manualshive.com logo in svg

D-Link xStack DGS-3200 Series, Cli Manual

The D-Link xStack DGS-3200 Series is a versatile networking product designed for businesses. To ensure seamless setup and operation, make sure to download the free User Manual from our website. Get instant access to the comprehensive manual, guiding you through the product's features and configurations effortlessly.

Share
Download
background image

DGS-3200 Series Layer 2 Gigabit Managed Switch CLI Manual 

 

439

 

How ARP Spoofing Attacks a Network 

ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to 

sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service – DoS attack). 

The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network. Generally, the 

aim is to associate the attacker's or random MAC address with the IP address of another node (such as the default 

gateway). Any traffic meant for that IP address would be mistakenly re-directed to the node specified by the attacker.   

IP spoofing attack is caused by Gratuitous ARP that occurs when a host sends an ARP request to resolve its own IP 

address. Figure-4 shows a hacker within a LAN to initiate ARP spoofing attack.   

Figure-4 

 

 

 

 

 

 

 

 

 

In the Gratuitous ARP packet, the “Sender protocol address” and “Target protocol address” are filled with the same 

source IP address itself. The “Sender H/W Address” and “Target H/W address” are filled with the same source MAC 

address itself. The destination MAC address is the Ethernet broadcast address (FF-FF-FF-FF-FF-FF). All nodes within 

the network will immediately update their own ARP table in accordance with the sender’s MAC and IP address. The 

format of Gratuitous ARP is shown in the following table.   

Table-5 

 

Destination 

address 

Source 

address 

Ethernet 

type 

H/W type 

Protocol 

type 

H/W 

address 

length 

Protocol 

address 

length 

Operation Sender 

H/W 

address 

Sender 

protocol 

address 

Target H/W 

address 

Target 

protocol 

address 

(6-byte) 

 (6-byte) 

(2-byte) 

(2-byte) 

(2-byte) 

(1-byte)

(1-byte) 

(2-byte) 

(6-byte) (4-byte) 

(6-byte) (4-byte) 

FF-FF-FF-FF-FF-FF 00-20-5C-01-11-11

 

 

806 

   

 

 

 

 

 

 

ARP reply 

00-20-5C-01-11-11

 

10.10.10.254

 

00-20-5C-01-11-11

 

10.10.10.254

 

Ethernet Header 

Summary of Contents for xStack DGS-3200 Series

Page 1: ... Manual September 2007 651GS320015G RECYCLABLE ProductModel GS 3200 10 D Layer2GigabitEthernetManagedSwitch Release 1 CLI Manual ProductModel DGS 3200 Series Layer2GigabitEthernetManagedSwitch Release 1 1 ...

Page 2: ...orts 25 III Fundamentals 28 3 BASIC MANAGEMENT COMMAND LIST 29 3 1 create account 29 3 2 enable password encryption 30 3 3 disable password encryption 31 3 4 config account 32 3 5 show account 33 3 6 delete account 34 3 7 show session 35 3 8 show switch 36 3 9 show environment 37 3 10 show serial_port 38 3 11 config serial_port 39 3 12 enable clipaging 40 3 13 disable clipaging 40 3 14 enable teln...

Page 3: ...MAND LIST 63 6 1 create snmp user 63 6 2 delete snmp user 65 6 3 show snmp user 66 6 4 show snmp groups 66 6 5 create snmp view 69 6 6 delete snmp view 70 6 7 show snmp view 71 6 8 create snmp community 72 6 9 delete snmp community 73 6 10 show snmp community 73 6 11 config snmp engineID 74 6 12 show snmp engineID 75 6 13 create snmp group 75 6 14 delete snmp group 76 6 15 create snmp host 77 6 16...

Page 4: ...ation 94 8 4 clear counters 95 8 5 clear log 96 8 6 show log 97 8 7 enable syslog 98 8 8 disable syslog 98 8 9 show syslog 99 8 10 config syslog host 99 8 11 create syslog host 101 8 12 delete syslog host 102 8 13 show syslog host 103 8 14 config log_save_timing 104 8 15 show log_save_timing 104 9 SYSTEM SEVERITY COMMAND LIST 106 9 1 config system_severity 106 9 2 show system_severity 107 10 COMMA...

Page 5: ...able sim 127 14 3 show sim 127 14 4 reconfig 131 14 5 config sim_group 131 14 6 config sim 133 14 7 download sim_ms 134 14 8 upload sim_ms 136 15 SAFEGUARD ENGINE COMMAND LIST 137 15 1 config safeguard_engine 137 15 2 show safeguard_engine 138 V Layer 2 140 16 MSTP COMMAND LIST 141 16 1 show stp 141 16 2 show stp instance 142 16 3 show stp ports 143 16 4 show stp mst_config_id 144 16 5 create stp ...

Page 6: ...TIFICATION COMMAND LIST 165 18 1 enable mac_notification 165 18 2 disable mac_notification 165 18 3 config mac_notification 166 18 4 config mac_notification ports 167 18 5 show mac_notification 167 18 6 show mac_notification ports 168 19 MIRROR COMMAND LIST 170 19 1 config mirror port 170 19 2 enable mirror 171 19 3 disable mirror 172 19 4 show mirror 172 20 VLAN COMMAND LIST 174 20 1 create vlan ...

Page 7: ...gregation 192 22 4 config link_aggregation algorithm 193 22 5 show link_aggregation 194 23 LACP CONFIGURATION COMMAND LIST 196 23 1 config lacp_ports 196 23 2 show lacp_ports 196 24 TRAFFIC SEGMENTATION COMMAND LIST 198 24 1 config traffic_segmentation 198 24 2 show traffic_segmentation 199 25 PORT SECURITY COMMAND LIST 200 25 1 config port_security 200 25 2 delete port_security_entry 201 25 3 cle...

Page 8: ... 4 create ipv6route 221 29 5 delete ipv6route 222 29 6 show ipv6route 223 30 ARP COMMAND LIST 224 30 1 create arpentry 224 30 2 delete arpentry 225 30 3 config arpentry 225 30 4 config arp_aging time 226 30 5 show arpentry 227 30 6 clear arptable 228 31 LOOPBACK DETECTION COMMAND LIST 229 31 1 config loopdetect 229 31 2 config loopdetect ports 230 31 3 enable loopdetect 231 31 4 disable loopdetect...

Page 9: ...TICAST IP ADDRESS COMMAND LIST 256 34 1 create mcast_filter_profile 256 34 2 config mcast_filter_profile 257 34 3 delete mcast_filter_profile 257 34 4 show mcast_filter_profile 258 34 5 config limited_multicast_addr 259 34 6 show limited multicast addr 260 34 7 config max_mcast_group 261 34 8 show max_mcast_group 262 VIII Security 264 35 802 1X COMMAND LIST 265 35 1 enable 802 1x 266 35 2 disable ...

Page 10: ...gin method_list_name 295 36 5 config authen_login 295 36 6 delete authen_login method_list_name 297 36 7 show authen_login 298 36 8 create authen_enable method_list_name 298 36 9 config authen_enable 299 36 10 delete authen_enable method_list_name 301 36 11 show authen_enable 301 36 12 config authen application 302 36 13 show authen application 303 36 14 create authen server_group 304 36 15 config...

Page 11: ...8 7 config ssh server 329 38 8 enable ssh 329 38 9 disable ssh 330 38 10 show ssh server 331 39 IP MAC PORT BINDING IMPB COMMAND LIST 332 39 1 create address_binding ip_mac ipaddress 332 39 2 config address_binding ip_mac ports 333 39 3 delete address_binding address 334 39 4 config address_binding address 335 39 5 show address_binding 336 39 6 enable address_binding acl_mode 337 39 7 disable addr...

Page 12: ...ow mac_based_access_control_local 358 42 JWAC COMMAND LIST 360 42 1 enable disable jwac 360 42 2 enable disable jwac redirect 361 42 3 enable disable jwac forcible_logout 362 42 4 enable disable jwac udp_filtering 363 42 5 enable disable jwac quarantine_server_monitor 363 42 6 config jwac quarantine_server_error_timeout 364 42 7 config jwac redirect 365 42 8 config jwac virtual_ip 366 42 9 config ...

Page 13: ...g dhcp_relay 391 44 2 config dhcp_relay add 392 44 3 config dhcp_relay delete 392 44 4 config dhcp_relay option_82 393 44 5 enable dhcp_relay 395 44 6 disable dhcp_relay 396 44 7 show dhcp_relay 396 XI IPv6 398 45 IPV6 NDP COMMAND LIST 399 45 1 delete ipv6 neighbor_cache 399 45 2 delete ipv6 neighbor_cache 400 45 3 show ipv6 neighbor_cache 401 45 4 config ipv6 nd ns 402 45 5 config ipv6 nd rs 403 ...

Page 14: ...config cpu access_profile 425 46 10 show cpu access_profile 427 46 11 enable cpu_interface_filtering 429 46 12 disable cpu_interface_filtering 430 XIII Packet Control 431 47 PACKET STORM COMMAND LIST 432 47 1 config traffic control 432 47 2 config traffic trap 433 47 3 show traffic control 434 Appendix Mitigating ARP Spoofing Attacks Using Packet Content ACL 436 ...

Page 15: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 15 I Introduction The Introduction section includes the following chapter Using Command Line Interface ...

Page 16: ...anual For detailed information on installing hardware please also refer to the User Manual 1 1 Accessing the Switch via the Serial Port The Switch s serial port s default settings are as follows 115200 baud no parity 8 data bits 1 stop bit A computer running a terminal emulation program capable of emulating a VT 100 terminal and a serial port configured as above is then connected to the Switch s s...

Page 17: ... managed with the Web based manager The Switch IP address can be automatically set using BOOTP or DHCP protocols in which case the actual address assigned to the Switch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows 1 Starting at the command line prompt enter the commands config ipif System ipaddress xxx xxx xxx xxx yyy yyy yyy ...

Page 18: ...m message Success indicates that the command was executed successfully The Switch can now be configured and managed via Telnet SNMP MIB browser and the CLI or via the Web based management agent using the above IP address to connect to the Switch There are a number of helpful features included in the CLI Entering the command will display a list of all of the top level commands ...

Page 19: ...prompt to enter the username with the message Next possible completions Every command in the CLI has this feature and complex commands have several layers of parameter prompting In addition after typing any given command plus one space users can see all of the next possible sub commands in sequential order by repeatedly pressing the Tab key To re enter the previous command at the command prompt pr...

Page 20: ...mpts are the same as presented in this manual angle brackets indicate a numerical value or character string braces indicate optional parameters or a choice of parameters and brackets indicate required parameters If a command is entered that is unrecognized by the CLI the top level commands will be displayed under the Available commands prompt The top level commands consist of commands such as show...

Page 21: ...le disable proxy_arp enable disable you must supply an IP interface name for ipif_name 12 a vlan name for vlan_name 32 and an address for network_address when entering the command Do not type the angle brackets square brackets Enclose a required value or list of required arguments One or more values or arguments must be specified For example in the syntax create account admin user you must specify...

Page 22: ... cursor and shift remainder of line to left Backspace Delete character to left of cursor and shift remainder of line to left Insert Toggle on and off When toggled on inserts text and shifts previous text to right Left Arrow Move cursor to left Right Arrow Move cursor to right Tab Help user to select appropriate token P Display the previous page N or Space Display the next page CTRL C Escape from d...

Page 23: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 23 II Interface and Hardware The Interface and Hardware section includes the following chapter Switch Port ...

Page 24: ...le disable learning enable disable state enable disable description desc 1 32 clear_description Description The config ports command changes switch port settings Parameters Parameters Description portlist all Specified a range of ports to be configured For set all ports in the system you may use all parameter medium_type Specify the medium type when configuring ports that are combo ports It s an o...

Page 25: ...ecified ports are in error disabled status configuring their state to enable will recover these ports from disabled to enable state description Describes the port interface Note Gigabit Ethernet ports are statically set to 1 Gbps and their speed cannot be modified Restrictions You must have administrator privileges Example To configure the speed of ports 1 to 3 of unit 1 to be 10 Mbps with full du...

Page 26: ...displayed Note If no parameter is specified all ports will be displayed Restrictions None Example To display the configuration of ports 1 4 DGS 3200 10 4 show ports 1 4 Command show ports 1 4 Port Port Settings Connection Address State Speed Duplex FlowCtrl Speed Duplex FlowCtrl Learning 1 Enabled 10M Full Enabled Err Disabled Enabled 2 Enabled 10M Full Enabled Link Down Enabled 3 Enabled 10M Full...

Page 27: ... Enabled Desc port3 4 Enabled Auto Disabled Link Down Enabled Desc port4 DGS 3200 10 4 Note Connection status has the following situations Link Down speed Duplex FlowCtrl link up and Err Disabled DGS 3200 10 4 show ports err disabled Command show ports err disabled Port Port Connection status Reason State 1 Enabled Err Disabled Storm control Desc port1 8 Enabled Err Disabled Storm control Desc por...

Page 28: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 28 III Fundamentals The Fundamentals section includes the following chapters Basic Management and Utility ...

Page 29: ...00 115200 auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes enable clipaging disable clipaging enable telnet tcp_port_number 1 65535 disable telnet enable web tcp_port_number 1 65535 disable web save config config_id 1 2 log all reboot reset config system login logout 3 1 create account Purpose Used to create user accounts Format create account admin user username 15 Description The crea...

Page 30: ...10 4 create account admin dlink Command create account admin dlink Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3200 10 4 To create the user level user System DGS 3200 10 4 create account user System Command create account user System Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3200 10 4 3 2 enable p...

Page 31: ...u must have administrator privileges Examples To enable password encryption DGS 3200 10 4 enable password encryption Command enable password encryption Success DGS 3200 10 4 3 3 disable password encryption Purpose Used to create user accounts Format disable password encryption Description The user account configuration information will be stored in the configuration file and can be applied to the ...

Page 32: ... the plain text password If the password is present in the command the user can select to input the password in the plain text form or in the encrypted form The encryption algorithm is based on SHA I Parameters Parameters Description username Name of the account The account must already be defined plain_text Select to specify the password in plain text form sha_1 Select to specify the password in ...

Page 33: ...e new password Enter the new password again for confirmation Success DGS 3200 10 4 To configure the user password of adminstrator account DGS 3200 10 4 config account adminstrator Command config account administrator encrypt sha_1 cRDtpNCeBiq15KOQsKVyrA0sAiCIZQwq Success DGS 3200 10 4 3 5 show account Purpose Used to display user accounts Format show account Description The show account command di...

Page 34: ...System User dlink Admin DGS 3200 10 4 3 6 delete account Purpose Used to delete an existing account Format delete account username Description The delete account command deletes an existing account Parameters Parameters Description username Name of the user who will be deleted Restrictions You must have administrator privileges One active admin user must exist Example To delete the user account Sy...

Page 35: ...w session Description The show session command will display a list of currently users which are logged in to CLI sessions Parameters None Restrictions You must have administrator privileges Example To display a list of currently logged in users DGS 3200 10 4 show session Command show session ID Live Time From Level Name 8 23 37 42 270 Serial Port 4 Anonymous Total Entries 1 CTRL C ESC q Quit SPACE...

Page 36: ...ion DGS 3200 10 4 show switch Command show switch Device Type DGS 3200 10 Gigabit Ethernet Switch MAC Address 00 00 00 01 02 00 IP Address 10 90 90 90 Manual VLAN Name default Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Boot PROM Version Build 1 00 B004 Firmware Version Build 1 10 B021 Hardware Version A1 Serial Number P4CK183000001 System Name System Location System Contact Spanning Tree Disabl...

Page 37: ...State Disabled Single IP Management Disabled Dual Image Supported Password Encryption Status Disabled DGS 3200 10 4 3 9 show environment Purpose Used to display the device internal temperature Format show environment Description The show environemnt command displays the device internal temperature status Parameters None Restrictions Only DGS 3200 16 supports this command DGS 3200 10 does not suppo...

Page 38: ...L C ESC q Quit SPACE n Next Page p Previous Page r Refresh 3 10 show serial_port Purpose Used to display the current serial port setting Format show serial_port Description The show serial_port command displays the current serial port setting Parameters None Restrictions None Example To display the serial port setting DGS 3200 10 4 show serial_port Command show serial_port Baud Rate 115 200 Data B...

Page 39: ...gement host and the auto logout time for idle connections Parameters Parameters Description baud_rate The serial bit rate that will be used to communicate with the management host There are four options 9600 19200 38400 and 115200 auto_logout The auto logout time out setting never Never timeout 2_minutes When you idle over 2 minutes the device will auto logout 5_minutes When you idle over 5 minute...

Page 40: ...een display when show command output reaches the end of the page The default setting is enabled Parameters None Restrictions You must have administrator privileges Example To enable pausing of the screen display when show command output reaches the end of the page DGS 3200 10 4 enable clipaging Command enable clipaging Success DGS 3200 10 4 3 13 disable clipaging Purpose Used to disable pause the ...

Page 41: ...page DGS 3200 10 4 disable clipaging Command disable clipaging Success DGS 3200 10 4 3 14 enable telnet Purpose The switch allows you manage the switch via Telnet based management software Use the command to enable Telnet and configure a port number Format enable telnet tcp_port_number 1 65535 Description The enable telnet command enables Telnet and configures port number Parameters Parameters Des...

Page 42: ...s you manage the switch via Telnet based management software Use the command to disable Telnet Format disable telnet Description The disable telnet command disables Telnet Parameter None Restrictions You must have administrator privileges Example To disable Telnet DGS 3200 10 4 disable telnet Command disable telnet Success DGS 3200 10 4 3 16 enable web Purpose The switch allows you manage the swit...

Page 43: ...are numbered between 1 and 65535 The well known TCP port for the Web protocol is 80 Restrictions You must have administrator privileges Example To enable HTTP and configure port number DGS 3200 10 4 enable web 80 Command enable web 80 Note SSL will be disabled if web is enabled Success DGS 3200 10 4 3 17 disable web Purpose The switch allows you manage the switch via HTTP based management software...

Page 44: ...g config_id 1 2 log all Description The save command saves changes in non volatile RAM Parameters Parameters Description config config_id 1 2 Specifes the configuration identify number of the indicated configuration log Save log all Save changes to currently active configuration and save log If no any keyword specified save changes to configuration Restrictions You must have administrator privileg...

Page 45: ... to NV RAM Done DGS 3200 10 4 DGS 3200 10 4 save log Command save log Saving all system logs to NV RAM Done DGS 3200 10 4 DGS 3200 10 4 save all Command save all Saving configuration and logs to NV RAM Done DGS 3200 10 4 3 19 reboot Purpose Used to restart the switch Format reboot Description The reboot command restarts the switch Parameters None ...

Page 46: ...eters Description config If you specify the config keyword all parameters are reset to default settings But device will neither save nor reboot system If you specify the system keyword all parameters are reset to default settings Then the switch will do factory reset save and reboot If no keyword is specified all parameters will be reset to default settings except IP address user account and histo...

Page 47: ...tem Command reset system Are you sure to proceed with system reset save and reboot y n Loading factory default configuration Done Saving all configuration to NV RAM Done Please wait the switch is rebooting 3 21 login Purpose Used to log in to the switch Format login Description The login command log in to the switch Parameter None Restrictions None Example DGS 3200 10 4 login Command login UserNam...

Page 48: ...mmand to logout Parameter None Restrictions None Example DGS 3200 10 4 logout Command logout Logout DGS 3200 10 Gigabit Ethernet Switch Command Line Interface Firmware Build 1 10 B021 Copyright C 2008 D Link Corporation All rights reserved Username DGS 3200 10 Gigabit Ethernet Switch Command Line Interface Firmware Build 1 10 B021 Copyright C 2008 D Link Corporation All rights reserved Username ...

Page 49: ...00 timeout sec 1 65535 probe value 1 9 telnet ipaddr tcp_port value 0 65535 Note The Interface field is used for addresses on the link local network It is recommended that the user enter the specific interface for a link local IPv6 adress The field may be omitted for global IPv6 addresses For example DGS 3200 10 4 upload cfg_toTFTP fe80 20d 88ff fe11 7b6c System DGS 3200 cfg 4 1 download Purpose U...

Page 50: ...configuration identify number of the indicated configuration increment Allows the download of a partial switch configuration file This allows a file to be downloaded that will change only the switch parameters explicitly stated in the configuration file All other switch parameters will remain unchanged Restrictions You must have administrator privileges Examples Download firmware DGS 3200 10 4 dow...

