Format show wireless ap macaddr rf scan triangulation Mode Privileged E...

Page 318: ... Administrator configured rogue AP WIDSAPROGUE02 Managed SSID from an unknown AP WIDSAPROGUE03 Managed SSID from a fake managed AP WIDSAPROGUE04 AP without an SSID WIDSAPROGUE05 Fake managed AP on an invalid channel WIDSAPROGUE06 Managed SSID detected with incorrect security WIDSAPROGUE07 Invalid SSID from a managed AP WIDSAPROGUE08 AP is operating on an illegal channel WIDSAPROGUE09 Standalone AP...

Page 319: ... associated clients are displayed with an asterisk before the Client MAC Address in the summary command The command output displays the following information Format wireless client disassociate macaddr Mode Privileged EXEC Parameter Description macaddr Client MAC address Format show wireless client macaddr status Mode Privileged EXEC Parameter Description macaddr Client MAC address Field Descripti...

Page 320: ...d or authenticated The valid values are Associated The client is currently associated to the managed AP Authenticated The client is currently associated and authenticated to the managed AP Disassociated The client has disassociated from the managed AP If the client does not roam to another managed AP within the client roam timeout it will be deleted AP MAC Address This field indicates the base AP ...

Page 321: ...in the peer group When acting as WIDS Controller the peer switch associated clients are displayed with a before the Client MAC Adress in the summary command The command output displays the following information Example On the WIDS Controller the summary command displays entries in the following format DWS 4026 show wireless client summary MAC Address Peer Managed IP Address NetBIOS Name 00 0F B5 8...

Page 322: ...led or Disabled Bandwidth Limit Down The maximum transmission rate limit in bits per second in effect for traffic flowing from the AP to the client This may differ from the configured value due to rounding A value of 0 indicates no rate limiting is in effect in this direction Bandwidth Limit Up The maximum transmission rate limit in bits per second in effect for traffic flowing from the client to ...

Page 323: ...it Down Defines the maximum transmission rate limit in bits per second for traffic flowing from the AP to the client A value of 0 disables rate limiting in this direction A value of none indicates that this parameter was not obtained from RADIUS for the client Bandwidth Limit Up Defines the maximum transmission rate limit in bits per second for traffic flowing from the client to the AP A value of ...

Page 324: ...d Total bytes received from the client station Packets Transmitted Total packets transmitted to the client station Bytes Transmitted Total bytes transmitted to the client station Packets Receive Dropped Total receive packets from the client station that were discarded by the AP Bytes Receive Dropped Total receive bytes from the client station that were discarded by the AP Packets Transmit Dropped ...

Page 325: ...WS managed AP Location The configured descriptive location for the managed AP Radio The radio on the managed AP that detected this client as a neighbor Discovery Reason Indicates one or more discovery methods for the neighbor client One or more of the following abbreviated values may be displayed RF Scan RF The client was reported from an RF scan on the radio Note that client stations are difficul...

Page 326: ...ients If the Unified Switch is a WIDS controller then this command shows all clients associated to the APs managed by all the peer switches For non Cluster Controller switches only clients managed by the local switches are displayed Example The following shows example CLI display output for the command If a network consists of two switches 192 168 37 60 and 192 168 37 61 respectively and former is...

Page 327: ... switch 192 168 37 61 client status Client Switch IP Address MAC Address Channel Status 192 168 37 61 00 0F B5 86 93 85 6 Authenticated 00 14 C2 0C 47 1D 11 Authenticated On the switch that is not acting as a Cluster Controller the summary command displays entries in the following format DWS 4026 show wireless switch client status Client Switch IP Address MAC Address Channel Status 192 168 37 61 0...

Page 328: ... client list Entries normally age out according to the configured age time show wireless client failure status This command displays the client failure status parameters Format clear wireless client failure list Mode Privileged EXEC Format clear wireless client adhoc list Mode Privileged EXEC Format show wireless client macaddr failure status Mode Privileged EXEC Field Description macaddr Client M...

Page 329: ...C Address AP MAC Address Location Radio Detection Mode Age 00 01 01 30 01 01 00 01 01 02 01 01 FirstFloor 1 Beacon Frame 3h 45m 4s 00 01 01 42 01 01 00 01 01 02 03 01 Eng 1 Beacon Frame 3h 44m 59s 00 01 01 45 01 01 00 01 01 02 01 01 FirstFloor 1 Beacon Frame 3h 45m 2s DWS 4026 Format show wireless client macaddr adhoc status Mode Privileged EXEC Field Description macaddr Client MAC address MAC Add...

Page 330: ...ommand to enable rogue reporting for AP s operating on an illegal channel no wids security ap chan illegal Use this command to disable the mode to report APs operating on an illegal channel wids security ap de auth attack AP de authentication attack Use this command to enable the AP de authentication attack no wids security ap de auth attack Use this command to disable the AP de authentication att...

Page 331: ...r fake managed AP s detected with an invalid channel wids security fakeman ap no ssid Beacon received from fake managed AP without SSID rogue detection Use this command to enable rogue reporting for fake managed AP s detected with no SSID no wids security fakeman ap no ssid Use this command to disable rogue reporting for fake managed APs detected with an invalid channel Default Enable Format wids ...

Page 332: ...eport AP s detected with managed SSID s and an invalid security configuration wids security rogue det trap interval Rogue detected trap interval Use this command to set the interval in seconds between transmissions of the trap telling you that rogues are present in the RF Scan database Default Enable Format wids security managed ap ssid invalid Mode Wireless Config Format no wids security managed ...

Page 333: ...id Managed SSID received from unknown AP rogue Use this command to enable rogue reporting for unknown rogue APs detected with a managed SSID no wids security unknown ap managed ssid Use this command to disable reporting unknown rogue APs detected with a managed SSID wids security unmanaged ap wired Unmanaged AP is detected on a wired network Rogue Detection Use this command to enable rogue reporti...

Page 334: ...nd to set the minimum number of seconds that the AP waits before starting a new wired network detection cycle no wids security wired detection interval This command restores the minimum wired detection interval to its default value Default Enable Format wids security unmanaged ap wired Mode Wireless Config Format no wids security unmanaged ap wired Mode Wireless Config Default Enable Format wids s...

Page 335: ...d SSID Enable or disable rogue reporting for a managed AP with an invalid SSID Rogue managed SSID invalid security Enable or disable rogue reporting for APs with a managed SSID and an incorrect security configuration Rogue standalone AP unexpected config Enable or disable rogue reporting for standalone APs operating with unexpected channel security or WIDS mode Rogue unknown AP managed SSID Enable...

Page 336: ...03 WIDSAPROGUE04 True 00 00 00 00 00 14 1 Enable Rogue 0d 00 00 04 0d 00 00 05 WIDSAPROGUE05 True 00 00 00 00 00 15 2 Enable Rogue 0d 00 00 06 0d 00 00 07 WIDSAPROGUE06 True 00 00 00 00 00 16 0 Enable Rogue 0d 00 01 28 0d 00 01 39 WIDSAPROGUE07 False 00 00 00 00 00 17 1 Enable 0d 00 01 51 0d 00 03 42 WIDSAPROGUE08 False 00 00 00 00 00 18 2 Enable 0d 00 05 33 0d 00 07 24 WIDSAPROGUE09 False 00 00 0...

Page 337: ...ids security de authentication This command displays information about APs against which the Cluster Controller initiated a de authentication attack Example The following shows example CLI display output for the command DWS 4026 show wireless wids security de authentication BSSID Channel Attack Time Age 00 02 BB 00 0A 01 3 0d 00 01 51 0d 00 01 28 00 02 BB 00 14 02 6 0d 00 03 42 0d 00 02 56 00 02 B...

Page 338: ...0 64 0A 30 0d 00 18 30 0d 00 14 40 00 02 BB 00 6E 0B 33 0d 00 20 21 0d 00 16 08 00 02 BB 00 78 0C 36 0d 00 22 12 0d 00 17 36 00 02 BB 00 82 0D 39 0d 00 24 03 0d 00 19 04 00 02 BB 00 8C 0E 42 0d 00 25 54 0d 00 20 32 00 02 BB 00 96 0F 45 0d 00 27 45 0d 00 22 00 00 02 BB 00 A0 10 48 0d 00 29 36 0d 00 23 28 ...

Page 339: ...ids security client rogue det trap interval cr Press Enter to execute the command wids security client known client database Use this command to enable the test which marks the client as a rogue if it is not in the Known Clients database no wids security client known client database Use this command to disable the check for the client in the Known Clients database Default 60 Format wids security c...

Page 340: ...mmand to disable the test for checking if the client exceeds the configured rate for transmitting probe requests wids security client configured deauth rate Use this command to enable the test which marks the client as rogue if it exceeds the configured rate for transmitting 802 11 de authentication requests no wids security client configured deauth rate Use this command to disable the test for ch...

Page 341: ...ap Use this command to disable the test for checking if the client is authenticated with an unknown AP wids security client threat mitigation Use this command to enable the transmission of de authentication messages to known clients associated with unknown APs The Known Client test must also be enabled order for the mitigation to take place Format no wids security client configured deauth rate Mod...

Page 342: ... Use this command to configure the threshold interval for counting the de authentication messages no wids security client threshold interval deauth Use this command to set the threshold value for the de authentication interval to its default Format no wids security client threat mitigation Mode Wireless Config Default 10 Format wids security client threshold value deauth 1 99999 Mode Wireless Conf...

Page 343: ... threshold value for the authentication interval to its default wids security client threshold value probe Use this command to configure the maximum number of probe messages a switch can receive during the threshold interval Default 10 Format wids security client threshold value auth 1 99999 Mode Wireless Config Parameter Description 1 99999 The range of the threshold value Format no wids security...

Page 344: ... number of 802 1X authentication failures that triggers the client to be reported as rogue no wids security client threshold auth failure Use this command to set the threshold value for authentication failures to its default Format no wids security client threshold value probe Mode Wireless Config Default 60 Format wids security client threshold interval probe 1 3600 Mode Wireless Config Parameter...

Page 345: ...d client ack rogue Use this command to change the client status from Rogue to Known or Authenticated for the specified client MAC address If no client is specified the command changes the client status for all of the clients Default Local Format wids security client known db location local radius server Mode Wireless Config Parameter Description local Database defined locally radius server Databas...

