background image

xStack

®

 DGS-3400 Series Layer 2 Gigabit Ethernet Managed Switch CLI Manual

 

 

45 

6  

A

CCESS 

A

UTHENTICATION 

C

ONTROL 

C

OMMANDS

 

The TACACS / XTACACS /  / RADIUS commands allow users to secure access to the Switch using the 
TACACS / XTACACS /  / RADIUS protocols. When a user logs in to the Switch or tries to access the 
administrator level privilege, he or she is prompted for a password. If TACACS / XTACACS /  / RADIUS 
authentication is enabled on the Switch, it will contact a TACACS / XTACACS /  / RADIUS server to verify the 
user. If the user is verified, he or she is granted access to the Switch. 

There are currently three versions of the TACACS security protocol, each a separate entity. The Switch’s software 
supports the following versions of TACACS: 

 

TACACS (Terminal Access Controller Access Control System) —Provides password checking and 
authentication, and notification of user actions for security purposes utilizing via one or more centralized TACACS 
servers, utilizing the UDP protocol for packet transmission. 

 

Extended TACACS (XTACACS) — An extension of the TACACS protocol with the ability to provide more types of 
authentication requests and more types of response codes than TACACS. This protocol also uses UDP to 
transmit packets. 

 

 (Terminal Access Controller Access Control System plus) — Provides detailed access control for 
authentication for network devices.  is facilitated through Authentication commands via one or more 
centralized servers. The  protocol encrypts all traffic between the Switch and the  daemon, 
using the TCP protocol to ensure reliable delivery. 

 

The Switch also supports the RADIUS protocol for authentication using the Access Authentication Control commands. 
RADIUS or Remote Authentication Dial In User Server also uses a remote server for authentication and can be 
responsible for receiving user connection requests, authenticating the user and returning all configuration information 
necessary for the client to deliver service through the user. RADIUS may be facilitated on this Switch using the 
commands listed in this section. 

 

In order for the TACACS / XTACACS /  / RADIUS security function to work properly, a TACACS / XTACACS / 
 / RADIUS server must be configured on a device other than the Switch, called a server host and it must 
include usernames and passwords for authentication. When the user is prompted by the Switch to enter usernames and 
passwords for authentication, the Switch contacts the TACACS / XTACACS /  / RADIUS server to verify, and 
the server will respond with one of three messages: 

a.  The server verifies the username and password, and the user is granted normal user privileges on the Switch.  

b.  The server will not accept the username and password and the user is denied access to the Switch. 

c.  The server doesn’t respond to the verification query. At this point, the Switch receives the timeout from the server 

and then moves to the next method of verification configured in the method list. 

 

The Switch has four built-in server groups, one for each of the TACACS, XTACACS,  and RADIUS protocols. 
These built-in server groups are used to authenticate users trying to access the Switch. The users will set server hosts in 
a preferable order in the built-in server group and when a user tries to gain access to the Switch, the Switch will ask the 
first server host for authentication. If no authentication is made, the second server host in the list will be queried, and so 
on. The built-in server group can only have hosts that are running the specified protocol. For example, the TACACS 
server group can only have TACACS server hosts. 

The administrator for the Switch may set up five different authentication techniques per user-defined method list 
(TACACS / XTACACS /  / RADIUS / local / none) for authentication. These techniques will be listed in an order 
preferable, and defined by the user for normal user authentication on the Switch, and may contain up to eight 
authentication techniques. When a user attempts to access the Switch, the Switch will select the first technique listed for 
authentication. If the first technique goes through its server hosts and no authentication is returned, the Switch will then 
go to the next technique listed in the server group for authentication, until the authentication has been verified or denied, 
or the list is exhausted. 

 

Summary of Contents for xStack DGS-3400 Series

Page 1: ...CLI Reference Guide Product Model xStack DGS 3400 Series Layer 2 Managed Gigabit Ethernet Switch Release 2 7...

Page 2: ...4 DHCPV6 CLIENT COMMANDS 149 DHCPV6 RELAY COMMANDS 152 DHCPV6 SERVER COMMANDS 158 DIGITAL DIAGNOSTIC MONITORING DDM COMMANDS 170 D LINK SINGLE IP MANAGEMENT COMMANDS 177 D LINK UNIDIRECTIONAL LINK DET...

Page 3: ...DS 403 QUALITY OF SERVICE QOS COMMANDS 408 REMOTE COPY PROTOCOL RCP COMMANDS 419 REMOTE SWITCHED PORT ANALYZER RSPAN COMMANDS 428 ROUTING INFORMATION PROTOCOL RIP COMMANDS 434 SAFEGUARD ENGINE COMMAND...

Page 4: ...WEB BASED ACCESS CONTROL WAC COMMANDS 524 TECHNICAL SPECIFICATIONS 534 PASSWORD RECOVERY PROCEDURE 536...

Page 5: ...6P switches will be referred to as simply the Switch or the DGS 3450 Accessing the Switch via the Serial Port The Switch s serial port s default settings are as follows 115200 baud no parity 8 data bi...

Page 6: ...nds config ipif System ipaddress xxx xxx xxx xxx yyy yyy yyy yyy Where the x s represent the IP address to be assigned to the IP interface named System and the y s represent the corresponding subnet m...

Page 7: ...e interface is used by connecting the Switch to a VT100 compatible terminal or a computer running an ordinary terminal emulator program e g the HyperTerminal program included with the Windows operatin...

Page 8: ...All Figure 2 2 The Command When users enter a command without its required parameters the CLI will prompt a Next possible completions message DGS 3450 admin config account Command config account Next...

Page 9: ...his manual angle brackets indicate a numerical value or character string braces indicate optional parameters or a choice of parameters and brackets indicate required parameters If a command is entered...

Page 10: ...up double_vlan erps fdb host_name igmp_snooping ip_tunnel ipif ipmc_vlan_replication_entry iproute ipv6 ipv6route jwac link_aggregation mac_based_access_control mac_based_access_control_local mac_base...

Page 11: ...ress ip_addr netmask space Do not type the angle brackets Example Command create ipif Engineering 10 24 22 5 255 0 0 0 Design square brackets Purpose Encloses a required value or set of required argum...

Page 12: ...row Repeats the previously entered command Each time the up arrow is pressed the command previous to that displayed appears This way it is possible to review the command history for the current sessio...

Page 13: ...ion show switch show serial_port config serial_port baud_rate 9600 19200 38400 115200 auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes enable clipaging disable clipaging enable telnet tcp_p...

Page 14: ...meric characters to define the user account created here Restrictions Only Administrator level users can issue this command Example usage To create an administrator level user account with the usernam...

Page 15: ...HA 1 encryption password Enter the password here Restrictions Only Administrator level users can issue this command Example usage To configure the user password of dlink account DGS 3450 admin config...

Page 16: ...age To delete the user account System DGS 3450 admin delete account System Command delete account System Are you sure to delete the last administrator account y n y Success DGS 3450 admin show session...

Page 17: ...default Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Boot PROM Version Build 1 10 B13 Firmware Version Build 2 70 B56 Hardware Version A1 Serial Number P4F7191000001 System Name System Location Syste...

Page 18: ...ll log out the current user if there is no user input for 5 minutes 10_minutes The console will log out the current user if there is no user input for 10 minutes 15_minutes The console will log out th...

Page 19: ...ng of the screen display when show command output reaches the end of the page DGS 3450 admin disable clipaging Command disable clipaging Success DGS 3450 admin enable telnet Purpose Used to enable com...

Page 20: ...telnet Purpose Used to login remote system with telnet protocol Syntax telnet ipaddr domain_name 255 tcp_port value 0 65535 Description This command is used to login remote system with Telnet protoco...

Page 21: ...known port for the Web based management software is 80 Restrictions Only Administrator and Operator level users can issue this command Example usage To enable HTTP and configure port number DGS 3450...

Page 22: ...AM all Use to save the configuration and log file to NV RAM Restrictions Only Administrator and Operator level users can issue this command Example usage To save the Switch s current configuration to...

Page 23: ...changed to default Rebooting will clear all entries in the Forwarding Data Base If no parameter is specified the Switch s current IP address user accounts and the switch history log are not changed Al...

Page 24: ...show device_status Description This command displays the current status of the power and fans on the system In the fan status display there are fans on the left of the switch on the right at the back...

Page 25: ...inistrator and Operator level users can issue this command Example usage To configure the greeting message config command_prompt Purpose Used to configure the command prompt for the Command Line Inter...

Page 26: ...ting Ctrl L Reload original setting show greeting_message Purpose Used to view the currently configured greeting message configured on the Switch Syntax show greeting_message Description This command...

Page 27: ...Control This mechanism is intended to allow only authorized users or other network devices access to network resources by establishing criteria for each port on the Switch that a user or network devic...

Page 28: ...config 802 1x auth_mode port_based mac_based config 802 1x init port_based ports portlist all mac_based ports portlist all mac_address macaddr config 802 1x reauth port_based ports portlist all mac_b...

Page 29: ...s DGS 3450 admin disable 802 1x Purpose Used to disable the 802 1X function Syntax disable 802 1x Description The disable 802 1x command disable 802 1X function Parameters None Restrictions Only Admin...

Page 30: ...lete 802 1x user command delete an 802 1X user Parameters username Specifies the adding user name Restrictions Only Administrator and Operator level users can issue this command Example usage To delet...

Page 31: ...min config 802 1x auth_protocol radius_eap Command config 802 1x auth_protocol radius_eap Success DGS 3450 admin config 802 1x fwd_pdu system Purpose Used to configure forwarding of EAPOL PDU when 802...

Page 32: ...tor and Operator level users can issue this command Example usage To configure 802 1X fwd_pdu for ports DGS 3450 admin config 802 1x fwd_pdu ports 1 2 enable Command config 802 1x fwd_pdu ports 1 2 en...

Page 33: ...ome or all ports portlist Specifies a range of ports to be displayed If no port is specified all ports will be displayed If no parameter is specified the 802 1X system configurations will be displayed...

Page 34: ...sec MaxReq 2 times ReAuthPeriod 3400 sec ReAuthenticate Disabled Forward EAPOL PDU On Port Enabled Max Users On Port 10 DGS 3450 admin config 802 1x capability Purpose Used to configure the port capa...

Page 35: ...auth_parameter Purpose Used to configure the parameters that control the operation of the authenticator associated with a port Syntax config 802 1x auth_parameter ports portlist all default direction...

Page 36: ...any integer number among 1 to 10 reauth_period It s a nonzero number of seconds which is used to be the re authentication timer The default value is 3400 enable_reauth You can enable or disable the r...

Page 37: ...s can issue this command Example usage To initialize the authentication state machine of some or all DGS 3450 admin config 802 1x init port_based ports all Command config 802 1x init port_based ports...

Page 38: ...tor level users can issue this command Example usage To create a VLAN named guestVLAN as 802 1X guest VLAN DGS 3450 admin create 802 1x guest_vlan guestVLAN Command create 802 1x guest_vlan guestVLAN...

Page 39: ...or and Operator level users can issue this command Example usage Enable on port 1 8 to configure 802 1X guest VLAN DGS 3450 admin config 802 1x guest_vlan ports 1 8 state enable Command config 802 1x...

Page 40: ...S authentication data between the switch and the RADIUS server The range is 1 to 65535 acct_port Specifies the UDP port number which is used to transmit RADIUS accounting statistics between the switch...

Page 41: ...rt number which is used to transmit RADIUS authentication data between the switch and the RADIUS server The range is 1 to 65535 Default value is 1812 acct_port Specifies the UDP port number which is u...

Page 42: ...ess 172 18 211 108 Auth Port 1812 Acct Port 1813 Retransmit 2 Key adfdslkfjefiefdkgjdassdwtgjk6y1w Total Entries 3 DGS 3450 admin show auth_statistics Purpose Use to display information of authenticat...

Page 43: ...pLengthErrorFramesRx 0 LastEapolFrameVersion 0 LastEapolFrameSource 00 00 00 00 00 00 DGS 3450 admin show auth_diagnostics Purpose Used to display information of authenticator diagnostics Syntax show...

Page 44: ...ileAuthenticated 0 BackendResponses 0 BackendAccessChallenges 0 BackendOtherRequestsToSupplicant 0 BackendNonNakResponsesFromSupplicant 0 BackendAuthSuccesses 0 BackendAuthFails 0 DGS 3450 admin show...

Page 45: ...ramesTx 0 SessionId SessionAuthenticMethod Remote Authentication Server SessionTime 0 SessionTerminateCause SupplicantLogoff SessionUserName DGS 3450 admin show auth_client Purpose Use to display info...

Page 46: ...transmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radius...

Page 47: ...e the state of the specified RADIUS accounting service Syntax config accounting service network shell system state enable disable Description The config accounting service command is used to enable or...

Page 48: ...status of RADIUS accounting services Syntax show accounting service Description The show accounting service command displays the state for RADIUS accounting service Parameters portlist Specifies a ra...

Page 49: ...n this section In order for the TACACS XTACACS TACACS RADIUS security function to work properly a TACACS XTACACS TACACS RADIUS server must be configured on a device other than the Switch called a serv...

Page 50: ...r a password which was previously configured by the administrator of the Switch The Access Authentication Control commands in the Command Line Interface CLI are listed along with the appropriate param...

Page 51: ...le none delete authen_enable method_list_name string 15 show authen_enable default method_list_name string 15 all config authen application console telnet ssh http all login enable default method_list...

Page 52: ...xt Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable password encryption DGS 3450 admin enable password encryption Command enable...

Page 53: ...and create account admin alpha Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3450 admin config account Purpose This command is used to configure user ac...