Page 51: ...server ipaddr The IP address of the TFTP server ipv6addr The IPv6 address of the TFTP server path_filename Specifies the location of the switch configuration file on the TFTP server This file will be replaced by the uploaded file from the switch The maximum length is 64 config_id 1 2 Specifies the configuration identify number of the indicated configuration Restrictions You must have administrator...

Page 52: ...specific firmware Format config firmware image_id 1 2 delete boot_up Description This command is used to configure firmware as a boot up image or to delete the firmware Parameters Parameters Description image_id 1 2 Specifes the serial number of the indicated firmware Restrictions You must have administrator privileges Example To delete the specific firmware DGS 3200 10 4 config firmware image_id ...

Page 53: ...g configuration config_id 1 2 boot_up delete active Description None Parameters Parameters Description config_id 1 2 Specifes the serial number of the indicated configuration Restrictions You must have administrator privileges Example To delete the specific configuration DGS 3200 10 4 config configuration config_id 2 delete Command config configuration config_id 2 delete Success DGS 3200 10 4 4 5 ...

Page 54: ...ormation Command show firmware information Image ID 1 Boot up firmware Version 1 10 B021 Size 2075194 Bytes Update Time 2000 01 01 00 57 40 From 172 18 211 108 Console User Anonymous Image ID 2 Version 1 10 B014 Size 2073148 Bytes Update Time 2000 01 01 01 06 58 From 172 18 211 108 Console User Anonymous DGS 3200 10 4 4 6 show config information Purpose Displays the configuration or configuration ...

Page 55: ...onfig information Command show config information ID 1 Boot up configuration Version 1 10 B021 Size 10595 Bytes Updata Time 2000 01 01 00 32 25 From FE80 21A 4DFF FE32 EFB9 Console User Anonymous Boot Up Yes ID 2 Version 1 10 B014 Size 10102 Bytes Updata Time 2000 01 01 00 02 40 From Local save Console User Anonymous Boot Up No DGS 3200 10 4 4 7 ping Purpose Used to test the connectivity between n...

Page 56: ...al ICMP echo messages to be sent A value of 0 will send an infinite ICMP echo messages The maximum value is 255 The default is 0 sec Defines the time out period while waiting for a response from the remote device A value of 1 to 99 seconds can be specified The default is 1 second Restrictions You must have administrator privileges Example To send ICMP echo message to 10 51 17 1 for 4 times DGS 320...

Page 57: ...tion endstation ttl value1 60 The time to live value of the trace route request This is the maximum number of routers The traceroute command will cross while seeking the network path between two devices port value 30000 64900 The port number Must be above 1024 The value range is from 30000 to 64900 probe value 1 9 The number of probes The range is from 1 to 9 Restrictions You must have administrat...

Page 58: ...iption ipaddr The IP address of the host to login tcp_port The Telnet port Restrictions None Example To Telnet to a host DGS 3200 10 4 telnet 10 1 1 1 Command telnet 10 1 1 1 Connecting to 10 1 1 1 Press Ctrl Y to disconnect DGS 3200 10 4 Welcome to Microsoft Telnet Service login administrator password Welcome to Microsoft Telnet Server C Documents and Settings Administrator exit Connection to hos...

Page 59: ...IV Network Management The Fundamentals section includes the following chapters SNMPv1 v2 SNMPv3 Network Management Network Monitoring System Severity Command List History Modify Banner and Prompt Time and SNTP Jumbo Frame Single IP Management and Safeguard Engine ...

Page 60: ...ring as enabling read only or read write privileges for the SNMP management host Parameters Parameters Description community_string An alphanumeric string of up to 32 characters used in the authentication of users wanting access to the switch s SNMP agent view An alphanumeric string of up to 32 characters read_only Allows the user using the above community string to have read only access to the sw...

Page 61: ...used to delete an SNMP community string entered on the switch using the create snmp community command above Parameters Parameters Description community_string An alphanumeric string of up to 32 characters used in the authentication of users wanting access to the switch s SNMP agent Restrictions You must have administrator privileges Example To delete a read only level SNMP community System DGS 320...

Page 62: ...ter Parameters Description community_string An alphanumeric string of up to 32 characters used in the authentication of users wanting access to the switch s SNMP agent Restrictions None Example To display SNMP community information DGS 3200 10 4 show snmp community Command show snmp community SNMP Community Table Community Name View Name Access Right Private CommunityView read_write Public Communi...

Page 63: ...y read_write delete snmp community community_string 32 show snmp community community_string 32 config snmp engineID snmp_engineID 10 64 show snmp engineID create snmp group groupname 32 v1 v2c v3 noauth_nopriv auth_nopriv auth_priv read_view view_name 32 write_view view_name 32 notify_view view_name 32 delete snmp group groupname 32 create snmp host ipaddr v6host ipv6addr v1 v2c v3 noauth_nopriv a...

Page 64: ... groupname The name of the group to which the user is associated The range is 1 to 32 encrypted Specifies whether the password appears in encrypted format by_password indicate input password for authentication and privacy by_key indicate input key for authentication and privacy Initiates an authentication level setting session The options are md5 and sha md5 The HMAC MD5 96 authentication level au...

Page 65: ...se Used to remove a user from an SNMP group and delete the associated group in SNMP group Format delete snmp user SNMP_name 32 Description The delete snmp user command removes a user from a SNMP group and deletes the associated group in SNMP group Parameters Parameters Description username The name of the user on the host that connects to the agent The range is 1 to 32 Restrictions You must have a...

Page 66: ...ust have administrator privileges Example DGS 3200 10 4 show snmp user Command show snmp user Username Group Name SNMP Version Auth Protocol PrivProtocol initial initial V3 None None Total Entries 1 DGS 3200 10 4 6 4 show snmp groups Purpose Used to display the names of groups on the switch and the security model level and the status of the different views Format show snmp groups Description The s...

Page 67: ...me CommunityView Securiy Model SNMPv1 Securiy Level NoAuthNoPriv Group Name public ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv2 Securiy Level NoAuthNoPriv Group Name initial ReadView Name restricted WriteView Name Notify View Name restricted Securiy Model SNMPv3 Securiy Level NoAuthNoPriv Group Name private ReadView Name CommunityView WriteView Nam...

Page 68: ...MPv1 Security Level NoAuthNoPriv Group Name ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Security Model SNMPv1 Security Level NoAuthNoPriv Group Name ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Security Model SNMPv2 Security Level NoAuthNoPriv Group Name WriteGroup ReadView Name CommunityView WriteView Name CommunityVie...

Page 69: ...unityView WriteView Name CommunityView Notify View Name CommunityView Security Model SNMPv3 Security Level authPriv Total Entries 10 DGS 3200 10 4 6 5 create snmp view Purpose Used to assign views to community strings to limit which MIB objects an SNMP manager can access Format create snmp view view_name 32 oid view_type included excluded Description The create snmp view command assigns views to c...

Page 70: ...p view dlinkview 1 3 6 view_type included Success DGS 3200 10 4 6 6 delete snmp view Purpose Used to remove a view record Format delete snmp view view_name 32 all oid Description The delete snmp view command removes a view record Parameters Parameters Description view_name View nameof the user who will be deleted all all view record oid Object Identified tree MIB tree Restrictions You must have ad...

Page 71: ... who likes to show Restrictions You must have administrator privileges Example DGS 3200 10 4 show snmp view Command show snmp view Vacm View Table Settings View Name Subtree View Type restricted 1 3 6 1 2 1 1 Included restricted 1 3 6 1 2 1 11 Included restricted 1 3 6 1 6 3 10 2 1 Included restricted 1 3 6 1 6 3 11 2 1 Included restricted 1 3 6 1 6 3 15 1 1 Included CommunityView 1 Included Commu...

Page 72: ... of all MIB objects accessible to the given community Read and write or read only permission for the MIB objects accessible to the community Format create snmp community community_string 32 view view_name 32 read_only read_write Description The create snmp community command creates an SNMP community string Parameters Parameters Description community_string Communtiy string Max string length is 32 ...

Page 73: ...ed Restrictions You must have administrator privileges Example DGS 3200 10 4 delete snmp community dlink Command delete snmp community dlink Success DGS 3200 10 4 6 10 show snmp community Purpose Used to display the community string configurations Format show snmp community community_string 32 Description The show snmp communtiy command displays the community string configurations Parameters Param...

Page 74: ...tal Entries 2 DGS 3200 10 4 6 11 config snmp engineID Purpose Used to configure a identifier for the SNMP engine on the switch Format config snmp engineID snmp_engineID 10 64 Description The config snmp engineID command configures a identifier for the SNMP engine on the switch Associated with each SNMP entity is a unique engineID Parameters Parameters Description snmp_engineID Identify for the SNM...

Page 75: ...p engineID command displays the identification of the SNMP engine on the switch Parameters None Restrictions You must have administrator privileges Example DGS 3200 10 4 show snmp engineID Command show snmp engineID SNMP Engine ID 1023457890 DGS 3200 10 4 6 13 create snmp group Purpose Used to create a new SNMP group or a table that maps SNMP users to SNMP views Format create snmp group groupname ...

Page 76: ...r encrypting auth_nopriv Support packet authentication v3 auth_priv Support packet authentication and encrypting view_name View name An MIB view Restrictions You must have administrator privileges Example DGS 3200 10 4 create snmp group D Link_group v3 auth_priv read_view CommunityView write_view CommunityView notify_view CommunityView Command create snmp group D Link_group v3 auth_priv read_view ...

Page 77: ...nopriv auth_nopriv auth_priv auth_string 32 Description The create snmp host command creates a recipient of an SNMP operation Parameters Parameters Description ipaddr The IP address of the recipient for which the traps are targeted v6host Specifies the v6host IP address to which the trap packet will be sent v1 The least secure of the possible security models v2c The second least secure of the poss...

Page 78: ...rpose Used to delete a recipient of an SNMP trap operation Format delete snmp host ipaddr v6host ipv6addr Description The delete snmp host command deletes a recipient of an SNMP trap operation Parameters Parameters Description ipaddr The IP address of the recipient for which the traps are targeted v6host Specifies the v6host IP address Restrictions 2 level administrator 3 level operator Example DG...

Page 79: ...dress of the recipient for which the traps are targeted If no parameter specified all SNMP hosps will be diplayed v6host Specifies the v6host IP address Restrictions user level Example DGS 3200 10 4 show snmp host Command show snmp host SNMP Host Table Host IP Address SNMP Version Community Name SNMPv3 User Name 10 48 76 100 V3 noauthnopriv initial 10 51 17 1 V2c public Total Entries 2 DGS 3200 10...

Page 80: ...host Specifies the v6host IP address Restrictions user level Example DGS 3200 10 4 show snmp v6host Command show snmp v6host SNMP Host Table Host IPv6 Address FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF SNMP Version V3 na np Community Name SNMPv3 User Name 123456789101234567890 Host IPv6 Address FECO 1A49 2AA FF FE34 CA8F SNMP Version V3 a np Community Name SNMPv3 User Name abcdefghijk Total Entries 2...

Page 81: ...81 Description The show snmp traps command is used to show traps state Parameters None Restrictions You must have administrator privileges Example DGS 3200 10 4 show snmp traps Command show snmp traps SNMP Traps Enabled Authenticate Trap Enabled DGS 3200 10 4 ...

Page 82: ...t sw_contact enable rmon disable rmon enable snmp traps disable snmp traps enable snmp authenticate_traps disable snmp authenticate_traps 7 1 enable snmp Purpose Use to enable and disable the SNMP interface access function Format enable snmp Description Use to enable and disable the SNMP function When SNMP function is disabled the network manager will not be able the access SNMP MIB objects The de...

Page 83: ... SNMP or Telnet based management software These IP addresses must be members of the Management VLAN If no IP addresses are specified then there is nothing to prevent any IP address from accessing the switch provided the user knows the Username and Password Parameters Parameters Description ipaddr The IP address of the trusted host network The network address of the trusted network The form of netw...

Page 84: ...Parameters Description ipaddr all The IP address of the trusted host network The network address of the trusted network Restrictions You must have administrator privileges Example To delete the trusted host DGS 3200 10 4 delete trusted_host ipaddr 10 48 74 121 Command delete trusted_host ipaddr 10 48 74 121 Success DGS 3200 10 4 7 4 show trusted_host Purpose Used to display a list of trusted hosts...

Page 85: ...t Stations IP Addrress 10 48 93 100 10 51 17 1 10 50 95 90 Total Entries 3 DGS 3200 10 4 7 5 config snmp system_name Purpose Used to configure the name for the switch Format config snmp system_name sw_name Description The config snmp system_name command configures the name of the switch Parameter Parameters Description sw_name A maximum of 255 characters is allowed A null string is also accepted ...

Page 86: ...ose Used to enter a description of the location of the switch Format config snmp system_location sw_location Description The config snmp system_location command is used to enter a description of the location of the switch A maximum of 255 characters can be used Parameter Parameters Description sw_location A maximum of 255 characters is allowed A null string is also accepted Restrictions You must h...

Page 87: ... for the switch A maximum of 255 character can be used Parameters Parameters Description sw_contact A maximum of 255 characters is allowed A null string is also accepted Restrictions You must have administrator privileges Example To configure the switch contact to MIS Department II DGS 3200 10 4 config snmp system_contact MIS Department II Command config snmp system_contact MIS Department II Succe...

Page 88: ...le rmon Command enable rmon Success DGS 3200 10 4 7 9 disable rmon Purpose Used to disable RMON on the switch Format disable rmon Description The disable rmon command disables RMON on the switch Parameters None Restrictions You must have administrator privileges Example To disable RMON on the switch DGS 3200 10 4 disable rmon Command disable rmon Success DGS 3200 10 4 ...

Page 89: ...meters None Restrictions You must have administrator privileges Example To enable SNMP trap support DGS 3200 10 4 enable snmp traps Command enable snmp traps Success DGS 3200 10 4 7 11 disable snmp traps Purpose Used to disable SNMP trap support on the switch Format disable snmp traps Description The disable snmp traps command is used to disable SNMP trap support on the switch Parameters None Rest...

Page 90: ...ilure trap support Format enable snmp authenticate_traps Description The enable snmp authenticate_traps command enables SNMP authentication failure trap support Parameters None Restrictions You must have administrator privileges Example To enable SNMP authentication trap support DGS 3200 10 4 enable snmp authenticate_traps Command enable snmp authenticate_traps Success DGS 3200 10 4 7 13 disable s...

Page 91: ...disable snmp authenticate_traps command disables SNMP authentication failure trap support Parameters None Restrictions You must have administrator privileges Example To disable SNMP authentication trap support DGS 3200 10 4 disable snmp authenticate_traps Command disable snmp authenticate_traps Success DGS 3200 10 4 ...

Page 92: ...eate syslog host index 1 4 severity informational warning all facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number ipaddress ipaddr state enable disable delete syslog host index 1 4 all show syslog host index 1 4 config log_save_timing time_interval min 1 65535 on_demand log_trigger show log_save_timing 8 1 show packet ports Purpose Used to display statistics a...

Page 93: ...4 572 27 65 127 151 5 128 255 39 0 256 511 65 0 512 1023 7 0 1024 1518 0 0 Unicast RX 4 0 Multicast RX 162 1 Broadcast RX 568 31 Frame Type Total Total sec RX Bytes 81207 2237 RX Frames 734 32 TX Bytes 8432 0 TX Frames 100 0 DGS 3200 10 8 2 show error ports Purpose Used to display the error statistics for a range of ports Format show errors ports portlist Description The show error ports command d...

Page 94: ...es TX Frames CRC Error 0 Excessive Deferral 0 Undersize 0 CRC Error 0 Oversize 0 Late Collision 0 Fragment 0 Excessive Collision 0 Jabber 0 Single Collision 0 Drop Pkts 0 Collision 0 Symbol Error 0 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh 8 3 show utilization Purpose Used to display real time port utilization statistics Format show utilization ports cpu Description The show ut...

Page 95: ... sec Util 1 0 0 0 2 0 0 0 3 0 0 0 4 0 0 0 5 0 0 0 6 0 0 0 7 0 0 0 8 0 0 0 To display the CPU utilization DGS 3200 10 4 show utilization cpu Command show utilization cpu CPU utilization Five seconds 20 One minute 10 Five minutes 70 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh 8 4 clear counters Purpose Used to clear the switch s statistics counters Format clear counters ports portl...

Page 96: ...meter is specified the system will count all of the ports Restrictions You must have administrator privileges Example To clear the switch s statistics counters DGS 3200 10 4 clear counters ports 7 9 Command clear counters ports 7 9 Success DGS 3200 10 4 8 5 clear log Purpose Used to clear the switch s history log Format clear log Description The clear log command clears the switch s history log Pa...

Page 97: ...es For example show log index 1 5 will display the history log from 1 to 5 If no parameter is specified all history log entries will be displayed Restrictions None Examples To display the switch history log DGS 3200 10 4 show log index 1 5 Command show log index 1 5 Index Date Time Log Text 5 2000 01 01 00 00 41 Port 5 link down 4 2000 01 01 00 00 31 Port 3 link up 100Mbps FULL duplex 3 2000 01 01...

Page 98: ...ge Parameters None Restrictions You must have administrator privileges Examples To enable syslog to send a message DGS 3200 10 4 enable syslog Command enable syslog Success DGS 3200 10 4 8 8 disable syslog Purpose Used to disable syslog sending a message Format disable syslog Description The disable syslog command disables syslog sending a message Parameters None Restrictions You must have adminis...

Page 99: ...e Used to display the syslog protocol global state Format show syslog Description The show syslog command displays the syslog protocol global state Parameters None Restrictions None Examples To display the syslog protocol global state DGS 3200 10 4 show syslog Command show syslog Syslog Global State Enabled DGS 3200 10 4 8 10 config syslog host Purpose Used to configure the syslog host configurati...

Page 100: ...s Processes and daemons that have not been explicitly assigned a Facility may use any of the local use facilities or they may use the user level Facility Those Facilities that have been designated are shown in the following Bold font means the facility values the switch supports now local0 user defined Facility local1 user defined Facility local2 user defined Facility local3 user defined Facility ...

Page 101: ...tes a new syslog host Parameters Parameters Description host index 1 4 The host index Three levels are supported informational Informational messages warning Warning conditions severity all Any condition Some of the operating system daemons and processes have been assigned Facility values Processes and daemons that have not been explicitly assigned a Facility may use any of the local use facilitie...

Page 102: ... disables the host to receive such messages Restrictions You must have administrator privileges Example DGS 3200 10 4 create syslog host 1 severity all facility local0 Command create syslog host 1 severity all facility local0 Success DGS 3200 10 4 8 12 delete syslog host Purpose Used to delete the syslog host s Format delete syslog host index 1 4 all Description The delete syslog host command dele...

Page 103: ...n The show syslog host command displays the syslog host configurations Parameters Parameters Description index The host index If no parameter is specified all hosts will be displayed Restrictions None Example DGS 3200 10 4 show syslog host Command show syslog host Syslog Global State Disabled Host Id Host IP Address Severity Facility UDP port Status 1 10 1 1 2 All Local0 514 Disabled 2 10 40 2 3 A...

Page 104: ...interval Save log to flash every xxx minutes if no log happen in this period don t save on_demand Save log to flash whener user type save log or save all log_trigger Save log to flash whenever log arrives Restrictions You must have administrator privileges Notes The default method is on_demand Examples To configure method to save log as on demand DGS 3200 10 4 config log_save_timing on_demand Comm...

Page 105: ...h CLI Manual 105 Description Shows the method to save log Parameters None Restrictions None Example To show the timing method of the log save DGS 3200 10 4 show log_save_timing Command show log_save_timing Saving log method on_demand DGS 3200 10 4 ...

Page 106: ...verity level control for the system Parameters Parameters Description trap Configure severity level control for a trap log Configure severity level control for a log all Configure severity level control for a trap and a log critical Severity level critical warning Severity level warning information Severity level information Restrictions You must have administrator privilege Examples To configure ...

Page 107: ...trol for a system Format show system_severity Description Use this command to show severity level control for a system Parameters None Restrictions None Examples To show the severity level control for a system DGS 3200 10 4 Command show system_severity System Severity Trap warning System Severity Log information DGS 3200 10 4 ...