Page 346: ...se this command to display the roaming history for the specified MAC address or all the clients in the detected client database A roaming history of up to ten Access Points is displayed as only the maximum of ten records are maintained for each client Clients that never authenticated with the managed network do not display in the list Parameter Description macaddr The Ethernet address of the clien...

Page 347: ... pre authenticated Radio The radio interface on the AP VAP Mac Address The Ethernet address of the VAP to which client has roamed SSID The RF Noise perceived by the reporting AP for the specified detected client Auth Status Shows if the client authentication was due to new authentication or roaming Time Since Roam Time since entry was last updated Format show wireless client macaddr detected clien...

Page 348: ...e managed AP with which the client is authenticated Auth Noise Noise reported by the managed AP with which the client is authenticated Probe Req Number of probe requests during the collection interval Probe Collection Interval The time remaining in the probe collection interval Highest Num Probes The largest number of probes that the switch detected during the collection interval Auth Req The numb...

Page 349: ...0d 00 00 41 Highest Num Probes 10 Auth Req 0 Auth Collection Interval 0d 00 00 41 Highest Num Auth Msgs 0 DeAuth Req 0 DeAuth Collection Interval 0d 00 00 41 Highest Num DeAuth Msgs 0 Num Auth Failures 0 Total Probe Msgs 20 Broadcast BSSID Probes 10 Broadcast SSID Probes 10 Specific BSSID Probes 0 Specific SSID Probes 0 Last Non Broadcast BSSID 00 00 00 00 00 00 Last Non Broadcast SSID Threat Miti...

Page 350: ... SNMP trap that indicates the administrator that rogue APs are present in the RF Scan database If set to 0 the trap is never sent Rogue Not in Known Client List If client MAC address is not in the Known Client database then report the client as Rogue Rogue Exceeds Auth Req If the client exceeds the configured rate for transmitting 802 11 authentication requests report the client as Rogue Rogue Exc...

Page 351: ...r the command DWS 4026 show wireless wids security client rogue test descriptions WIDSCLIENTROGUE01 Client not listed in the Known Clients database WIDSCLIENTROGUE02 Client exceeds configured rate for transmitting 802 11 authentication requests WIDSCLIENTROGUE03 Client exceeds configured rate for transmitting probe requests Auth Threshold Value The maximum number of authentication messages the cli...

Page 352: ... Corporation All Rights Reserved WIDSCLIENTROGUE04 Client exceeds configured rate for transmitting de authentication requests WIDSCLIENTROGUE05 Client exceeds max num of failing authentications WIDSCLIENTROGUE06 Known Client is authenticated with an Unknown AP ...

Page 353: ...ge 367 Captive Portal User Group Commands on page 374 CAPTIVE PORTAL GLOBAL COMMANDS The commands in this section enable you to configure the captive portal settings that affect the captive portal feature on the switch and all captive portal instances captive portal Use this command to enter the Captive Portal Configuration Mode enable Captive Portal Config Mode This command globally enables the c...

Page 354: ...secure port default is 0 which denotes no additional port and the default port 443 is used Example The following shows an example of the command DWS 4026 Config CP https port 60000 cr DWS 4026 Config CP no https port cr no https port This command set the HTTPS secure port to the default statistics interval Use this command to configure the interval at which statistics are reported in the Cluster C...

Page 355: ...agent to send a trap when a client attempts to authenticate with a captive portal but is unsuccessful The client connect option allows the SNMP agent to send a trap when a client authenticates with and connects to a captive portal The client db full option allows the SNMP agent to send a trap each time an entry cannot be added to the client database because it is full The client disconnect option ...

Page 356: ...alue show captive portal This command reports status of the captive portal feature show captive portal status This command reports status of all captive portal instances in the system Format no trapflags client auth failure client connect client db full client disconnect Mode Captive Portal Config Default 300 Format authentication timeout timeout Mode Captive Portal Config Format no authentication...

Page 357: ...r The reporting interval is in the range of 0 15 3600 seconds where 0 disables statistical reporting Authentication Timeout Displays the number of seconds to keep the authentication session open with the client When the timeout expires the switch disconnects any active TCP or SSL connection with the client Supported Captive Portals Shows the number of supported captive portals in the system Config...

Page 358: ...attempts to authenticate with a captive portal but is unsuccessful Client Connection Traps Shows whether the SNMP agent sends a trap when a client authenticates with and connects to a captive portal Client Database Full Traps Shows whether the SNMP agent sends a trap each time an entry cannot be added to the client database because it is full Client Disconnection Traps Shows whether the SNMP agent...

Page 359: ... a captive portal configuration The command fails if interfaces are associated to this configuration The default captive portal configuration cannot be deleted The Captive Portal ID cp id variable is a number in the range of 1 10 enable Captive Portal This command enables a captive portal configuration no enable This command disables a captive portal configuration name This command configures the ...

Page 360: ...signs a group ID to a captive portal configuration Each Captive Portal configuration must contain at least one group ID The group ID has a 1 1024 range Group ID 1 is the default radius accounting This command enables accounting for a captive portal configuration no radius auth server This command disables accounting for a captive portal configuration radius auth server Use this command to configur...

Page 361: ...L to which the newly authenticated client is redirected if the URL Redirect Mode is enabled This command is only available if the redirect mode is enabled max bandwidth up This command configures the maximum rate at which a client can send data into the network Default Disable Format radius auth server server name Mode Captive Portal Instance Format no radius auth server Mode Captive Portal Instan...

Page 362: ...ber of octets the user is allowed to transmit After this limit has been reached the user will be disconnected If the value is set to 0 then the limit is not enforced Default 0 Format max bandwidth up rate Mode Captive Portal Config Parameter Description rate Rate in bps 0 indicates limit not enforced Format no max bandwidth up Mode Captive Portal Instance Default 0 Format max bandwidth down rate M...

Page 363: ...ser is allowed to transfer i e the sum of octets transmitted and received After this limit has been reached the user will be disconnected If the value is set to 0 then the limit is not enforced no max total octets This command sets to the default the maximum number of octets the user is allowed to transfer i e the sum of octets transmitted and received Format no max input octets Mode Captive Porta...

Page 364: ... the idle timeout for a captive portal configuration to the default value locale This command is not intended to be a user command The administrator must use the WEB user interface to create and customize captive portal web content The command is primarily used by the Unified Switch show running config command and process as it provides the ability to save and restore configurations using a text b...

Page 365: ...ser logout This command enables the ability for an authenticated user to de authenticate from the network This command is configurable for a captive portal configuration no user logout This command removes the association between an interface and a captive portal configuration Format interface slot port Mode Captive Portal Instance Format no interface slot port Mode Captive Portal Instance Format ...

Page 366: ...uthentication page using a well known color name or RGB value For example red or RGB hex code i e FF0000 The range of color code is 1 32 characters separator color Use this command to customize the separator bar color of the Captive Portal authentication page using a well known color name or RGB value For example red or RGB hex code i e FF0000 The range of color code is 1 32 characters Default BFB...

Page 367: ...is enabled or disabled Disable Reason If the captive portal is disabled this field indicates the reason Blocked Status Shows the blocked status which is Blocked or Not Blocked Authenticated Users Shows the number of authenticated users connected to the network through this captive portal Configured Locales Shows the number of locales defined for this captive portal Format show captive portal confi...

Page 368: ...dicates whether the Redirect URL Mode is enabled or disabled Max Bandwidth Up bytes sec The maximum rate in bytes per second bps at which a client can send data into the network Max Bandwidth Down bytes sec The maximum rate in bps at which a client can receive data from the network Max Input Octets bytes The maximum number of octets the user is allowed to transmit Max Output Octets bytes The maxim...

Page 369: ...361 Captive Portal Status Commands Locale Link The names of the languages Field Description ...

Page 370: ...ss of the wireless client if applicable Protocol Mode Shows the current connection protocol which is either HTTP or HTTPS Verification Mode Shows the current account type which is Guest Local or RADIUS Session Time Shows the amount of time that has passed since the client was authorized If you specify a client MAC address the following additional information displays CP ID Shows the captive portal...

Page 371: ...escription Describes the interface Client MAC Address Identifies the MAC address of the wireless client if applicable If you use the optional slot port information the following additional information appears Client IP Address Identifies the IP address of the wireless client if applicable CP ID Shows the captive portal ID the connected client is using CP Name Shows the name of the captive portal t...

Page 372: ... or all clients are deauthenticated from all captive portal configurations You can use the macaddr variable to specify the MAC address of the client to deauthenticate If no value is specified then all clients are deauthenticated from the specified captive portal configuration or all configurations Client IP Address Identifies the IP address of the wireless client if applicable Interface Valid slot...

Page 373: ...is using Interface Valid slot and port number separated by a forward slash Interface Description Describes the interface Type Shows the type of interface Format show captive portal interface capability slot port Mode Privileged EXEC Field Description Interface Valid slot and port number separated by a forward slash Interface Description Describes the interface Type Shows the type of interface If y...

Page 374: ...poration All Rights Reserved Packets Transmitted Counter Indicates whether or not this field is supported by the specified captive portal interface Roaming Indicates whether or not this field is supported by the specified captive portal interface Field Description ...

Page 375: ...ng name to create the user DWS 4026 Config CP user 1 name test Example The following shows an example using password to create the user DWS 4026 Config CP user 1 password test1234 cr no user This command deletes a user from the local user database If the user has an existing session it is disconnected Example The following shows an example of the command DWS 4026 Config CP no user 1 cr user name T...

Page 376: ...created with the user command The encrypt pwd variable is the password in encrypted format which can be up to 128 hexadecimal characters Example The following shows an example of the command DWS 4026 Config CP user 1 password encrypted encrypted pwd cr user group This command assigns modifies the group name for the associated captive portal user The user id variable is the user ID which is a numbe...

Page 377: ... 0 to indicate that the timeout is not enforced Example The following shows an example of the command DWS 4026 Config CP user 1 idle timeout 600 cr no user idle timeout This command sets the session idle timeout value for the associated captive portal user to the default value The user id variable is a user configured in the local database Example The following shows an example of the command DWS ...