Page 54: ...isplays the user accounts that have been created on the Switch Parameters None Restrictions Only Administrator can issue this command Example usage To display the user accounts that have been created...

Page 55: ...dministrator can issue this command Example usage To enable the system access authentication policy DGS 3450 admin enable authen_policy Command enable authen_policy Success DGS 3450 admin disable auth...

Page 56: ...e user defined method list name Restrictions Only Administrator can issue this command Example usage To create a user defined method list called login_list_1 for users attempting to log in to the Swit...

Page 57: ...er group tacacs radius Specify authentication by the built in server group radius server_group Specify authentication by the user defined server group local Specify authentication by the local user ac...

Page 58: ...istrator can issue this command Example usage To display the user defined method list called login_list_1 for users attempting to log in to the Switch DGS 3450 admin show authen_login method_list_name...

Page 59: ...s group are missing the local enable password in the device will be used to authenticate the user s password The local enable password in the device can be configured using the config admin local_pass...

Page 60: ...n level Syntax show authen_enable default method_list_name string 15 all Description Displays the method list of authentication methods used for promoting a user s privilege to Admin level Parameters...

Page 61: ...he default method list method_list_name Specify the user defined method list name Restrictions Only Administrator can issue this command Example usage To configure a login method list for Telnet calle...

Page 62: ...rver host to or from the specified server group The built in tacacs xtacacs tacacs and radius server groups only accept server hosts with the same protocol but a user defined server group can accept s...

Page 63: ...15 Specify the user defined server group name that will be deleted Restrictions Only Administrator can issue this command Example usage To delete a user defined authentication server group called mix...

Page 64: ...e server host s IP address protocol tacacs Specify that the server host s authentication protocol will be TACACS protocol xtacacs Specify that the server host s authentication protocol will be XTACACS...

Page 65: ...ault value for TACACS XTACACS TACACS is 49 Default value for RADIUS is 1812 key The key for TACACS and RADIUS authentication If the value is null no encryption will apply This value is meaningless for...

Page 66: ...cription Displays the authentication server hosts Parameters None Restrictions Only Administrator can issue this command Example usage To display all authentication server hosts DGS 3450 admin show au...

Page 67: ...mote the privilege on a console Telnet or SSH application If failed login attempts exceeds this number the connection or access will be locked Parameters int 1 255 Specify the maximum number of attemp...

Page 68: ...disabled For switches with 3 levels of privilege this command can be used by users with user level and operator level privileges to access the administrator privilege level Parameters None Restriction...

Page 69: ...hernet Managed Switch CLI Manual 65 DGS 3450 admin config admin local_enable Command config admin local_enable Enter the old password Enter the case sensitive new password Enter the new password again...

Page 70: ...r 2 Gigabit Ethernet Managed Switch CLI Manual 66 7 ACCESS CONTROL LIST ACL COMMANDS The Access Control List ACL commands in the Command Line Interface CLI are listed along with the appropriate parame...

Page 71: ...255 tcp src_port value 0 65535 dst_port value 0 65535 urg ack psh rst syn fin udp src_port value 0 65535 dst_port value 0 65535 protocol_id value 0 255 user_define hex 0x0 0xffffffff port portlist al...

Page 72: ...destination_ip_mask Specifies an IP destination submask dscp Specifies the dscp mask icmp Specifies that the rule applies to icmp traffic type Specifies that the rule applies to icmp type traffic cod...

Page 73: ...s profile DGS 3450 admin create access_profile packet_content_mask offset_chunk_1 0 0xFFFFFFFF offset_chunk_2 1 0xFFFFFFFF offset_chunk_3 2 0xFFFFFFFF offset_chunk_4 3 0xFFFFFFFF profile_id 3 Command...

Page 74: ...able disable mirror group_id value 1 4 deny ipv6 class value 0 255 flowlabel hex 0x0 0xfffff source_ipv6 ipv6addr destination_ipv6 ipv6addr tcp src_port value 0 65535 dst_port value 0 65535 udp src_po...

Page 75: ...the packets that match the access profile are permit by the switch priority Specifies that priority of the packet will be changed if the packet match the access rule replace_priority Specifies 802 1p...

Page 76: ..._profile profile_id 5 add access_id auto_assign packet_content offset_chunk_1 0xAAAAAAAA offset_chunk_2 0xBBBBBBBB offset_chunk_3 0xFFFFFFFF offset_chunk_4 0xEEEEEEEE port all permit Success DGS 3450...

Page 77: ...ed to configure the flow based metering function The metering function support three modes single rate two colors single rate three color and two rate three color The access rule must first be created...

Page 78: ...three color mode cir Specify the committed information rate 1 The unit is 64Kbps 2 The max rate is 156249 64Kbps cbs Specify the committed burst size 1 The unit is Kbytes 2 The max set value is 16 102...

Page 79: ...sabled Violate Drop Counter Disabled Total Entries 1 DGS 3450 admin config time_range Purpose Used to configure the range of time to activate a function on the switch Syntax config time_range range_na...

Page 80: ...nd_time 23 59 5 9 weekdays sun sat Command config time_range weekend hours start_time 0 0 0 end_time 23 59 59 week days sun sat Success DGS 3450 admin show time_range Purpose Used to display time rang...

Page 81: ...e configured CBS and EBS A packet flow that does not reach the CBS is marked green if it exceeds the CBS but not the EBS its marked yellow and if it exceeds the EBS its marked red CBS Committed Burst...

Page 82: ...0 156249 pbs value 0 16384 sr_tcm cir value 0 156249 cbs value 0 16384 ebs value 0 16384 conform permit replace_dscp value 0 63 counter enable disable exceed permit replace_dscp value 0 63 drop count...

Page 83: ...be used in conjunction with the PIR The PBS should be configured to accept the biggest IP packet that is expected in the IP flow sr_tcm Choosing this field will allow users to employ the Single Rate...

Page 84: ...rop packets that are in the red flow counter enable disable Use this parameter to enable or disable the packet counter for the specified ACL entry in the red flow delete Use this parameter to delete t...

Page 85: ...ile_id 1 access_id 1 Command show flow_meter profile_id 1 access_id 1 Profile ID 1 Access ID 1 Mode trTCM CIR 1000 64kbps CBS 200 Kbyte PIR 2000 64kbps PBS 200 Kbyte Action Conform Permit Counter Disa...

Page 86: ...ntry into the switch s ARP table Parameters ipaddr The IP address of the end node or station macaddr The MAC address corresponding to the IP address above Restrictions Only Administrator and Operator...

Page 87: ...mmand Example usage To configure a static ARP entry with IP address 10 48 74 121 to have a MAC address of 00 50 BA 00 07 37 DGS 3450 admin config arpentry 10 48 74 121 00 50 BA 00 07 37 Command config...

Page 88: ...arptable Success DGS 3450 admin show arpentry Purpose Used to display the ARP table Syntax show arpentry ipif ipif_name 12 ipaddress ipaddr static mac_address macaddr Description This command is used...

Page 89: ...0 Interface IP Address MAC Address Type System 10 0 0 0 FF FF FF FF FF FF Local Broadcast System 10 1 1 1 00 02 03 04 05 06 Static System 10 1 1 2 00 02 03 04 05 06 Dynamic System 10 1 1 3 00 02 03 04...

Page 90: ...down 1 Description The config bpdu_protection ports command is used to configure the BPDP protection function for the ports on the switch In generally there are two states in BPDU protection function...

Page 91: ...xStack DGS 3400 Series Layer 2 Gigabit Ethernet Managed Switch CLI Manual 87 config bpdu_protection ports Restrictions Only Administrator and Operator level users can issue this command...

Page 92: ...onds used by the Auto Recovery mechanism to recover the port The valid range is 60 to 1000000 Restrictions Only Administrator and Operator level users can issue this command Example usage To configure...

Page 93: ...dministrator and Operator level users can issue this command Example usage To enable bpdu_protection function globally for the entire switch DGS 3450 admin enable bpdu_protection Commands enable bpdu_...

Page 94: ...tion Commands show bpdu_protection BPDU Protection Global Settings BPDU Protection status Enabled BPDU Protection Recovery Time 60 seconds BPDU Protection Trap State None BPDU Protection Log State Non...

Page 95: ...in the following sections Purpose Used to display all commands in the Command Line Interface CLI Syntax command Description This command will display all of the commands available through the Command...

Page 96: ...nd DGS 3450 admin config stp Command config stp Command config stp Usage maxage value 6 40 maxhops value 1 20 hellotime value 1 10 forwa rddelay value 4 30 txholdcount value 1 10 fbpdu enable disable...

Page 97: ...DGS 3450 admin show command_history Purpose Used to display the command history Syntax show command_history Description This command will display the command history Parameters None Restrictions None...

Page 98: ...llowing table Command Parameters enable command logging disable command logging show command logging Each command is listed in detail in the following sections enable command logging Purpose Used to e...

Page 99: ...uccess DGS 3450 admin show command logging Purpose This command displays the switch s general command logging configuration status Syntax show command logging Description Use this command to show the...

Page 100: ...ny dot1x_impb impb_jwac 1 show authentication guest_vlan show authentication ports portlist enable authorization attributes disable authorization attributes show authorization config authentication se...

Page 101: ...N ID Restrictions Only Administrator and Operator level users can issue this command Example usage To delete an authentication guest VLAN DGS 3450 admin delete authentication guest_vlan vlan guestVLAN...

Page 102: ...st from authentication VLAN s If vlanid is not specified or all VLANs is disabled means do not care whitch VLAN the client comes from the client will be authenticated if the client s MAC not care the...

Page 103: ...age This example displays the guest VLAN setting DGS 3450 admin show authentication guest_vlan Command show authentication guest_vlan Guest VLAN VID 1 Guest VLAN Member Ports 4 Guest VLAN VID 3 Guest...

Page 104: ...local database will be accepted which depends on the individual module s setting Authorization for attributes is enabled by default Parameters None Restrictions Only Administrator and Operator level u...

Page 105: ...ver function Syntax config authentication server failover local permit block Description Description When authentication server fails administrator can configure to Use local DB to authenticate the cl...

Page 106: ...ntication global configuration Syntax show authentication Description Used to show authentication global configuration Parameters None Restrictions None Example usage To show authentication DGS 3450 a...

Page 107: ...exclude begin filter_string 80 filter_string 80 filter_string 80 include exclude begin filter_string 80 filter_string 80 filter_string 80 information config configuration config_id config_id 1 2 delet...

Page 108: ...ver Note that for stacking system only the master s configuration file is allowed to be uploaded The output stream of the configuration data can be filtered by the expression specified at the end of t...

Page 109: ...nfiguration to be used in next boot or the configuration file specified by the command Syntax show config current_config current_config include exclude begin filter_string 80 filter_string 80 filter_s...

Page 110: ...following example illustrates how the special filters account affect the configuration display DGS 3450 admin show config current_config include account Command show config current_config include acc...

Page 111: ...is command is required to be supported regardless of whether file system is supported or whether multiple configuration files are supported The configuration will only save to the master unit Paramete...

Page 112: ...lear counters ports portlist Each command is listed in detail in the following sections show packet ports Purpose Used to show statistics about the packets which were sent and received by the switch S...

Page 113: ...Use to show error statistics information for a range of ports Syntax show error ports portlist Description The show error ports command shows error statistics for a range of ports Parameters portlist...

Page 114: ...0 0 2 6 0 0 0 1 12 0 0 0 2 7 0 30 1 1 13 0 0 0 2 8 0 0 0 1 14 0 0 0 2 9 30 0 1 1 15 0 0 0 2 10 0 0 0 1 16 0 0 0 2 11 0 0 0 1 17 0 0 0 2 12 0 0 0 1 18 0 0 0 2 13 0 0 0 1 19 0 0 0 2 14 0 0 0 1 20 0 0 0...

Page 115: ...arameter is specified system will counter all of the ports Restrictions Only Administrator and Operator level users can issue this command Example usage To clear the switch s statistics counters DGS 3...

Page 116: ...debug config state enable disable debug show error_reboot state Each command is listed in detail in the following sections debug error_log Purpose Use this command to dump clear or upload the softwar...

Page 117: ...5D6C TASK NAME StackTop CurStkSP StackSize SchCnt PRIO I STATUS 8069E7D0 FWD ETH 823E9798 823E95C4 1K 32K 2 160 160 Q IP_PKT 806A3E70 SysLogTask 80BD040C 80BD0298 1K 16K 3 180 180 E SysLogEvent 806A43...

Page 118: ...server It can be a relative pathname or an absolute pathname Restrictions Only Administrator and Operator level users can issue this command Example usage To show the debug buffer s state DGS 3450 ad...

Page 119: ...ved in NVRAM If the error_reboot is enabled the watchdog shall be enabled after all information is stored into NVRAM Syntax debug config error_reboot enable disable Description Set if the switch needs...

Page 120: ...debug show status Command debug show status Debug Global State Enabled SYS Enabled OS Enabled MSTP Enabled ACL Disabled CLI Enabled SNMP Disabled IGMP Enabled DGS 3450 admin debug config state Purpos...

Page 121: ...eboot status Syntax debug show error_reboot state Description Show the error reboot status Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage...

Page 122: ...pecified vlan When DHCP local relay is enabled for the VLAN the DHCP packet will be relayed in broadcast way without change of the source MAC address and gateway address DHCP option 82 will be automat...

Page 123: ...ictions Only Administrator and Operator level users can issue this command Example usage To disable the DHCP local relay function DGS 3450 admin disable dhcp_local_relay Command disable dhcp_local_rel...

Page 124: ...ss ipaddr default config dhcp_relay option_61 state enable disable config dhcp_relay option_61 add mac_address macaddr string mutiword 255 relay ipaddr drop config dhcp_relay option_61 default relay i...