Page 108: ...mand Line Interface CLI Format command Description The command will display all of the commands available through the Command Line Interface CLI Parameters Parameters Description command Specifies the command If no command specified the system will display all commands Restrictions None Example To display all commands DGS 3200 10 4 Command add port_security_entry vlan_name clear clear arptable cle...

Page 109: ...2 1x capability ports config 802 1x init config 802 1x reauth config access_profile profile_id config account config arp_aging time config arpentry config bandwidth_control config command_history DGS 3200 10 4 10 2 show command_history Purpose Used to display command history Format show command_history Description The show command_history command displays command history Parameters None Restrictio...

Page 110: ...ased ports all config 802 1x init port_based ports all config 802 1x auth_mode port_based config 802 1x auth_parameter ports 1 50 direction both config 802 1x capability ports 1 5 authenticator show 802 1x auth_configuration ports 1 show 802 1x auth_state ports 1 5 enable 802 1x show 802 1x auth_state ports 1 5 show igmp_snooping enable igmp_snooping DGS 3200 10 4 10 3 dir Purpose Used to display ...

Page 111: ...r_priority config 802 1x auth_mode config 802 1x auth_parameter ports config 802 1x capability ports config 802 1x init config 802 1x reauth config access_profile profile_id config account config arp_aging time config arpentry config bandwidth_control config command_history 10 4 config command_history Purpose The switch remembers the last 40 maximum commands you entered This command lets you confi...

Page 112: ...cofigure the number of commands that the switch can recall Parameters Parameters Description value The number of commands 1 40 that the switch can recall Restrictions None Example To configure the number of commands history DGS 3200 10 4 config command_history 20 Command config command_history 20 Success DGS 3200 10 4 ...

Page 113: ..._message command will return the greeting message banner to its original factory default entry Restrictions 1 When users issue the reset command the modified banner will remain in tact Yet issuing the reset system will return the banner to its original default value 2 The maximum character capacity for the banner is 6 80 6 Lines and 80 characters per line 3 In the following example Ctrl W will sav...

Page 114: ...s DGS 3200 10 128 Response messages 1 Success When users input a valid greeting message and the setting is accepted by the device 2 Quit without saving The current greeting message will not be changed The user may exit the banner editor by pressing the Ctrl c function key 3 Fail Settings failed When settings entered are not accepted by the device 11 2 config command_prompt Purpose Used to configur...

Page 115: ...nter this command to set the login username as the command prompt default Enter this command to return the command prompt to its original factory default value Restrictions 1 When users issue the reset command the current command prompt will remain in tact Yet issuing the reset system will return the command prompt to its original factory default value 2 You must have administrator privileges Exam...

Page 116: ...week 1 4 last s_wday start_day sun sat s_mth start_mth 1 12 s_time start_time hh mm e_week end_week 1 4 last e_wday end_day sun sat e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 annual s_date start_date 1 31 s_mth start_mth 1 12 s_time start_time hh mm e_date end_date 1 31 e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 show time 12 1 config sntp Purpose To configure SN...

Page 117: ...ust have administrator privileges Example To configure SNTP DGS 3200 10 4 config sntp primary 10 1 1 1 secondary 10 1 1 2 poll interval 30 Command config sntp primary 10 1 1 1 secondary 10 1 1 2 poll interval 30 Success DGS 3200 10 4 12 2 show sntp Purpose Display SNTP configuration Format show sntp Description The show sntp command displays the current SNTP time source and configuration Parameter...

Page 118: ...ndary Server 10 1 1 2 SNTP Poll Interval 30 sec DGS 3200 10 4 12 3 enable sntp Purpose Turn on SNTP support Format enable sntp Description The enable sntp command turns on SNTP support Parameters None Restrictions You must have administrator privileges Example To enable SNTP DGS 3200 10 4 enable sntp Command enable sntp Success DGS 3200 10 4 12 4 disable sntp Purpose Turn off SNTP support ...

Page 119: ...ges Example To disable SNTP DGS 3200 10 4 disable sntp Command disable sntp Success DGS 3200 10 4 12 5 config time Purpose Configure time and date settings of the device Format config time date ddmthyyyy time hh mm ss Description The config time command changes time settings Parameters Parameters Description date system clock date time system clock time Restrictions You must have administrator pri...

Page 120: ...g time_zone Purpose Configure time zone of the device Format config time_zone operator hour gmt_hour 0 13 min minute 0 59 Description The config time_zone command changes time zone settings Parameters Parameters Description operator operator of time zone positive negative hour hour of time zone min minute of time zone Restrictions You must have administrator privileges Example To configure the tim...

Page 121: ...ate end_date 1 31 e mth end_mth 1 12 e time end_time hh mm offset 30 60 90 120 Description The config dst command changes Daylight Saving Time settings Parameters Parameters Description disable Disable the DST of the switch repeating Set the DST to repeating mode annual Set the DST to annual mode s_week e_week Configure the start end week number of DST s_day e_day Configure the start end day numbe...

Page 122: ... 12 8 show time Purpose Display time states Format show time Description The show time command displays current time states Parameters None Restrictions You must have administrator privileges Example To show time DGS 3200 10 4 show time Command show time Current Time Source System Clock Boot Time 1 Jan 2000 00 00 00 Current Time 1 Jan 2000 07 26 28 Time Zone GMT 00 00 Daylight Saving Time Disabled...

Page 123: ...t enable jumbo_frame Description The enable jumbo_frame command enables support of Jumbo Frames Parameters None Restrictions You must have administrator privileges Example To enable Jumbo Frames DGS 3200 10 4 enable jumbo_frame Command enable jumbo_frame The maximum size of Jumbo Frame is 10240 Bytes Success DGS 3200 10 4 13 2 disable jumbo_frame Purpose Use the command to disable support of Jumbo...

Page 124: ...trator privileges Example To disable Jumbo Frames DGS 3200 10 4 disable jumbo_frame Command disable jumbo_frame Success DGS 3200 10 4 13 3 show jumbo_frame Purpose Use the command to display Jumbo Frames Format show jumbo_frame Description The show jumbo_frame command displays Jumbo Frames Parameters None Restrictions You must have administrator privileges Example To display Jumbo Frames ...

Page 125: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 125 DGS 3200 10 4 show jumbo_frame Command show jumbo_frame Jumbo Frame State Disabled Maximum Frame Size 1536 Bytes DGS 3200 10 4 ...

Page 126: ...group_name groupname 64 candidate dp_interval sec 30 90 hold_time sec 100 255 download sim_ms firmware_from_tftp configuration_from_tftp ipaddr path_filename members mslist 1 32 all upload sim_ms configuration_to_tftp log_to_tftp ipaddr path_filename members mslist all 14 1 enable sim Purpose Used to enable single IP management Format enable sim Description The enable sim command configures the si...

Page 127: ...e sim command configures the single IP management on the switch as disable Parameters None Restrictions You must have administrator privilege Examples To disable single IP management DGS 3200 10 4 disable Command disable sim Success DGS 3200 10 4 14 3 show sim Purpose Used to display the current information of the specific sorts of devices Format show sim candidates candidate_id 1 100 members memb...

Page 128: ...up devices neighbor Specifies other neighbor devices Restrictions You must have administrator privilege Examples To show the self information in detail DGS 3200 10 4 show sim Command show sim SIM Version VER 1 61 Firmware Version Build 1 10 B021 Device Name MAC Address 00 35 26 11 11 00 Capabilities L2 Platform DGS 3200 10 L2 Switch SIM State Disabled Role State Candidate Discovery Interval 30 sec...

Page 129: ... Entries 2 DGS 3200 10 4 To show the member information in summary if a user specifies a member ID it will show information in detail DGS 3200 10 4 show sim member Command show sim member ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DGS 3200 10 L2 Switch 40 1 10 B021 aaaaaaaaaaaaaaaa bbbbbbbbbbbbbbb 2 00 55 55 00 55 00 DES 3326SR L3 Switch 140 4 00 ...

Page 130: ...bbbbbbbbbbbbb 2 00 55 55 00 55 00 SIM Group Name SIM2 ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DGS 3200 10 L2 Switch 40 1 10 B021 aaaaaaaaaaaaaaaa bbbbbbbbbbbbbbb 2 00 55 55 00 55 00 means commander switch DGS 3200 10 4 To show a SIM neighbor table DGS 3200 10 4 show sim neighbor Command show sim neighbor Neighbor Table Port MAC Address Role 23 ...

Page 131: ...ameters Description member_id Specifies the serial number of a member Restrictions You must have administrator privilege Examples To re Telnet to a member DGS 3200 10 4 reconfig member_id 1 Command reconfig member_id 1 DGS 3200 10 4 Login 14 5 config sim_group Purpose Used to configure group information Format config sim_group add candidate_id 1 100 password delete member_id 1 32 Description The c...

Page 132: ..._id Remove a specific member from group Restrictions You must have administrator privilege Examples To add a member DGS 3200 10 4 config sim_group add 2 Command config sim_group add 2 Please wait for ACK SIM Config Success Success DGS 3200 10 4 To delete a member DGS 3200 10 4 config sim_group delete 1 Command config sim_group delete 1 Please wait for ACK SIM Config Success Success DGS 3200 10 4 ...

Page 133: ... the switch Parameters Parameters Description commander Transfer role to commander group_name If commander user can update name of group candidate Transfer role to candidate dp_interval The time in seconds between discovery hold_time The time in seconds the device holds the discovery result Restrictions You must have administrator privilege Examples To transfer to commander DGS 3200 10 4 config si...

Page 134: ...fig sim dp_interval 30 Success DGS 3200 10 4 To change the hold time of discovery protocol DGS 3200 10 4 config sim hold_time 200 Command config sim hold_time 200 Success DGS 3200 10 4 14 7 download sim_ms Purpose Used to download firmware or configuration to indicated device Format download sim_ms firmware_from_tftp configuration_from_tftp ipaddr path_filename members mslist 1 32 all Description ...

Page 135: ...200 10 4 download sim_ms configuration_from_tftp 10 55 47 1 D dwl600x tfp members 1 Commands download sim_ms configuration_from_tftp 10 55 47 1 D dwl600x tfp members 1 This device is updating firmware Please wait Download Status ID MAC Address Result 1 00 01 02 03 04 00 Success 2 00 07 06 05 04 03 Fail 3 00 07 06 05 04 04 Fail DGS 3200 10 4 To download configuration DGS 3200 10 4 download sim_ms c...

Page 136: ...ommand is used to upload configuration from indicated devices to a TFTP server Parameters Parameters Description ipaddr Specifes the IP address of TFTP server path_filename Specifes the file path to store configuration in TFTP server members Specifies the member which upload its configuration Restrictions You must have administrator privilege Examples To upload a configuration DGS 3200 10 4 upload...

Page 137: ...able trap_log Configure the state of safeguard engine related trap log mechanism to enable or disable If set to enable trap and log will be active while the safeguard engine current mode is changed If set to disable current mode change will not trigger trap and log events mode Determines the controlling method of broadcast traffic Here are two modes strict and fuzzy In strict the Switch will stop ...

Page 138: ...shold the switch enters normal mode Restrictions You must have administrator privilege Examples To configure the safeguard engine DGS 3200 10 4 config safeguard_engine state enable utilization rising 50 falling 30 trap_log enable Command config safeguard_engine state enable utilization rising 50 falling 30 trap_log enable Success DGS 3200 10 4 15 2 show safeguard_engine Purpose To show safeguard e...

Page 139: ...engine Command show safeguard_engine Safeguard engine state Enabled Safeguard engine current status exhausted mode CPU utilization information Rising threshold 50 Falling threshold 30 Trap log state Enabled Broadcast traffic control mode strict DGS 3200 10 4 Note The safeguard engine current status has two modes exhausted and normal mode ...

Page 140: ...aged Switch CLI Manual 140 V Layer 2 The Layer 2 section includes the following chapters MSTP FDB MAC Notification Mirror VLAN Protocol VLAN Link Aggregation LACP Configuration Traffic Segmentation Port Security and Static MAC based VLAN ...

Page 141: ...stp rstp stp config stp priority value 0 61440 instance_id value 0 15 config stp maxage value 6 40 maxhops value 6 40 hellotime value 1 2 forwarddelay value 4 30 txholdcount value 1 10 fbpdu enable disable config stp ports portlist external_cost auto value 1 200000000 hellotime value 1 2 migrate yes no edge true false p2p true false auto state enable disable fbpdu enable disable config stp mst_por...

Page 142: ...tp STP Bridge Global Settings STP Status Enabled STP Version MSTP Max Age 20 Forward Delay 15 Max Hops 20 TX Hold Count 3 Forwarding BPDU Enabled DGS 3200 10 4 16 2 show stp instance Purpose Used to show each instance parameters settings Format show stp instance value 0 15 Description This command displays each instance parameters settings Value means the instance ID if there is no input of this v...

Page 143: ...ettings Instance Type CIST Instance Status Enabled Instance Priority 32768 bridge priority 32768 sys ID ext 0 STP Instance Operational Status Designated Root Bridge 32768 00 22 22 22 22 00 External Root Cost 0 Regional Root Bridge 32768 00 22 22 22 22 00 Internal Root Cost 0 Designated Bridge 32768 00 22 22 22 22 00 Root Port None Max Age 20 Forward Delay 15 Last Topology Change 2430 Topology Chan...

Page 144: ...f the bridge portlist One of the CLI Value Types restricts the input value and format of the ports Restrictions None Examples To show STP ports DGS 3200 10 4 show stp ports Command show stp ports MSTP Port Information Port Index 1 Hello Time 2 2 Port STP enabled External PathCost Auto 200000 Edge Port No No P2P False No Port RestrictedRole False Port RestrictedTCN False Port Forward BPDU Enabled M...

Page 145: ...ription mst_config_id If two bridges have the same three elements in mst_config_id that means they are in the same MST region Restrictions None Examples Display the STP MST Config ID DGS 3200 10 4 show stp mst_config_id Command show stp mst_config_id Current MST Configuration Identification Configuration Name 00 22 22 22 22 00 Revision Level 0 MSTI ID Vid list CIST 1 4094 DGS 3200 10 4 16 5 create...

Page 146: ...stance 0 15 at most Restrictions You must have administrator privilege Examples To create an MSTP instance DGS 3200 10 4 create stp instance_id 2 Command create stp instance_id 2 Warning There is no VLAN mapping to this instance_id Success DGS 3200 10 4 16 6 delete stp instance_id Purpose Used to delete an MST instance Format delete stp instance_id value 1 15 Description To delete the specified MS...

Page 147: ...t action types to deal with an MST instance They are listed as follows add_vlan To map specified VLAN lists to an existing MST instance remove_vlan To delete specified VLAN lists from an existing MST instance Parameters Parameters Description instance_id MSTP instance ID Instance 0 represents a default instance CIST The DUT supports 16 instances 0 15 at most add_vlan Defined action type to configu...

Page 148: ... or revision level of the MST configuration identification Format config stp mst_config_id name string revision_level int Description To configure a configuration name or revision level in the MST configuration identification The default configuration name is the MAC address of the bridge Parameters Parameters Description name The name given for a specified MST region revision_level The same given...

Page 149: ...ible to modify to allow a user to enable STP per instance CIST should be enabled first before enabling other instances The current chip design dictates that when a user enables the CIST all MSTIs will be enabled automatically if FORCE_VERSION is set to MSTP 3 and there is at least one VLAN mapped to this instance Parameters None Restrictions You must have administrator privilege Examples To enable...

Page 150: ...16 11 config stp version Purpose Used to enable STP globally Format config stp version mstp rstp stp Description If version is configured as STP or RSTP all currently running MSTIs should be disabled If the version is configured as MSTP the current chip design is enabled for all available MSTIs assuming that CIST is enabled Parameters Parameters Description version To decide to run under which ver...

Page 151: ...config stp version mstp Command config stp version mstp Configure value is the same with current value Fail DGS 3200 10 4 16 12 config stp priority Purpose Used to configure the instance priority Format config stp priority value 0 61440 instance_id value 0 15 Description One of the parameters used to select the Root Bridge Parameters Parameters Description priority The bridge priority value must b...

Page 152: ...o configure the bridge parameter global settings Parameters Parameters Description maxage Used to determine if a BPDU is valid The default value is 20 maxhops Used to restrict the forwarded times of one BPDU The default value is 20 Hellotime The default value is 2 This is a per Bridge parameter in RSTP it is existed only in STP RSTP Mode forwarddelay The maximum delay time for one BPDU to be trans...

Page 153: ...parameters Internal Path Cost and Port Priority are special cases in MSTP and will need another command in 47 13 to use Parameters Parameters Description portlist One of the CLI Value Types restricts the input value and format of the ports external_cost The path cost between the MST regions from the transmitting Bridge to the CIST Root Bridge It is only used at CIST level hellotime The default val...

Page 154: ... stp ports 1 external_cost auto Command config stp ports 1 external_cost auto Success DGS 3200 10 4 16 15 config stp mst_ports Purpose Used to configure the port management parameters at the CIST instance_id 0 or MSTI instance_id 1 level Format config stp mst_ports portlist instance_id value 0 15 internal_cost auto value 1 200000000 priority value 0 240 Description Internal Path Cost and Port Prio...

Page 155: ...ts MSTI 1 MSTI 15 internal_cost The Port Path Cost used in MSTP priority The Port Priority Restrictions You must have administrator privilege Examples To configure STP MST ports DGS 3200 10 4 config stp mst_ports 1 instance_id 0 internal_cost auto Command config stp mst_ports 1 instance_id 0 internal_cost auto Success DGS 3200 10 4 ...

Page 156: ...macaddr static aging_time show multicast vlan_filtering_mode vlanid vidlist vlan vlan_name 32 17 1 create fdb Purpose Used to create a static entry to the unicast MAC address forwarding table database Format create fdb vlan_name 32 macaddr port port Description The create fdb command will make an entry into the switch s unicast MAC address forwarding database Parameters Parameters Description vlan...

Page 157: ...ke an entry into the switch s multicast MAC address forwarding database Parameters Parameters Description vlan_name 32 The name of the VLAN on which the MAC address resides The maximum length is 32 macaddr The multicast MAC address to be added to the static forwarding table Restrictions You must have administrator privileges Examples To create multicast MAC forwarding DGS 3200 10 4 create multicas...

Page 158: ...leted to the forwarding table portlist Specifies a range of ports to be configured Restrictions You must have administrator privileges Examples To add multicast MAC forwarding DGS 3200 10 4 config multicast_fdb default 01 00 5E 00 00 00 add 1 5 Command config multicast_fdb default 01 00 5E 00 00 00 add 1 5 Success DGS 3200 10 4 17 4 config fdb aging_time Purpose Used to configure the switch s MAC ...

Page 159: ...config fdb aging_time 300 Success DGS 3200 10 4 17 5 config multicast vlan_filtering_mode Purpose Used to configure the the multicast packet filtering mode for VLANs Format config multicast vlan_filtering_mode vlanid vidlist vlan vlan_name 32 all forward_unregistered_groups filter_unregistered_groups Description The config multicast_fdb command configures the multicast packet filtering mode for VL...

Page 160: ...Purpose Used to delete an entry to the switch s forwarding database Format delete fdb vlan_name 32 macaddr Description The delete fdb command deletes a permanent FDB entry Parameters Parameters Description vlan_name 32 The name of the VLAN on which the MAC address resides The maximum length is 32 macaddr The multicast MAC address to be deleted from the static forwarding table Restrictions You must...

Page 161: ...lan_name 32 The name of the VLAN on which the MAC address resides The maximum length is 32 port The port number corresponding to the MAC destination address The switch will always forward traffic to the specified device through this port Restrictions You must have administrator privileges Examples To clear all FDB dynamic entries DGS 3200 10 4 clear fdb all Command clear fdb all Success DGS 3200 1...

Page 162: ...f no parameter is specified all multicast fdb entries will be displayed Restrictions None Examples To display multicast MAC address table DGS 3200 10 4 show multicast_fdb Command show multicast_fdb VLAN Name default MAC Address 01 00 5E 00 00 00 Egress Ports 1 5 26 Mode Static Total Entries 1 DGS 3200 10 4 17 9 show fdb Purpose Used to display the current unicast MAC address forwarding database Fo...