Page 378: ...to limit the number of octets in bytes that the user is allowed to transmit After this limit has been reached the user will be disconnected 0 octets denote unlimited transmission Default 0 Format user user id max bandwidth up bps Mode Captive Portal Config Parameter Description user id User ID from 1 to 128 characters bps Client transmit rate in bytes per second bps 0 denotes unlimited bandwidth F...

Page 379: ...mber of octets in bytes that the user is allowed to transmit and receive The maximum number of octets is the sum of octets transmitted and received After this limit has been reached the user will be disconnected 0 octets denote unlimited transmission Parameter Description user id User ID from 1 to 128 characters octets Number of bytes Format no user user id max input octets Mode Captive Portal Con...

Page 380: ...the user name Session Timeout Displays the number of seconds the user can remain in a session before being disconnected from the Captive Portal Idle Timeout Displays the number of seconds the user can remain idle before being disconnected from the Captive Portal Group ID Displays the group identifier for the group to which the user belongs When you include the user id variable the following inform...

Page 381: ...373 Captive Portal Local User Commands clear captive portal users This command deletes all captive portal user entries Format clear captive portal users Mode Privileged EXEC ...

Page 382: ...d to configure a group name The group id variable is a number in the range of 1 10 The name variable can be up to 32 alphanumeric characters user group rename This command replaces a group s associations with the default group or a specified group The group id and new group id variables are each a number in the range of 1 10 Format user group group id Mode Captive Portal Config Format no user grou...

Page 383: ...ow you to control the priority and transmission rate of traffic classofservice dot1p mapping This command maps an 802 1p priority to an internal traffic class The userpriority values can range from 0 7 The trafficclass values range from 0 6 although the actual number of available traffic classes depends on the platform For more information about 802 1p priority see Voice VLAN Commands on page 45 N...

Page 384: ... class of service trust mode of an interface You can set the mode to trust one of the Dot1p 802 1p or IP DSCP packet markings You can also set the interface mode to untrusted If you configure an interface to use Dot1p the mode does not appear in the output of the show running config command because Dot1p is the default no classofservice trust This command sets the interface mode to the default val...

Page 385: ...ified queue no cos queue strict This command restores the default weighted scheduler mode for each specified queue traffic shape This command specifies the maximum transmission bandwidth limit for the interface as a whole Also known as rate shaping traffic shaping has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded Format cos queue min ban...

Page 386: ... page 45 The following information is repeated for each user priority Example The following shows example CLI display output for the command DWS 4026 show classofservice dot1p mapping User Priority Traffic Class 0 1 1 0 2 0 3 1 4 2 5 2 6 7 7 3 The following information is repeated for each user priority Format no traffic shape Modes Global Config Interface Config Format show classofservice dot1p m...

Page 387: ...0 13 0 14 af13 0 15 0 16 cs2 0 17 0 18 af21 0 19 0 More or q uit show classofservice trust This command displays the current trust mode setting for a specific interface The slot port parameter is optional If you specify an interface the command displays the port trust mode of the interface If you do not specify an interface the command displays the most recent global configuration settings Format ...

Page 388: ...P traffic This is only displayed when the COS trust mode is set to trust IP Precedence or IP DSCP on platforms that support IP DSCP Untrusted Traffic Class The traffic class used for all untrusted traffic This is only displayed when the COS trust mode is set to untrusted Format show interfaces cos queue slot port Mode Privileged EXEC Term Definition Queue Id An interface supports 8 queues numbered...

Page 389: ...he match criteria for a packet The switch applies a policy to a packet when it finds a class match within that policy The following rules apply when you create a DiffServ class Each class can contain a maximum of one referenced nested class Class definitions do not support hierarchical service policies A given class definition can contain a maximum of one reference to another class You can combine...

Page 390: ...s definition consisting of one or more rules to identify the traffic that belongs to the class The CLI command root is class map class map This command defines a DiffServ class of type match all When used without any match condition this command enters the class map mode The class map name is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying an existing DiffServ cla...

Page 391: ... alphanumeric string from 1 to 31 characters uniquely identifying the class match any This command adds to the specified class definition a match condition whereby all packets are considered to belong to the class match class map This command adds to the specified class definition the set of match conditions defined for another class The refclassname is the name of an existing DiffServ class whose...

Page 392: ...p ftpdata http smtp snmp telnet tftp www Each of these translates into its equivalent port number To specify the match condition using a numeric notation one layer 4 port number is required The port number is an integer from 0 to 65535 Note The parameters refclassname and class map name can not be the same Only one other class may be referenced by a class Any attempt to delete the refclassname cla...

Page 393: ... tosmask is a two digit hexadecimal number from 00 to ff The tosmask denotes the bit positions in tosbits that are used for comparison against the IP TOS field in a packet For example to check for an IP TOS value having bits 7 and 5 set and bit 1 clear where bit 7 is most significant use a tosbits value of a0 hex and a tosmask of a2 hex Note The ip dscp ip precedence and ip tos match conditions ar...

Page 394: ...ecifies an IP address bit mask and must consist of a contiguous set of leading 1 bits match srcip6 This command adds to the specified class definition a match condition based on the source IP address of a packet match srcl4port This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or numeric notation To specify the...

Page 395: ...to the policy The first class you add has the highest precedence This set of commands consists of policy creation deletion class addition removal and individual policy attributes The CLI command root is policy map assign queue This command modifies the queue id to which the associated traffic stream is assigned The queueid is an integer from 0 to 7 and the number of egress queues supported by the ...

Page 396: ...bsequent policy attribute statements The classname is the name of an existing DiffServ class no class This command deletes the instance of a particular class and its defined treatment from the specified policy classname is the names of an existing DiffServ class Format mirror slot port Mode Policy Class Map Config Incompatibilities Drop Redirect Note This command may only be used after specifying ...

Page 397: ...ice command uses a single data rate and burst size resulting in two outcomes conform and violate The conforming data rate is specified in kilobits per second Kbps and is an integer from 1 to 4294967295 The conforming burst size is specified in kilobytes KB and is an integer from 1 to 128 For each outcome the only possible actions are drop set cos transmit set dscp transmit set prec transmit or tra...

Page 398: ...olicyname parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy DIFFSERV SERVICE COMMANDS Use the DiffServ service commands to assign a DiffServ traffic conditioning policy which you specified by using the policy commands to an interface in the incoming direction The service commands attach a defined policy to a directional interface You can assi...

Page 399: ... the DiffServ administrative mode is enabled Note This command effectively enables DiffServ on an interface in the inbound direction There is no separate interface administrative mode command for DiffServ Note This command fails if any attributes within the policy definition exceed the capabilities of the interface Once a policy is successfully attached to an interface any attempt to change the po...

Page 400: ...3 Proto The Layer 3 protocol for this class The Unified Switch currently only supports IPv4 Match Criteria The Match Criteria fields are only displayed if they have been configured Not all platforms support all match criteria values They are displayed in the order entered by the user The fields are evaluated in accordance with the class type The possible Match Criteria fields are Destination IP Ad...

Page 401: ...n the Class Rule Table Class Rule Table Max The maximum allowed entries rows for the Class Rule Table Policy Table Size The current number of entries rows in the Policy Table Policy Table Max The maximum allowed entries rows for the Policy Table Policy Instance Table Size Current number of entries rows in the Policy Instance Table Policy Instance Table Max Maximum allowed entries rows for the Poli...

Page 402: ...CL cannot co exist on the same interface Mark CoS The class of service value that is set in the 802 1p header of inbound packets This is not displayed if the mark cos was not specified Mark IP DSCP The mark re mark value used as the DSCP for traffic matching this class This is not displayed if mark ip description is not specified Mark IP Precedence The mark re mark value used as the IP Precedence ...

Page 403: ... An attached policy is only in effect on an interface while DiffServ is in an enabled mode Interface Valid slot and port number separated by a forward slash Direction The traffic direction of this interface service Operational Status The current operational status of this DiffServ service interface Policy Name The name of the policy attached to the interface in the indicated direction Policy Detai...

Page 404: ...n No in bound policy is attached to this interface show service policy This command displays a summary of policy oriented statistics information for all interfaces in the specified direction Note This command is only allowed while the DiffServ administrative mode is enabled Format show policy map interface slot port in Mode Privileged EXEC Term Definition Interface Valid slot and port number separ...

Page 405: ...for the Layer 2 header of an Ethernet frame The name parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list If a MAC ACL by this name already exists this command enters Mac Access List config mode to allow updating the existing MAC ACL no mac access list extended This command deletes a MAC ACL identified by name from the system mac access...

Page 406: ...thertypekey values are appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppoe rarp Each of these translates into its equivalent Ethertype value s The vlan and cos parameters refer to the VLAN identifier and 802 1p user priority fields respectively of the VLAN tag For packets containing a double VLAN tag this is the first or outer tag Format mac access list extended rename name...

Page 407: ...ce number that is one greater than the highest sequence number currently in use for this interface and direction is used This command specified in Interface Config mode only affects a single interface whereas the Global Config mode setting is applied to all interfaces The VLAN keyword is only valid in the Global Config mode The Interface Config mode command is only available on platforms that supp...

Page 408: ...of a subnet mask With a subnet mask the mask has ones 1 s in the bit positions that are used for the network address and has zeros 0 s for the bit positions that are not used In contrast a wildcard mask has 0 s in a bit position that must be checked A 1 in a bit position of the ACL mask indicates the corresponding bit can be ignored access list This command creates an IP Access Control List ACL th...

Page 409: ...y Match every packet icmp igmp ip tcp udp number Specifies the protocol to filter for an extended IP ACL rule srcip srcmask Specifies a source IP address and source netmask for match condition of the IP ACL rule eq portkey 0 65535 Specifies the source layer 4 port match condition for the IP ACL rule You can use the port number which ranges from 0 65535 or you specify the portkey which can be one o...

Page 410: ... ACL by the name newname already exists deny permit IP ACL This command creates a new rule for the current IP access list Each rule is appended to the list of configured rules for the list A rule may either deny or permit traffic according to the specified classification fields At a minimum either the every keyword or the protocol source address and destination address values must be specified The...

Page 411: ...eady assigned to this interface and direction A lower number indicates higher precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the currently attached IP access list using that sequence number If the sequence number is not specified for this command a sequence number that is one greater than the highest sequence number curre...