Page 125: ...r IP address Restrictions Only Administrator and Operator level users can issue this command Example usage To add a DHCP BOOTP server to the relay table DGS 3450 admin config dhcp_relay add ipif Syste...

Page 126: ...bled For packet come from client side the packet should not have the option 82 s field If the packet has this option field it will be dropped For packets come from the server side the packet should ha...

Page 127: ...ommand disables the DHCP relay function on the switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the DHCP relay function D...

Page 128: ...ption 61 or per IPIF configured servers If the relay servers are determined based on option 60 or option 61 then per IPIF configured servers will be ignored If the relay servers are not determined eit...

Page 129: ...ion 60 the relay servers will be determined by the default relay server setting When there is no matching found for the packet the relay servers will be determined based on the default relay servers W...

Page 130: ...efaut relay ipaddress if ipaddress is not specified ipaddr Delete the default relay ipaddress that is specified by the user Restrictions Only Administrator and Operator level users can issue this comm...

Page 131: ...mined based on option 61 If the relay servers are determined based on option 60 or option 61 then per IPIF configured servers will be ignored If the relay servers are not determined either by option 6...

Page 132: ...mac_address 00 11 22 33 44 55 drop Command config dhcp_relay option_61 add mac_address 00 11 22 33 44 55 drop Success DGS 3450 admin config dhcp_relay option_61 default Purpose This command is used to...

Page 133: ...option_61 delete mac_address 00 11 22 33 44 55 Command config dhcp_relay option_61 delete mac_address 00 11 22 33 44 55 Success DGS 3450 admin show dhcp_relay option_61 Purpose This command is used t...

Page 134: ...ings are complete all DHCP Server packets will be filtered from a specific port except those that meet the Server IP Address and Client MAC Address binding Command Parameters config filter dhcp_server...

Page 135: ...00 00 00 01 ports 1 1 1 3 Command config filter dhcp_server add permit server_ip 10 1 1 1 client_mac 00 00 00 00 00 01 ports 1 1 1 3 Success DGS 3450 admin To configure the filter DHCP server state D...

Page 136: ...g filter dhcp_server trap_log disable Command config filter dhcp_server trap_log disable Success DGS 3450 admin config filter dhcp_server illegal_server_log_suppress_duration Purpose This function is...

Page 137: ...Gigabit Ethernet Managed Switch CLI Manual 133 DGS 3450 admin config filter dhcp_server illegal_server_log_suppress_duration 30min Command config filter dhcp_server illegal_server_log_suppress_duratio...

Page 138: ...ient then utilizes and sets on its local configurations The user can configure many DHCP related parameters that it will utilize on its locally attached network to control and limit the IP settings of...

Page 139: ...2 ipaddr ipaddr ipaddr config dhcp pool dns_server_address pool_name 12 ipaddr ipaddr ipaddr config dhcp pool domain_name pool_name 12 domain_name 64 config dhcp pool lease pool_name 12 day 0 365 hour...

Page 140: ...ple usage To create the DHCP pool Floor2 DGS 3450 admin create dhcp pool Floor2 Command create dhcp pool Floor2 Success DGS 3450 admin delete dhcp pool Purpose Used to delete a DHCP pool Syntax delete...

Page 141: ...Ethernet will denote that the manually bound device is connected directly to the Switch while the IEEE802 denotes that the manually bound device is outside the local network of the Switch Restriction...

Page 142: ...rictions None Example usage To display the manual binding entries of the DHCP pool accounting DGS 3450 admin show dhcp pool manual_binding accounting Command show dhcp pool manual_binding accounting P...

Page 143: ...n on the Switch DGS 3450 admin clear dhcp_binding Command clear dhcp_binding Success DGS 3450 admin config dhcp ping_packets Purpose Used to set the number of ping packets that will be sent out to fin...

Page 144: ...an issue this command Example usage To configure the Ping timeout DGS 3450 admin config dhcp ping_timeout 500 Command config dhcp ping_timeout 500 Success DGS 3450 admin config dhcp pool boot_file Pur...

Page 145: ...pool default_router accounting 10 245 32 1 Command config dhcp pool default_router accounting 10 245 32 1 Success DGS 3450 admin config dhcp pool dns_server_address Purpose Used to configure the IP ad...

Page 146: ...ink com Success DGS 3450 admin config dhcp pool lease Purpose Used to configure the lease time of DCHP clients within a DHCP pool Syntax config dhcp pool lease pool_name 12 day 0 365 hour 0 23 minute...

Page 147: ...Example usage To configure the Net BIOS name server for the DHCP pool DGS 3450 admin config dhcp pool netbios_name_server accounting 10 98 254 2 Command config dhcp pool netbios_name_server accounting...

Page 148: ...fied using the traditional format for example 10 1 2 3 255 0 0 0 or in CIDR format 10 1 2 3 8 Restrictions Only Administrator and Operator level users can issue this command Example usage To configure...

Page 149: ...e this command Example usage To enable DHCP server DGS 3450 admin enable dhcp_server Command enable dhcp_server Success DGS 3450 admin disable dhcp_server Purpose Used to disable the DHCP function on...

Page 150: ...ded_address begin_address ipaddr end_address ipaddr Description This command will allow the user to set an IP address or a range of IP addresses that are NOT to be included in the range of IP addresse...

Page 151: ...t from the DHCP pool all Enter this command to delete all excluded IP addresses from the DHCP pool Restrictions Only Administrator and Operator level users can issue this command Example usage To dele...

Page 152: ...formation on the switch Parameters pool_name 12 Enter the name of the DHCP pool for which to view DHCP pool information Restrictions None Example usage To display the DHCP pool information DGS 3450 ad...

Page 153: ...of network mask Since an IP interface can have only one IPv4 address the newly configured address will overwrite the original one vlan vlan_name 32 Name of the VLAN where the IPIF is operated proxy_a...

Page 154: ...ate Purpose Enable or disable the DHCPv6 client debug function Syntax debug dhcpv6_client state enable disable Description Use this command to enable or disable the DHCPv6 client debug function Parame...

Page 155: ...sending Syntax debug dhcpv6_client packet all receiving sending state enable disable Description Enable or disable the debug information flag for DHCPv6 client packets including packet receiving and...

Page 156: ...ay hop_count Purpose This command is used to configure the DHCPv6 relay hop count of the switch Syntax config dhcpv6_relay hop_count value 1 32 Description This command is used to configure the DHCPv6...

Page 157: ...used to configure the DHCPv6 relay state of one or all of the specified interfaces Parameters ipif_name The name of the IP interface The value all indicates all configured IP interfaces state See belo...

Page 158: ...ress 3ffe 600 Server Address ff05 1 3 Ipif1 Ipif_1 Interface DHCPv6 Relay Status Enabled Server Address 2001 DB8 1234 1 218 FEFF FEFB 2 Ipif_2 Interface DHCPv6 Relay Status Disabled Total Entries 3 DG...

Page 159: ...h Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the DHCPv6 relay global state to disable DGS 3450 admin disable dhcpv6_rela...

Page 160: ...to output to a console DGS 3450 admin debug dhcpv6_relay output console Command debug dhcpv6_relay output console Success DGS 3450 admin debug dhcpv6_relay packet Purpose This command is used to enabl...

Page 161: ...able Description This command is used to enable or disable debug information flag about the hop count Parameters hop_count The hop count is the number of relay agents that have to be relayed in this m...

Page 162: ...manual_binding pool_name 12 show dhcpv6 binding pool_name 12 clear dhcpv6 binding pool_name 12 enable dhcpv6_server disable dhcpv6_server show dhcpv6_server config dhcpv6 pool excluded_address pool_n...

Page 163: ...eted Restrictions Only Administrator and Operator level users can issue this command Example usage To delete the DHCPv6 pool by specifying the pool name pool1 DGS 3450 admin delete dhcpv6 pool pool1 C...

Page 164: ...The prefix of begin_networkaddr and end_networkaddr must be consistence e g the begin_networkaddr is 2000 1 64 and the end_networkaddr is 3000 100 64 2 The begin address must not be large than end add...

Page 165: ...3450 admin config dhcpv6 pool domain_name pool1 d_link com Command config dhcpv6 pool domain_name pool1 d_link com Success DGS 3450 admin config dhcpv6 pool dns_server Purpose This command is used to...

Page 166: ...ime of IPv6 address preferred_lifetime sec 60 4294967295 The amount of time in seconds that the IPv6 address based on the specified pool remains in preferred state valid_lifetime sec 60 4294967295 The...

Page 167: ...ple usage To add a manual binding DHCPv6 entry DGS 3450 admin create dhcpv6 pool manual_binding pool1 add 2000 3 client_duid 00010006124dd5840021918d4d9f Command create dhcpv6 pool manual_binding pool...

Page 168: ...g information Entering the command without the pool name will display all information regarding DHCPv6 dynamic binding on the switch This command only displays the dynamic binding information not incl...

Page 169: ...CPv6 dynamic binding information on the Switch DGS 3450 admin clear dhcpv6 binding Command clear dhcpv6 binding Success DGS 3450 admin enable dhcpv6_server Purpose This command is used to enable the D...

Page 170: ...min config dhcpv6 pool excluded_address Purpose This command is used to configure the reserved IPv6 addresses on the DHCPv6 server Syntax config dhcpv6 pool excluded_address pool_name 12 add begin ipv...

Page 171: ...d_address pool1 add begin 2000 3 end 2000 8 Success DGS 3450 admin show dhcpv6 excluded_address Purpose This command is used to display the groups of IPv6 addresses which are excluded from the legal a...

Page 172: ...pv6_server ipif ipif_name 12 state enable disable Description This command configures the DHCPv6 Server state on the IP interface Parameters ipif ipif_name 12 The name of the IP interface state See be...

Page 173: ...r disable the debug information flag of the DHCPv6 server packet including packets receiving and sending Syntax debug dhcpv6_server packet all receiving sending state enable disable Description This c...

Page 174: ...p enable disable show ddm ports portlist status show ddm ports portlist configuration show ddm Each command is listed in detail in the following sections config ddm ports temperature_threshold Purpose...

Page 175: ...l parameter is chosen all SFP ports operating parameters will be configured voltage_threshold Specifies the threshold of SFP module s voltage high_alarm High threshold for alarm When the operating par...

Page 176: ...re the port 9 s bias current threshold DGS 3450 admin config ddm ports 9 bias_current_threshold high_alarm 7 25 low_alarm 0 004 high_warning 0 5 low_warning 0 008 Command config ddm ports 9 bias_curre...

Page 177: ...rameter is 0 to 6 5535 mW low_alarm Low threshold for alarm When the operating parameter falls below this value action associated with alarm is taken The range of this parameter is 0 to 6 5535 mW high...

Page 178: ...state enable shutdown alarm Success DGS 3450 admin config ddm log Purpose Enable or disable log action when the SFP exceed its DDM threshold Syntax config ddm log enable disable Description The comman...

Page 179: ...ports 10 12 status Port Temperature Voltage Bias Current TX Power RX Power in Celsius V mA mW mW 10 11 21 5 2 5 50 3 4 12 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show ddm ports...

Page 180: ...mW High Alarm 85 A 6 55 7 25 A 0 625 4 5 Low Alarm 10 2 5 0 004 0 006 A 0 01 High Warning 70 A 3 5 A 6 0 5 3 5 A Low Warning 0 3 0 006 A 0 008 0 03 A means that the threshold is administratively conf...

Page 181: ...n one hop away from the CS The SIM group is a group of switches that are managed as a single entity The DGS 3400 Series may take on three different roles 1 Commander Switch CS This is a switch that ha...

Page 182: ...ability to automatically rediscover member switches that have left the SIM group either through a reboot or web malfunction This feature is accomplished through the use of Discover packets and Maintai...

Page 183: ...members mslist all Each command is listed in detail in the following sections enable sim Purpose Used to enable Single IP Management SIM on the Switch Syntax enable sim Description This command will e...

Page 184: ...ds the Switch will send discovery packets out over the network Hold time Displays the time in seconds the Switch will hold discovery results before dropping it or utilizing it Parameters candidates ca...

Page 185: ...candidate ID is specified DGS 3450 admin show sim candidates Command show sim candidates ID MAC Address Platform Hold Firmware Device Name Capability Time Version 2 00 55 55 00 55 00 DGS 3450 L3 Swit...

Page 186: ...bor Neighbor Info Table Port MAC Address Role 23 00 35 26 00 11 99 Commander 23 00 35 26 00 11 91 Member 24 00 35 26 00 11 90 Candidate Total Entries 3 DGS 3450 admin reconfig Purpose Used to connect...

Page 187: ...meter to delete a member switch of a SIM group The member switch should be defined by ID number Restrictions Only Administrator level users can issue this command Example usage To add a member DGS 345...

Page 188: ...set the discovery protocol interval in seconds that the Switch will send out discovery packets Returning information to the CS will include information about other switches connected to it Ex MS CaS...

Page 189: ...re_from_tftp Specify this parameter to download firmware to members of a SIM group configuration_from_tftp Specify this parameter to download a switch configuration to members of a SIM group ipaddr En...

Page 190: ...load sim_ms configuration_to_tftp log_to_tftp ipaddr path_filename members mslist all Description This command will upload a configuration file to a TFTP server from a specified member of a SIM group...

Page 191: ...ed Switch CLI Manual 187 Example usage To upload configuration files to a TFTP server DGS 3450 admin upload sim_ms configuration 10 55 47 1 D configuration txt 1 Command upload sim_ms configuration 10...

Page 192: ...k is bidirectional Otherwise it starts detecting task to detect the link status Parameters portlist Specify a range of ports state Specifies these ports unidirectional link detection status The defaul...