Page 163: ...rictions None Examples To display unicast MAC address table DGS 3200 10 4 show fdb Command show fdb Unicast MAC Address Ageing Time 300 VID VLAN Name MAC Address Port Type 1 default 00 00 00 00 01 02 5 Permanent 1 default 00 01 02 03 04 00 CPU Self Total Entries 2 DGS 3200 10 4 17 10 show multicast vlan_filtering_mode Purpose Used to show the multicast packet filtering mode for VLANs Format show m...

Page 164: ... entries by VLAN ID list vlan_name 32 Displays the entries for a specific VLAN Restrictions None Examples To show multicast filtering mode for ports DGS 3200 10 4 show multicast vlan_filtering_mode Command show multicast filtering_mode VLAN Name Multicast Filter Mode default forward_unregistered_groups DGS 3200 10 4 ...

Page 165: ...le mac_notification Purpose Used to enable global MAC address table notification on the switch Format enable mac_notification Description Enable global MAC address table notification on the switch Parameters None Restrictions You must have administrator privileges Examples To enable the MAC notification function DGS 3200 10 4 enable mac_notification Command enable mac_notification Success DGS 3200...

Page 166: ...to configure the switch s MAC address table notification global settings Format config mac_notification interval int 1 2147483647 historysize int 1 500 Description Used to configure the switch s MAC address table notification global settings Parameters Parameters Description interval The time in seconds between notifications historysize This is the maximum number of entries listed in the history l...

Page 167: ...ddress table notification status settings Parameters Parameters Description portlist all Specifiy a range of ports to be configured To set all ports in the system use the all parameter enable Enable the port s MAC address table notification disable Disable the port s MAC address table notification Restrictions You must have administrator privileges Examples To enable MAC address table notification...

Page 168: ...gs DGS 3200 10 4 show mac_notification Command show mac_notification Global Mac Notification Settings State Enabled Interval 1 History Size 500 DGS 3200 10 4 18 6 show mac_notification ports Purpose Used to display the port s MAC address table notification status settings Format show mac_notification ports portlist Description Used to display the port s MAC address table notification status settin...

Page 169: ... MAC address table notification status settings of all ports DGS 3200 10 4 show mac_notification ports Command show mac_notification ports Port MAC Address Table Notification State 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled DGS 3200 10 4 ...

Page 170: ... of their traffic also sent to a designated port where a network sniffer or other device can monitor the network traffic In addition you can specify that only traffic received by or sent by or both is mirrored to the target port Parameters Parameters Description port The port that will receive the packets duplicated at the mirror port add The mirror entry to be added delete The mirror entry to be ...

Page 171: ...on Format enable mirror Description This command combined with the disable mirror command below allows you to enter a port mirroring configuration into the switch and then turn the port mirroring on and off without having to modify the port mirroring configuration Note If the target port hasn t been set enable mirror will not be allowed Parameters None Restrictions You must have administrator priv...

Page 172: ... and then turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None Restrictions You must have administrator privileges Examples To disable mirroring configurations DGS 3200 10 4 disable mirror Command disalbe mirror Success DGS 3200 10 4 19 4 show mirror Purpose Used to show the current port mirroring configuration on the switch Format show mirro...

Page 173: ...t Managed Switch CLI Manual 173 Restrictions None Examples To display mirroring configuration DGS 3200 10 4 show mirror Command show mirror Current Settings Mirror Status Disabled Target Port 7 Mirrored Port RX TX 1 5 DGS 3200 10 4 ...

Page 174: ...lan_name delete portlist config vlan vlanid vlanid_list delete portlist config gvrp portlist all state enable disable ingress_checking enable disable acceptable_frame tagged_only admit_all pvid vlanid 1 4094 enable gvrp disable gvrp show vlan vlan_name 32 vlanid vlanid_list ports portlist show gvrp portlist enable pvid auto_assign disable pvid auto_assign show pvid auto_assign 20 1 create vlan Pur...

Page 175: ...r privileges Examples To create a VLAN with name v2 and VLAN ID 2 DGS 3200 10 4 create vlan v2 tag 2 type 1q_vlan advertisement Command create vlan v2 tag 2 type 1q_vlan advertisement Success DGS 3200 10 4 20 2 delete vlan Purpose Used to delete a previously configured VLAN on the switch Format delete vlan vlan_name delete vlan vlanid vlanid_list Description The delete vlan command deletes a previ...

Page 176: ... Description The config vlan add command allows you to add ports to the port list of a previously configured VLAN You can specifiy the additional ports as tagging untagging or forbidden The default is to assign the ports as untagging Parameters Parameters Description vlan_name 32 The name of the VLAN you want to add ports to vlan vlanid The VLAN ID of the VLAN you want to add ports to tagged Speci...

Page 177: ...nid_list delete portlist Description The config vlan delete command deletes one or more ports from a previously configured VLAN Parameters Parameters Description vlan_name 32 The name of the VLAN you want to delete ports from vlan vlanid The VLAN ID of the VLAN you want to delete ports from portlist Specifies a range of ports to be configured Restrictions You must have administrator privileges Exa...

Page 178: ... not the VLAN can t join dynamically Restrictions You must have administrator privileges Examples To enable the VLAN default advertisement DGS 3200 10 4 config vlan default advertisement enable Command config vlan default advertisement enable Success DGS 3200 10 4 20 6 config gvrp Purpose Used to set the ingress checking status and the sending and receiving of GVRP information Format config gvrp p...

Page 179: ...e admit_all Both tagged and untagged will be accepted pvid Specified the default VLAN will associated with the port Restrictions You must have administrator privileges Example To set the ingress checking status and send and receive GVRP information DGS 3200 10 4 config gvrp_5 state enable ingress_checking enable acceptable_ frame tagged_only pvid 2 Command config gvrp_5 state enable ingress_checki...

Page 180: ...nable gvrp Success DGS 3200 10 4 20 8 disable gvrp Purpose Used to disable the Generic VLAN Registration Protocol GVRP Format disable gvrp Description The disable gvrp command disables the Generic VLAN Registration Protocol GVRP Parameter None Restrictions You must have administrator privileges Example To disable the Generic VLAN Registration Protocol GVRP DGS 3200 10 4 disable gvrp Command disabl...

Page 181: ...n member status for each port Parameters Parameters Description vlan_name The name of the VLAN to be displayed vlandid The VLAN ID number to be displayed ports A range of ports for which you want to display VLAN The beginning and end of the port list range are separated by a dash Restrictions None Examples To display VLAN settings DGS 3200 10 4 show vlan Command show vlan VID 1 VLAN Name default V...

Page 182: ...rp command displays the GVRP status for a port list on the switch Parameters Parameters Description portlist Specifies a range of ports to be displayed If no parameter is specified the system will display GVRP information for all ports Restrictions None Example To display the 802 1q port setting for ports 1 through 6 DGS 3200 10 4 show gvrp 1 6 Command show gvrp 1 6 Global GVRP Enabled Port PVID G...

Page 183: ...anges explicitly The VLAN configuration will not automatically change PVID If Auto assign PVID is enabled PVID can be changed by PVID or VLAN configuration When a user configures a port to VLAN X s untagged membership this port s PVID will be updated with VLAN X In the form of VLAN list command PVID is updated with the last item of the VLAN list When a user removes a port from the untagged members...

Page 184: ...uration When a user configures a port to VLAN X s untagged membership this port s PVID will be updated with VLAN X In the form of VLAN list command PVID is updated with the last item of the VLAN list When a user removes a port from the untagged membership of the PVID s VLAN the port s PVID will be assigned with default VLAN The default setting is enabled Parameters None Restrictions You must have ...

Page 185: ...tch CLI Manual 185 Description This command displays the PVID auto assign state Parameters None Restrictions user level Example To display PVID auto assignment state DGS 3200 10 4 show pvid auto_assign PVID Auto assignment Enabled DGS 3200 10 4 ...

Page 186: ... dot1v ports portlis t 21 1 create dot1v_protocol_group Purpose To create a protocol group for the protocol VLAN function Format create dot1v_protocol_group group_id id group_name name Description Used to create a protocol group for the protocol VLAN function Parameters Parameters Description group_id The ID of the protocol group which is used to identify a set of protocols group_name The name of ...

Page 187: ...l Parameters Parameters Description group_id The ID of the protocol group which is used to identify a set of protocols group_name The name of the protocol group protocol_value The protocol vlaue is used to identify a protocol of the frame type specified Depending on the frame type the octet string will have one of the following values The form of the input is 0x0 to 0xffff For ethernet II this is ...

Page 188: ...to identify a protocol of the frame type specified Depending on the frame type the octet string will have one of the following values The form of the input is 0x0 to 0xffff For ethernet II this is a 16 bit 2 octet hex value Example IPv4 is 800 IPv6 is 86dd ARP is 806 and so on For IEEE802 3 SNAP this is this is a 16 bit 2 octet hex value Example IPv4 is 800 IPv6 is 86dd ARP is 806 and so on For IE...

Page 189: ...l configured protocol groups will be displayed group_name The name of the protocol group Restrictions None 21 6 config port dot1v Purpose Assign the VLAN for untagged packets ingress from the portlist based on the protocol group configured Format config port dot1v ports portlist all add protocol_group group_id id group_name name vlan vlan_name 32 vlanid vlanid priority value 0 7 delete protocol_gr...

Page 190: ...d with the packet which has been classified to the specified VLAN by the protocol Restrictions You must have administrator privileges 21 7 show port dot1v Purpose Displays the VLAN to be associated with untagged packet ingressed from a port based on the protocol group Format show port dot1v ports portlist Description Display the VLAN to be associated with untagged packet ingressed from a port base...

Page 191: ...n the switch Format create link_aggregation group_id value 1 5 type lacp static Description The create link_aggregation group_id command will create a link aggregation group Parameters Parameters Description group_id Specifies the group ID The group number identifies each of the groups The switch allows up to five link aggregation groups to be configured type Specifies the group type is belong to ...

Page 192: ...the groups The switch allows up to five link aggregation groups to be configured Restrictions You must have administrator privileges Example To delete a link aggregation group DGS 3200 10 4 delete link_aggregation group_id 3 Command delete link_aggregation group_id 3 Success DGS 3200 10 4 22 3 config link_aggregation Purpose Used to configure a previously created link aggregation group Format conf...

Page 193: ...k aggregation group If configuring an LACP group the ports state machine will start Restrictions You must have administrator privileges Example To define a load sharing group of ports group id 1 master port 7 DGS 3200 10 4 config link_aggregation group_id 1 master_port 7 ports 5 7 Command config link_aggregation group_id 1 master_port 7 ports 5 7 Success DGS 3200 10 4 22 4 config link_aggregation ...

Page 194: ...ion algorithm mac_source_dest Success DGS 3200 10 4 22 5 show link_aggregation Purpose Used to display the current link aggregation configuration on the switch Format show link_aggregation group_id value algorithm Description The show link_aggregation command will display the current link aggregation configuration of the switch Parameters Parameters Description group_id Specifies the group ID The ...

Page 195: ...k_aggregation Link Aggregation Algorithm MAC Source Dest Group ID 1 Type LACP Master Port 1 Member Port 1 8 Active Port 7 Status Enabled DGS 3200 10 4 Link aggregation group disabled DGS 3200 10 4 show link Command show link_aggregation Link Aggregation Algorithm MAC Source Dest Group ID 1 Type LACP Master Port 1 Member Port 1 8 Active Port Status Disabled DGS 3200 10 4 ...

Page 196: ... command config per port LACP mode Parameters Parameters Description portlist Specified a range of ports to be configured mode active passive If no parameter is specified the system will display current LACP and all port status Restrictions You must have administrator privileges Example To config port LACP mode DGS 3200 10 4 config lacp_port 1 10 mode active Command config lacp_port 1 10 mode acti...

Page 197: ...pecified a range of ports to be configured If no parameter is specified the system will display current LACP and all port status Restrictions None Example To show port LACP mode DGS 3200 10 4 show lacp_ports Command show lacp_ports Port Activity 1 Active 2 Active 3 Active 4 Active 5 Active 6 Active 7 Active 8 Active 9 Active 10 Active DGS 3200 10 4 ...

Page 198: ...egmentation command configures the traffic segmentation Parameters Parameters Description portlist Specifes a range of ports to be configured Specifies a range of port forwarding domains portlist Specifes a range of ports to be configured forward_list null Specifies a range of port forwarding domain is null Restrictions You must have administrator privileges The forwarding domain is restricted to ...

Page 199: ...affic segmentation table Parameters Parameters Description portlist Specifies a range of ports to be displayed If no parameter is specified the system will display all current traffic segmentation tables Restrictions None Example To display the traffic segmentation table DGS 3200 10 4 show traffic_segmentation Command show traffic_segmentation Traffic Segmentation Table Port Forward Portlist 1 1 1...

Page 200: ...min_state enable disable max_learning_addr max_lock_no 0 16 lock_address_mode Permanent DeleteOnTimeout DeleteOnReset Description The config port_security command includes admin state maximum learning address and lock address mode Parameters Parameters Description portlist Specifies a range of ports to be configured port number all All ports be configured admin_state allows the port security to be...

Page 201: ..._address_mode Permanent Command config port_security ports 6 admin_state enable max_learning_addr 16 lock_address_mode Permanent Success DGS 3200 10 4 25 2 delete port_security_entry Purpose Used to delete a port security entry by MAC address port number and VLAN ID Format delete port_security_entry vlan_name vlan_name 32 port port mac_address macaddr Description Used to delete a port security ent...

Page 202: ...port_security_entry Purpose Used to clear the MAC entries learned from the specified port s for the port security function Format clear port_security_entry port portlist Description Used to clear the MAC entries learned from the specified port s for the port security function Parameters Parameters Description portlist Specifies a range of ports to be configured UnitID port number Restrictions You ...

Page 203: ...um number of learning addresses and the lock mode Parameters None Restrictions None Examples To display the port security information of switch ports DGS 3200 10 4 show port_security ports 1 6 Command show port_security ports 1 6 Port_security Trap Log Enabled Port Admin State Max Learning Addr Lock Address Mode 1 Disabled 1 DeleteOnReset 2 Disabled 1 DeleteOnReset 3 Disabled 1 DeleteOnReset 4 Dis...

Page 204: ...estrictions You must have administrator privileges Example To enable a port security trap DGS 3200 10 4 enable port_security trap_log Command enable port_security trap_log Success DGS 3200 10 4 25 6 disable port_security trap_log Purpose Used to disable a port security trap log Format disable port_security trap_log Description If the port_security trap is disabled no trap will be sent out for MAC ...

Page 205: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 205 DGS 3200 10 4 disable port_security trap_log Command disable port_security trap_log Success DGS 3200 10 4 ...

Page 206: ...MAC based VLAN entry When an entry is created for a port the port will automatically become the untagged member port of the specificed VLAN When a static MAC based VLAN entry is created for a user the traffic from this user will be able to be serviced under the specified VLAN regardless of the authentiucation function operated on this port There is a global limitation of the maximum entries suppor...

Page 207: ...dress The MAC address vlan The VLAN to be associated with the MAC address Restrictions You must have administrator privileges 26 3 show mac_based_vlan Purpose Used to delete the static MAC based VLAN entry Format show mac_based_vlan mac_address macaddr vlan vlan_name 32 Description User can use this command to display the static MAC based VLAN entry Parameters Parameters Description mac_address vl...

Page 208: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 208 VI IP The IP section includes the following chapters Basic IP Auto Config Routing Table ARP and Loopback Detection ...

Page 209: ...dress vlan vlan_name state enable disable bootp dhcp ipv6 ipv6address ipv6networkaddr Description The config ipif command configures the specified IP interface Parameters Parameters Description ipif_name The name of the IP interface vlan_name The name of the VLAN corresponding to the System IP interface network_address The IP address and netmask of th IP interface to be created You can specify the...

Page 210: ...mand creates an IP interface for IPv6 only This interface can only be configured with an IPv6 address Because only one IPV6 interface is supported when the System interface already has some IPV6 addresses executing this command will fail Note The Switch only supports one IP interface for IPV6 addresses Parameters Parameters Description ipif_name The name of the interface network_address This param...

Page 211: ...n Delete an IPv6 interface or an IPv6 address from the specifed interface by using this command Parameters Parameters Description ipif_name The name of the interface ipv6networkaddr The IPv6 network address which want to be deleted by administrator all All IP interface except the System IP interface will be deleted Restrictions You must have administrator privileges Examples To delete interface in...

Page 212: ...ing will be started when the IPv6 address is explicitly configured on the IPIF Parameters Parameters Description ipif_name The name of the interface all All the IP interface Restrictions You must have administrator privileges Examples Enable the state for an interface DGS 3200 10 4 enable ipif interface1 Command enable ipif interface1 Success DGS 3200 10 4 27 5 disable ipif Purpose To disable the ...

Page 213: ...s To disable the state for an interface DGS 3200 10 4 disable ipif interface1 Command disable ipif interface1 Success DGS 3200 10 4 27 6 show ipif Purpose Used to display IP interface settings Format show ipif ipif_name 12 Description The show ipif command displays IP interface settings Parameters Parameters Description ipif_name The name of the interface Restrictions None Examples To display IP i...

Page 214: ...6_link_local_auto ipif_name 12 all Description Enable the auto configuration of link local address when there are no IPv6 addresses explicitly configured When an IPv6 address is explicitly configured the link local address will be automatically configured and the IPv6 processing will be started When there is no IPv6 address explicitly configured by default link local address is not configured and ...

Page 215: ...guration of link local address when no IPv6 address is configured Format disable ipif_ipv6_link_local_auto ipif_name 12 all Description Disable the auto configuration of link local address when no IPv6 address is explicitly configured Parameters Parameters Description ipif_name The name of the interface all All the IP interface Restrictions You must have administrator privileges Examples Disable t...

Page 216: ...e link local address automatic configuration state Format show ipif_ipv6_link_local_auto ipif_name 12 Description Use this command to display the link local address automatic configuration state Parameters Parameters Description ipif_name The name of the interface Restrictions None Examples Show interface s information ...

Page 217: ...configuration status Format show autoconfig Description Show DHCP auto configuration status Restrictions None Example To display the DHCP auto configuration status DGES 3200 10 4 show autoconfig Command show autoconfig Autoconfig State Disabled DGS 3200 10 4 28 2 enable autoconfig Purpose Used to enable DHCP auto configuration Format enable autoconfig Description Enables DHCP auto configuration ...

Page 218: ...autoconfig Command enable autoconfig Success DGS 3200 10 4 28 3 disable autoconfig Purpose Used to disable DHCP auto configuration Format disable autoconfig Description Disable DHCP auto configuration Restrictions Administrator Level Example To disablee DHCP auto configuration status DGS 3200 10 4 disable autoconfig Command disable autoconfig Success DGS 3200 10 4 ...

Page 219: ...iproute Purpose Used to create a default IP route entry Format create iproute default ipaddr metric 1 65535 Description The create iproute command creates a default IP route entry Parameters Parameters Description ipaddr The IP address for the next hop router metric The default setting is 1 That is the default hop cost is 1 Restrictions You must have administrator privileges Examples To add a stat...

Page 220: ... None Restrictions You must have administrator privileges Examples To delete a default route from the routing table DGS 3200 10 4 delete iproute default Command delete iproute default Success DGS 3200 10 4 29 3 show iproute Purpose Used to display the switch s current IP routing table Format show iproute static Description The show iproute command displays the switch s current IP routing table Par...

Page 221: ...Purpose To create an IPv6 default route Format create ipv6route default ipif_name 12 ipv6addr ipv6addr metric 1 65535 Description Used to create an IPv6 static route If the next hop is a global address it is not necessary to indicate the interface name If the next hop is a link local address then the interface name must be specified Parameters Parameters Description default Specifies the default r...

Page 222: ...to delete an IPv6 static route If the next hop is a global address it is not necessary to indicate the interface name If the next hop is a link local address then the interface name must be specified Parameters Parameters Description default Specifies the default route ipv6addr Specify the next hop address for the default route all All static created routes will be deleted Restrictions You must ha...

Page 223: ...splay IPv6 routes Format show ipv6route Description Used to display IPv6 routes Parameters None Restrictions None Examples To display an IPv6 route DGS 3200 10 4 show ipv6route Command show ipv6route IPv6 Prefix 0 Protocol Static Metric 1 Next Hop FEC0 5 IPIF System Total Entries 1 DGS 3200 10 4 ...