Page 412: ...associated with each rule The possible values are Permit or Deny Match All Indicates whether this access list applies to every packet Possible values are True or False Protocol The protocol to filter for this rule Source IP Address The source IP address for this rule Source IP Mask The source IP Mask for this rule Source L4 Port Keyword The source port for this rule Destination IP Address The dest...

Page 413: ...cess list or the numeric identifier for an IP access list Sequence Number An optional sequence number may be specified to indicate the order of this access list relative to other access lists already assigned to this interface and direction A lower number indicates higher precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the...

Page 414: ...trol protocol is detected the switch assigns the traffic in that session to the highest CoS queue which is generally used for time sensitive traffic auto voip all Use this command to enable VoIP Profile on the interfaces of the switch no auto voip all Use this command to disable VoIP Profile on the interfaces of the switch auto voip Use this command to enable VoIP Profile on the interface no auto ...

Page 415: ...oIP Mode Traffic Class 0 1 Enabled 7 Format show auto voip interface slot port all Mode Privileged EXEC Field Description AutoVoIP Mode The Auto VoIP mode on the interface Traffic Class The CoS Queue or Traffic Class to which all VoIP traffic is mapped to This is not configurable and defaults to the highest CoS queue available in the system for data traffic ...

Page 417: ...wo software images in the permanent storage You can specify which image is the active image to be loaded in subsequent reboots This feature allows reduced down time when you upgrade or downgrade the software delete This command deletes the supplied image file from the permanent storage The image to be deleted must be a backup image If this image is the active image or if this image is activated an...

Page 418: ...e image for subsequent reboots SYSTEM INFORMATION AND STATISTICS COMMANDS This section describes the commands you use to view information about system features components and configurations show arp switch This command displays the contents of the IP stack s Address Resolution Protocol ARP table The IP stack only learns ARP entries associated with the management interfaces the network ports ARP en...

Page 419: ...ition File The file in which the event originated Line The line number of the event Task Id The task ID of the event Code The event code Time The time this event occurred Unit The unit for the event Note Event log information is retained across a switch reset Note The show version command and the show hardware command display the same information In future releases of the software the show hardwar...

Page 420: ...nd packets that contained errors preventing them from being deliverable to a higher layer protocol Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Transmitted Without Error The total number of packets transmitted out of the interface Transmit Packets Errors The number of outbound p...

Page 421: ...e Address Table entries now active on the switch including learned and static entries VLAN Entries Currently In Use The number of VLAN entries presently occupying the VLAN table Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this switch were last cleared Format show interface ethernet slot port switchport Mode Privileged EXEC Term Defin...

Page 422: ... otherwise well formed Packets RX and TX 64 Octets The total number of packets including bad packets received and transmitted that were 64 octets in length excluding framing bits but including FCS octets Packets RX and TX 65 127 Octets The total number of packets including bad packets received and transmitted that were between 65 and 127 octets in length inclusive excluding framing bits but includ...

Page 423: ...at had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Overruns The total number of frames discarded as this port was overloaded with incoming packets and could not keep up with the inflow Total Ignored Frames The total number of dropped packets including those that were aborte...

Page 424: ...excluding framing bits but including FCS octets Packets Transmitted 1024 1518 Octets The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets Max Frame Size The maximum size of the Info non MAC field that this port will receive or transmit Packets Transmitted Successfully Total The number o...

Page 425: ...ating in half duplex mode GVRP PDUs Received The count of GVRP PDUs received in the GARP layer GVRP PDUs Transmitted The count of GVRP PDUs transmitted from the GARP layer GVRP Failed Registrations The number of times attempted GVRP registrations could not be completed GMRP PDUs Received The count of GMRP PDU s received in the GARP layer GMRP PDUs Transmitted The count of GMRP PDU s transmitted fr...

Page 426: ...be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a Multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to the Broad...

Page 427: ...h this port Status The status of this entry The meanings of the values are Static The value of the corresponding instance was added by the system or a user when a static MAC filter was defined It cannot be relearned Learned The value of the corresponding instance was learned by observing the source MAC addresses of incoming traffic and is currently in use Management The value of the corresponding ...

Page 428: ...rporation All Rights Reserved show process cpu This command provides the percentage utilization of the CPU by different tasks Note It is not necessarily the traffic to the CPU but different tasks that keep the CPU busy Format show process cpu Mode Privileged EXEC ...

Page 429: ...Task 0 00 0 00 0 09 8c95698 wlanPeerTxRxTask 0 00 0 10 0 30 8ca1250 wlanDiscoverTask 0 00 0 06 0 01 Total CPU Utilization 4 00 4 16 4 90 show running config Use this command to display or capture the current setting of different protocol packages supported on the switch This command displays or captures commands with settings and configurations that differ from the default value To display or capt...

Page 430: ...h up 0 max bandwidth down 0 More or q uit max input octets 0 max output octets 0 max total octets 0 interface 8 1 separator color B70024 background color BFBFBF foreground color 999999 locale 1 code en account image login_key jpg account label 0045006E00740065007200200079006F0075007200200055007300650072006E0061006D0065002E Note If you use a text based configuration file the show running config com...

Page 431: ...300200073006 500720076006900630065002C00200065006E00740065007200200079006F00750072002000630072006500 640065006E007400690061006C007300200061006E006400200063006C00690063006B00200074006800650 0200043006F006E006E00650063007400200062007500740074006F006E002E link 00280045006E0067006C0069007300680029 password label 00500061007300730077006F00720064 More or q uit resource msg 004500720072006F0072003A002000...

Page 432: ...ser configured number of lines is displayed in one page the system prompts the user for More or q uit Press q or Q to quit or press any key to display the next set of 5 48 lines The Format show sysinfo Mode Privileged EXEC Term Definition Switch Description Text used to identify this switch System Name Name used to identify the switch The factory default is blank To configure the system name see s...

Page 433: ...ength to the default value show terminal length Use this command to display the value of the user configured terminal length size nvram size Use this command to display NVRAM size information The output shows the NVRAM size in bytes the bytes used and the bytes available Default 24 lines per page Format terminal length 0 5 48 Mode Privileged EXEC Format show terminal length Mode Privileged EXEC Fo...

Page 434: ...l capacity Otherwise when the log file reaches full capacity logging stops no logging buffered wrap This command disables wrapping of in memory logging and configures logging to stop when the log file capacity is full logging cli command This command enables the CLI command logging feature which enables the Unified Switch software to log all CLI commands issued on the system Default disabled criti...

Page 435: ...ndicates the type of address ipv4 or dns being passed The port value is a port number from 1 to 65535 You can specify the severitylevel value as either an integer from 0 to 7 or symbolically through one of the following keywords emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 info 6 or debug 7 logging host remove This command disables logging to host See show logging hosts on page 429 fo...

Page 436: ...ing configuration information Default 514 Format logging port portid Mode Global Config Format no logging port Mode Global Config Default disabled Format logging syslog port portid Mode Global Config Format no logging syslog Mode Global Config Format show logging Mode Privileged EXEC Term Definition Logging Client Local Port Port on the collector relay to which syslog messages are sent CLI Command...

Page 437: ...red Mode Privileged EXEC Term Definition Buffered In Memory Logging Shows whether the In Memory log is enabled or disabled Buffered Logging Wrapping Behavior The behavior of the In Memory log when faced with a log full situation Buffered Log Count The count of valid entries in the buffered log Format show logging hosts unit Mode Privileged EXEC Term Definition Host Index Used for deleting hosts IP...

Page 438: ...tem can retain Number of Traps Since Log Last Viewed The number of new traps since the command was last executed Log The log number System Time Up How long the system had been running at the time the trap was sent Trap The text of the trap message Default count 3 probes interval 3 seconds size 0 bytes port 33434 maxTtl 30 hops maxFail 5 probes initTtl 1 hop Format traceroute ipaddr hostname initTt...

Page 439: ...Test attempt 19 Test Success 18 clear config This command resets the configuration to the factory defaults without powering off the switch When you issue this command a prompt appears to confirm that the reset should proceed When you enter y you automatically reset the current configuration on the switch to the default values It does not reset the switch clear counters This command clears the stat...

Page 440: ... proceed clear port channel This command clears all port channels LAGs clear traplog This command clears the trap log clear vlan This command resets VLAN configuration parameters to the factory defaults enable passwd This command prompts you to change the Privileged EXEC password Passwords are a maximum of 64 alphanumeric characters The password is case sensitive Format clear igmpsnooping Mode Pri...

Page 441: ...026 ping 10 254 2 160 count 3 interval 1 size 255 Pinging 10 254 2 160 with 255 bytes of data Format enable passwd encrypted password Mode Privileged EXEC Note Save configuration changes before logging out Format logout Modes Privileged EXEC User EXEC Default The default count is 1 The default interval is 3 seconds The default size is 0 bytes Format ping ipaddress hostname count count interval int...

Page 442: ...imedOut DWS 4026 ping 1 1 1 1 count 1 interval 3 Pinging 1 1 1 1 with 0 bytes of data 1 1 1 1 PING statistics 1 packets transmitted 0 packets received 100 packet loss round trip msec min avg max 0 0 0 quit This command closes the current telnet connection or resets the current serial connection The system asks you whether to save configuration changes before quitting reload This command resets the...

Page 443: ...a specified configuration script file to a server nvram startup config nvram backup config Copies the startup configuration to the backup configuration nvram startup config url Copies the startup configuration to a server nvram traplog url Copies the trap log file to a server system running config nvram startup config Saves the running configuration to nvram url nvram clibanner Downloads the CLI b...

Page 444: ...d may set the mode to either broadcast or unicast url nvram sslpem root Downloads an HTTP secure server certificate For more information see Hypertext Transfer Protocol Commands on page 485 url nvram sslpem server Downloads an HTTP secure server certificate url nvram startup config Downloads the startup configuration file to the system url nvram system image Downloads a code image to the system ur...

Page 445: ... from 6 to 16 no sntp unicast client poll interval This command resets the poll interval for SNTP unicast clients to its default value sntp unicast client poll timeout This command will set the poll timeout for SNTP unicast clients in seconds to a value from 1 30 Format no sntp client mode Mode Global Config Default 123 Format sntp client port portid Mode Global Config Format no sntp client port M...