Page 193: ...ct the unidirectional link Parameters portlist Specify a range of ports to display If no port specified all ports will be displayed Restrictions Only Administrator and Operator level users can issue t...

Page 194: ...e IP address is the same to the name server s the name server will be deleted don t check the priority parameter When adding a name server if one primary name server exists in the static name server t...

Page 195: ...dmin To configure DNS Resolver name server time out to 10 seconds DGS 3450 admin config name_server timeout 10 Command config name_server timeout 10 Success DGS 3450 admin show name_server Purpose Use...

Page 196: ...d then add the created host name entry is added into the static host name table and a log for duplicate is recorded Parameters name 255 The host s host name ipaddr The host s IP address Restrictions O...

Page 197: ...entries dynamic Display the dynamic host name entries Restrictions None Example usage To display the static and dynamic host name entries DGS 3450 admin show host_name Command show host_name Static H...

Page 198: ...e Used to configure the DNS Resolver state of the switch to disabled Syntax disable dns_resolver Description The disable dns_resolver command is used to configure the switch s DNS Resolver state to di...

Page 199: ...name 32 ipaddr Description This command is used to configure the DNS relay function on the Switch Parameters primary Indicates that the IP address below is the address of the primary DNS server second...

Page 200: ...This command is used in combination with the disable dnsr command below to enable and disable DNS Relay on the Switch Parameters cache This parameter will allow the user to enable the cache lookup for...

Page 201: ...DNS relay on the Switch static This parameter will allow the user to disable the static table lookup for the DNS relay on the Switch Restrictions Only Administrator and Operator level users can issue...

Page 202: ...into the DNS relay table If this parameter is omitted the entire DNS relay table will be displayed Restrictions None Example usage To display DNS relay status DGS 3450 admin show dnsr Command show dn...

Page 203: ...ig erps log enable disable show erps raps_vlan vlanid sub_ring config erps trap enable disable config erps raps_vlan vlanid state enable disable config erps raps_vlan vlanid add delete sub_ring raps_v...

Page 204: ...GS 3450 admin disable erps Command disable erps Success DGS 3450 admin create erps raps_vlan Purpose Used to create an R APS VLAN on a switch Syntax create erps raps_vlan vlanid Description This comma...

Page 205: ...ng MEL is one field in the R APS PDU Note If CFM Connectivity Fault Management and ERPS are used at the same time the R APS PDU is one of a suite of Ethernet OAM PDU The behavior for forwarding of R A...

Page 206: ...450 admin config erps raps_vlan rpl Purpose Used to configure the RPL port or the RPL owner for a specific R APS VLAN Syntax config erps raps_vlan vlanid rpl_port west east none rpl_owner enable disab...

Page 207: ...is command is used to configure the protocol timers Holdoff timer The Holdoff timer is used to filter out intermittent link faults when link failures occur during the protection switching process When...

Page 208: ...urpose Used to configure the ERPS log state Syntax config erps log enable disable Description This command is used to configure the log state of ERPS events Parameters log Enable or disable the log st...

Page 209: ...nistrative state is enabled and the device is operated as the active RPL owner Inactive is used to indicate that the RPL owner administrative state is enabled but the device is operated as the inactiv...

Page 210: ...l East Port 10 Forwarding RPL Port None RPL Owner Disabled Protected VLANs 200 220 Ring MEL 2 Holdoff Time 0 milliseconds Guard Time 500 milliseconds WTR Time 5 minutes Current Ring State Idle R APS V...

Page 211: ...ring ports RPL port RPL owner are configured Note that these parameters cannot be changed when the ring is activated In order to guarantee correct operation the following integrity will be checked wh...

Page 212: ...rpose Used to configure the state of topology change propagation for the sub ring Syntax config erps raps_vlan vlanid sub_ring raps_vlan vlanid tc_propagation state enable disable Description This com...

Page 213: ...icast_fdb vlan vlan_name 32 vlanid vidlist mac_address macaddr show fdb port port vlan vlan_name 32 vlanid vidlist mac_address macaddr static aging_time show multicast filtering_mode vlan vlan_name 32...

Page 214: ...re the switch s multicast MAC address forwarding database Syntax config multicast_fdb vlan_name 32 macaddr add delete portlist Description The config multicast_fdb command is used to configure the mul...

Page 215: ...ering mode for VLANs This switch support vlan filtering mode Parameters vlan_name Specifies the name of the VLAN forward_all_groups All multicast groups forwarded based on VLAN forward_unregistered_gr...

Page 216: ...nding to the MAC destination address The switch will always forward traffic to the specified device through this port Restrictions Only Administrator and Operator level users can issue this command Ex...

Page 217: ...ase Syntax show fdb port port vlan vlan_name 32 vlanid vidlist mac_address macaddr static aging_time Description The show fdb command displays the current unicast MAC address forwarding database Param...

Page 218: ...10 15 1 7 JWAC_Authed 1 default 00 00 00 00 10 16 1 7 JWAC_Blocked 1 default 00 00 00 00 10 18 1 8 Asymmetric_VLAN 1 default 00 00 00 00 10 19 BlackHole 1 default 00 00 00 00 10 21 1 11 Del_on_Reset 1...

Page 219: ...cast filtering_mode Command show multicast filtering_mode VLAN Name Multicast Filter Mode default forward_unregistered_groups n61 forward_unregistered_groups n101 forward_unregistered_groups n103 forw...

Page 220: ...s used to enable disable sending of gratuitous ARP request packet while IPIF interface become up This is used to automatically announce the interface s IP address to other nodes By default the state i...

Page 221: ...system will only learn the ARP reply packet or a normal ARP request packet that asks for the MAC address that corresponds to the system s IP address The command is used to enable disable learning of A...

Page 222: ...switch can trap and log the IP conflict event to inform the administrator By default trap is disabled and event log is enabled Parameters ipif ipif_name 12 Interface name of L3 interface trap Specify...

Page 223: ...ommand is used to display gratuitous ARP configuration Parameters ipif ipif_name 12 Interface name of L3 interface Restrictions None Example usage To display gratuitous ARP configuration DGS 3450 admi...

Page 224: ...nizes this tpid and therefore checks the VLAN tagged packet to see if a provider VLAN tag has been added If so the packet is then routed through this provider VLAN which contains smaller VLANs with si...

Page 225: ...2 1Q VLAN on the Switch advertisement Specifies that the VLAN is able to join GVRP Restrictions Each VLAN name can be up to 32 characters Only Administrator and Operator level users can issue this com...

Page 226: ...d ports to the VLAN v1 DGS 3450 admin config vlan v1 add tagged 1 4 1 8 Command config vlan v1 add tagged 1 4 1 8 Success DGS 3450 admin config gvrp Purpose Used to configure GVRP on the Switch Syntax...

Page 227: ...o enable GVRP on the Switch Syntax enable gvrp Description This command along with disable gvrp below is used to enable and disable GVRP globally on the Switch without changing the GVRP configuration...

Page 228: ...e VLAN for which to display a summary of settings vlanid vidlist Users may alternately choose the VLAN to be displayed by entering the VLAN ID ports portlist Users may also view VLANs by designated po...

Page 229: ...bled Enabled All Frames 1 8 1 Disabled Enabled All Frames 1 9 1 Disabled Enabled All Frames 1 10 1 Disabled Enabled All Frames 1 11 1 Disabled Enabled All Frames 1 12 1 Disabled Enabled All Frames 1 1...

Page 230: ...erator level users can issue this command Example usage To disable the Double VLAN feature on the Switch DGS 3450 admin disable double_vlan Command disable double_vlan Current Double VLAN mode Enabled...

Page 231: ...d as uplink ports access Add this parameter to configure these ports as access ports Access ports are for connecting Switch VLANs to customer VLANs portlist Enter a list of ports to be added to this V...

Page 232: ...ble_vlan RG Global Double VLAN Enabled SPVID 2 VLAN Name RG TPID 0x9100 Uplink Ports Access Ports 1 4 1 8 Unknow Ports Total Entries 1 DGS 3450 admin enable pvid auto_assign Purpose Used to enable aut...

Page 233: ...default setting is enabled Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the auto assign PVID DGS 3450 admin disable pvid aut...

Page 234: ...0 7 Each command is listed in detail in the following sections enable qinq Purpose Used to enable QinQ Syntax enable qinq Description When QinQ is enabled all network port roles will be NNI port and o...

Page 235: ...ow qinq Purpose Used to show global QinQ status Syntax show qinq Description Use this command to display the global QinQ status Parameters None Restrictions Only Administrator and Operator level users...

Page 236: ...orts 1 4 role nni outer_tpid 0x88a8 Success DGS 3450 admin show qinq ports Purpose Used to show qinq configuration of ports Syntax show qinq ports portlist Description The command used to show qinq co...

Page 237: ...ation ports 1 4 Command delete vlan_translation ports 1 4 Success DGS 3450 admin show vlan_translation Purpose Used to show existed C VLAN based VLAN translation rules Syntax show vlan_translation por...

Page 238: ...to add a tag for the assigned S VLAN before the C VLAN tag replace The action indicates to replace the C VLAN tag with the SP VLAN cvid Specify the C VLAN ID to match svid Specify the S VLAN ID Restr...

Page 239: ...allows a Layer 2 switch to listen in on the IGMP conversation between hosts and routers by processing the Layer 4 IGMP packets sent in a multicast network The Multicast Listener Discovery MLD is prot...

Page 240: ...rbidden config mld_snooping vlan vlan_name 32 all node_timeout sec 1 16711450 router_timeout sec 1 16711450 done_timer sec 1 16711450 state enable disable fast_done enable disable config mld_snooping...

Page 241: ...ts for a group to all the multicast routers The switch does not send the remaining IGMP reports for the group to the multicast routers If the multicast router query includes requests only for IGMPv1 a...

Page 242: ...to detect the loss of the last member of a group On receiving a leave message the router will assume there are no local members on the interface if there are no reports received after the response ti...

Page 243: ...rs This ensures that the forbidden router port will not propagate routing packets out Parameters vlan Specify the name of the VLAN on which the router port resides add delete Specify to add or delete...

Page 244: ...on the switch Syntax disable igmp_snooping forward_mcrouter_only Description This command disables IGMP snooping on the switch Disabling the IGMP snooping allows all IGMP and IP multicast traffic to...

Page 245: ...ved IP multicast address 224 0 0 X must be excluded from the configured group The VLAN must be created first before a static group can be created Parameters vlan_name Specify the name of the VLAN on w...

Page 246: ...the static group resides vlanid Specify the ID of the VLAN on which the static group resides ipaddr Specify the multicast group IP address for Layer 3 switch add delete Specify to add or delete the m...

Page 247: ...h you want to view IGMP snooping group information data_driven Specify to display the dynamic data learning groups Restrictions Only Administrator and Operator level users can issue this command Examp...

Page 248: ...NULL 225 0 0 5 VLAN Name VID default 1 Port Member Router Ports 24 Mode EXCLUDE Total Entries 1 DGS 3450 admin show router_ports Purpose Used to display the currently configured router ports on the sw...

Page 249: ...pecify the router time out value here done_timer Specify the done timer here state Enable or disable MLD snooping for the chosen VLAN fast_done Enable or disable MLD snooping fast_leave function If en...

Page 250: ...ier present interval Amount of time that must pass before a multicast router decides that there is no longer another multicast router that is the querier This interval is calculated as follows robustn...

Page 251: ...orbidden vlan_name 32 add delete portlist Description This command allows you to designate a range of ports as being not connected to multicast enabled routers This ensures that the forbidden router p...

Page 252: ...s DGS 3450 admin disable mld_snooping Purpose Used to disable MLD snooping on the switch Syntax disable mld_snooping forward_mcrouter_only Description This command disables MLD snooping on the switch...

Page 253: ...current MLD snooping configurations Restrictions None Example usage To show MLD snooping DGS 3450 admin show mld_snooping Command show mld_snooping MLD Snooping Global State Disabled Multicast router...

Page 254: ...formation Restrictions None Example usage To show an MLD snooping group when MLD v2 is supported The first item means that for ports 1 2 the data from the 2001 1 FE1E 1 will be forwarded The second it...

Page 255: ...VID default 1 Reports 1 Member Ports 4 5 Router Ports 24 UP Time 40 Expiry Time 205 Filter Mode EXCLUDE Source Group NULL FF1E 5 VLAN Name VID default 1 Reports 0 Member Ports Router Ports 24 UP Time...

Page 256: ...enable disable aged_out enable disable expiry_time sec 1 65535 1 Description This command is used to enable or disable the data driven learning of an IGMP snooping group When data driven learning is...

Page 257: ...d Example usage To enable the data driven learning of an IGMP snooping group on the default VLAN Prompt config igmp_snooping data_driven_learning vlan default state enable Command config igmp_snooping...

Page 258: ...lticast packets will be forwarded to router ports If the data driven learning table is full the multicast packets will be forwarded according to the multicast filtering mode Note that if a data driven...

Page 259: ...er of groups that can be learned by data driven When the table is full the system will stop the learning of the new data driven groups Traffic for the Parameters max_learned_entry Specify the maximum...

Page 260: ...ltinetting configuration of IPv4 must be done through creation of a secondary interface on the same VLAN instead of directly configuring multiple IPv4 addresses on the same interface Configuration of...

Page 261: ...subnet but which originates from a node that is not a part of that destination subnet The Switch that is not directly connected to its destination subnet and forwards an IP directed broadcast in the s...

Page 262: ...anual 258 DGS 3450 admin show ipif System Command show ipif System IP Interface System VLAN Name default Interface Admin state Enabled IPv4 Address 10 90 90 90 8 Manual Primary Proxy ARP Disabled Loca...