Page 224: ...dr macaddr Description The create arpentry command is used to enter an IP address and the corresponding MAC address into the switch s ARP table Parameters Parameters Description ipaddr The IP address of the end node or station macaddr The MAC address corresponding to the IP address above Restrictions You must have administrator privileges Examples To create a static ARP entry for the IP address 10...

Page 225: ...itch s ARP table Parameters Parameters Description ipaddr The IP address of the end node or station all Deletes all ARP entries Restrictions You must have administrator privileges Examples To delete an entry of IP address 10 48 74 121 from the ARP table DGS 3200 10 4 delete arpentry 10 48 74 121 Command delete arpentry 10 48 74 121 Success DGS 3200 10 4 30 3 config arpentry Purpose Used to configu...

Page 226: ...0 48 74 121 00 50 BA 00 07 36 Command config arpentry 10 48 74 121 00 50 BA 00 07 36 Success DGS 3200 10 4 30 4 config arp_aging time Purpose Used to configure the age out timer for ARP table entries on the switch Format config arp_aging time value 0 65535 Description The config arp_aging time command sets the maximum amount of time in minutes that a ARP entry can remain in the switch s ARP table ...

Page 227: ...cription The show arpentry command displays the Address Resolution Protocol ARP table You can filter the display by IP address Interface name or static entries Parameters Parameters Description ipif_name The name of the IP interface the end node or station for which the ARP table entry was made resides on ipaddr The IP address of the end node or station static Displays the static entries to the AR...

Page 228: ... 255 FF FF FF FF FF FF Local Broadcast Total Entries 3 DGS 3200 10 4 30 6 clear arptable Purpose Used to remove dynamic entries in the ARP table Format clear arptable Description The clear arptable command removes dynamic entries in the ARP table Static ARP entries are not affected Parameters None Restrictions You must have administrator privileges Examples To remove the dynamic entries in the ARP...

Page 229: ...ion function LBD for the entire switch Parameters Parameters Description recover_timer The time interval in seconds used by the Auto Recovery mechanism to decide how long to check if the loop status is gone The valid range is 60 to 1000000 Zero is a special value which means to disable the auto recovery mechanism hence user need to recover the disabled port back manually Default value of recover_t...

Page 230: ...ure loop back detection function for the port on the switch Format config loopdetect ports portlist all state enable disable Description The config loopdetect port command is used to setup the loop back detection function for the interface on the switch Parameters Parameters Description portlist all Specifies a range of ports to be configured For set all ports in the system you may use all paramet...

Page 231: ...tch Format enable loopdetect Description The enable loopdetect command allows the Loop Detection Function to be globally enabled on the switch The default value is enabled Parameters None Restrictions You must have administrator privileges Examples To enable the loopdetect DGS 3200 10 4 enable loopdetect Command enable loopdetect Success DGS 3200 10 4 31 4 disable loopdetect Purpose Used to global...

Page 232: ...one Restrictions You must have administrator privileges Examples To disable loopdetect DGS 3200 10 4 disable loopdetect Command disable loopdetect Success DGS 3200 10 4 31 5 show loopdetect Purpose Used to display the switch s current loopdetect configuration Format show loopdetect Description The show loopdetect command displays the switch s current loopdetect configuration Parameters None Restri...

Page 233: ...he switch s current per port loopdetect configuration Format show loopdetect ports all portlist Description The show loopdetect ports command displays the switch s current per port loopdetect configuration and status Parameters Parameters Description portlist Specifies a range of ports to be displayed all System will display all ports loopdetect information Restrictions None Examples To display th...

Page 234: ...4 Enabled Normal 5 Enabled Loop 6 Enabled Normal 7 Enabled Loop 8 Enabled Normal 9 Enabled Normal DGS 3200 10 4 To display loopdetect state of port 1 9 under VLAN based mode DGS 3200 10 4 show loopdetect ports 1 9 Command show loopdetect ports 1 9 Port Loopdetect State Loop VLAN 1 Enabled None 2 Enabled None 3 Enabled None 4 Enabled None 5 Enabled 2 6 Enabled None 7 Enabled 2 8 Enabled None 9 Enab...

Page 235: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 235 VII Multicast The Multicast section includes the following chapters IGMP Snooping MLD Snooping and Limited Multicast IP Address ...

Page 236: ... 32 vlanid vlanid_list show igmp_snooping group vlan vlan_name 32 vlanid vlanid_list show router_ports vlan vlan_name 32 vlanid vlanid_list static dynamic forbidden 32 1 config igmp_snooping Purpose Used to configurer IGMP snooping on the switch Format config igmp_snooping vlan_name vlan_name 32 vlanid vlanid_list all host_timeout sec 1 16711450 router_timeout sec 1 16711450 leave_timer sec 1 1671...

Page 237: ...50 state enable Command config igmp_snooping default host_timeout 250 state enable fast_leave enable Success DGS 3200 10 4 32 2 config igmp_snooping querier Purpose Used to configure the the time in seconds between general query transmissions the maximum time in seconds to wait for reports from members the permitted packet loss that guarantees IGMP snooping Format config igmp_snooping querier vlan...

Page 238: ...mes there are no local members of a group The default number is the value of the robustness variable By default the robustness variable is set to 2 You might want to increase this value if you expect a subnet to be lossy last_member_query_interval The maximum amount of time between group specific query messages including those sent in response to leave group messages You might lower this interval ...

Page 239: ...t config router_ports vlan_name 32 add delete portlist Description The config router_ports command allows you to designate a range of ports as being connected to multicast enabled routers This will ensure that all packets with such a router as its destination will reach the multicast enabled router regardless of protocol etc Parameters Parameters Description vlan_name The name of the VLAN on which...

Page 240: ...ange of ports as being not connected to multicast enabled routers This ensures that the forbidden router port will not propagate routing packets out Parameters Parameters Description vlan_name The name of the VLAN on which the router port resides add delete Specifies to add or delete the router ports portlist Specifies a range of ports to be configured Restrictions You must have administrator priv...

Page 241: ...leges Examples To enable IGMP snooping on the switch DGS 3200 10 4 enable igmp_snooping Command enable igmp_snooping Success DGS 3200 10 4 32 6 disable igmp_snooping Purpose Used to disable IGMP snooping on the switch Format disable igmp_snooping Description The disable igmp_snooping command disables IGMP snooping on the switch IGMP snooping can be disabled only if IP multicast routing is not bein...

Page 242: ...how the current status of IGMP snooping on the switch Format show igmp_snooping vlan vlan_name 32 vlanid vlanid_list Description The show igmp_snooping command will display the current IGMP snooping configuration on the switch Parameters Parameters Description vlan_name The name of the VLAN for which you want to view the IGMP snooping configuration If no parameter is specified the system will disp...

Page 243: ... Disabled Version 3 Total Entries 1 DGS 3200 10 4 32 8 show igmp_snooping group Purpose Used to display the current IGMP snooping group configuration on the switch Format show igmp_snooping group vlan vlan_name 32 vlanid vlanid_list Description The show igmp_snooping group command displays the current IGMP snooping group configuration on the switch Parameters Parameters Description vlan_name The n...

Page 244: ...e Group 10 0 0 2 225 0 0 2 VLAN Name VID default 1 Member Ports 3 Filter Mode EXCLUDE Source Group NULL 225 0 0 5 VLAN Name VID default 1 Member Ports 4 5 Filter Mode EXCLUDE Total Entries 3 DGS 3200 16 4 32 9 show router_ports Purpose Used to display the currently configured router ports on the switch Format show router_ports vlan vlan_name 32 vlanid vlanid_list static dynamic forbidden Descripti...

Page 245: ...ered forbidden Displays forbidden router ports that have been statically configured If no parameter is specified the system will display all currently configured router ports on the switch Restrictions None Examples To display the router ports DGS 3200 10 4 show router_ports Command show router_ports VLAN Name default Static router port 1 7 Dynamic router port Forbidden router port VLAN Name vlan2...

Page 246: ...p vlan vlan_name 32 vlanid vlanid show mld_snooping mrouter_ports vlan vlan_name 32 vlanid vlanid_list static dynamic forbidden 33 1 config mld_snooping Purpose Used to configurer MLD snooping on the switch Format config mld_snooping vlan_name 32 vlanid vlanid_list all node_timeout sec 1 16711450 router_timeout sec 1 16711450 done_timer sec 1 16711450 state enable disable fast_done enable disable ...

Page 247: ...fig mld_snooping querier Purpose Used to configure the time in seconds between general query transmissions the maximum time in seconds to wait for reports from listeners the permitted packet loss that guarantees MLD snooping Format config mld_snooping querier vlan_name 32 vlanid vlanid_list all query_interval sec 1 65535 max_response_time sec 1 25 robustness_variable value 1 255 last_listener_quer...

Page 248: ...interval Last listener query count Number of group specific queries sent before the router assumes there are no local listeners of a group The default number is the value of the robustness variable By default the robustness variable is set to 2 You might want to increase this value if you expect a subnet to be lossy last_listener_query_interval The maximum amount of time between group specific que...

Page 249: ...ticast enabled routers This will ensure that all packets with such a router as its destination will reach the multicast enabled router regardless of protocol etc Parameters Parameters Description vlan_name The name of the VLAN on which the router port resides add delete Specifies to add or delete the router ports portlist Specifies a range of ports to be configured UnitID port number Restrictions ...

Page 250: ...ame The name of the VLAN on which the router port resides add delete Specifies to add or delete the router ports portlist Specifies a range of ports to be configured Restrictions You must have administrator privileges Example To set up static router ports DGS 3200 10 4 config mld_snooping mrouter_ports_forbidden default add 1 10 Command config mld_snooping mrouter_ports_forbidden default add 1 10 ...

Page 251: ...g on the switch Format disable mld_snooping Description The disable mld_snooping command disables MLD snooping on the switch MLD snooping can be disabled only if IPv6 multicast routing is not being used Disabling MLD snooping allows all MLD and IPv6 multicast traffic to flood within a given IPv6 interface Parameters None Restrictions You must have administrator privileges Example To disable MLD sn...

Page 252: ...ion vlan_name The name of the VLAN for which you want to view the MLD snooping configuration If no parameter is specified the system will display all current MLD snooping configurations Restrictions None Example To show MLD snooping DGS 3200 10 4 show mld_snooping Command show mld_snooping MLD Snooping Global State Disabled VLAN Name default Query Interval 125 Max Response Time 10 Robustness Value...

Page 253: ...d displays the current MLD snooping group configuration on the switch Parameters Parameters Description vlan_name The name of the VLAN for which you want to view MLD snooping group configuration information If no parameter is specified the system will display all current MLD group snooping configuration of the switch Restrictions None Examples To show MLD snooping group DGS 3200 10 4 show mld_snoo...

Page 254: ...ng mrouter_ports vlan vlan_name 32 vlanid vlanid_list static dynamic forbidden Description The show mld_snooping mrouter_ports command displays the currently configured router ports on the switch Parameters Parameters Description vlan_name The name of the VLAN on which the router port resides static Displays router ports that have been statically configured dynamic Displays router ports that have ...

Page 255: ...er ports DGS 3200 10 4 show mld_snooping mrouter_ports Command show mld_snooping mrouter_ports VLAN Name default Static mrouter port 1 10 Dynamic mrouter port Forbidden mrouter port VLAN Name vlan2 Static mrouter port Dynamic mrouter port Forbidden mrouter port Total Entries 2 DGS 3200 10 4 ...

Page 256: ...elete profile_id value 1 24 profile_name name access permit deny show limited_multicast_addr ports portlist config max_mcast_group ports portlist max_group value 1 256 show max_mcast_group ports ports portlist 34 1 create mcast_filter_profile Purpose This command creates a multicast address profile Format create mcast_filter_profile profile_id value 1 24 name Description This command configures a ...

Page 257: ...d deletes a range of multicast IP addresses previously defined Parameters Parameters Description profile_id The ID of the profile profile_name Provides a meaningful description for the profile mcast_address_list List of the multicast addresses to be put in the profile You can either specifiy a single multicast IP address or a rane of multicast addresses using Restrictions You must have administrat...

Page 258: ...You must have administrator privileges Examples DGS 3200 10 4 delete mcast_filter_profile profile_id 3 Command delete mcast_filter_profile profile_id 3 Success DGS 3200 10 4 34 4 show mcast_filter_profile Purpose This command displays the defined multicast address profiles Format show mcast_filter_profile profile_id value 1 24 Description This command displays the defined multicast address profile...

Page 259: ...id vlanid_list add delete profile_id value 1 24 access permit deny Description Used to configure the multicast address filtering function on a port or vlan When there are no profiles specified with a port or VLAN the limited function is not effective When the function is configured on a port it limits the multicast group operated by the IGMP snooping function and layer 3 function When the function...

Page 260: ... 3 add profile_id 2 Command config limited_multicast_addr ports 1 3 add profile_id 2 Success DGS 3200 10 4 34 6 show limited multicast addr Purpose Used to show per port Limited IP multicast address range Format show limited_multicast_addr ports portlist Description The show limited_multicast_addr command allows you to show multicat address range by ports or by VLANs When the function is configure...

Page 261: ... Name Multicast Addresses 1 customer 224 19 62 34 224 19 162 200 Port 3 Access Deny Profile ID Name Multicast Addresses 1 customer 224 19 62 34 224 19 162 200 DGS 3200 10 4 34 7 config max_mcast_group Purpose This command configures the maximum number of multicast groups a port can join Format config max_mcast_group ports portlist max_group value 1 256 Description This command configures the maxim...

Page 262: ...amples DGS 3200 10 4 config max_mcast_group ports 1 3 max_group 100 Command config max_mcast_group ports 1 3 max_group 100 Success DGS 3200 10 4 34 8 show max_mcast_group Purpose This command displays the maximum number of multicast groups that a port can join Format show max_mcast_group ports portlist Description This command display the max number of multicast groups that a port can join Paramet...

Page 263: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 263 DGS 3200 10 4 show max_mcast_group ports 1 Command show max_mcast_group ports 1 Port Max Multicast Group Number 1 100 3 100 DGS 3200 10 4 ...

Page 264: ...bit Managed Switch CLI Manual 264 VIII Security The Security section includes the following chapters 802 1X Access Authentication Control SSL SSH IP MAC Port Binding IMPB Web based Access Control MAC based Access Control and JWAC ...

Page 265: ...ig 802 1x init port_based ports auth_portlist all mac_based ports portlist all mac_address macaddr config 802 1x reauth port_based ports auth_portlist all mac_based ports auth_portlist all mac_address macaddr create 802 1x guest_vlan vlan_name 32 delete 802 1x guest_vlan vlan_name 32 config 802 1x guest_vlan ports auth_portlist all state enable disable show 802 1x guest_vlan config radius add serv...

Page 266: ...tion The enable 802 1x command enables 802 1x function Parameters None Restrictions You must have administrator privileges Examples To enable the 802 1x function DGS 3200 10 4 enable 802 1x Command enable 802 1x Success DGS 3200 10 4 35 2 disable 802 1x Purpose Used to disable the 802 1x function Format disable 802 1x Description The disable 802 1x command disables the 802 1x function ...

Page 267: ...isable 802 1x Command disable 802 1x Success DGS 3200 10 4 35 3 create 802 1x user Purpose Used to create the 802 1x user Format create 802 1x user username 15 Description The create 802 1x user command creates a 802 1x user Parameters Parameters Description username Specifies adding a user name Restrictions You must have administrator privilege Examples To create a user named ctsnow ...

Page 268: ...0 10 4 35 4 delete 802 1x user Purpose Used to delete a 802 1x user Format delete 802 1x user username 15 Description The delete 802 1x user command delete specified user Parameters Parameters Description username Specifies deleting a user name Restrictions You must have administrator privilege Examples To delete user named Tiberius DGS 3200 10 4 delete 802 1x user Tiberius Command delete 802 1x u...

Page 269: ...n Parameters None Restrictions None Examples To display the 802 1x user information DGS 3200 10 4 show 802 1x user Command show 802 1x user Current Accounts UserName Password ctsnow ctsnow Total Entries 1 DGS 3200 10 4 35 6 config 802 1x auth_protocol Purpose Used to cofig the 802 1x auth protocol Format config 802 1x auth_protocol local radius_eap Description The config 802 1x auth_protocol comma...

Page 270: ...config 802 1x auth_protocol radius_eap Success DGS 3200 10 4 35 7 show 802 1x Purpose Used to display the 802 1x state or configurations Format show 802 1x auth_state auth_configuration ports portlist Description The show 802 1x command displays the 802 1x state or configurations Parameters Parameters Description auth_state Used to display 802 1x authentication state machine of some or all ports a...

Page 271: ...d 4 ForceAuth Success Authorized 5 ForceAuth Success Authorized DGS 3200 10 4 To display the 802 1x configurations DGS 3200 10 4 show 802 1x auth_configuration ports 1 Command show 802 1x auth_configuration ports 1 802 1X Enabled Authentication Mode Port_based Authentication Protocol Radius_Eap Port number 1 Capability None AdminCrlDir Both OpenCrlDir Both Port Control Auto QuietPeriod 60 sec TxPe...

Page 272: ...enticator role none Allows the flow of PDUs via the Port Restrictions You must have administrator privileges Examples To configure the port capability DGS 3200 10 4 config 802 1x capability ports 1 10 authenticator Command config 802 1x capability ports 1 10 authenticator Success DGS 3200 10 4 35 9 config 802 1x auth_parameter Purpose Used to configure the parameters that control the operation of ...

Page 273: ... It is the initialization value of the quietWhile timer The default value is 60 s and can be any value from 0 to 65535 tx_period It is the initialization value of the txWhen timer The default value is 30 s and can be any value from 1 to 65535 supp_timeout The initialization value of the aWhile timer when timing out the supplicant Its default value is 30 s and can be any value from 1 to 65535 serve...

Page 274: ...n mode Format config 802 1x auth_mode port_based mac_based Description The config 802 1x auth_mode command configures the authentication mode Parameters Parameters Description port_based Configure the authentication as port based mode mac_based Configure the authentication as MAC based mode Restrictions You must have administrator privileges Examples To configure the authentication mode DGS 3200 1...

Page 275: ...l ports mac_address MAC address of the client Restrictions You must have administrator privileges Examples To initialize the authentication state machine of some or all DGS 3200 10 4 config 802 1x init port_based ports all Command config 802 1x init port_based ports all Success DGS 3200 10 4 35 12 config 802 1x reauth Purpose Used to reauthenticate the device connected with the port Format config ...

Page 276: ... Restrictions You must have administrator privileges Examples To reauthenticate the device connected with the port DGS 3200 10 4 config 802 1x reauth port_based ports all Command config 802 1x reauth port_based ports all Success DGS 3200 10 4 35 13 create 802 1x guest_vlan Purpose Used to assign a static VLAN to be a guest VLAN Format create 802 1x guest_vlan vlan_name 32 Description The create 80...

Page 277: ...14 delete 802 1x guest_vlan Purpose Used to delete a guest VLAN configuration Format delete 802 1x guest_vlan vlan_name 32 Description The delete 802 1x guest_vlan command will delete a guest VLAN setting but not delete the static VLAN Parameter Parameters Description vlan_name 32 The guest VLAN name Restrictions You must have administrator privileges All ports which are enabled as guest VLAN will...

Page 278: ...tate Specify the guest VLAN port state of the configured ports enable join to the guest VLAN disable remove from guest VLAN Restrictions You must have administrator privileges If the specific port state is changed from the enabled state to the disabled state this port will move to its original VLAN Example DGS 3200 10 4 config 802 1x guest_vlan ports 1 8 state enable Command config 802 1x guest_vl...

Page 279: ...o add a new RADIUS server The server with a lower index has higher authenticative priority Format config radius add server_index 1 3 server_ip ipv6addr key passwd 32 default auth_port udp_port_number 1 65535 acct_port udp_port_number 1 65535 timeout int 1 255 retransmit int 1 255 Description The config radius add command adds a new RADIUS server Parameters Parameters Description server_index The R...

Page 280: ...tch and the RADIUS server The range is 1 to 65535 timeout int 1 255 The time in second for waiting server reply The default value is 5 seconds retransmit int 1 255 The count for re transmit The default value is 2 Restrictions You must have administrator privileges Examples To add a new RADIUS server DGS 3200 10 4 config radius add 1 10 48 74 121 key dlink default Command config radius add 1 10 48 ...