Page 446: ...o where poll interval can be a value from 6 to 16 no sntp multicast client poll interval This command resets the poll interval for SNTP multicast clients to its default value sntp server This command configures an SNTP server a maximum of three The optional priority can be a value of 1 3 the version a value of 1 4 and the port id a value of 1 65535 Format no sntp unicast client poll timeout Mode G...

Page 447: ...inition Last Update Time Time of last clock update Last Attempt Time Time of last transmit query in unicast mode Last Attempt Status Status of the last SNTP request in unicast mode or unsolicited message in broadcast mode Broadcast Count Current number of unsolicited broadcast messages that have been received and processed by the SNTP client since last reboot Format show sntp client Mode Privilege...

Page 448: ...mber of SNTP configured Term Definition IP Address Hostname IP address or hostname of configured SNTP Server Address Type Address Type of configured SNTP server Priority IP priority type of the configured server Version SNTP Version number of the server The protocol version used to query the server in unicast mode Port Server Port Number Last Attempt Time Last server attempt time for the specified...

Page 449: ...set 60 zone PDT minutes Replace minutes with the number of minutes your time zone differs from the UTC in addition to the offset in the range 59 to 59 zone zone Replace zone with an acronym for the time zone Default none Format clock summer time date starting month dd yyyy hh mm ending month dd yyyy hh mm offset offset zone zone Mode Global Config Term Definition month Replace starting month and e...

Page 450: ...as Microsoft DHCP clients the client identifier is required instead of hardware addresses The unique identifier is a concatenation of the media type and the MAC address For example the Microsoft client identifier for Ethernet address c819 2488 f177 is 01c8 1924 88f1 77 where 01 represents the Ethernet media type For more information refer to the Address Resolution Protocol Parameters section of RF...

Page 451: ...0 is invalid no dns server This command removes the DNS Server list hardware address This command specifies the hardware address of a DHCP client Hardware address is the MAC address of the hardware platform of the client consisting of 6 bytes in dotted hexadecimal format Type indicates the protocol of the hardware platform It is 1 for 10 MB Ethernet and 6 for IEEE 802 Format no client name Mode DH...

Page 452: ...ommand configures the duration of the lease for an IP address that is assigned from a DHCP server to a DHCP client The overall lease time should be between 1 86400 minutes If you specify infinite the lease is set for 60 days You can also specify a lease duration Days is an integer from 0 to 59 Hours is an integer from 0 to 23 Minutes is an integer from 0 to 59 no lease This command restores the de...

Page 453: ...ecifies the name of the default boot image for a DHCP client The filename specifies the boot image file no bootfile This command deletes the boot image name domain name This command specifies the domain name for a DHCP client The domain specifies the domain name string of the client no domain name This command removes the domain name Default none Format network networknumber mask prefixlength Mode...

Page 454: ...IOS node type for Microsoft Dynamic Host Configuration Protocol DHCP clients Valid types are b node Broadcast p node Peer to peer m node Mixed h node Hybrid recommended no netbios node type This command removes the NetBIOS node Type next server This command configures the next server in the boot process of a DHCP client The address parameter is the IP address of the next server in the boot process...

Page 455: ...ies the DHCP option code ip dhcp excluded address This command specifies the IP addresses that a DHCP server should not assign to DHCP clients Low address and high address are valid IP addresses each made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid no ip dhcp excluded address This command removes the excluded IP addresses for a DHCP client Low address and high addr...

Page 456: ...o 0 service dhcp This command enables the DHCP server no service dhcp This command disables the DHCP server ip dhcp bootp automatic This command enables the allocation of the addresses to the bootp client The addresses are from the automatic address pool no ip dhcp bootp automatic This command disables the allocation of the addresses to the bootp client The address are from the automatic address p...

Page 457: ... command is used to clear an address conflict from the DHCP Server database The server detects conflicts using a ping DHCP server clears all conflicts If the asterisk character is used as the address parameter show ip dhcp binding This command displays address bindings for the specific IP address on the DHCP server If no IP address is specified the bindings corresponding to all the addresses are d...

Page 458: ... IP address was assigned to the client Format show ip dhcp global configuration Modes Privileged EXEC User EXEC Term Definition Service DHCP The field to display the status of dhcp protocol Number of Ping Packets The maximum number of Ping Packets that will be sent to verify that an ip address id not already assigned Conflict Logging Shows whether conflict logging is enabled or disabled BootP Auto...

Page 459: ...ses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database Expired Bindings The number of expired leases Malformed Bindings The number of truncated or corrupted messages that were received by the DHCP server Message Definition DHCP DISCOVER The number of DHCPDISCOVER messages the server has received DHCP REQUEST The number of DHCPREQUEST messages the ...

Page 460: ...command to define a default domain name that Unified Switch software uses to complete unqualified host names names with a domain name By default no default domain name is configured in the system name may not be longer than 255 characters and should not include an initial period This name should be used only when the default domain name list configured using the ip domain list command is empty For...

Page 461: ...ly when the default domain name list is empty A maximum of 32 names can be entered in to this list no ip domain list Use this command to delete a name from a list ip name server Use this command to configure the available name servers Up to eight servers can be defined in one command or by using multiple commands The parameter server address is a valid IPv4 or IPv6 address of the server The prefer...

Page 462: ...his number ranges from 0 to 100 no ip domain retry Use this command to return to the default ip domain timeout Use this command to specify the amount of time to wait for a response to a DNS query The parameter seconds specifies the time in seconds to wait for a response to a DNS query seconds ranges from 0 to 3600 no ip domain timeout Use this command to return to the default setting Default none ...

Page 463: ...Default domain list yahoo com Stanford edu rediff com Domain Name lookup Enabled Number of retries 5 Retry timeout period 1500 Name servers Preference order 176 16 1 18 176 16 1 19 Configured host name to address mapping Host Addresses Format clear host name all Mode Privileged EXEC Field Description name A particular host entry to remove name ranges from 1 255 characters all Removes all entries F...

Page 464: ...col messages no debug arp Use this command to disable ARP debug protocol messages debug auto voip Use this command to enable Auto VOIP debug messages Use the optional parameters to trace H323 SCCP or SIP packets respectively no debug auto voip Use this command to disable Auto VOIP debug messages Caution The output of debug commands can be long and may adversely affect system performance Default di...

Page 465: ...istent across resets no debug console This command disables the display of debug trace output on the login session in which it is executed debug dot1x packet Use this command to enable dot1x packet debug trace no debug dot1x packet Use this command to disable dot1x packet debug trace debug igmpsnooping packet This command enables tracing of IGMP Snooping packets received and transmitted by the swi...

Page 466: ... This command disables tracing of transmitted IGMP snooping packets Format no debug igmpsnooping packet Mode Privileged EXEC Default disabled Format debug igmpsnooping packet transmit Mode Privileged EXEC Parameter Definition TX A packet transmitted by the device Intf The interface that the packet went out on Format used is slot port internal interface number Src_Mac Source MAC address of the pack...

Page 467: ...tocol packets matching the ACL criteria Default disabled Format debug igmpsnooping packet receive Mode Privileged EXEC Parameter Definition RX A packet received by the device Intf The interface that the packet went out on Format used is slot port internal interface number Src_Mac Source MAC address of the packet Dest_Mac Destination multicast MAC address of the packet Src_IP The source IP address ...

Page 468: ... 0x36 no debug lacp packet This command disables tracing of LACP packets debug mldsnooping packet Use this command to trace MLD snooping packet reception and transmission receive traces only received MLD snooping packets and transmit traces only transmitted MLD snooping packets When neither keyword is used in the command then all MLD snooping packet traces are dumped Vital information such as sour...

Page 469: ...1 Pkt RX Intf 0 1 1 S RC_IP 10 50 50 1 DEST_IP 10 50 50 2 Type ECHO_REPLY The following parameters are displayed in the trace message no debug ping packet This command disables tracing of ICMP echo requests and responses Default disabled Format debug mldsnooping packet receive transmit Mode Privileged EXEC Default disabled Format debug ping packet Mode Privileged EXEC Parameter Definition TX RX TX...

Page 470: ...onses debug sflow packet Use this command to enable sFlow debug packet trace Default disabled Format debug rip packet Mode Privileged EXEC Parameter Definition TX RX TX refers to a packet transmitted by the device RX refers to packets received by the device Intf The interface that the packet came in or went out on Format used is slot port internal interface number Src_IP The source IP address in t...

Page 471: ...message is shown below 15 JAN 01 01 02 04 192 168 17 29 1 DOT1S 191096896 dot1s_debug c 1249 101 Pkt RX Intf 0 9 9 Source_Mac 00 11 88 4e c2 10 Version 3 Root Mac 00 11 88 4e c2 00 Root Priority 0x8000 Path Cost 0 The following parameters are displayed in the trace message Default disabled Format debug sflow packet Mode Privileged EXEC Format no debug sflow packet Mode Privileged EXEC Default disa...

Page 472: ...ng tree protocol version 0 3 0 refers to STP 2 RSTP and 3 MSTP Root_Mac MAC address of the CIST root bridge Root_Priority Priority of the CIST root bridge The value is between 0 and 61440 It is displayed in hex in multiples of 4096 Path_Cost External root path cost component of the BPDU Format no debug spanning tree bpdu receive Mode Privileged EXEC Default disabled Format debug spanning tree bpdu...

Page 473: ... level of logging messages is specified at severity level Possible values for severity level are emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 info 6 debug 7 no logging persistent Use this command to disable the persistent logging in the switch Format no debug spanning tree bpdu transmit Mode Privileged EXEC Default Disable Format logging persistent severity level Mode Global Config Fo...

Page 474: ...e Status One of the following statuses is returned Normal The cable is working correctly Open The cable is disconnected or there is a faulty connector Short There is an electrical short in the cable Cable Test Failed The cable status could not be determined The cable may in fact be working Cable Length If this feature is supported by the PHY for the current link speed the cable length is displayed...

Page 475: ...n is reset to the default values An entity wishing to claim an sFlowRcvrTable entry must ensure that the entry is unclaimed before trying to claim it The entry is claimed by setting the owner string to a non null value The entry must be claimed before assigning a receiver to a sampler or poller Receiver Timeout The time in seconds remaining before the sampler or poller is released and stops sendin...