Page 263: ...inding ip_mac ipaddress ipaddr ipv6address ipv6addr mac_address macaddr ports portlist all delete address_binding ip_mac ipaddress ipaddr ipv6address ipv6addr mac_address macaddr all blocked all vlan_...

Page 264: ...P and IP broadcast packets are sent to the CPU for IMPB checking Packets are forwarded unless the check finds a specified source MAC address that is blocked Packets with MAC addresses that match IMPB...

Page 265: ...sses that match IMPB entries are set to dynamic state while MAC addresses with no match are set to block All other packets are dropped loose Used to implement a more loose or less strict mode of contr...

Page 266: ...evel users can issue this command Example usage To create an IMPB entry DGS 3450 admin create address_binding ip_mac ipaddress 10 1 1 1 mac_address 00 00 00 00 00 11 Command create address_binding ip_...

Page 267: ...macaddr Description Use this command to delete an IMPB entry or a blocked entry If the ACL mode is enabled the switch will delete the related ACL access entries automatically Parameters ip_mac Specify...

Page 268: ...macaddr Specify the MAC address of the entry being updated ports Specify which ports are used for the IMPB entry being updated If not specified then it is applied to all ports Restrictions Only Admini...

Page 269: ...address_binding Purpose Used to display the IMPB entries blocked MAC entries and port status Syntax show address_binding ip_mac all ipaddress ipaddr ipv6address ipv6addr mac_address macaddr blocked a...

Page 270: ...s disabled If a user enables DHCP sSnooping mode all ports which have IMPB disabled will become server ports The switch will learn the IP addresses through server ports by using DHCP Offer and DHCP AC...

Page 271: ...50 admin enable address_binding dhcp_snoop Command enable address_binding dhcp_snoop Success DGS 3450 admin To enable DHCP IPv6 snooping mode DGS 3450 admin enable address_binding dhcp_snoop ipv6 Comm...

Page 272: ...s on ports 1 3 DGS 3450 admin clear address_binding dhcp_snoop binding_entry ports 1 3 Command clear address_binding dhcp_snoop binding_entry ports 1 3 Success DGS 3450 admin To clear DHCP IPv6 snoopi...

Page 273: ...number no_limit Specifies that the maximum number of learned entries is unlimited Restrictions Only Administrator and Operator level users can issue this command Example usage To set the maximum numbe...

Page 274: ...0 admin disable address_binding trap_log Command disable address_binding trap_log Success DGS 3450 admin config address_binding recover_learning ports Purpose Used to recover IMPB checking Syntax conf...

Page 275: ...dress_binding nd_snoop Purpose Use to disable ND snooping on the switch Syntax disable address_binding nd_snoop Description This command allows the user to disable ND Snooping on switch Parameters Non...

Page 276: ...try Purpose Used to show binding entries of ND snooping on the switch Syntax show address_binding nd_snoop binding_entry port port Description This command allows the user to display binding entries o...

Page 277: ...ule receives an ARP IP packet or a DHCP packet Syntax debug address_binding event dhcp all Description Use this command to start the IMPB debug when the IMPB module receives an ARP IP packet or a DHCP...

Page 278: ...bit Ethernet Managed Switch CLI Manual 274 Example usage To stop IMPB debug starting when the IMPB module receives an ARP IP or DHCP packet DGS 3450 admin no debug address_binding Command no debug add...

Page 279: ...ports portlist delete ipmc_vlan_replication_entry name 16 show ipmc_vlan_replication show ipmc_vlan_replication_entry name 16 hardware Each command is listed in detail in the following sections enabl...

Page 280: ...meters ttl Species whether to decrease the time to live of packet By default the TTL will be decreased src_mac Specifies whether to replace a source MAC address of a packet By default the source MAC a...

Page 281: ...If the entries V G S and V G both exist in the table the entries V G S will not take effect Parameters name The name of the IP multicast VLAN replication entry to be configured vlan The source VLAN na...

Page 282: ...N replication entry Syntax delete ipmc_vlan_replication_entry name 16 Description This command deletes an IP multicast VLAN replication entry Parameters name The name of the IP multicast VLAN replicat...

Page 283: ...tive status indicates whether the entry is inserted into chip successfully Parameters name The name of the IP multicast VLAN replication entry to be deleted hardware Show the S G groups which are in t...

Page 284: ...ication_entry hardware Name ipmc_vlan_replication_entry name Src v The source VLAN Dest v The destination VLAN Name Src V Group SIP Dest V Portlist mr1 1 255 1 1 1 2 1 1 1 11 1 13 mr1 1 255 1 1 1 3 1...

Page 285: ...workaddr preferred_life_time sec 0 4294967295 valid_life_time sec 0 4294967295 on_link_flag enable disable autonomous_flag enable disable 1 show ipv6 nd ipif ipif_name 12 Each command is listed in det...

Page 286: ...e IP interface System DGS 3450 admin delete ipv6 neighbor_cache ipif System 3ffc 1 Command delete ipv6 neighbor_cache ipif System 3FFC 1 Success DGS 3450 admin show ipv6 neighbor_cache Purpose Shows t...

Page 287: ...ans_time Neighbor solicitation s retransmit timer in milliseconds It has the same value as the RA retrans_time in the config IPv6 ND RA command If the retrans_time parameter is configured in one of th...

Page 288: ...ion other_config_flag When set to enable it indicates that hosts receiving this RA must use a stateful address configuration protocol to obtain on address configuration information min_rtr_adv_interva...

Page 289: ...ample usage To configure the value of the preferred_life_time of prefix option to be 1000 seconds for the prefix 3ffe 501 ffff 100 64 which is the prefix of the ip1 interface DGS 3450 admin config ipv...

Page 290: ...mit 64 NS Retransmit Time 0 ms Router Advertisement Disabled RA Max Router AdvInterval 600 s RA Min Router AdvInterval 198 s RA Router Life Time 1800 s RA Reachable Time 1200000 ms RA Retransmit Time...

Page 291: ...his local route will be wrote into IPv6 routing table automatically If both the destination network address and next hop of the new route entry are the same with existed entry the created command for...

Page 292: ...network of the route ipif_name The interface name of the next hop with the maximum of 12 characters ipv6addr The next hop address of the default route tunnel_name The tunnel name of the next hop When...

Page 293: ...admin show ipv6route Command show ipv6route IPv6 Prefix 0 Protocol Static Metric 1 Next Hop 3000 2 IPIF Intface_1 IPv6 Prefix 3000 64 Protocol Local Metric 1 Next Hop IPIF Intface_1 IPv6 Prefix 3004 6...

Page 294: ...s Automatic 6to4 Tunnels and ISATAP Tunnels The IPv6 Tunnel commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters create...

Page 295: ...e tunnel s information will still exist in the database However whether the tunnel s former information is invalid or not will depend on the current mode IPv6 Manual tunnels are simple point to point...

Page 296: ...bal Internet or a corporate backbone The key requirement is that each site has a globally unique IPv4 address which is used to construct a 48 bit globally unique 6to4 IPv6 prefix It starts with the pr...

Page 297: ...onfigured The last 32 bits of the IPv6 ISATAP address correspond to an IPv4 address assigned to the tunnel source source ipaddr The source IPv4 address of this IPv6 tunnel interface It is used as the...

Page 298: ...l is specified all tunnels on the Switch will be enabled Restrictions Only Administrator and Operator level users can issue this command Example usage To enable an IPv6 tunnel interface Tunnel name is...

Page 299: ...xStack DGS 3400 Series Layer 2 Gigabit Ethernet Managed Switch CLI Manual 295 DGS 3450 admin disable ip_tunnel tn2 Command disable ip_tunnel tn2 Success DGS 3450 admin...

Page 300: ...rnet Managed Switch CLI Manual 296 41 JAPANESE WEB BASED ACCESS CONTROL JWAC COMMANDS The Japanese Web based Access Control JWAC commands in the Command Line Interface CLI are listed along with the ap...

Page 301: ...tcp_port_number 1 65535 http https config jwac ports portlist all state enable disable max_authenticating_host value 0 50 aging_time infinite min 1 1440 idle_time infinite min 1 1440 block_time sec 0...

Page 302: ...e second stage the authentication is similar to WAC except that there is no port VLAN membership change by JWAC after a host passes authentication The RADIUS server will share the server configuration...

Page 303: ...rator and Operator level users can issue this command Example usage To enable JWAC redirect function DGS 3450 admin enable jwac redirect Command enable jwac redirect Success DGS 3450 admin disable jwa...

Page 304: ...authenticated host to the JWAC Switch with TTL 1 will be ignored and the host is still in an authenticated state Parameters None Restrictions Only Administrator and Operator level users can issue this...

Page 305: ...nitor Purpose Used to enable JWAC Quarantien Server monitor function Syntax enable jwac quarantine_server_monitor Description When JWAC Quarantine Server monitor feature is enabled the JWAC Switch wil...

Page 306: ...ing improperly Parameters sec 5 300 To specify the error timeout interval Restrictions Only Administrator and Operator level users can issue this command Example usage To set Quarantine Server error t...

Page 307: ...ion request from host DGS 3450 admin config jwac virtual_ip 1 1 1 1 url www kyoto ac jp Command config jwac virtual_ip 1 1 1 1 url www kyoto ac jp Success DGS 3450 admin config jwac quarantine_server_...

Page 308: ...onfig jwac update server command allows you to add or delete server network address to which the traffic from unauthenticated client host will not be blocked by the JWAC Switch Any servers update micr...

Page 309: ...he HTTPS cannot run at TCP port 80 Parameters tcp_port_number 1 65535 A TCP port which the JWAC Switch listens to and uses to finish the authenticating process http To specify the JWAC runs HTTP proto...

Page 310: ...igure state and other parameters of the ports DGS 3450 admin config jwac ports 1 9 state enable Command config jwac ports 1 9 state enable Success DGS 3450 admin config jwac radius_protocol Purpose Us...

Page 311: ...count to pass authentication Restrictions Only Administrator and Operator level users can issue this command Example usage To create a local user DGS 3450 admin create jwac user 112233 Command create...

Page 312: ...fy the user name to be deleted all_user All user accounts in local DB will be deleted Restrictions Only Administrator and Operator level users can issue this command Example usage To delete a local us...

Page 313: ...rized configuration Syntax config jwac authorization attributes radius enable disable local enable disable 1 Description Used to enable or disable acceptation of authorized configuration When the auth...

Page 314: ...ed Redirect State Enabled Redirect Delay Time 3 Seconds Redirect Destination Quarantine Server Quarantine Server http 172 18 212 147 pcinventory Q Server Monitor Enabled Running Q Server Error Timeout...

Page 315: ...does not exist or target VLAN has not been specified at all the ID of RX VLAN will be displayed RX VLAN ID is 4004 in this example MAC 00 00 00 00 00 02 is authenticated with target VLAN assigned the...

Page 316: ...iption The show jwac port command allows you to display port configuration of JWAC Parameters all To show all ports configuration of JWAC portlist To specify a port range to show the configuration of...

Page 317: ...authenticate page notification_line This parameter is used to set the notification information by line in authentication web pages Restrictions Only Administrator and Operator level users can issue th...

Page 318: ...er Name Title ID Password Title Logout Window Title LAN Notification Copyright 2010 http www dlink jp com DGS 3450 admin config jwac authenticate_page Purpose Used to choose authenticate page language...

Page 319: ...ame Purpose Used to enable the jumbo frame function on the Switch Syntax enable jumbo_frame Description This command will allow ethernet frames larger than 1536 bytes to be processed by the Switch The...

Page 320: ...status of the jumbo frame function on the Switch Syntax show jumbo_frame Description This command will show the status of the jumbo frame function on the Switch Parameters None Restrictions None Exam...

Page 321: ...o multicast_ipaddr access permit deny state enable disable Description The config limited multicast address command allows the user to configure the multicast address range access level and state Para...

Page 322: ...beginning and end of the port list range are separated by a dash Non contiguous portlist entries are separated by a comma ex 1 3 7 9 Restrictions Only Administrator and Operator level users can issue...

Page 323: ...h CLI Manual 319 To show the limited multicast address on ports 1 to 2 DGS 3450 admin show limited multicast address 1 2 Command show limited multicast address 1 2 Port From To Access Status 1 1 0 0 0...

Page 324: ...ortlist Each command is listed in detail in the following sections create link_aggregation Purpose Used to create a link aggregation group on the Switch Syntax create link_aggregation group_id value 1...

Page 325: ...group Syntax config link_aggregation group_id value 1 32 master_port port ports portlist state enable disable Description This command allows users to configure a link aggregation group that was creat...

Page 326: ...est Indicates that the Switch should examine the source and destination MAC addresses ip_source Indicates that the Switch should examine the source IP address ip_destination Indicates that the Switch...

Page 327: ...termine if LACP ports will process LACP control frames active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated...

Page 328: ...beginning and end of the port list range are separated by a dash Non contiguous portlist entries are separated by a comma ex 1 3 7 9 If no parameter is specified the system will display the current LA...

Page 329: ...elay sec 1 8192 config lldp reinit_delay sec 1 10 config lldp notification_interval sec 5 3400 config lldp ports portlist all notification enable disable config lldp ports portlist all admin_status tx...

Page 330: ...rts For the receiving of LLDP packets the switch will learn the information from the LLDP packets advertised from the neighbor in the Neighbor s table The default state for LLDP is disabled Parameters...

Page 331: ...essage_tx_interval 30 Success DGS 3450 admin config lldp message_tx_hold_multiplier Purpose Used to configure the message hold multiplier Syntax config lldp message_tx_hold_multiplier int 2 10 Descrip...