Page 281: ...ion server_index The RADIUS server index server_ip The IP address of the RADIUS server ipv6addr The IPv6 address key The IPv6 address of the RADIUS server passwd The key pre negotiated between the switch and the RADIUS server It is used to encrypt user s authentication data before being transmitted over the Internet The maximum length of the key is 32 auth_port Specifies the UDP port number which ...

Page 282: ... 10 48 74 121 key dlink default Success DGS 3200 10 4 35 20 show radius Purpose Used to display RADIUS server configurations Format show radius Description The show radius command displays RADIUS server configurations Parameters None Restrictions None Examples To display RADIUS server configurations DGS 3200 10 4 show radius Command show radius Index 1 IP Address fe80 fec0 56ab 34b0 20b2 6aff fecf...

Page 283: ...211 108 Auth Port 1812 Acct Port 1813 Timeout 5 Retransmit 2 Key adfdslkfjefiefdkgjdassdwtgjk6y1w DGS 3200 10 4 35 21 show auth_statistics Purpose Used to display authenticator statistics information Format show auth_statistics ports portlist Description The show auth_statistics command displays authenticator statistics information Parameters Parameters Description portlist Specifies a range of po...

Page 284: ...olReqFramesTx 0 EapolRespIdFramesRx 0 EapolRespFramesRx 0 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 0 LastEapolFrameSource 00 00 00 00 00 00 DGS 3200 10 4 35 22 show auth_diagnostics Purpose Used to display authenticator diagnostics information Format show auth_ diagnostics ports auth_portlist Description The show auth_ diagnostics command displays authenticator diagnos...

Page 285: ...nticating 0 EapStartsWhileAuthenticating 0 EapLogoffWhileAuthenticating 0 ReauthsWhileAuthenticated 0 EapStartsWhileAuthenticated 0 EapLogoffWhileAuthenticated 0 BackendResponses 0 BackendAccessChallenges 0 BackendOtherRequestsToSupplicant 0 BackendNonNakResponsesFromSupplicant 0 BackendAuthSuccesses 0 BackendAuthFails 0 DGS 3200 10 4 35 23 show auth_session_statistics Purpose Used to display auth...

Page 286: ...cs ports 1 Command show auth_session_statistics ports 1 Port number 1 SessionOctetsRx 0 SessionOctetsTx 0 SessionFramesRx 0 SessionFramesTx 0 SessionId SessionAuthenticMethod Remote Authentication Server SessionTime 0 SessionTerminateCause SupplicantLogoff SessionUserName DGS 3200 10 4 35 24 show auth_client Purpose Used to display authentication client information Format show auth_client Descript...

Page 287: ... 0 radiusAuthClientServerPortNumber X radiusAuthClientRoundTripTime 0 radiusAuthClientAccessRequests 0 radiusAuthClientAccessRetransmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radiusAuthClientPendingRequests 0 radiusAuthClientTimeouts 0 radiusAuthClientUn...

Page 288: ... radiusAuthClientTimeouts 0 radiusAuthClientUnknownTypes 0 radiusAuthClientPacketsDropped 0 radiusAuthClient radiusAuthClientInvalidServerAddresses 0 radiusAuthClientIdentifier D Link radiusAuthServerEntry radiusAuthServerIndex 3 radiusAuthServerAddress 0 0 0 0 radiusAuthClientServerPortNumber X radiusAuthClientRoundTripTime 0 radiusAuthClientAccessRequests 0 radiusAuthClientAccessRetransmissions ...

Page 289: ...nt information Parameters None Restrictions None Examples To display account client information DGS 3200 10 4 show acct_client Command show acct_client radiusAcctClient radiusAcctClientInvalidServerAddresses 0 radiusAcctClientIdentifier D Link radiusAuthServerEntry radiusAccServerIndex 1 radiusAccServerAddress 0 0 0 0 radiusAccClientServerPortNumber X radiusAccClientRoundTripTime 0 radiusAccClient...

Page 290: ...rIndex 2 radiusAccServerAddress 0 0 0 0 radiusAccClientServerPortNumber X radiusAccClientRoundTripTime 0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0 radiusAcctClient ...

Page 291: ...0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0 DGS 3200 10 4 ...

Page 292: ... show authen_enable default method_list_name string 15 all config authen application console telnet ssh http all login enable default method_list_name string 15 show authen application create authen server_group string 15 config authen server_group tacacs xtacacs tacacs radius string 15 add delete server_host ipaddr protocol tacacs xtacacs tacacs radius delete authen server_group string 15 show au...

Page 293: ...ion is enabled the device will adopt the login authentication method list to authenticate the user for login and adopt the enable authentication mothod list to authenticate the enable password for promoting the user s privilege to Admin level Parameters None Restrictions You must have administrator privilege Examples To enable system access authentication policy DGS 3200 10 4 enable authen_policy ...

Page 294: ... to Admin level Parameters None Restrictions You must have administrator privilege Examples To disable system access authentication policy DGS 3200 10 4 disable authen_policy Command disable authen_policy Success DGS 3200 10 4 36 3 show authen_policy Purpose Used to display whether system access authentication policy is enabled or disabled Format disable authen_policy Description Displays whether ...

Page 295: ...ned method list of authentication methods for user login The maximum supported number of the login method lists is eight Parameters Parameters Description string 15 The user defined method list name Restrictions You must have administrator privilege Examples To create a user defined method list for user login DGS 3200 10 4 create authen_login method_list_name login_list_1 Command create authen_log...

Page 296: ... to authenticate this user When a user logs in to the device successfully while using methods like TACACS XTACACS TACACS RADIUS built in or user defined server groups or none the user privilege level is assigned only If a user wants to get admin privilege level the user must use the enable admin command to promote his privilege level But when the local method is used the privilege level will depen...

Page 297: ...defined method list of authentication methods for user login Format delete authen_login method_list_name string 15 Description Delete a user defined method list of authentication methods for user login Parameters Parameters Description string 15 The user defined method list name Restrictions You must have administrator privilege Examples To delete a user defined method list for user login DGS 3200...

Page 298: ...ng 15 Display the specific user defined method list for user login all Display all method lists for user login Restrictions None Examples To display a user defined method list for user login DGS 3200 10 4 show authen_login method_list_name login_list_1 Command show authen_login method_list_name login_list_1 Method List Name Priority Method Name Comment login_list_1 1 tacacs Built in Group 2 tacacs...

Page 299: ...e authen_enable method_list_name enable_list_1 Command create authen_enable method_list_name enable_list_1 Success DGS 3200 10 4 36 9 config authen_enable Purpose Used to configure a user defined or default method list of authentication methods for promoting a user s privilege to Admin level Format config authen_enable default method_list_name string 15 method tacacs xtacacs tacacs radius server_g...

Page 300: ...default The default method list of authentication methods method_list_name string 15 The user defined method list of authentication methods tacacs Authentication by the built in server group tacacs xtacacs Authentication by the built in server group xtacacs tacacs Authentication by the built in server group tacacs radius Authentication by the built in server group radius server_group string 15 Aut...

Page 301: ...g 15 The user defined method list name Restrictions You must have administrator privilege Examples To delete a user defined method list for promoting a user s privilege to Admin level DGS 3200 10 4 delete authen_enable method_list_name enable_list_1 Command delete authen_enable method_list_name enable_list_1 Success DGS 3200 10 4 36 11 show authen_enable Purpose Used to display the method list of ...

Page 302: ... To display all method lists for promoting a user s privilege to Admin level DGS 3200 10 4 show authen_enable all Command show authen_enable all Method List Name Priority Method Name Comment enable_list_1 1 tacacs Built in Group 2 tacacs Built in Group 3 mix_1 User defined Group 4 local Keyword enable_list_2 1 tacacs Built in Group 2 radius Built in Group Total Entries 2 DGS 3200 10 4 36 12 config...

Page 303: ...Select the method list of authentication methods for promoting user s privilege to Admin level default The default method list method_list_name string 15 The user defined method list name Restrictions You must have administrator privilege Examples To configure the login method list for Telnet DGS 3200 10 4 config authen application telnet login method_list_name login_list_1 Command config authen a...

Page 304: ...ist Enable Method List Console default default Telnet login_list_1 default HTTP default default DGS 3200 10 4 36 14 create authen server_group Purpose Used to create a user defined authentication server group Format create authen server_group string 15 Description Create a user defined authentication server group The maximum supported number of server groups including built in server groups is eig...

Page 305: ...host to or from the specified server group Built in server group tacacs xtacacs tacacs and radius accept the server host with the same protocol only but user defined server group can accept server hosts with different protocols The server host must be created first by using the CLI command create authen server_host Parameters Parameters Description server_group tacacs The built in server group tac...

Page 306: ... authen server_group mix_1 add server_host 10 1 1 222 protocol tacacs Command config authen server_group mix_1 add server_host 10 1 1 222 protocol ta cacs Success DGS 3200 10 4 36 16 delete authen server_group Purpose Used to delete a user defined authentication server group Format delete authen server_group string 15 Description Delete a user defined authentication server group Parameters Paramet...

Page 307: ...up string 15 Description Display the authentication server groups Parameters Parameters Description string 15 The built in or user defined server group name Restrictions None Examples To display all authentication server groups DGS 3200 10 4 show authen server_group Command show authen server_group Server Group mix_1 Group Name IP Address Protocol mix_1 10 1 1 222 TACACS radius 10 1 1 224 RADIUS t...

Page 308: ... address protocol tacacs The server host s authentication protocol protocol xtacacs The server host s authentication protocol protocol tacacs The server host s authentication protocol protocol radius The server host s authentication protocol port int 1 65535 The port number of the authentication protocol for the server host The default value for TACACS XTACACS TACACS is 49 The default value for RA...

Page 309: ...on server host Format config authen server_host ipaddr protocol tacacs xtacacs tacacs radius port int 1 65535 key key_string 254 none timeout int 1 255 retransmit int 1 255 Description Configure an authentication server host Parameters Parameters Description server_host ipaddr The server host s IP address protocol tacacs The server host s authentication protocol protocol xtacacs The server host s ...

Page 310: ...transmit int 1 255 The count for re transmit This value is meaningless for TACACS The default value is 2 Restrictions You must have administrator privilege Examples To configure a TACACS authentication server host s key value DGS 3200 10 4 config authen server_host 10 1 1 222 protocol tacacs key This is a secret Command config authen server_host 10 1 1 222 protocol tacacs key This is a se cret Suc...

Page 311: ...erver host s authentication protocol Restrictions You must have administrator privilege Examples To delete an authentication server host DGS 3200 10 4 delete authen server_host 10 1 1 222 protocol tacacs Command delete authen server_host 10 1 1 222 protocol tacacs Success DGS 3200 10 4 36 21 show authen server_host Purpose Used to display the authentication server hosts Format show authen server_h...

Page 312: ...applications Format config authen parameter response_timeout int 0 255 Description Configure the amount of time waiting or for user input on console Telnet and SSH applications Parameters Parameters Description int 0 255 The amount of time for user input on console or Telnet or SSH 0 means there is no time out The default value is 30 seconds Restrictions You must have administrator privilege Examp...

Page 313: ... is exceeded connection or access will be locked Parameters Parameters Description int 1 255 The amount of attempts for users trying to login or promote the privilege on console Telnet or SSH The default value is 3 Restrictions You must have administrator privilege Examples To configure the maximum attempts for users trying to login or promote the privilege to be 9 DGS 3200 10 4 config authen para...

Page 314: ... user enters this command the authentication method TACACS XTACAS TACACS user defined server groups local enable or none will be used to authenticate the user Because TACACS XTACACS and RADIUS don t support the enable function by themselves if a user wants to use either one of these three protocols to enable authentication the user must create a special account on the server host first which has a...

Page 315: ...re the local enable password for the enable command When the user chooses the local_enable method to promote the privilege level the enable password of the local device is needed Parameters Parameters Description password 0 15 The specific password Restrictions You must have administrator privilege Examples To configure the administrator password DGS 3200 10 4 config admin local_enable Command con...

Page 316: ...D5 disable ssl ciphersuite RSA_with_RC4_128_MD5 RSA_with_3DES_EDE_CBC_SHA DHE_DSS_with_3DES_EDE_CBC_SHA RSA_EXPORT_with_RC4_40_MD5 show ssl show ssl cachetimout config ssl cachetimout value 60 86400 37 1 show ssl certificate Purpose To show the certificate status Format show ssl certificate Description User must download specified certificate type according to desired key exchange algorithm The op...

Page 317: ...ithm For RSA key exchange a user must download an RSA type certificate and for DHS_DSS must use the DSA certificate for key exchange Parameters Parameters Description ipaddr Input the TFTP server IP address certfilename The desired certificate file name path_filename Certificate file path in respect to the TFTP server root path Input characters with a maximum of 64 octets keyfilename The private k...

Page 318: ... and its individual ciphersuites Using the enable ssl command will enable the SSL feature which means SSLv3 and TLSv1 Each ciphersuite must be enabled by this command Parameters Parameters Description ciphersuite For configuring a cipher suite combination RSA_with_RC4_128_MD5 Indicates RSA key exchange with RC4 128 bits encryption and MD5 hash RSA_with_3DES_EDE_CBC_SHA Indicates RSA key exchange w...

Page 319: ... and ciphersuites Format disable ssl ciphersuite RSA_with_RC4_128_MD5 RSA_with_3DES_EDE_CBC_SHA DHE_DSS_with_3DES_EDE_CBC_SHA RSA_EXPORT_with_RC4_40_MD5 Description This command disables the SSL feature and supported ciphercuites Using the disable ssl command will disable the SSL feature and each individual ciphersuite Parameters Parameters Description ciphersuite For configuring cipher suite comb...

Page 320: ...ust have administrator privilege Examples To disable the SSL ciphersuite for RSA_with_RC4_128_MD5 DGS 3200 10 4 disable ssl ciphersuite RSA_with_RC4_128_MD5 Command disable ssl ciphersuite RSA_with_RC4_128_MD5 Success DGS 3200 10 4 To disable the SSL feature DGS 3200 10 4 disable ssl Command disable ssl Success DGS 3200 10 4 37 5 show ssl Purpose Used to show SSL environment variables and ciphersu...

Page 321: ...TH_RC4_40_MD5 0x0003 Enabled DGS 3200 10 4 37 6 show ssl cachetimeout Purpose Used to show the SSL cache timeout value Format show ssl cachetimeout Description This command will show the cache timeout value which is designed for a dlktimer library to remove the session ID after it has expired In order to support the resume session feature the SSL library keeps the session ID on the web server and ...

Page 322: ... is designed for the dlktimer library to remove the session ID after expiration In order to support the resume session feature the SSL library keeps the session ID on theweb server and invokes the dlktimer library to remove this session ID by the cache timeout value The unit of argument s value is second and its boundary is between 60 1 minute and 86400 24 hours The default value is 600 seconds Pa...

Page 323: ...min 60min never enable ssh disable ssh show ssh server 38 1 config ssh algorithm Purpose Used to configure the SSH server algorithm Format config ssh algorithm 3DES AES128 AES192 AES256 arcfour blowfish cast128 twofish128 twofish192 twofish256 MD5 SHA1 RSA DSS enable disable Description The config ssh algorithm command configures the SSH service algorithm Parameters Parameters Description 3DES An ...

Page 324: ...ator privileges Examples To enable an SSH server public key algorithm DGS 3200 10 4 config ssh algorithm DSA enable RSA enable Command config ssh algorithm DSA enable RSA enable Success DGS 3200 10 4 38 2 show ssh algorithm Purpose Used to show the SSH server algorithms Format show ssh algorithm Description The show ssh algorithm command displays the SSH service algorithms Parameters None Restrict...

Page 325: ...h Enabled cast128 Enabled twofish128 Enabled twofish192 Enabled twofish256 Enabled Data Integrity Algorithm MD5 Enabled SHA1 Enabled Public Key Algorithm RSA Enabled DSA Enabled DGS 3200 10 4 38 3 config ssh authmode Purpose Used to update user authentication for SSH configuration Format config ssh authmode password publickey hostbased enable disable Description The config ssh user command updates...

Page 326: ...entication method Restrictions You must have administrator privilege Examples To config the SSH user authentication method DGS 3200 10 4 config ssh authmode publickey enable Command config ssh authmode publickey enable Success DGS 3200 10 4 38 4 show ssh authmode Purpose Used to show user authentication method Format show ssh authmode Description The show ssh authmode command displays the user aut...

Page 327: ...n_name 32 ipaddr Description The config ssh user command update the ssh user information Parameters Parameters Description username The user name publickey Specifies user authentication method password Specifies user authentication method hostbased Specifies user authentication method hostname Specifies host domain name hostname_ip Specifies host domain name and IP address domain_name Specifies ho...

Page 328: ...4 38 6 show ssh user authmode Purpose Used to show SSH user information Format show ssh user authmode Description The show ssh user authmode command displays SSH user information Parameters None Restrictions None Examples To show user information about SSH configuration DGS 3200 10 4 show ssh user Command show ssh user Current Accounts Username Authentication test publickey Total Entries 1 DGS 320...

Page 329: ...s Description int 1 8 Specifies SSH server max session at the same time sec 120 600 Specifies SSH server connection timeout int 2 20 Specifies user max fail attempts 10 30 60 min Specifies time to re generate session key never Do not re generate session key Restrictions You must have administrator privilege Examples To configure an SSH server max session of 3 DGS 3200 10 4 config ssh server maxses...

Page 330: ...nabling SSH Telnet is disabled Examples DGS 3200 10 4 enable ssh Command enable ssh Success DGS 3200 10 4 38 9 disable ssh Purpose Used to disable SSH server service Format disable ssh server Description The disable ssh command disables SSH server services Parameters None Restrictions You must have administrator privilege Examples DGS 3200 10 4 disable ssh Command disable ssh Success DGS 3200 10 4...

Page 331: ...how ssh server Description The show ssh server command show SSH server general information Parameters None Restrictions None Examples To show SSH server DGS 3200 10 4 show ssh server Command show ssh server The SSH Server Configuration max Session 3 Connection Timeout 300 Authfail Attempts 2 Rekey Timeout 60min DGS 3200 10 4 ...

Page 332: ...s ipaddr mac_address macaddr blocked all vlan_name vlan_name mac_address macaddr ports enable address_binding acl_mode disable address_binding acl_mode enable address_binding trap_log disable address_binding trap_log 39 1 create address_binding ip_mac ipaddress Purpose Used to create an IP MAC Binding entry Format create address_binding ip_mac ipaddress ipaddr mac_address macaddr ports portlist al...

Page 333: ...GS 3200 10 4 create address_binding ip_mac ipaddress 10 1 1 1 mac_address 00 00 00 00 00 11 Command create address_binding ip_mac ipaddress 10 1 1 1 mac_address 00 00 00 00 00 11 Success DGS 3200 10 4 39 2 config address_binding ip_mac ports Purpose Used to configure an IP MAC state to enable or disable for specified ports Format config address_binding ip_mac ports portlist all state enable disabl...

Page 334: ...1 state enable Success DGS 3200 10 4 39 3 delete address_binding address Purpose To delete an address binding entry Format delete address_binding ip mac ipaddress ipaddr mac_address macaddr all blocked all vlan_name vlan_name mac_address macaddr Description User use this command to delete an address binding entry If ACL mode is enabled the switch will delete the according ACL access entries automa...

Page 335: ...t all mode acl arp Description User use this command to update an address binding entry Parameters Parameters Description ipaddr The IP address macaddr The MAC address ports Configure the portlist to apply if ports are not configured then it will apply to all ports arp This entry is specified as an ARP mode entry This entry will not be added as access entries If not specified the mode defaults to ...

Page 336: ...blocked MAC entries and port status Format show address_binding ip_mac all ipaddress ipaddr mac_address macaddr blocked all vlan_name vlan_name mac_address macaddr ports Description This command is used to display address binding information Parameters Parameters Description ip_mac The database that user create for address binding blocked The address database that system auto learned and blocked i...

Page 337: ... check if there are existing two empty access profiles If the switch does not have two empty access profiles it will show an error message and can not enable the ACL mode Otherwise the switch will create two access profiles automatically After enabling the ACL mode the switch will check if there are any ports with address binding enabled If this port is address binding enabled the switch will crea...

Page 338: ...mples To enable the address binding ACL mode DGS 3200 10 4 enable address_binding acl_mode Command enable address_binding acl_mode Success DGS 3200 10 4 39 7 disable address_binding acl_mode Purpose To disable the address binding ACL mode Format disable address_binding acl_mode Description User use this command to enter the address binding normal mode If a user disable the address binding ACL mode...