Page 476: ...s 0 Maxheadersize The maximum number of bytes that should be copied from the sampler packet The range is 20 256 The default is 128 When set to zero 0 all the sampler parameters are set to their corresponding default value Sampling Rate The statistical sampling rate for packet sampling from this source A sampling rate of 1 counts all packets A value of zero 0 disables sampling A value of N means th...

Page 477: ...ware version IP Address The IP address associated with this agent Format show sflow pollers Mode Privileged EXEC Field Description Poller Data Source The sFlowDataSource slot port for this sFlow sampler This agent will support Physical ports only Receiver Index The sFlowReceiver associated with this sFlow counter poller Poller Interval The number of seconds between successive samples of the counte...

Page 478: ... Type The sFlow receiver IP address type For an IPv4 address the value is 1 and for an IPv6 address the value is 2 Datagram Version The sFlow protocol version to be used while sending samples to sFlow receiver Format show sflow samplers Mode Privileged EXEC Field Description Sampler Data Source The sFlowDataSource slot port for this sFlow sampler This agent will support Physical ports only Receive...

Page 479: ...emory When enabled the configuration is saved after downloading from the TFTP server without operator intervention When disabled the operator must explicitly save the configuration if needed no boot autoinstall auto save This command disables saving the network configuration to non volatile memory boot autoinstall retry count This command sets the number of unicast TFTP attempts for the configurat...

Page 480: ...mmand displays the current status of the AutoInstall process Example The following shows example CLI display output for the command DWS 4026 show autoinstall AutoInstall Mode Started AutoSave Mode Enabled AutoInstall Retry Count 3 AutoInstall State Waiting for boot options Format show autoinstall Mode Privileged EXEC ...

Page 481: ...age 517 Pre login Banner and System Prompt Commands on page 519 NETWORK INTERFACE COMMANDS This section describes the commands you use to configure a logical interface for management access To configure the management VLAN see network mgmt_vlan on page 32 enable Privileged EXEC access This command gives you access to the Privileged EXEC mode From the Privileged EXEC mode you can configure the netw...

Page 482: ...MAC addresses The following rules apply Bit 6 of byte 0 called the U L bit indicates whether the address is universally administered b 0 or locally administered b 1 Bit 7 of byte 0 called the I G bit indicates whether the destination address is an individual address b 0 or a group address b 1 The second character of the twelve character macaddr must be 2 6 A or E A locally administered address mus...

Page 483: ...ormat show network Modes Privileged EXEC User EXEC Term Definition Interface Status The network interface status it is always considered to be up IP Address The IP address of the interface The factory default value is 0 0 0 0 Subnet Mask The IP subnet mask for this interface The factory default value is 0 0 0 0 Default Gateway The default gateway for this IP interface The factory default value is ...

Page 484: ...f the switch configuration This command gives you access to the Global Config mode From the Global Config mode you can configure a variety of system settings including user accounts From the Global Config mode you can enter other command modes including Line Config mode lineconfig This command gives you access to the Line Config mode which allows you to configure various Telnet settings and the co...

Page 485: ...des Privileged EXEC User EXEC Term Definition Serial Port Login Timeout minutes The time in minutes of inactivity on a Serial port connection after which the Switch will close the connection Any numeric value between 0 and 160 is allowed the factory default is 5 A value of 0 disables the timeout Baud Rate bps The default baud rate at which the serial port will try to connect The available values a...

Page 486: ...d decimal integer in the range of 0 to 65535 where the default value is 23 If debug is used the current Telnet options enabled is displayed The optional line parameter sets the outbound Telnet operational mode as linemode where by default the operational mode is character mode The noecho option disables local echo transport input telnet This command regulates new Telnet sessions If enabled new Tel...

Page 487: ...n from being established session limit This command specifies the maximum number of simultaneous outbound Telnet sessions A value of 0 indicates that no outbound Telnet session can be established no session limit This command sets the maximum number of simultaneous outbound Telnet sessions to the default value session timeout This command sets the Telnet session timeout value The timeout value uni...

Page 488: ...sion is active as long as the session has not been idle for the value set The time is a decimal value from 1 to 160 no telnetcon timeout This command sets the Telnet connection session timeout value to the default Format no session timeout Mode Line Config Default 5 Format telnetcon maxsessions 0 5 Mode Privileged EXEC Format no telnetcon maxsessions Mode Privileged EXEC Note When you change the t...

Page 489: ...sion is allowed to remain inactive before being logged off Maximum Number of Outbound Telnet Sessions The number of simultaneous outbound Telnet connections allowed Allow New Outbound Telnet Sessions Indicates whether outbound Telnet sessions will be allowed Format show telnetcon Modes Privileged EXEC User EXEC Term Definition Remote Connection Login Timeout minutes This object indicates the numbe...

Page 490: ...es the IP secure shell server sshcon maxsessions This command specifies the maximum number of SSH connection sessions that can be established A value of 0 indicates that no ssh connection can be established The range is 0 to 5 no sshcon maxsessions This command sets the maximum number of allowed SSH connection sessions to the default value Default disabled Format ip ssh Mode Privileged EXEC Defaul...

Page 491: ...s MANAGEMENT SECURITY COMMANDS This section describes commands you use to generate keys and certificates which you can do in addition to loading them as before Default 5 Format sshcon timeout 1 160 Mode Privileged EXEC Format no sshcon timeout Mode Privileged EXEC Format show ip ssh Mode Privileged EXEC Term Definition Administrative Mode This field indicates whether the administrative mode of SSH...

Page 492: ...s command to generate an RSA key pair for SSH The new key files will overwrite any existing generated or downloaded RSA key files no crypto key generate rsa Use this command to delete the RSA key files from the device crypto key generate dsa Use this command to generate a DSA key pair for SSH The new key files will overwrite any existing generated or downloaded DSA key files no crypto key generate...

Page 493: ... interface takes effect immediately All interfaces are affected no ip http server This command disables access to the switch through the Web interface When access is disabled the user cannot login to the switch s Web server ip http secure server This command is used to enable the secure socket layer for secure HTTP no ip http secure server This command is used to disable the secure socket layer fo...

Page 494: ...its the number of allowable un secure HTTP sessions Zero is the configurable minimum no ip http session maxsessions This command restores the number of allowable un secure HTTP sessions to the default value ip http session soft timeout This command configures the soft timeout for un secure HTTP sessions in minutes Configuring this value to zero will give an infinite soft timeout When this timeout ...

Page 495: ...ip http secure session maxsessions This command restores the number of allowable secure HTTP sessions to the default value ip http secure session soft timeout This command configures the soft timeout for secure HTTP sessions in minutes Configuring this value to zero will give an infinite soft timeout When this timeout expires you are forced to re authenticate This timer begins on initiation of the...

Page 496: ...to both TLS1 and SSL3 show ip http This command displays the http settings for the switch Format no ip http secure session soft timeout Mode Privileged EXEC Default 443 Format ip http secure port portid Mode Privileged EXEC Format no ip http secure port Mode Privileged EXEC Default SSL3 and TLS1 Format ip http secure protocol SSL3 TLS1 Mode Privileged EXEC Format show ip http Mode Privileged EXEC ...

Page 497: ...Secure Protocol Level s The protocol level may have the values of SSL3 TSL1 or both SSL3 and TSL1 Maximum Allowable HTTPS Sessions The number of allowable secure http sessions HTTPS Session Hard Timeout The hard timeout for secure http sessions in hours HTTPS Session Soft Timeout The soft timeout for secure http sessions in minutes Certificate Present Indicates whether the secure server certificat...

Page 498: ... Only a user with read write access can re activate a locked user account Session Time Total time this session has been connected Session Type Shows the type of session which can be HTTP HTTPS telnet serial or SSH Note You cannot delete the admin user There is only one user allowed with read write privileges You can configure up to five read only users on the system Note The username is not case s...

Page 499: ...y 128 hexadecimal characters The user represented by the username parameter must be a pre existing local user users snmpv3 accessmode This command specifies the snmpv3 access privileges for the specified login user The valid accessmode values are readonly or readwrite The username is the login user name for which the specified access mode applies The default is readwrite for the admin user and rea...

Page 500: ... none The username is the user name for which the specified authentication protocol is used users snmpv3 encryption This command specifies the encryption protocol used for the specified user The valid encryption protocols are des or none If you select des you can specify the required key on the command line The encryption key must be 8 to 64 characters long If you select the des protocol but do no...

Page 501: ...h Read Write or is only able to view them Read Only As a factory default the admin user has Read Write access and the guest has Read Only access There can only be one Read Write user and up to five Read Only users SNMPv3 Access Mode The SNMPv3 Access Mode If the value is set to ReadWrite the SNMPv3 user is able to set and retrieve parameters on the system If the value is set to ReadOnly the SNMPv3...

Page 502: ...changes his or her password the user will not be able to reuse any password stored in password history This ensures that users don t reuse their passwords often The valid range is 0 10 no passwords history Use this command to set the password history to the default value passwords aging Use this command to implement aging on passwords for local users When a user s password expires the user will be...

Page 503: ...rd lock out count to the default value show passwords configuration Use this command to display the configured password management settings write memory Use this command to save running configuration changes to NVRAM so that the changes you make will persist across a reboot This command is the same as copy system running config nvram startup config Format no passwords aging Mode Global Config Defa...

Page 504: ...me to be deleted snmp server community ipaddr This command sets a client IP address for an SNMP community The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device A value of 0 0 0 0 allows access from any IP address Otherwise this value is...

Page 505: ...ic characters snmp server community mode This command activates an SNMP community If a community is enabled an SNMP manager associated with this community manages the switch according to its access right If the community is disabled no SNMP requests using this community are accepted In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed ba...

Page 506: ...ort no snmp server enable traps violation This command disables the sending of new violation traps snmp server enable traps This command enables the Authentication failure trap no snmp server enable traps This command disables the Authentication failure trap Format snmp server community ro name Mode Global Config Format snmp server community rw name Mode Global Config Note For other port security ...

Page 507: ... terminal interface session no snmp server enable traps multiusers This command disables Multiple User traps snmp server enable traps stpmode This command enables the sending of new root traps and topology change notification traps no snmp server enable traps stpmode This command disables the sending of new root traps and topology change notification traps Default enabled Format snmp server enable...