Page 332: ...or equal to 0 25 msgTxInterval Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the delay interval DGS 3450 admin config lldp tx_delay 8 Comm...

Page 333: ...configured SNMP trap receiver s Syntax config lldp ports portlist all notification enable disable Description Enable or disable each port for sending changes notification to configured SNMP trap rece...

Page 334: ...Administrator and Operator level users can issue this command Example usage To configure ports 1 to 5 to transmit and receive DGS 3450 admin config lldp ports 1 1 1 5 admin_status tx_and_rx Command co...

Page 335: ...e port_description system_name system_description and system_capability Parameters portlist Use this parameter to define ports to be configured all Use this parameter to set all ports in the system po...

Page 336: ...cess DGS 3450 admin config lldp dot1_tlv_protocol_vid Purpose Used to configure an individual port or group of ports to exclude one or more of IEEE 802 1 organization port and protocol VLAN ID TLV dat...

Page 337: ...protocol identity TLV data types from outbound LLDP advertisements Syntax config lldp ports portlist all dot1_tlv_ protocol_identity all eapol lacp gvrp stp enable disable Description This TLV option...

Page 338: ...nabled the auto negotiated advertised capability and the operational MAU type The default state is disabled link_aggregation This TLV optional data type indicates that LLDP agent should transmit Link...

Page 339: ...ge enable Command config lldp forward_message enable Success DGS 3450 admin show lldp Purpose This command displays the switch s general LLDP configuration status Syntax show lldp Description This com...

Page 340: ...1 DGS 3450 admin show lldp mgt_addr ipv4 192 168 254 10 Command show lldp mgt_addr ipv4 192 168 254 10 Address 1 Subtype IPv4 Address 192 168 254 10 IF type Unknown OID 1 3 6 1 4 1 171 10 36 1 11 Adv...

Page 341: ...k Aggregation Disabled Maximum Frame Size Disabled DGS 3450 admin show lldp local_ports Purpose Used to display the per port information currently available for populating outbound LLDP advertisements...

Page 342: ...command display the information learned from the neighbor parameters Due to a memory limitation only 32 VLAN Name entries and 10 Management Address entries can be received Parameters portlist Use thi...

Page 343: ...min show lldp statistics ports Purpose Used to display the ports LLDP statistics information Syntax show lldp statistics ports portlist Description The per port LLDP statistics command displays per po...

Page 344: ...notification on the Switch Syntax enable mac_notification Description This command is used to enable MAC address notification without changing configuration Parameters None Restrictions Only Administr...

Page 345: ...he Switch s MAC address table notification global settings DGS 3450 admin config mac_notification interval 1 historysize 500 Command config mac_notification interval 1 historysize 500 Success DGS 3450...

Page 346: ...cation Command show mac_notification Global Mac Notification Settings State Enabled Interval 1 History Size 1 DGS 3450 admin show mac_notification ports Purpose Used to display the Switch s MAC addres...

Page 347: ...tion ports Port MAC Address Table Notification State 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled 11 Disabled 12 Disabled 13 Disabled...

Page 348: ...ess_control guest_vlan vlan_name 32 guest_vlanid vlanid 1 4094 clear mac_based_access_control auth_state ports all portlist mac_addr macaddr create mac_based_access_control_local mac macaddr vlan vlan...

Page 349: ...nistrator and Operator level users can issue this command Example usage To disable the MAC based Access Control global state DGS 3450 admin disable mac_based_access_control Command disable mac_based_a...

Page 350: ...c_based_access_control method local Command config mac_based_access_control method local Success DGS 3450 admin config mac_based_access_control guest_vlan Purpose Used to configure the MAC based Acces...

Page 351: ...will be authorized individually and be capable of getting its own assigned VLAN Parameters ports Specifies a range of ports for configuring the MAC based Access Control function parameters state Spec...

Page 352: ...lock_time 120 Success DGS 3450 admin create mac_based_access_control guest_vlan Purpose Used to assign a static 802 1Q VLAN as a MAC based Access Control guest VLAN Syntax create mac_based_access_cont...

Page 353: ..._vlan default Success DGS 3450 admin clear mac_based_access_control auth_state Purpose Used to clear the clients authentication information by specific port s or MAC address Syntax clear mac_based_acc...

Page 354: ...his command Example usage To create one MAC based Access Control local database entry for MAC address 00 00 00 00 00 01 and specify that the host will be assigned to the default VLAN after the host ha...

Page 355: ...admin To delete the MAC based Access Control local database entry for the VLAN name VLAN3 DGS 3450 admin delete mac_based_access_control_local vlan VLAN3 Command delete mac_based_access_control_local...

Page 356: ...e global MAC based Access Control settings will be displayed portlist Displays the MAC based Access Control settings for a specific port or range of ports If no port list is specified the settings wil...

Page 357: ...c_based_access_control_local MAC Address VID 00 00 00 00 00 01 1 00 00 00 00 00 02 123 00 00 00 00 00 03 123 00 00 00 00 00 04 1 Total Entries 4 DGS 3450 admin To show the MAC based Access Control loc...

Page 358: ...target VLAN assigned the ID of the target VLAN will be displayed target VLAN ID is 1234 in this example MAC 00 00 00 00 00 03 fails to pass authentication the VID field will be shown as indicating tha...

Page 359: ...of authorized clients Syntax config mac_based_access_control max_users value 1 4000 no_limit Description This setting is a global limitation on the maximum number of users that can be learned via MAC...

Page 360: ...to drop its operating speed to match that of the target port Syntax config mirror port port add delete source ports portlist rx tx both Description The config mirror command allows a range of ports to...

Page 361: ...vel users can issue this command Example usage To enable mirroring function DGS 3450 admin enable mirror Command enable mirror Success DGS 3450 admin disable mirror Purpose Used to disable mirror glob...

Page 362: ...t Port Source Ports 1 Enabled 2 1 RX 1 1 TX 1 1 3 Enabled 3 5 RX 1 24 TX 1 24 DGS 3450 admin create mirror group_id Purpose Used to create a mirror group on the switch Syntax create mirror group_id va...

Page 363: ...source ports can t overlap Parameters group_id The mirror groups identify value The mirror groups identify value target_port The port that will receive the packets duplicated at the mirror port state...

Page 364: ...he debug buffer command to dump clear or upload the debug buffer to the TFTP server Syntax debug buffer utilization dump clear upload_toTFTP ipaddr path_filename 64 Description Dump clear or upload th...

Page 365: ...config ports portlist all event bpdu state_machine all state disable brief detail Description This command used to configure per port STP debug level on the specified ports Parameters debug flags See...

Page 366: ...ow the STP debug information Syntax debug stp show information Description This command used to display STP detailed information such as the hardware tables the STP state machine etc Parameters None R...

Page 367: ...Cost 0 Regional Root Bridge 32768 00 01 02 03 04 00 Internal Root Cost 0 Designated Bridge 32768 00 01 02 03 04 00 Designated Port 0 Message Age 0 Max Age 20 Forward Delay 15 Hello Time 2 Instance 1 R...

Page 368: ...ate Enabled Port Index Event flag BPDU Flag State Machine Flag 1 Detail Brief Disable 2 Detail Brief Disable 3 Detail Brief Disable 4 Detail Brief Disable 5 Detail Brief Disable 6 Detail Brief Disable...

Page 369: ...DU Length 0 Invalid Type 0 Invalid Timers 0 Success DGS 3450 admin debug stp clear counter Purpose Used to clear STP counters Syntax debug stp clear counter ports portlist all Description This command...

Page 370: ...le the STP debug state Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the STP debug state to enable and then disable the STP debug state DGS...

Page 371: ...e 0 7 none replace_priority Description The create igmp_snooping command creates a multicast VLAN and implements relevant parameters as specified More than one multicast VLANs can be configured The ma...

Page 372: ...d Parameters vlan_name The name of the multicast VLAN to be configured Can be up to 32 characters member_port A member port or range of member ports to be added to the multicast VLAN The specified ran...

Page 373: ...cket cannot be classified into any multicast VLAN to which this port belongs then the join packet will be learned on the natural VLAN of the packet Parameters vlan_name The name of the multicast VLAN...

Page 374: ...name The name of the multicast VLAN to be deleted Restrictions Only Administrator and Operator level users can issue this command Example usage To delete an IGMP snooping multicast VLAN called v1 DGS...

Page 375: ...Command show igmp_snooping multicast_vlan IGMP Multicast VLAN Global State Disabled IGMP Multicast VLAN Forward Unmatched Disabled VLAN Name test VID 100 Member Untagged Ports 1 Tagged Member Ports So...

Page 376: ...config stp maxage value 6 40 maxhops value 1 40 hellotime value 1 10 forwarddelay value 4 30 txholdcount value 1 10 fbpdu enable 3 disable 2 lbd enable 1 disable 0 lbd_recover_timer value 0 value 60...

Page 377: ...I BPDU Address dot1d DGS 3450 admin show stp instance Purpose Used to show each instance parameters settings Syntax show stp instance value 0 15 Description This command displays each instance paramet...

Page 378: ...ology Changes Count 0 DGS 3450 admin show stp ports Purpose Used to show the port information includes parameters setting and operational value Syntax show stp ports portlist Description This command...

Page 379: ...ge Parameters mst_config_id If two bridges has the same three elements in mst_config_id that means they are in the same MST region Restrictions None Example usage show stp mst_config_id DGS 3450 admin...

Page 380: ...ance_id 2 Command delete stp instance_id 2 Success DGS 3450 admin config stp instance_id Purpose To map or remove the VLAN range of the specified MST instance for the existed MST Instances Syntax conf...

Page 381: ...cified MST region revision_level The same given name with different revision level also represents for different MST region Restrictions Only Administrator and Operator level users can issue this comm...

Page 382: ...g stp version mstp rstp stp Description If version is configured as stp or rstp all currently running MSTIs should be disabled For version is configured as mstp current design is enabled all available...

Page 383: ...value 1 40 hellotime value 1 10 forwarddelay value 4 30 txholdcount value 1 10 fbpdu enable 3 disable 2 lbd enable 1 disable 0 lbd_recover_timer value 0 value 60 1000000 nni_bpdu_addr dot1d dot1ad 1...

Page 384: ...r a Bridged LAN In auto mode the bridge will delay for a period to become edge port if no bridge BPUD is received The default is auto mode p2p To decide if this port is in Full Duplex or Half Duplex m...

Page 385: ...CIST istance_id 0 Parameters mst_ports To be distinguished from the parameters of ports only at CIST level portlist One of CLI Value Type restrict the input value and format of the ports refer to sect...

Page 386: ...tiple servers can share the same IP address and MAC address The requests from clients will be forwarded to all servers but will only be processed by one of them The server can work in multicast mode I...

Page 387: ...t_fdb command is used to add or delete the forwarding ports for the specified NLB multicast FDB entry Parameters vlan_name Specify the VLAN of the NLB multicast FDB entry to be configured vlanid vlani...

Page 388: ...abit Ethernet Managed Switch CLI Manual 384 DGS 3450 admin show nlb fdb Command show nlb fdb MAC Address VLAN ID Egress Ports 03 bf 01 01 01 01 100 1 1 1 5 1 26 2 26 03 bf 01 01 01 01 1 1 1 1 5 1 26 2...

Page 389: ...o the system later If the password encryption is enabled the password will be in encrypted form Parameters None Restrictions Only Administrator users can issue this command Example usage To enable the...

Page 390: ...sername 15 Name for a operator user acount Restrictions Only Administrator users can issue this command Example usage To create the admin level user dlink DGS 3450 admin create account admin dlink Com...

Page 391: ...mand Example usage To configure the user password of dlink account DGS 3450 admin config account dlink Command config account dlink Enter a old password Enter a case sensitive new password Enter the n...

Page 392: ...dmin delete account Purpose Used to delete an existing account Syntax delete account username Description The delete account command deletes an existing account Parameters username Name of the user wh...

Page 393: ...rameters force_agree Specify to forcibly agree with the command Restrictions This command is only available in password recovery mode Example usage To reset the configuration DGS 3450 admin reset conf...

Page 394: ...the created account DGS 3450 admin reset account Command reset account Success reset password Purpose Used to reset the password for user account Syntax reset password username Description The reset...

Page 395: ...already created accounts Parameters None Restrictions This command is only available in password recovery mode Example usage To show the created account DGS 3450 admin show account Command show accou...

Page 396: ...t Control Message Protocol ICMP echo messages to a remote IP address The remote IP address will then echo or return the message This is used to confirm connectivity between the switch and the remote d...

Page 397: ...51 17 2 for 3 times the Switch s IP address is 10 51 17 8 DGS 3450 admin ping 10 51 17 2 times 3 source_ip 10 51 17 8 Command ping 10 51 17 2 times 3 source_ip 10 51 17 8 Reply from 10 51 17 2 time 10...

Page 398: ...000 1 bytes 200 time 10ms Reply from 3000 1 bytes 200 time 10ms Ping Statistics for 3000 1 Packets Sent 4 Received 4 Lost 0 DGS 3450 admin To send ICMP echo message with source IPV6 address 3000 11 to...

Page 399: ...Administrator and Operator level users can issue this command Example usage To disable the broadcast ping reply state DGS 3450 admin disable broadcast_ping_reply Command disable broadcast_ping_reply S...

Page 400: ...N on a port If any limitation is exceeded the new entry will be discarded Parameters portlist Specifies a range of ports to be configured all Specifies that all ports will be configured admin_state Sp...

Page 401: ...rs can issue this command Example usage To delete a port security entry DGS 3450 admin delete port_security_entry vlan_name default port 1 mac_address 00 01 30 10 2C C7 Command delete port_security_en...