Page 339: ...ding trap_log Purpose Used to enable an address binding trap log Format enable address_binding trap_log Description User uses this command to send trap and log when address binding module detects illegal ip and mac address Parameters None Restrictions You must have administrator privileges Examples To enable an address binding trap log DGS 3200 10 4 enable address_binding trap_log Command enable a...

Page 340: ...trap log Format disable address_binding trap_log Description User use this command to disable address binding trap log Parameters None Restrictions You must have administrator privileges Examples To disable the address binding trap log DGS 3200 10 4 disable address_binding trap_log Command disable address_binding trap_log Success DGS 3200 10 4 ...

Page 341: ...5 vlan vlan_name 32 delete wac user username 15 config wac user username 15 vlan vlan_name 32 show wac ports portlist all show wac user clear wac auth_state ports portlist all 40 1 enable wac Purpose Used to enable the Web based Access Control function Format enable wac Description The enable wac command will enable the WAC function Parameters None Restrictions You must have administrator privileg...

Page 342: ...ble wac Command disable wac Success DGS 3200 10 4 40 3 config wac Purpose Used to configure the parameter of the Web authentication Format config wac vlan vlan_name 32 ports portlist all state enable disable method local radius default_redirpath string 128 logout_timer infinite min 1 1440 Description The config wac command allows you to configure Web authentication setting Parameters Parameters De...

Page 343: ...fault value is 60 minutes Please note that infinite indicates that the authenticated port will never age out Restrictions You must have administrator privileges The specific VLAN assigned to be the authentication VLAN must already exist already Examples To config the WAC port state DGS 3200 10 4 config wac ports 1 8 state enable Command config wac ports 1 8 state enable Success DGS 3200 10 4 To co...

Page 344: ... Description username User account for Web based Access Control vlan The authentication VLAN name Restrictions You must have administrator privileges This user account is independent from the login user acoount Example To create a WAC account DGS 3200 10 4 create wac user 123 Command create wac user 123 Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3...

Page 345: ... 3200 10 4 delete wac user 123 Command delete wac user 123 Success DGS 3200 10 4 40 6 config wac user Purpose Used to configure the VLAN ID of the user account Format config wac user username 15 vlan vlan_name 32 Description The config wac command allows you to configure Web Authentication Parameters Parameters Description username The name of user account who want to change VID vlan The authentic...

Page 346: ...on setting Format show wac ports portlist all Description The show wac command allows you to show the Web authentication setting Parameters Parameters Description ports A range of member ports to show the status Restrictions You must have administrator privileges Examples To show WAC DGS 3200 10 4 show wac Command show wac Web Base Access Control State Enable Method RADIUS Vlan Name default Logout...

Page 347: ...d abc Authenticating 3 Enabled Apple Un authenticated 4 Enabled 5 Enabled 6 Enabled 7 Enabled 8 Enabled Success DGS 3200 10 4 40 8 show wac user Purpose Used to display Web authentication user accounts Format show wac user Description The show wac user command allows you to display Web authentication accounts Parameters None Restrictions You must have administrator privileges Example To show Web a...

Page 348: ... clear wac auth_state ports all portlist Description Used to clear the authentication state of a port The port will return to un authenticated state All the timer associated with the port will be reset Parameters Parameters Description port Specifies the list of ports whose WAC state will be cleared Restrictions You must have administrator privileges Example DGS 3200 10 4 clear wac auth_state port...

Page 349: ...ac macaddr vlan vlan_name 32 delete mac_based_access_control_local mac macaddr vlan vlan_name 32 show mac_based_access_control auth_mac ports portlist show mac_based_access_control port portlist all show mac_based_access_control_local mac macaddr vlan vlan_name 32 41 1 enable mac_based_access_control Purpose Used to enable MAC Based Access Control Format enable mac_based_access_control Description...

Page 350: ...inistrator privileges Examples To disable MAC based Acces Control DGS 3200 10 4 disable mac_based_access_control Command disable mac_based_access_control Success DGS 3200 10 4 41 3 config mac_based_access_control Purpose Used to configure the parameter of the MAC Based Access Control Format config mac_based_access_control ports portlist all state enable disable method local radius password passwd ...

Page 351: ...ication VLAN ports The guest VLAN members The specified port list will be associated with guest_vlan Those ports outside of the specified port list will be de associated from the guest VLAN Restrictions You must have administrator privileges Examples To config the port state DGS 3200 10 4 config mac_based_access_control ports 1 8 state enable Command config mac_based_access_control ports 1 8 state...

Page 352: ...4 41 4 config mac_based_access_control guest_vlan Purpose Configure guest VLAN ports for MAC based Access Control Format config mac_based_access_control guest_vlan ports portlist Description This command assigns some ports to be guest VLAN members Parameters Parameters Description ports The portlist that is assigned to a guest VLAN Restrictions You must have administrator privileges Example To ass...

Page 353: ... a MAC based Access Control guest VLAN DGS 3200 10 4 delete mac_based_access_control guest_vlan Command config mac_based_access_control guest_vlan Success DGS 3200 10 4 41 6 create mac_based_access_control local mac Purpose Used to create a local database entry Format create mac_based_access_control_local mac macaddr vlan vlan_name 32 Description User use this command to create a database entry Pa...

Page 354: ...ocal database entry Format config mac_based_access_control_local mac macaddr vlan vlan_name 32 Description User use this command to modify a database entry Parameters Parameters Description mac The MAC address that access is accepted in local mode vlan If the MAC address is authorized the port will be assigned to this VLAN Restrictions You must have administrator privileges Examples To config a MA...

Page 355: ...dress vlan Delete database by this VLAN name Restrictions You must have administrator privileges Examples To delete a MAC based Access Control local database entry by MAC address DGS 3200 10 4 delete mac_based_access_control_local mac 00 00 00 00 00 01 Command delete mac_based_access_control_local mac 00 00 00 00 00 01 Success DGS 3200 10 4 To delete a MAC based Access Control local database entry...

Page 356: ...ns None Examples To show MAC based Access Control authenticated MAC addresses DGS 3200 10 4 show mac_based_access_control auth_mac Command show mac_based_access_control auth_mac Port number 1 Index MAC Address Auth State VLAN Name 1 00 00 01 02 03 A2 Authenticating default 2 00 03 09 18 10 01 Authenticating default 3 00 05 5D ED 84 EA Authenticating default 4 00 0D 0B 4E A0 F7 Authenticating defau...

Page 357: ...Control settings Parameters Parameters Description Display mac_based_access_control global setting port Display mac_based_access_control port state Restrictions None Examples To show MAC based Access Control settings DGS 3200 10 4 show mac_based_access_control Command show mac_based_access_control MAC Based Access Control State Enabled Method Radius Password default Guest VLAN default Guest VLAN M...

Page 358: ...urpose Used to display MAC based Access Control local databases Format show mac_based_access_control_local mac macaddr vlan vlan_name 32 Description Use this command to display MAC based Access Control local databases Parameters Parameters Description Display all mac_based_access_control local database entries mac Display mac_based_access_control local database entries by MAC address vlan Display ...

Page 359: ...Control local entries by MAC address DGS 3200 10 4 show mac_based_access_control_local mac 00 00 00 00 00 01 Command show mac_based_access_control_local mac 00 00 00 00 00 01 MAC Address VLAN Name 00 00 00 00 00 01 default Total Entries 1 DGS 3200 10 4 To show MAC based Access Control local entries by VLAN DGS 3200 10 4 show mac_based_access_control_local vlan default Command show mac_based_access...

Page 360: ...jwac update_server add delete ipaddress network_address config jwac switch_http_port tcp_port_number 1 65535 http https config jwac port portlist all state enable disable max_authenticating_host value 0 10 aging_time infinite min 1 1440 idle_time infinite min 1 1440 block_time sec 0 300 1 config jwac radius_protocol local pap chap ms_chap ms_chapv2 eap_md5 create jwac user username 15 vlan vlanid ...

Page 361: ...ation defined by the 802 1X command set Parameters None Restrictions You must have administrator privileges Example DGS 3200 10 4 enable jwac Command enable jwac Success DGS 3200 10 4 42 2 enable disable jwac redirect Purpose Used to enable or disable JWAC redirect function Format enable jwac redirect disable jwac redirect Description When redirect quarantine_server is enabled the unauthenticated ...

Page 362: ...ac redirect Success DGS 3200 10 4 42 3 enable disable jwac forcible_logout Purpose Used to enable or disable the JWAC forcible logout function Format enable jwac forcible_logout disable jwac forcible_logout Description When forcible_logout is enabled a Ping packet from an authenticated host to the JWAC Switch with TTL 1 will be regarded as a logout request and the host will be moved back to unauth...

Page 363: ...ng Description When udp_filtering is enabled all UDP and ICMP packets except DHCP and DNS packets from unauthenticated hosts will be dropped Parameters None Restrictions You must have administrator privileges Examples DGS 3200 10 4 enable jwac udp_filtering Command enable jwac udp_filtering Success DGS 3200 10 4 42 5 enable disable jwac quarantine_server_monitor Purpose Used to enable or disable t...

Page 364: ...strator privileges Examples DGS 3200 10 4 enable jwac quarantine_server_monitor Command enable jwac quarantine_server_monitor Success DGS 3200 10 4 42 6 config jwac quarantine_server_error_timeout Purpose Used to set the Quarantine Server error timeout Format config jwac quarantine_server_error_timeout sec 5 300 Description When the Quarantine Server monitor is enabled the JWAC Switch will periodi...

Page 365: ...lay_time sec 0 10 Description This command allows you to configure redirect destination and delay time before an unauthenticated host is redirected to the Quarantine Server or the JWAC login web page The unit of delay_time is seconds 0 means no delaying the redirect Parameters Parameters Description destination Specifies the destination which the unauthenticated host will be redirected to delay_ti...

Page 366: ... requests or ICMP packets Parameters Parameters Description ipaddr Specifies the IP address of the virtual IP Restrictions You must have administrator privileges Example DGS 3200 10 4 config jwac virtual_ip 1 1 1 1 Command config jwac virtual_ip 1 1 1 1 Success DGS 3200 10 4 42 9 config jwac quarantine_server_url Purpose Used to configure JWAC Quarantine Server URL Format config jwac quarantine_se...

Page 367: ...cation page on the Quarantine Server Restrictions You must have administrator privileges Example DGS 3200 10 4 config jwac quarantine_server_url http 10 90 90 88 authpage html Command config jwac quarantine_server_url http 10 90 90 88 authpage html Success DGS 3200 10 4 42 10 config jwac clear_quarantine_server_url Purpose Used to clear the Quarantine Server configuration Format config jwac clear_...

Page 368: ... Any servers running ActiveX need to be able to have access to accomplish authentication Before the client passes authentication it should be added to the Switch with its IP address For example the client may need to access update microsoft com or some sites of the Anti Virus software companies to check whether the OS or Anti Virus software of the client are the latest and so IP addresses of updat...

Page 369: ...tch listens to This port number is used in the second stage of the authentication PC users will connect to the page on the switch to input the user name and password If not specified the default port number is 80 If no protocol is specified the protocol is HTTP Parameters Parameters Description tcp_port_number 1 65535 A TCP port which the JWAC Switch listens to and uses to finish the authenticatin...

Page 370: ... for setting the JWAC state all Every Switch ports JWAC state is configured state Specifies the port state of JWAC max_authenticating_host The maximum number of hosts that can process authentication on each port at the same time aging_time A time period during which an authenticated host will keep in authenticated state infinite indicates never aging out the authenticated host on the port idle_tim...

Page 371: ...erver chap JWAC Switch uses CHAP to communicate with the RADIUS Server ms_chap JWAC Switch uses MS CHAP to communicate with the RADIUS Server ms_chapv2 JWAC Switch uses MS CHAPv2 to communicate with the RADIUS Server eap_md5 JWAC Switch uses EAP MD5 to communicate with the RADIUS Server Restrictions JWAC share other RADIUS configurations with 802 1x when using this command to set the RADIUS protoc...

Page 372: ... for authenticated host which uses this user account to pass authentication Restrictions You must have administrator privileges Example DGS 3200 10 4 create jwac user 112233 Command create jwac user 112233 Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3200 10 4 42 16 delete jwac user Purpose Used to delete JWAC user into local DB Format delete jwac u...

Page 373: ... Success DGS 3200 10 4 42 17 show jwac user Purpose Used to show JWAC user into local DB Format show jwac user Description The show jwac user command displays JWAC users in the local DB Parameters None Restrictions You must have administrator privileges Example DGS 3200 10 4 show jwac user Command show jwac user Current Accounts Username Target VID Password 1 1 Total Entries 1 DGS 3200 10 4 ...

Page 374: ... to delete the host on authenticated Specifies the state of the host to delete authenticating Specifies the state of host to delete blocked Specifies the state of host to delete macaddr Deletes a specified host with this MAC Restrictions You must have administrator privileges Example DGS 3200 10 4 delete jwac host ports all blocked Command delete jwac host ports all blocked Success DGS 3200 10 4 4...

Page 375: ...ay Time 3 Seconds Redirect Destination Quarantine Server Quarantine Server http 172 18 212 147 pcinventory Q Server Monitor Enabled Running Q Svr Error Timeout 5 Seconds Radius Auth Protocol PAP Update Server 172 18 202 1 32 172 18 202 0 24 10 1 1 0 24 DGS 3200 10 4 42 20 show jwac host Purpose Used to display JWAC client host information Format show jwac host port all portlist authenticated authe...

Page 376: ...ne Example DGS 3200 10 4 show jwac host port 3 Command show jwac host port 3 Remaining Hosts Port VID AgeTime IdleTime Authentication State or BlockingTime 00 00 00 00 00 01 3 5 98 Min Infinite Authenticated 00 00 00 00 00 02 3 99 Infinite Infinite Authenticating 00 00 00 00 00 03 2 44 30 Sec Blocked Total Authenticating Hosts 1 Total Authenticated Hosts 1 Total Blocked Hosts 1 DGS 3200 10 4 42 21...

Page 377: ...t Specifies a port range to show the configuration of JWAC Restrictions None Example DGS 3200 10 4 show jwac port 1 4 Command show jwac port 1 4 Port State Max Aging Time Idle Time Block Time Authenticating Minutes Minutes Seconds Host 1 Enabled 10 Infinite 20 10 2 Disabled 50 60 10 2 3 Enabled 50 1440 Infinite 2 4 Enabled 0 600 30 5 DGS 3200 10 4 ...

Page 378: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 378 IX QoS The QoS section includes the following chapter QoS ...

Page 379: ...priority priority 0 7 class_id 0 7 show 802 p user_priority config 802 1p default_priority portlist all priority 0 7 show 802 1p default_priority portlist 43 1 config bandwidth_control Purpose Used to configure the port bandwidth limit control Format config bandwidth_control portlist rx_rate no_limit value 512 1024000 tx_rate no_limit value 512 1024000 Description The config bandwidth_control comm...

Page 380: ... Specifies the limitation of transmit data rate no_limit Indicates there is no limit on port tx bandwidth An integer value from 64 to 1024000 sets a maximum limit in Kbits sec The specified bandwidth limit may be equaled but not exceeded This exact logical limit or token value is hardware determined The token value will always be a multiple of the bandwidth increment specific to the chip used for ...

Page 381: ...ken value becomes the effective limit The Token value is set at the nearest multiple of the bandwidth increment is used for the chip i e 32 Kbits 64 Kbits etc without exceeding the specified limit For example a user inputs a limit of 130 therefore the Token value will be 128 43 2 show bandwidth_control Purpose Used to display the port bandwidth control table Format show bandwidth_control portlist ...

Page 382: ...no_limit no_limit 7 no_limit no_limit no_limit no_limit 8 no_limit no_limit no_limit no_limit 9 no_limit no_limit no_limit no_limit 10 no_limit no_limit no_limit no_limit DGS 3200 10 4 43 3 config scheduling Purpose Used to configure the traffic scheduling mechanism for each COS queue Format config scheduling class_id 0 7 max_packet value 0 255 Description The switch contains n 1 hardware priority...

Page 383: ...ivileges Examples To configure the traffic scheduling mechanism for each COS queue DGS 3200 10 4 config scheduling 0 max_packet 34 Command config scheduling 0 max_packet 34 Success DGS 3200 10 4 43 4 config scheduling_mechanism Purpose Used to configure the traffic scheduling mechanism for each COS queue Format config scheduling_mechanism strict weight_fair Description This command is use to speci...

Page 384: ...scheduling Purpose Used to display the current traffic scheduling parameters in use on the switch Format show scheduling Description The show scheduling command displays the current traffic scheduling parameters in use on the switch Parameters None Restrictions None Examples To display traffic scheduling parameters for each COS queue for example four hardware priority queues DGS 3200 10 4 show sch...

Page 385: ...echanism Description The show scheduling_mechanism command display the traffic scheduling mechanism Parameters None Restrictions None Examples To show the scheduling mechanism DGS 3200 10 4 show scheduling_mechanism Command show scheduling_mechanism QOS scheduling mechanism CLASS ID Mechanism Class 0 strict Class 1 strict Class 2 strict Class 3 strict Class 4 strict Class 5 strict Class 6 strict C...

Page 386: ...ues on the switch The switch s default is to map the following incoming 802 1p user priority values to the four hardware priority queues Parameters Parameters Description priority The 802 1p user priority you want to associate with the class_id the number of the hardware queue with class_id The number of the switch s hardware priority queue The switch has n 1 hardware priority queues available The...

Page 387: ...nism for each COS queue DGS 3200 10 4 show 802 1p user_priority Command show 802 1p user_priority QOS Class of Traffic Priority 0 Class 1 Priority 1 Class 3 Priority 2 Class 0 Priority 3 Class 1 Priority 4 Class 2 Priority 5 Class 2 Priority 6 Class 3 Priority 7 Class 3 DGS 3200 10 4 43 9 config 802 1p default_priority Purpose Used to configure the 802 1p default priority settings on the switch If...

Page 388: ...f ports for which all untagged packets received will be assigned the priority specified below The beginning and end of the port list range are separated by a dash all Specifies that the command applies to all ports on the switch priority The priority value 0 to 7 you want to assign to untagged packets received by the switch or a range of ports on the switch Restrictions You must have administrator...

Page 389: ...cription portlist Specified a range of ports to be displayed If no parameter is specified the system will display all ports with 802 1p default_priority Restrictions None Examples To display 802 1p default priority DGS 3200 10 4 show 802 1p default_priority Command show 802 1p default_priority Port Priority Effective Priority 1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 8 0 0 9 0 0 10 0 0 DGS 3200 10...

Page 390: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 390 X IP Addressing Service The IP Addressing Service section includes the following chapter DHCP Relay ...

Page 391: ...ow input from the console screen and these BOOTP relay commands setting from the config file will be saved as DHCP relay commands while the save command is performed 44 1 config dhcp_relay Purpose Used to configure the DHCP relay feature of the switch Format config dhcp_relay hops value 1 16 time sec 0 65535 Description The config dhcp_relay command configures the DHCP relay feature of the switch ...

Page 392: ...an IP address as a destination to forward relay DHCP BOOTP packets Parameters Parameters Description ipif_name The name of the IP interface which contains the IP address below ipaddr The DHCP BOOTP server IP address Restrictions You must have administrator privileges Examples To add a DHCP BOOTP server to the relay table DGS 3200 10 4 config dhcp_relay add ipif System 10 43 21 12 Command config dh...

Page 393: ...ay delete ipif System 10 43 21 12 Command config dhcp_relay delete ipif System 10 43 21 12 Success DGS 3200 10 4 44 4 config dhcp_relay option_82 Purpose Used to configure the DHCP relay agent information option 82 of the switch Format config dhcp_relay option_82 state enable disable check enable disable policy replace drop keep Description The config dhcp_relay option_82 command configures the DH...

Page 394: ...nt The default setting is disable check Enable or disable the switch to check the validity of DHCP relay agent information 82 field in messages between DHCP server and client The invalid messages are those packets that contain the option 82 field from DHCP client and those packets that contain the wrong format of option 82 field from DHCP server If check is set to enable the switch will drop all i...