Page 508: ...tive alphanumeric characters Note The name parameter does not need to be unique however the name and ipaddr pair must be unique Multiple entries can exist with the same name as long as they are associated with a different ipaddr The reverse scenario is also acceptable The name is the community name used when sending the trap to the receiver but the name is not directly associated with the SNMP Com...

Page 509: ...e snmp trap link status all This command enables link status traps for all interfaces Format snmptrap mode name ipaddr Mode Global Config Format no snmptrap mode name ipaddr Mode Global Config Note This command is valid only when the Link Up Down Flag is enabled See snmp server enable traps linkmode on page 499 Format snmp trap link status Mode Interface Config Note This command is valid only when...

Page 510: ...9 Format no snmp trap link status all Mode Global Config Format show snmpcommunity Mode Privileged EXEC Term Definition SNMP Community Name The community string to which this entry grants access A valid entry is a case sensitive alphanumeric string of up to 16 characters Each row of this table must contain a unique community name Client IP Address An IP address or portion thereof from which this d...

Page 511: ...s device SNMP Version SNMPv2 Mode The receiver s status enabled or disabled Format show trapflags Mode Privileged EXEC Term Definition Authentication Flag Can be enabled or disabled The factory default is enabled Indicates whether authentication failure traps will be sent Link Up Down Flag Can be enabled or disabled The factory default is enabled Indicates whether link status traps will be sent Mu...

Page 512: ...ounting function on the Unified Switch no radius accounting mode This command is used to set the RADIUS accounting function to the default value i e the RADIUS accounting function is disabled radius server attribute This command specifies the RADIUS client to use the NAS IP Address attribute in the RADIUS requests If the specific IP address is configured while enabling this attribute the RADIUS cl...

Page 513: ...number of configured servers is reached the command fails until you remove one of the servers by issuing the no form of the command If you use the optional port parameter the command configures the UDP port number to use when connecting to the configured RADIUS server The port number range is 1 65535 with 1812 being the default value If you use the acct token the command configures the IP address ...

Page 514: ...026 Config no radius server host acct 192 168 37 60 radius server key This command configures the key to be used in RADIUS client communication with the specified server Depending on whether the auth or acct token is used the shared secret is configured for the RADIUS authentication or RADIUS accounting server The IP address or hostname provided must match a previously configured server When this ...

Page 515: ...hen the RADIUS client has to perform transactions with an authenticating RADIUS server of specified name the client uses the primary server that has the specified server name by default If the RADIUS client fails to communicate with the primary server for any reason the client uses the backup servers configured with the same server name These backup servers are identified as the Secondary type dns...

Page 516: ...ommand configures the global parameter for the RADIUS client that specifies the timeout value in seconds after which a request must be retransmitted to the RADIUS server if no response is received The timeout value is an integer in the range of 1 to 30 no radius server timeout The no version of this command sets the timeout global parameter to the default value show radius This command displays th...

Page 517: ...gured Accounting Servers The number of RADIUS Accounting servers that have been configured Number of Named Authentication Server Groups The number of configured named RADIUS server groups Number of Named Accounting Server Groups The number of configured named RADIUS server groups Number of Retransmits The configured value of the maximum number of times a request packet is retransmitted Time Durati...

Page 518: ...Current The symbol preceeding the server host address specifies that the server is currently active Host Address The IP address of the host Server Name The name of the authenticating server Port The port used for communication with the authenticating server Type Specifies whether this server is a primary or secondary type Current Host Address The IP address of the currently active authenticating s...

Page 519: ...details are displayed Example The following shows example CLI display output for the command DWS 4026 show radius accounting name Host Address Server Name Port Secret Configured 192 168 37 200 Network1_RADIUS_Server 1813 Yes 192 168 37 201 Network2_RADIUS_Server 1813 No 192 168 37 202 Network3_RADIUS_Server 1813 Yes 192 168 37 203 Network4_RADIUS_Server 1813 No Format show radius accounting name s...

Page 520: ...d it from this RADIUS accounting server Requests The number of RADIUS Accounting Request packets sent to this server This number does not include retransmissions Retransmission The number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server Responses The number of RADIUS packets received on the accounting port from this server Malformed Responses The number of malfor...

Page 521: ...ed RADIUS Authenticating servers Format show radius statistics ipaddr dnsname name servername Mode Privileged EXEC Term Definition ipaddr The IP address of the server dnsname The DNS name of the server servername The alias name to identify the server RADIUS Server Name The name of the authenticating server Server Host Address The IP address of the host Access Requests The number of RADIUS Access R...

Page 522: ...ets Dropped 0 Access Challenges The number of RADIUS Access Challenge packets including both valid and invalid packets that were received from this server Malformed Access Responses The number of malformed RADIUS Access Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators or signature attributes or unknown types are not included as ...

Page 523: ...y Use the tacacs server key command to set the authentication and encryption key for all TACACS communications between the switch and the TACACS daemon The key string parameter has a range of 0 128 characters and specifies the authentication and encryption key for all TACACS communications between the switch and the TACACS server This key must match the key used on the TACACS daemon Text based con...

Page 524: ...non encrypted format When you save the configuration these secret keys are stored in encrypted format only If you want to enter the key in encrypted format enter the key along with the encrypted keyword In the show running config command s display these secret keys are displayed in encrypted format You cannot show these keys in plain text format port Use the port command in TACACS Configuration mo...

Page 525: ...lt configuration however you are not prevented from applying scripts on systems with non default configurations Scripts must conform to the following rules The file extension must be scr A maximum of ten scripts are allowed on the switch The combined size of all script files on the switch shall not exceed 2048 KB The maximum number of configuration file command lines is 2000 You can type single li...

Page 526: ... where the scriptname parameter is the name of the script to delete The all option deletes all the scripts present on the switch script list This command lists all scripts present on the switch as well as the remaining available space Note To specify a blank password for a user in the configuration script you must specify it as a space within quotes For example to change the password for user jane...

Page 527: ...the pre login banner and the system prompt The pre login banner is the text that displays before you login at the User prompt copy pre login banner The copy command includes the option to upload or download the CLI Banner to or from the switch You can specify local URLs by using TFTP Xmodem Ymodem or Zmodem set prompt This command changes the name of the prompt The length of name may be up to 64 a...

Page 529: ...ge 527 QoS on page 532 Routing on page 533 Technologies on page 534 Technologies on page 534 O S Support on page 536 CORE Note This section is not a complete list of all syslog messages Table 12 BSP Log Messages Component Message Cause BSP Event 0xaaaaaaaa Switch has restarted BSP Starting code BSP initialization complete starting Unified Switch application Table 13 NIM Log Messages Component Mess...

Page 530: ...en saved or for which configuration has been erased SYSTEM could not separate SYSAPI_CONFIG_FILENAME The configuration file could not be read This message may occur on a system for which no configuration has ever been saved or for which configuration has been erased SYSTEM Building defaults for file file name version version num Configuration did not exist or could not be read for the specified fe...

Page 531: ...iltering Error on call to sysapiCfgFileWrite file Error on trying to save configuration Table 17 NVStore Log Messages Component Message Cause NVStore Building defaults for file XXX A component s configuration file does not exist or the file s checksum is incorrect so the component s default configuration file is built NVStore Error on call to osapiFsWrite routine on file XXX Either the file cannot...

Page 532: ... to validate id xxx The RADIUS Client received an invalid message from the server RADIUS RADIUS Failed to validate Message Authenticator id xxx The RADIUS Client received an invalid message from the server RADIUS RADIUS Access Accpet failed to validate id xxx The RADIUS Client received an invalid message from the server RADIUS RADIUS Invalid packet length xxx The RADIUS Client received an invalid ...

Page 533: ...re being used and the connection could not be made EmWeb ConnectionType EmWeb socket accept failed errno Socket accept failure for the specified connection type EmWeb ewsNetHTTPReceive failure in NetReceiveLoop closing connection Socket receive failure EmWeb EmWeb connection allocation failed Memory allocation failure for the new connection EmWeb EMWEB TransmitPending EWOULDBLOCK error sending dat...

Page 534: ...read only mode Table 25 CLI_WEB_MGR Log Messages Component Message Cause CLI_WEB_MGR File size is greater than 2K The banner file size is greater than 2K bytes CLI_WEB_MGR No of rows greater than allowed maximum of XXXX When the number of rows exceeds the maximum allowed rows Table 26 SSHD Log Messages Component Message Cause SSHD SSHD Unable to create the global data semaphore Failed to create se...

Page 535: ...Messages Component Message Cause User_Manager User Login Failed for XXXX Failed to authenticate user login XXXX indicates the username to be authenticated User_Manager Access level for user XXXX could not be determined Setting to READ_ONLY Invalid access level specified for the user The access level is set to READ_ONLY XXXX indicates the username User_Manager Could not migrate config file XXXX fro...

Page 536: ...ster for vlan change notifications IPsubnet vlans vlanIpSubnetCnfgrFiniPhase1Process could not delete avl semaphore This appears when a semaphore deletion of this component fails IPsubnet vlans vlanIpSubnetDtlVlanCreate Failed This appears when a dtl call fails to add an entry into the table IPsubnet vlans vlanIpSubnetSubnetDeleteApply Failed This appears when a dtl fails to delete an entry from t...

Page 537: ...ntingStart ifIndex xxx Failed sending accounting start to RADIUS server 802 1X function failed sending terminate cause intf xxx Failed sending accounting stop to RADIUS server Table 33 IGMP Snooping Log Messages Component Message Cause IGMP Snooping function osapiMessageSend failed IGMP Snooping message queue is full IGMP Snooping Failed to set global igmp snooping mode to xxx Failed to set global...

Page 538: ... Traces the build up of message queue Helpful in determining the load on GARP GARP GVRP GMRP gid_destroy_port Error Removing port d registration for vlan mac d 02X 02X 02X 02X 02X 02X Mismatch between the gmd gmrp database and MFDB GARP GVRP GMRP gmd_create_entry GMRP failure adding MFDB entry vlan d and address s MFDB table is full Table 35 802 3ad Log Messages Component Message Cause 802 3ad dot...