Page 402: ...rtlist Specifies a range of ports to show their configuration Restrictions None Example usage To display the port security configuration DGS 3450 admin show port_security Command show port_security Po...

Page 403: ...is determined by the system Normally the minimum setting is 37 W and the maximum setting is 370 W The actual range will depend on power supply capability power_disconnect_method Configure the disconn...

Page 404: ...of priority the port ID will be used to determine the priority The lower port ID has higher priority The setting of priority will affect the ordering of supplying power Whether the disconnect_method...

Page 405: ...s of the whole PoE system Parameters units Specified units that will be displayed If no parameter specified the system will display the status of all supported poe units in the systems Restrictions No...

Page 406: ...cal 15400 Class 0 Time_range_is_32_bytes____ 0 0 0 0 OFF Interim state during line detection 2 Enabled Critical 4000 Class 1 0 8200 504 162 ON 802 3af compliant PD was detected 3 Enabled Critical 7000...

Page 407: ...fferent ports The Protocol VLAN Group commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameter create dot1v_protocol_group g...

Page 408: ...ue The user has three choices ethernet_2 Choose this parameter if you wish this protocol group to employ the Ethernet2 frame type This frame type is identified by the 16 bit 2 octet IEEE802 3 type fie...

Page 409: ...ol_group group_id 1 Success DGS 3450 admin show dot1v_protocol_group Purpose Used to display the configurations for a protocol VLAN group Syntax show dot1v_protocol_group group_id id Description This...

Page 410: ...g to ingress untagged packets vlanid Identify the VID for which to add a tag to ingress untagged packets delete protocol_group Use this parameter to remove this protocol VLAN group s association with...

Page 411: ...nual 407 DGS 3450 admin show port dot1v ports 1 6 1 8 Command show port dot1v ports 1 6 1 8 Port 1 6 Protocol Group ID VLAN Name 1 building1 Port 1 7 Protocol Group ID VLAN Name 1 building1 Port 1 8 P...

Page 412: ...1 show per_queue bandwidth_control portlist Each command is listed in detail in the following sections config bandwidth_control Purpose Use to configure the port bandwidth limit control Syntax config...

Page 413: ...sed to display the port bandwidth control table Syntax show bandwidth_control portlist Description The show bandwidth_control command displays the port bandwidth configuration The bandwidth can also b...

Page 414: ...pecified the system will set all ports class_id This specifies the n 1 hardware priority queues that the config scheduling command will apply to The four hardware priority queues are identified by a n...

Page 415: ...sue this command Example usage To configure the traffic scheduling mechanism for the CoS queue on port 1 1 DGS 3450 admin config scheduling_mechanism ports 1 1 strict Command config scheduling_mechani...

Page 416: ...and will display the global setting only Restrictions None Example usage To show the scheduling mechanism for all ports DGS 3450 admin show scheduling_mechanism 1 1 Command show scheduling_mechanism 1...

Page 417: ...Specifies the range of ports to be displayed If no portlist is specified this command will display the 802 1p user priority for all ports Restrictions Only Administrator and Operator level users can...

Page 418: ...a range of ports on the switch Restrictions Only Administrator and Operator level users can issue this command Example usage To configure an 802 1p default priority settings of 5 on all Switch ports...

Page 419: ...ol_prevention command enables head of line prevention on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable HOL preventi...

Page 420: ...queue on specified ports min_rate specifies the minimum guaranteed bandwidth Specifying no limit for the minimum rate means that bandwidth will not be guaranteed max_rate limits the bandwidth When sp...

Page 421: ...ate inputted rate minimum granularity minimal granularity Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the minimum rate to be 130 and the...

Page 422: ...per_queue bandwidth_control 1 10 Command show per_queue bandwidth_control 1 10 Queue Bandwidth Control Table On Port 1 10 Queue Min_Rate 64Kbit sec Max_Rate 64Kbit sec 0 640 no_limit 1 640 no_limit 2...

Page 423: ...oad cfg_toRCP username username ipaddr dest_file path_filename 64 rcp string 128 config_id int 1 2 include exclude begin filter_string 80 filter_string 80 filter_string 80 include exclude begin filter...

Page 424: ...tch will ask the user to input the Server IP address or remote user name while executing the RCP commands Parameters ipaddress The IP address or IPv6 address of the global RCP Server By default the se...

Page 425: ...ironment paths unit Specifies which unit on the stacking system If it is not specified it refers to the master unit all When all is specified the boot_up firmware image on all units will be updated im...

Page 426: ...XXX had Command download firmware_fromRCP rcp 10 1 1 1 DGS XXXX had Using RCP Server Username rcp_user Connecting to server Done Download firmware Done Do not power off Please wait programming flash D...

Page 427: ...XXXX had No RCP Server IP configured Would you like to specify a RCP Server IP N RCP copy file aborted Fail DGS 3450 admin To download DGS XXXX had from Global RCP Server and save with default file pa...

Page 428: ...To download a configuration using an RCP string DGS 3450 admin download cfg_fromRCP rcp rcp_user 172 18 212 106 home DGS XXXX cfg config_id 1 Command download cfg_fromRCP rcp rcp_user 172 18 212 106...

Page 429: ...cfg Command upload cfg_toRCP username rcp_user 172 18 212 104 dest_file home DGS XXXX cfg Connecting to server Done Upload Configuration Done DGS 3450 admin To upload the configuration from a multi co...

Page 430: ...CP Purpose Upload attack log file from the device to an RCP server Syntax upload attack_log_toRCP username username 15 ipaddr dest_file path_filename 64 rcp string 128 unit unit_id 1 12 Description Th...

Page 431: ...upload attack_log_toRCP username rcp_user 172 18 212 104 dest_file home DGS XXXX alog unit 2 Connecting to server Done Upload attack log Done DGS 3450 admin To upload the attack log from the device t...

Page 432: ...obally Syntax enable rspan Description This command controls the RSPAN function The purpose of the RSPAN function is to mirror packets to a remote switch A packet travels from the switch where the mon...

Page 433: ...te rspan vlan vlan_name vlan_name vlan_id value 1 4094 Description This command is used to create the RSPAN VLAN Up to 16 RSPAN VLANs can be created Parameters vlan_name Create the RSPAN VLAN by VLAN...

Page 434: ...urce mirror_group_id value 1 4 add delete ports portlist rx tx both Description This command configures the source setting for the RSPAN VLAN on the source switch Parameters vlan See below vlan_name S...

Page 435: ...r last switch to configure the output port of the RSPAN VLAN packets The redirect command makes sure that the RSPAN VLAN packets can egress to the redirect ports In addition to this redirect command t...

Page 436: ...rpose Used to display RSPAN configuration Syntax show rspan vlan_name vlan_name vlan_id vlanid 1 4094 Description This command displays the RSPAN configuration Parameters vlan_name Specify the RSPAN V...

Page 437: ...Switch CLI Manual 433 DGS 3450 admin show rspan Command show rspan RSPAN Enabled RSPAN VLAN ID 1 Mirror Group ID 1 Target Port 1 1 Source Ports RX TX RSPAN VLAN ID 2 Redirect Ports 1 6 RSPAN VLAN ID...

Page 438: ...on the Switch password 16 Allows the specification of a case sensitive password tx_mode Determines how received RIP packets will be interpreted as RIP version V1 only V2 Only or V1 Compatible V1 and...

Page 439: ...witch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example Usage To enable RIP DGS 3450 admin enable rip Command enable rip Success DGS 3450 admin di...

Page 440: ...ill display the global RIP configuration for the Switch Restrictions None Example usage To display RIP configuration DGS 3450 admin show rip Command show rip RIP Global State Disabled RIP Interface Se...

Page 441: ...eceiving all unnecessary broadcast IP packets even if the high CPU utilization is not caused by the high reception rate of broadcast IP packets b When fuzzy is chosen the Switch will minimize the IP p...

Page 442: ...hut down trap_log enable disable Choose whether to enable or disable the sending of messages to the device s SNMP agent and switch log once the Safeguard Engine has been activated by a high CPU utiliz...

Page 443: ...o display the safeguard engine status DGS 3450 admin show safeguard_engine Command show safeguard_engine Safeguard engine state Disabled Safeguard engine current status normal mode CPU utilization inf...

Page 444: ...in detail in the following sections config ssh algorithm Purpose Used to config ssh server algorithm Syntax config ssh algorithm 3DES AES128 AES192 AES256 Arcfour blowfish cast128 twofish128 twofish1...

Page 445: ...abled AES192 Enabled AES256 Enabled Arcfour Enabled Blowfish Enabled Cast128 Enabled Twofish128 Enabled Twofish192 Enabled Twofish256 Enabled MD5 Enabled SHA1 Enabled RSA Enabled DSS Enabled DGS 3450...

Page 446: ...sed Enabled DGS 3450 admin config ssh user Purpose Used to update user information for ssh configuration Syntax config ssh user username 15 authmode hostbased hostname domain_name 32 hostname_IP domai...

Page 447: ...ckey Total Entries 1 DGS 3450 admin config ssh server Purpose Used to configure the SSH server Syntax config ssh server maxsession int 1 8 contimeout sec 120 600 authfail int 2 20 rekey 10min 30min 60...

Page 448: ...ssue this command Example usage To enable the SSH server DGS 3450 admin enable ssh Command enable ssh Success DGS 3450 admin disable ssh Purpose Used to disable the SSH server service Syntax disable s...

Page 449: ...ow ssh server Parameters None Restrictions None Example usage To show the SSH server DGS 3450 admin show ssh server Command show ssh server The SSH server configuration max Session 3 Connection timeou...

Page 450: ...cryption code defined by the Data Encryption Standard DES to create the encrypted text 3 Hash Algorithm This part of the ciphersuite allows the user to choose a message digest function which will dete...

Page 451: ...S_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA Hash Algorithm RSA_...

Page 452: ...mbines the RSA Export key exchange stream cipher RC4 encryption with 40 bit keys Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the SSL status...

Page 453: ...rrently implemented on the Switch Parameters None Restrictions None Example usage To view the SSL cache timeout on the Switch DGS 3450 admin show ssl cachetimeout Command show ssl cachetimeout Cache t...

Page 454: ...er The certificate file is a data record used for authenticating devices on the network It contains information on the owner keys for authentication and digital signatures Both the server and the clie...

Page 455: ...sec 1 2000000 infinity collectoraddress ipaddr ipv6addr collectorport udp_port_number 1 65535 maxdatagramsize value 300 1400 1 delete sflow analyzer_server value 1 4 enable sflow disable sflow show sf...

Page 456: ...eate a new one Parameters ports Specifies the list of ports to be configured rate The sampling rate for packet Rx sampling tx_rate The sampling rate for packet Tx sampling maxheadersize The maximum nu...

Page 457: ...ed If interval is not specified its default value is 0 Restrictions Only Administrator and Operator level users can issue this command Example usage Create sFlow counter poller which sample port 1 to...

Page 458: ...ates the analyzer_server You can specify more than one analyzer_server with the same IP address but with different UDP port numbers You can have up to four unique combinations of IP address and UDP po...

Page 459: ...eleased and stops sampling When the analyzer_server times out all of the flow_samplers and counter_pollers associated with this analyzer_server will be deleted collectoraddress The IP address of the s...

Page 460: ...n enable sflow Command enable sflow Success DGS 3450 admin disable sflow Purpose Used to disable the sFlow function Syntax disable sflow Description Disable the sFlow function Parameters None Restrict...

Page 461: ...e rate is 256 times the displayed rate value There are two types of rates The Configured Rate is configured by the user In order to limit the number of packets sent to the CPU when the rate of traffic...

Page 462: ...er information Syntax show sflow analyzer_server Description This command is used to show the sFlow analyzer_server information The Timeout field specifies the time configured by user The Current Coun...

Page 463: ...e 1 12 show stack_information show stack_device config stacking force_master_role state enable disable Each command is listed in detail in the following sections config stacking_mode Purpose Used to c...

Page 464: ...switch being configured The range is 1 12 priority Specifies the priority assigned to the box with a lower number meaning a higher priority The range is 1 63 Restrictions Only Administrator and Operat...

Page 465: ...id auto Command config box_id current_box_id 1 new_box_id auto Success DGS 3450 admin show stack_information Purpose Used to display the stack information Syntax show stack_information Description The...

Page 466: ...e This command is used to configure the stacking force master role state Syntax config stacking force_master_role state enable disable Description This command is used to ensure the master role is unc...

Page 467: ...detail in the following sections create mac_based_vlan Purpose Used to create a static mac based vlan entry Syntax create mac_based_vlan mac_address macaddr vlan vlan_name 32 vlanid vlanid 1 4094 Desc...

Page 468: ...ccess DGS 3450 admin show mac_based_vlan Purpose Used to show the static or dynamic MAC based VLAN entry Syntax show mac_based_vlan mac_address macaddr vlan vlan_name 32 Description User can use this...

Page 469: ...can use this command to create a subnet VLAN entry A subnet VLAN entry is an IP subnet based VLAN classification rule If an untagged or priority tagged IP packet is received on a port its source IP ad...

Page 470: ...et vlan entries that associated with this vlan will be deleted vidlist Specifies a list of VLANs by VLAN ID all If specify all all subnet vlan entries will be deleted Restrictions Only Administrator a...

Page 471: ...n network fe80 250 baff 0 64 IP Address Subnet Mask VLAN Priority fe80 250 baff 0 64 10 1 DGS 3450 admin This example shows how to show all subnet VLAN entries DGS 3450 admin show subnet_vlan Command...