Page 395: ...config dhcp_relay option_82 check disable Success DGS 3200 10 4 config dhcp_relay option_82 policy replace Command config dhcp_relay option_82 policy replace Success DGS 3200 10 4 44 5 enable dhcp_relay Purpose Used to enable the DHCP relay function on the switch Format enable dhcp_relay Description The enable dhcp_relay command enables the DHCP relay function on the switch Parameters None Restric...

Page 396: ...mat disable dhcp_relay Description The disable dhcp_relay command disables the DHCP relay function on the switch Parameters None Restrictions You must have administrator privileges Examples To disable the DHCP relay function DGS 3200 10 4 disable dhcp_relay Command disable dhcp_relay Success DGS 3200 10 4 44 7 show dhcp_relay Purpose Used to display the current DHCP relay configuration Format show...

Page 397: ...tions None Examples To display the DHCP relay status DGS 3200 10 4 show dhcp_relay ipif System Command show dhcp_relay ipif System DHCP BOOTP Relay Status Disabled DHCP BOOTP Hops Count Limit 4 DHCP BOOTP Relay Time Threshold 0 DHCP Relay Agent Information Option 82 State Disabled DHCP Relay Agent Information Option 82 Check Disabled DHCP Relay Agent Information Option 82 Policy Replace Interface ...

Page 398: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 398 XI IPv6 The IPv6 section includes the following chapter IPv6 NDP ...

Page 399: ..._flag enable disable other_config_flag enable disable min_rtr_adv_interval value 3 1350 max_rtr_adv_interval value 4 1800 1 config ipv6 nd ra prefix_option ipif ipif_name 12 ipv6networkaddr preferred_life_time value 0 4294967295 valid_life_time value 0 4294967295 on_link_flag enable disable autonomous_flag enable disable 1 show ipv6 nd ipif ipif_name 12 45 1 delete ipv6 neighbor_cache Purpose Add ...

Page 400: ...mat delete ipv6 neighbor_cache ipif ipif_name 12 all ipv6addr static dynamic all Description Used to delete a neighbor cache entry or static neighbor cache entries from the address cache or all address cache entries on this ipif Both static and dynamic entry can be deleted Parameters Parameters Description Ipif_name The IPv6 interface ipv6addr The address of the neighbor all All entries include st...

Page 401: ...n IPv6 neighbor cache Format show ipv6 neighbor_cache ipif ipif_name 12 all ipv6address ipv6addr static dynamic all Description To display the neighbor cache entry for the specified interface You can display a specific entry all entries and all static entries Parameters Parameters Description ipif_name 12 The interface s name ipv6addr The address of the entry static Static neighbor cache entry dyn...

Page 402: ... state P means Probe state T means Static state DGS 3200 10 4 45 4 config ipv6 nd ns Purpose To configure neighbor solicitation related arguments Format config ipv6 nd ns ipif ipif_name 12 retrans_timer value 0 4294967295 Description Use this command to configure neighbor solicitation related arguments Parameters Parameters Description The name of the interface ipif_name Neighbor solicitation s re...

Page 403: ... 4 45 5 config ipv6 nd rs Purpose To configure router solicitation related arguments Format config ipv6 nd rs ipif ipif_name 12 state enable disable Description Use this command to configure router solicitation related arguments Parameters Parameters Description The name of the interface ipif_name Router solicited state state Restrictions You must have administrator privileges 45 6 config ipv6 nd ...

Page 404: ...r receiving a reachability confirmation in millisecond Indicates the amount of time between retrans_time retransmissions of router advertisement message in millisecond and the router advertisement packet will take it to host Indicate the default value of hop limit field in the IPv6 hop_limit header for packets sent by hosts that receive this RA message When set to enable it indicates that hosts re...

Page 405: ...ipif ipif_name 12 ipv6networkaddr preferred_life_time value 0 4294967295 valid_life_time value 0 4294967295 on_link_flag enable disable autonomous_flag enable disable 1 Description To configure the prefix option for the router advertisement function Parameters Parameters Description The name of the interface ipif_name Indicates the number of seconds that an address preferred_life_time based on the...

Page 406: ...s You must have administrator privileges Examples DGS 3200 10 4 config ipv6 nd ra prefix_option ipif ip FEC0 1 64 preferred_life_time 100 valid_life_ time 1000 Command config ipv6 nd ra prefix_option ipif ip FEC0 1 64 preferred_life_time 100 valid_life_time 1000 Success DGS 3200 10 4 45 8 show ipv6 nd Purpose To display an interface s information Format show ipv6 nd ipif ipif_name 12 Description T...

Page 407: ...ystem Command show ipv6 nd ipif System Interface Name System Hop Limit 64 NS Retransmit Time 0 ms Router Advertisement Disabled RA Max Router AdvInterval 600 s RA Min Router AdvInterval 198 s RA Router Life Time 1800 s RA Reachable Time 1200000 ms RA Retransmit Time 0 ms RA Managed Flag Disabled RA Other Config Flag Disabled DGS 3200 10 4 ...

Page 408: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 408 XII ACL The ACL section includes the following chapter ACL ...

Page 409: ..._content_mask offset_chunk_1 value 0 31 hex 0x0 0xffffffff offset_chunk_2 value 0 31 hex 0x0 0xffffffff offset_chunk_3 value 0 31 hex 0x0 0xffffffff offset_chunk_4 value 0 31 hex 0x0 0xffffffff ipv6 class flowlabel source_ipv6_mask ipv6mask destination_ipv6_mask ipv6mask delete access_profile profile_id value 1 200 all config access_profile profile_id value 1 200 add access_id auto_assign value 1 ...

Page 410: ...how time_range create cpu access_profile profile_id value 1 5 ethernet vlan source_mac macmask 000000000000 ffffffffffff destination_mac macmask 000000000000 ffffffffffff 802 1p ethernet_type ip vlan source_ip_mask netmask destination_ip_mask netmask dscp icmp type code igmp type tcp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff flag_mask all urg ack psh rst syn fin udp src_port_mask h...

Page 411: ...ffffff hex 0x0 0xffffffff offset_16 31 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_32 47 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_48 63 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff 1 ipv6 class flowl...

Page 412: ...ex 0x0 0xffffffff offset_64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff ipv6 class value 0 255 flowlabel hex 0x0 0xfffff source_ipv6 ipv6addr destination_ipv6 ipv6addr port portlist all permit deny time_range range_name 32 delete access_id value 1 100 show cpu access_profile profile_id value 1 5 enable cpu_interface_filtering disable cpu_interface_filtering 46 1 ...

Page 413: ...LAN mask source_mac Specifies the source MAC mask destination_mac Specifies the destination MAC mask 802 1p Specifies 802 1p priority tag mask ethernet_type Specifies the Ethernet type mask vlan Specifies a VLAN mask source_ip_mask Specifies an IP source submask destination_ip_mask Specifies an IP destination submask dscp Specifies the DSCP mask Specifies that the rule applies to icmp traffic type...

Page 414: ... B127 B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 B114 B115 B116 B117 B118 B119 B120 B121 B122 B123 B124 B125 Example offset_chunk_1 0 0xffffffff will match packet byte offset 126 127 0 1 offset_chunk_1 0 0x0000ffff will match packet byte offset 0 1 Note Only one packet content mask profile can be created class Specifies the IPv6 class mask flowlabel Specifies the IPv6 flow label mask source_ipv6_mask Specifies...

Page 415: ...les Format delete access_profile profile_id value 1 200 all Description The delete access_profile command deletes access list rules Parameters Parameters Description profile_id Specifies the index of access list profile all Specifies the whole access list profile to delete Restrictions You must have administrator privileges The Switch supports a maximum of 200 access entries The delete access_prof...

Page 416: ... psh rst syn fin udp src_port value 0 65535 dst_port value 0 65535 protocol_id value 0 255 user_define hex 0x0 0xffffffff packet_content_mask offset_chunk_1 hex 0x0 0xffffffff offset_chunk_2 hex 0x0 0xffffffff offset_chunk_3 hex 0x0 0xffffffff offset_chunk_4 hex 0x0 0xffffffff ipv6 class value 0 255 flowlabel hex 0x0 0xfffff source_ipv6 ipv6addr destination_ipv6 ipv6addr port portlist all permit p...

Page 417: ...of DSCP the value can be configured from 0 to 63 Specifies that the rule applies to ICMP traffic type Specifies the ICMP packet type icmp code Specifies the ICMP packet code Specifies that the rule applies to IGMP traffic igmp type Specifies the IGMP packet type src_port Specifies that the rule applies the range of TCP source port dst_port Specifies the range of tcp destination port range tcp flag...

Page 418: ...e_dscp Specifies the DSCP of the packets that match the access profile are modified according to the value deny Specifies the packets that match the access profile are filtered by the switch time_range Specifies name of this time range entry Restrictions You must have administrator privileges Example To configure an access list entry DGS 3200 10 4 config access_profile profile_id 101 add access_id...

Page 419: ...ne Example To display the current access list table DGS 3200 10 4 show access_profile Command show access_profile Access Profile Table Total Unused Rule Entries 199 Total Used Rule Entries 1 Access Profile ID 100 Type Ethernet Owner ACL MASK Option VLAN Source MAC Destination MAC 802 1P Ethernet Type FF FF FF FF FF FF 00 00 00 FF FF FF Unused Entries 200 Access Profile ID 101 Type IP Owner ACL MAS...

Page 420: ...which time range in a day and which days in a week are covered in the time range Note that the specified time range is based on SNTP time or configured time If this time is not available then the time range will not be met Parameters Parameters Description range_name Specifies the name of the time range settings start_time Specifies the starting time in a day 24 hr time For example 19 00 means 7PM...

Page 421: ...ples DGS 3200 10 4 config time_range testdaily hours start_time 12 0 0 end_time 13 0 0 weekdays mon fri Command config time_range testdaily hours start_time 12 0 0 end_time 13 0 0 wee kdays mon fri Success DGS 3200 10 4 46 6 show time_range Purpose Used to display current access list table Format show time_range Description The show time_range command displays current time range setting Parameters...

Page 422: ...de igmp type tcp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff flag_mask all urg ack psh rst syn fin udp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff protocol_id_mask hex 0x0 0xff user_define_mask hex 0x0 0xffffffff packet_content_mask offset_0 15 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_16 31 hex 0x0 0xffffffff hex 0x0 0xffffffff ...

Page 423: ...e IGMP packet type Specifies that the rule applies to TCP traffic src_port_mask Specifies the TCP source port mask dst_port_mask Specifies the TCP destination port mask Tcp flag_mask Specifies the TCP flag field mask Specifies that the rule applies to UDP traffic src_port_mask Specifies the TCP source port mask udp dst_port_mask Specifies the TCP destination port mask Specifies that the rule appli...

Page 424: ...e profile_id 1 ethernet vlan Success DGS 3200 10 4 create cpu access_profile profile_id 2 ip source_ip_mask 255 255 2 55 255 Command create cpu access_profile profile_id 2 ip source_ip_mask 255 255 255 25 5 Success DGS 3200 10 4 46 8 delete cpu access_profile Purpose Used to delete CPU access list rules Format delete CPU access_profile profile_id value 1 5 all Description The delete cpu access_pro...

Page 425: ...d value 1 100 ethernet vlan vlan_name 32 source_mac macaddr 000000000000 ffffffffffff destination_mac macaddr 000000000000 ffffffffffff 802 1p value 0 7 ethernet_type hex 0x0 0xffff ip vlan vlan_name 32 source_ip ipaddr destination_ip ipaddr dscp value 0 63 icmp type value 0 255 code value 0 255 igmp type value 0 255 tcp src_port value 0 65535 dst_port value 0 65535 urg ack psh rst syn fin udp src...

Page 426: ...ifies the source MAC destination_m ac Specifies the destination MAC 802 1p Specifies the value of 802 1p priority tag the value can be configured between 1 and 7 ethernet_type Specifies the Ethernet type vlan Spcifies a VLAN name source_ip Specifies an IP source address destination_ip Specifies an IP destination address dscp Specifies the value of DSCP the value can be configured from 0 to 63 Spec...

Page 427: ... value source_ipv6 Specifies IPv6 source IP value destination_ip v6 Specifies IPv6 destionation IP value permit Specifies the packets that match the access profile are permitted by the switch deny Specifies the packets that match the access profile are filtered by the switch time_range Specifies name of this time range entry Restrictions You must have administrator privileges Example To configure ...

Page 428: ...profile_id Specifies the index of an access list profile Restrictions None Example To display the current CPU access list table DGS 3200 10 4 show cpu access_profile Command show cpu access_profile CPU Interface Filtering State Disabled CPU Interface Access Profile Table Total Unused Rule Entries 499 Total Used Rule Entries 1 Access Profile ID 1 Type Ethernet MASK Option VLAN Access ID 1 Mode Deny...

Page 429: ...e cpu_interface_filtering Purpose Used to enable CPU interface filtering Format enable cpu_interface_filtering Description The enable cpu_interface_filtering command enables CPU interface filtering Parameters None Restrictions None Example To enable CPU interface filtering DGS 3200 10 4 enable cpu_interface_filtering Command enable cpu_interface_filtering Success DGS 3200 10 4 ...

Page 430: ...nterface filtering Format disable cpu_interface_filtering Description The disable cpu_interface_filtering command disables CPU interface filtering Parameters None Restrictions None Example To disable CPU interface filtering DGS 3200 10 4 disable cpu_interface_filtering Command disable cpu_interface_filtering Success DGS 3200 10 4 ...

Page 431: ...DGS 3200 Series Layer 2 Gigabit Managed Switch CLI Manual 431 XIII Packet Control The Packet Control section includes the following chapter Packet Storm ...

Page 432: ...ulticast enable disable unicast enable disable action drop shutdown threshold value 512 1024000 countdown value 0 value 5 30 time_interval value 5 30 Description The config traffic control command configures broadcast multicast unicaststorm control Broadcast storm control commands provides H W storm control mechanism only and these packet storm control commands include H W and S W mechanisms to pr...

Page 433: ...ime_interval The sampling interval of received packet counts The possible value will be 5 to 30 seconds This parameter is meaningless for dropping packets is selected as action Restrictions You must have administrator privileges Examples To configure traffic control and state DGS 3200 10 4 config traffic control 1 10 broadcast enable action shutdown threshold 1 time_interval 10 Command config traf...

Page 434: ..._cleared A notification will be generated when a storm event is cleared both A notification will be generated both when a storm event is detected and cleared Restrictions You must have administrator privileges Examples DGS 3200 10 4 config traffic trap both Command config traffic trap both Success DGS 3200 10 4 47 3 show traffic control Purpose Used to display current traffic control settings Form...

Page 435: ...Shutdown hold Storm Storm Storm down Interval Forever 1 512 Disabled Disabled Disabled drop 0 5 2 512 Disabled Disabled Disabled drop 0 5 3 512 Disabled Disabled Disabled drop 0 5 4 512 Disabled Disabled Disabled drop 0 5 5 512 Disabled Disabled Disabled drop 0 5 6 512 Disabled Disabled Disabled drop 0 5 7 512 Disabled Disabled Disabled drop 0 5 8 512 Disabled Disabled Disabled drop 0 5 9 512 Disa...

Page 436: ...W type Protocol type H W address length Protocol address length Operation Sender Sender protocol address Target Target protocol address H W address H W address ARP request 00 20 5C 01 11 11 10 10 10 1 00 00 00 00 00 00 10 10 10 2 The ARP request will be encapsulated into an Ethernet frame and sent out As can be seen in Table 2 the Source Address in the Ethernet frame will be PC A s MAC address Sin...

Page 437: ...the switch floods the frame of ARP request to the network all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched see Figure 3 Figure 3 When PC B replies to the ARP request its MAC address will be written into Target H W Address in the ARP payload shown in Table 3 The ARP reply will be then encapsulated into an Ethernet frame again and sent back ...

Page 438: ...e query the Destination Address in the Ethernet frame will be changed to PC A s MAC address The Source Address will be changed to PC B s MAC address see Table 4 Table 4 Ethernet frame format Destination address Source address Ether type ARP FCS 00 20 5C 01 11 11 00 20 5C 01 22 22 The switch will also examine the Source Address of the Ethernet frame and find that the address is not in the Forwardin...

Page 439: ...4 shows a hacker within a LAN to initiate ARP spoofing attack Figure 4 In the Gratuitous ARP packet the Sender protocol address and Target protocol address are filled with the same source IP address itself The Sender H W Address and Target H W address are filled with the same source MAC address itself The destination MAC address is the Ethernet broadcast address FF FF FF FF FF FF All nodes within ...

Page 440: ...efore forwarding it man in the middle attack The hacker cheats the victim PC that it is a router and cheats the router that it is the victim As can be seen in Figure 5 all traffic will be then sniffed by the hacker but the users will not discover Figure 5 Prevent ARP Spoofing via Packet Content ACL D Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a uni...

Page 441: ..._chunk An offset_chunk is a 4 byte block in a HEX format which is utilized to match the individual field in an Ethernet frame Each profile is allowed to contain up to a maximum of four offset_chunks Furthermore only one single profile of Packet Content ACL can be supported per switch In other words up to 16 bytes of total offset_chunks can be applied to each profile and a switch Therefore a carefu...

Page 442: ...t Chunk24 Offset Chunk25 Offset Chunk26 Offset Chunk27 Offset Chunk28 Offset Chunk129 Offset Chunk30 Byte 63 67 71 75 79 83 87 91 95 99 103 107 111 115 119 123 Byte 64 68 72 76 80 84 88 92 96 100 104 108 112 116 120 124 Byte 65 69 73 77 81 85 89 93 97 101 105 109 113 117 121 125 Byte 66 70 74 78 82 86 90 94 98 102 106 110 114 118 122 126 The following table indicates a completed ARP packet contain...

Page 443: ...le 2 The first Chunk starts from Chunk 3 mask for Ethernet Type Blue in Table 6 13th 14th bytes Step3 Ethernet Type 2 byte offset_chunk_2 7 0x0000FFFF Sdr IP First 2 byte offset_chunk_3 8 0xFFFF0000 Sdr IP Last 2 byte The second Chunk starts from Chunk 7 mask for Sender IP First 2 byte in ARP packet Green in Table 6 29th 30th bytes The third Chunk starts from Chunk 8 mask for Sender IP Last 2 byte...

Reviews:

No comments

Related manuals for xStack DGS-3200 Series

D-Link DIR-855L Quick Installation Manual preview
DIR-855L
Brand: D-Link Pages: 28
D-Link DIR-826L Quick Install Manual preview
DIR-826L
Brand: D-Link Pages: 2
D-Link DIR-655 - Xtreme N Gigabit Router Wireless Quick Start Manual preview
DIR-655 - Xtreme N Gigabit Router Wireless
Brand: D-Link Pages: 3
D-Link DIR-605L Technical Support Setup Procedure preview
DIR-605L
Brand: D-Link Pages: 11
D-Link DIR-822 Quick Instillation Manual preview
DIR-822
Brand: D-Link Pages: 35
D-Link DIR-880L Quick Install Manual preview
DIR-880L
Brand: D-Link Pages: 12
D-Link DIR-842 Quick Install Manual preview
DIR-842
Brand: D-Link Pages: 12
D-Link DIR-821 Quick Install Manual preview
DIR-821
Brand: D-Link Pages: 24
D-Link DIR-803 Quick Installation Manual preview
DIR-803
Brand: D-Link Pages: 20
D-Link DIR-815/AC Quick Installation Manual preview
DIR-815/AC
Brand: D-Link Pages: 44
D-Link DIR-830M Quick Installation Manual preview
DIR-830M
Brand: D-Link Pages: 52
D-Link DIR-821 User Manual preview
DIR-821
Brand: D-Link Pages: 103
3Com EtherLink 3C509B Quick Manual preview
EtherLink 3C509B
Brand: 3Com Pages: 8
Magnadyne RV2458 User Manual preview
RV2458
Brand: Magnadyne Pages: 13
E-LINX EIR410-2SFP-T User Manual preview
EIR410-2SFP-T
Brand: E-LINX Pages: 24
Z-Wave RAZBERRY 7 PRO Quick Start Manual preview
RAZBERRY 7 PRO
Brand: Z-Wave Pages: 6
Solwise WLn-401 Quick Installation Manual preview
WLn-401
Brand: Solwise Pages: 7
iGateWeb.com iGate User Manual preview
iGate
Brand: iGateWeb.com Pages: 6

Brands by name

Popular brands

Load more brands