Page 539: ...dified after it is converted to static If this vlan is a learnt via GVRP then we cannot modify it s member set via management Table 40 802 1S Log Messages Component Message Cause 802 1S dot1sIssueCmd Dot1s Msg Queue is full Event u on interface u for instance u The message Queue is full 802 1S dot1sStateMachineRxBpdu Rcvd BPDU Discarded The current conditions like port is not enabled or we are cur...

Page 540: ... contains a logging attribute ACL IP ACL number Forced truncation of one or more rules during config migration While processing the saved configuration the system encountered an ACL with more rules than is supported by the current version This may happen when code is updated to a version supporting fewer rules per ACL than the previous version Table 44 CoS Log Message Component Message Cause COS c...

Page 541: ...routing table becomes full RTO logs this alert The count of total routes includes alternate routes which are not installed in hardware Routing Table Manager RTO no longer full Bad adds 10 Routing table contains 7999 best routes 7999 total routes When the number of best routes drops below full capacity RTO logs this notice The number of bad adds may give an indication of the number of route adds th...

Page 542: ...d successfully A previously configured probe port is not being used in the policy The release notes state that only a single probe port can be configured Driver Policy x does not contain rule x The rule was not added to the policy due to a discrepancy in the rule count for this specific policy Additionally the message can be displayed when an old rule is being modified but the old rule is not in t...

Page 543: ...A synchronization retry will be issued Driver USL failed to sync policy table on unit x Could not synchronize unit x due to a transport failure or API issue on remote unit A synchronization retry will be issued Driver USL failed to sync VLAN table on unit x Could not synchronize unit x due to a transport failure or API issue on remote unit A synchronization retry will be issued Driver Invalid LAG ...

Page 544: ...or refers to a file on which this operation is impossible ftruncate is called to correctly set the file s size in the file system after a write This msg indicates the file system may be corrupted OSAPI VxWorks ftruncate failed Returned an unknown code in errno ftruncate is called to correctly set the file s size in the file system after a write This msg indicates the file system may be corrupted O...

Page 545: ...537 O SSupport ...

Page 547: ...ation timeout 348 authorization network radius 504 auto negotiate all 14 auto negotiate 14 auto summary 191 auto voip all 406 auto voip 406 background color 358 beacon interval 269 block 357 boot autoinstall auto save 471 boot autoinstall retry count 471 boot autoinstall 471 boot system 410 bootfile 445 bootpdhcprelay cidoptmode 187 bootpdhcprelay enable 188 bootpdhcprelay maxhopcount 188 bootpdhc...

Page 548: ... ip dhcp snooping statistics 111 clear isdp counters 158 clear isdp table 158 clear lldp remote data 135 clear lldp statistics 134 clear pass 432 clear port channel 432 clear radius statistics 55 clear traplog 432 clear vlan 432 clear wireless ap failed 290 clear wireless ap failure list 305 clear wireless ap neighbors 290 clear wireless ap rf scan list 307 clear wireless client adhoc list 320 cle...

Page 549: ...64 debug spanning tree bpdu 463 default information originate RIP 191 default metric RIP 192 default router 443 delete 409 deleteport Global Config 80 deleteport Interface Config 80 deny broadcast 247 description 15 detected client ack rogue 337 dhcp client vendor id option 104 dhcp client vendor id option string 104 dhcp l2relay circuit id vlan 99 dhcp l2relay remote id vlan 99 dhcp l2relay trust...

Page 550: ...56 dot1x max req 56 dot1x max users 57 dot1x pae 66 dot1x port control all 57 dot1x port control 57 dot1x re authenticate 58 dot1x re authentication 58 dot1x session key refresh rate 257 dot1x supplicant max start 67 dot1x supplicant port control 66 dot1x supplicant timeout auth period 68 dot1x supplicant timeout held period 67 dot1x supplicant timeout start period 67 dot1x supplicant user 68 dot1...

Page 551: ... packets 448 ip dhcp pool 442 ip dhcp snooping binding 106 ip dhcp snooping database write delay 106 ip dhcp snooping database 106 ip dhcp snooping limit 107 ip dhcp snooping log invalid 107 ip dhcp snooping trust 108 ip dhcp snooping verify mac address 105 ip dhcp snooping vlan 105 ip dhcp snooping 105 ip domain list 453 ip domain lookup 452 ip domain name 452 ip domain retry 454 ip domain timeou...

Page 552: ...net server enable 478 ip unreachables 197 ip verify binding 107 ip verify source 108 ip vrrp Global Config 181 ip vrrp Interface Config 181 ip vrrp authentication 182 ip vrrp ip 182 ip vrrp mode 181 ip vrrp preempt 183 ip vrrp priority 183 ip vrrp timers advertise 183 ip vrrp track interface 184 ip vrrp track ip route 184 isdp advertise v2 157 isdp enable 157 isdp holdtime 157 isdp run 156 isdp ti...

Page 553: ...lldp receive 132 lldp timers 132 lldp transmit 132 lldp transmit mgmt 133 lldp transmit tlv 133 load balance 274 locale 356 location 237 logging buffered wrap 426 logging buffered 426 logging cli command 426 logging console 427 logging host remove 427 logging host 427 logging persistent 465 logging port 428 logging syslog 428 logout 433 mac access group 399 mac access list extended rename 397 mac ...

Page 554: ...node type 446 network AP Profile VAP Config Mode 286 network DHCP Pool Config 445 network Wireless Config Mode 244 network javamode 475 network mac address 474 network mac type 474 network mgmt_vlan 32 network parms 474 network protocol 474 next server 446 no monitor 94 nvram size 425 option 447 OUI database 201 passwd 494 password AP Config Mode 238 password encrypted 238 passwords aging 494 pass...

Page 555: ...352 qos ap edca 282 qos station edca 283 quit 434 radio 239 radio 266 radius accounting Network Config 253 radius accounting Wireless Config 209 radius accounting mode 504 radius server attribute 504 radius server host 505 radius server key 506 radius server msgauth 507 radius server primary 507 radius server retransmit 508 radius server secret Network Config 251 radius server timeout 508 radius s...

Page 556: ...20 set igmp interfacemode 119 set igmp maxresponse 121 set igmp mcrtrexpiretime 122 set igmp mrouter interface 123 set igmp mrouter 122 set igmp querier election participate 127 set igmp querier query interval 126 set igmp querier timer expiry 126 set igmp querier version 126 set igmp querier 125 set igmp 119 set prompt 519 sflow poller 468 sflow receiver 467 sflow sampler 467 show access lists 40...

Page 557: ... l2relay remote id vlan 103 show dhcp l2relay stats interface 101 show dhcp l2relay vlan 103 show diffserv service brief 395 show diffserv service 395 show diffserv 393 show dos control 153 show dot1q tunnel 44 show dot1x clients 65 show dot1x detail 69 show dot1x statistics 69 show dot1x summary 68 show dot1x users 65 show dot1x users 68 show dot1x 62 show dvlan tunnel 44 show eventlog 411 show f...

Page 558: ...w ip verify source 111 show ip vlan 180 show ip vrrp interface brief 187 show ip vrrp interface stats 185 show ip vrrp interface 186 show ip vrrp 186 show isdp entry 159 show isdp interface 159 show isdp neighbors 159 show isdp traffic 160 show isdp 158 show lacp actor 92 show lacp partner 92 show lldp interface 135 show lldp local device detail 138 show lldp local device 138 show lldp med interfa...

Page 559: ...9 show radius statistics 513 show radius 508 show running config 421 show serial 477 show service policy 396 show sflow agent 468 show sflow pollers 469 show sflow receivers 469 show sflow samplers 470 show snmpcommunity 502 show snmptrap 502 show sntp client 439 show sntp server 439 show sntp 439 show spanning tree brief 27 show spanning tree interface 27 show spanning tree mst port detailed 28 s...

Page 560: ...w wireless ap rf scan status 307 show wireless ap rf scan triangulation 309 show wireless ap statistics 298 show wireless ap status 290 show wireless channel plan history 231 show wireless channel plan proposed 232 show wireless channel plan 230 show wireless client adhoc status 321 show wireless client client qos radius status 315 show wireless client client qos status 314 show wireless client de...

Page 561: ...wids security rogue classification 328 show wireless wids security rogue test descriptions 329 show wireless wids security 327 show wireless 210 shutdown all 16 shutdown 15 snmp trap link status all 501 snmp trap link status 501 snmp server community ipaddr 496 snmp server community ipmask 497 snmp server community mode 497 snmp server community ro 498 snmp server community rw 498 snmp server comm...

Page 562: ...lone channel Stand alone AP expected channel 239 standalone security Stand alone AP expected security mode 240 standalone ssid Stand alone AP expected SSID 240 standalone wds mode Stand alone AP expected WDS mode 241 station isolation 268 statistics interval 346 storm control broadcast all level 72 storm control broadcast all rate 72 storm control broadcast all 72 storm control broadcast level 71 ...

Page 563: ... down 370 user max bandwidth up 369 user max input octets 370 user max output octets 371 user max total octets 371 user name 367 user password encrypted 368 user password 368 user session timeout 368 user logout 357 users defaultlogin 61 users login 61 users name unlock 490 users name 490 users passwd encrypted 491 users passwd 491 users snmpv3 accessmode 491 users snmpv3 authentication 492 users ...

Page 564: ...s security client known db radius server name 337 wids security client max auth failure 333 wids security client rogue det trap interval 331 wids security client threat mitigation 333 wids security client threshold auth failure 336 wids security client threshold interval auth 335 wids security client threshold interval deauth 334 wids security client threshold interval probe 336 wids security clie...

Page 565: ...263 wireless ap reset 289 wireless channel plan 229 wireless client disassociate 311 wireless peer switch configure 207 wireless power plan 230 wireless 200 wmm 274 wpa ciphers 253 wpa key 254 wpa versions 253 wpa2 key caching holdtime 256 wpa2 key forwarding 256 wpa2 pre authentication limit 256 wpa2 pre authentication 255 write memory 495 ...

Search results

Summary of Contents for DWS-4000 Series

Reviews:

Related manuals for DWS-4000 Series

Brands by name

Popular brands

D-Link DWS-4000 Series, Cli Command Reference

Search results

Summary of Contents for DWS-4000 Series

Reviews:

Related manuals for DWS-4000 Series

Brands by name

Popular brands