Page 472: ...rs can issue this command Example usage This example shows how to configure subnet VLAN classification precedence on port 1 DGS 3450 admin config vlan_precedence 1 subnet_vlan Command config vlan_prec...

Page 473: ...ts portlist all medium_type fiber copper speed auto capability_advertised 10_half 10_full 100_half 100_full 1000_full 10_half 10_full 100_half 100_full 1000_full master slave auto_negotiation restart_...

Page 474: ...to advertise capabilities related to duplex speed and physical layer type The master setting will also determine the master and slave relationship between the two connected physical layers This relat...

Page 475: ...tax show ports portlist description err_disabled auto_negotiation details media_type Description This command is used to display the current configuration of a range of ports Parameters portlist Speci...

Page 476: ...Link Down Enabled 1 16 Enabled Auto Disabled Link Down Enabled 1 17 Enabled Auto Disabled Link Down Enabled 1 18 Enabled Auto Disabled Link Down Enabled 1 19 Enabled Auto Disabled Link Down Enabled C...

Page 477: ...onnection status Reason State 1 2 Enabled Err disabled Storm control Desc Port 2 1 8 Enabled Err disabled Storm control Desc Port 8 DGS 3450 admin To display the auto_negotiation ports DGS 3450 admin...

Page 478: ...xStack DGS 3400 Series Layer 2 Gigabit Ethernet Managed Switch CLI Manual 474...

Page 479: ...if config trap source_ipif ipif_name ipaddr ipv6addr none show trap source_ipif Each command is listed in detail in the following sections config syslog source_ipif Purpose Configure syslog source IP...

Page 480: ...ose Configure trap source IP interface Syntax config trap source_ipif ipif_name ipaddr ipv6addr none Description This command is used to configure trap source IP interface Parameters ipif_name IP inte...

Page 481: ...pif Purpose Show trap source IP interface Syntax show trap source_ipif Description This command is used to display the trap source IP interface Parameters None Restrictions None Example usage Show tra...

Page 482: ...ormational debug all level 0 7 facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number ipaddress ipaddr state enable disable delete syslog host index 1 4 all show sys...

Page 483: ...lert Severity level 1 critical Severity level 2 error Severity level 3 warning Severity level 4 notice Severity level 5 informational Severity level 6 debug Severity level 7 level_list Specifies a lis...

Page 484: ...log messages Syntax disable syslog Description This command disables the sending of syslog messages Parameters None Restrictions Only Administrator and Operator level users can issue this command Exam...

Page 485: ...be prompted to the user when configuring syslog hosts with all option and just assigning one IP address to those hosts This configuration will fail When the specified IP address already exists the pr...

Page 486: ...el for a specific host messages which are at that severity level or higher will be reported to that host When the IP address is invalid the prompt message Invalid IP address will be displayed and this...

Page 487: ...1 ipaddress 10 90 90 1 severity all facility local0 Success DGS 3450 admin delete syslog host Purpose Used to delete the syslog host s Syntax delete syslog host index 1 4 all Description This command...

Page 488: ...514 Status Disabled Total Entries 3 DGS 3450 admin config log_save_timing Purpose Used to configure the method for saving the log Syntax config log_save_timing time_interval min 1 65535 on_demand log_...

Page 489: ...messages driven by modules such as DOS and the IP MAC port binding module This type of log message may generate a large amount of messages and quickly cause the system to run out of system log storag...

Page 490: ...Command clear attack_log Success DGS 3450 admin upload attack_log_toTFTP Purpose Used to upload the attack log on a unit Syntax upload attack_log_toTFTP ipaddr ipv6addr domain_name 255 dest_file path_...

Page 491: ...ch strategy will depend on the server system For some systems it will search the current user working directory first and then search the environment paths dest_file Specify the destination file here...

Page 492: ...ion of technique s support Syntax show tech_support Description This command is especially used by the technical support personnel to dump the device overall operation information The information is p...

Page 493: ...the information of technique s support Syntax upload tech_support_toTFTP ipaddr path_filename 64 Description The upload tech_support_toTFTP command is used to upload the information of technique s su...

Page 494: ...rnet Managed Switch CLI Manual 490 DGS 3450 admin upload tech_support_to_TFTP 10 0 0 66 tech_report txt Command upload tech_support_to_TFTP 10 0 0 66 tech_report txt Connecting to server Done Upload t...

Page 495: ...eters specified by the command will only be used for the establishment of this specific session They will not affect the establishment of other sessions Parameters ipaddr The IP address of the Telnet...

Page 496: ...4 upload attack_log_toTFTP ipaddr ipv6addr domain_name 255 dest_file path_filename 64 unit unit_id 1 12 Each command is listed in detail in the following sections download firmware_fromTFTP Purpose Us...

Page 497: ...y support one configuration file since the download of a configuration will automatically apply the setting to the system If increment is specified then the existing configuration will not be cleared...

Page 498: ...121 dest_file C test Connecting to server Done Upload Configuration Done DGS 3450 admin upload log_toTFTP Purpose Used to upload a log file from device to TFTP server This command is required to be su...

Page 499: ...TFTP server domain_name The domain name of the TFTP server dest_file Used to identify the parameter path_filename path_filename Specifies the path name on the TFTP server to hold the attack log unit...

Page 500: ..._date 1 31 e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 show time Each command is listed in detail in the following sections config sntp Purpose Used to setup SNTP service Syntax confi...

Page 501: ...DGS 3450 admin show sntp Command show sntp Current Time Source System Clock SNTP Disabled SNTP Primary Server 10 1 1 1 SNTP Secondary Server 10 1 1 2 SNTP Poll Interval 720 sec DGS 3450 admin enable...

Page 502: ...e system time and date settings These will be overridden if SNTP is configured and enabled Parameters date Express the date using two numerical characters for the day of the month three alphabetical c...

Page 503: ...epeating s_week start_week 1 4 last s_day start_day sun sat s_mth start_mth 1 12 s_time start_time hh mm e_week end_week 1 4 last e_day end_day sun sat e_mth end_mth 1 12 e_time end_time hh mm offset...

Page 504: ...begin DST expressed as a number e_mth Configure the month in which DST ends end_mth 1 12 The month to end DST expressed as a number s_time Configure the time of day to begin DST start_time hh mm Time...

Page 505: ...current system time Parameters None Restrictions None Example usage To show the time currently set on the Switch s System clock DGS 3450 admin show time Command show time Current Time Source System Cl...

Page 506: ...d in conjunction with an access profile rule to determine a period of time when an access profile and an associated rule are to be enabled on the Switch Remember this time range can only be applied to...

Page 507: ...30 00 end_time 21 40 00 weekdays mon fri Success DGS 3450 admin show time_range Purpose To view the current configurations of the time range set on the Switch Syntax show time_range Description This...

Page 508: ...r of hops is exceeded At each TTL setting one probe packet is launched the number can be changed by specifying the parameter probe and traceroute prints a line showing the round trip time and the addr...

Page 509: ...urned indicating that the packet reached the host or the maximum number of hops is exceeded At each TTL setting one probe are launched the number can be changed by specifying the parameter probe and t...

Page 510: ...1345 142 11 10 ms 1345 142 11 10 ms 2011 14 100 10 ms 2011 14 100 Request timed out 10 ms 3000 1 Trace complete DGS 3450 admin To trace the IPv6 routed path between the switch and 1210 100 11 with po...

Page 511: ...e port remains in shutdown status for a configurable period the count down value the port enters shutdown forever status The port link is down and remains disabled until either the configurable recove...

Page 512: ...tion parameter Default is 0 minutes 0 disables the forever state meaning that the port will not enter the shut down forever state disable Specifies that the countdown is disabled The port will directl...

Page 513: ...er 1 1 Enabled Disabled Disabled Shutdown 5 10 2 1 Enabled Disabled Disabled Shutdown 5 10 3 1 Enabled Disabled Disabled Shutdown 5 10 4 1 Enabled Disabled Disabled Shutdown 5 10 5 1 Enabled Disabled...

Page 514: ...control recover for any or all ports Syntax config traffic control_recover portlist all Description Configuring a port for traffic control recover will require an administrator to restart the specifie...

Page 515: ...ts that will be configured for traffic segmentation The beginning and end of the port list range are separated by a dash Non contiguous portlist entries are separated by a comma ex 1 3 7 9 forward_lis...

Page 516: ...end of the port list range are separated by a dash Non contiguous portlist entries are separated by a comma ex 1 3 7 9 Restrictions The port lists for segmentation and the forward list must be on the...

Page 517: ...must be members of the Management VLAN If no IP addresses are specified then there is nothing to prevent any IP address from accessing the switch provided the user knows the Username and Password Whe...

Page 518: ...delete trusted_host 10 48 74 121 Success DGS 3450 admin show trusted_host Purpose Used to display a list of trusted hosts entered on the switch using the create trusted_host command above Syntax show...

Page 519: ...fault network_address ipaddr metric 1 65535 primary backup Description Use this command to create an IP static route Selecting primary or backup means the newly created route is a floating static rout...

Page 520: ...trictions Only Administrator and Operator level users can issue this command Example usage To delete an IP static route DGS 3450 admin delete iproute 10 48 74 121 255 0 0 0 10 1 1 254 Command delete i...

Page 521: ...ow iproute hardware Command show iproute hardware Routing Table IP Address Netmask Gateway Interface 0 0 0 0 0 10 1 1 11 ip1 10 1 1 0 24 0 0 0 0 System 100 1 1 0 24 10 1 1 11 ip1 192 168 1 0 24 10 1 1...

Page 522: ...how route preference Command show route preference Route Preference Settings Protocol Preference RIP 100 Static 60 Default 999 Local 0 DGS 3450 admin create route redistribute dst rip Purpose Used to...

Page 523: ...rator level users can issue this command Example usage To delete route redistribution settings DGS 3450 admin delete route redistribute dst rip src local Command delete route redistribute dst rip src...

Page 524: ...ute redistributions settings Parameters dst Specify the target protocol rip Display the redistribution with the target protocol RIP src Specify the source protocol static Display the redistribution wi...

Page 525: ...tions show utilization Purpose Used to display real time port utilization statistics Syntax show utilization cpu ports dram unit unitid flash unit unitid Description The show utilization command displ...

Page 526: ...11 0 0 0 2 6 0 0 0 1 12 0 0 0 2 7 0 30 1 1 13 0 0 0 2 8 0 0 0 1 14 0 0 0 2 9 30 0 1 1 15 0 0 0 2 10 0 0 0 1 16 0 0 0 2 11 0 0 0 1 17 0 0 0 2 12 0 0 0 1 18 0 0 0 2 13 0 0 0 1 19 0 0 0 2 14 0 0 0 1 20 0...

Page 527: ...show utilization dram DRAM Utilization Total DRAM 262 144 KB Used DRAM 212 568 KB Utilization 81 Success DGS 3450 admin To display FLASH utilization DGS 3450 admin show utilization flash Command show...

Page 528: ...tp https create wac user username 15 vlan vlan_name 32 vlanid vlanid 1 4094 delete wac user username 15 all_users config wac user username 15 vlan vlan_name 32 vlanid vlanid 1 4094 clear_vlan config w...

Page 529: ...config wac ports command allows you to configure port state of WAC The default value of aging time is 1440 minutes The default value of idle time is infinite The default value of block_time is 60 sec...

Page 530: ...thentication will be done via the RADIUS server Restrictions Only Administrator and Operator level users can issue this command Example usage To configure WAC auth method DGS 3450 admin config wac met...

Page 531: ...redirect URL DGS 3450 admin config wac clear_default_redirpath Success DGS 3450 admin config wac virtual_ip Purpose Used to config the virtual IP address for WAC Syntax config wac virtual_ip ipaddr ip...

Page 532: ...range of port number is 1 65535 http To specify the WAC runs HTTP protocol on this TCP port https To specify the WAC runs HTTPS protocol on this TCP port Restrictions Only Administrator and Operator...

Page 533: ...Example usage To delete a WAC local user DGS 3450 admin delete wac user 123 Command delete wac user 123 Success DGS 3450 admin config wac user Purpose Used to configure WAC local user Syntax config wa...

Page 534: ...enable the authorized data assigned by the RADUIS server will be accepted if the global authorization network is enabled The default state is enabled local If specified to enable the authorized data a...

Page 535: ...iption This command allows the user to display the port level setting Parameters ports A range of member ports to show the status Restrictions None Example usage To show WAC port state and other param...

Page 536: ...ticated 4004 3 Infinite 40 1 00 00 00 00 00 02 1 Authenticated 1234 Infinite 50 1 00 00 00 00 00 03 1 Blocked 60 1 00 00 00 00 00 04 1 Authenticating 10 2 00 00 00 00 00 10 P 1 Authenticated 1234 2 14...

Page 537: ...ar all authenticated users for a port authenticating Specified to clear all authenticating users for a port Restrictions Only Administrator and Operator level users can issue this command Example usag...

Page 538: ...gation Control IEEE 802 3x Full duplex Flow Control IEEE 802 1u Fast Ethernet IEEE 802 3af Power over Ethernet Protocols CSMA CD Data Transfer Rates Ethernet Fast Ethernet Gigabit Ethernet Fiber Optic...

Page 539: ...Humidity 5 95 non condensing Dimensions 441mm x 389mm x 44mm Weight DGS 3400 Series DGS 3426 5 42 kg DGS 3426P 6 kg DGS 3427 5 51 kg DGS 3450 5 74 kg Module Inserts DEM 410CX 0 16 kg DEM 410X 0 18 kg...

Page 540: ...to attach a terminal or PC with terminal emulation to the console port of the switch 2 Power on the Switch After the runtime image is loaded to 100 the Switch will allow 2 seconds for the user to pre...

Reviews: