background image

D-Link DWS-1008 CLI Manual

CLI Conventions

Be aware of the following MSS CLI conventions for command entry:

 

•   “Command Prompts” on page 3

 

•   “Syntax: Notation” on page 4

 

•   “Text Entry Conventions and Allowed Characters” on page 4

 

•   “User Globs, MAC Address Globs, and VLAN Globs” on page 6

 

•   “Port Lists” on page 8

 

By default, the MSS CLI provides the following prompt for restricted users. The 

mmmm

 portion shows 

the DWS switch model number (for example, 1008) and the 

nnnnnn

 portion shows the last 6 digits of 

the switch’s media access control (MAC) address.

 

DWS-mmmm-nnnnnn>

After you become enabled as an administrative user by typing 

enable and supplying a suitable password, 

MSS displays the following prompt:

 

DWS-mmmm-nnnnnn#

For ease of presentation, this manual shows the restricted and enabled prompts as follows:

 

DWS-1008>

 

DWS-1008#

For information about changing the CLI prompt on an DWS switch, see 

set prompt on page 22.

Command Prompts

Содержание DWS-1008

Страница 1: ......

Страница 2: ...for Globs 7 Port Lists 8 Command Line Editing 9 Keyboard Shortcuts 9 History Buffer 9 Tabs 9 Single Asterisk Wildcard Character 10 Double Asterisk Wildcard Characters 10 Using CLI Help 10 Understanding Command Descriptions 11 Access Commands 12 System Services Commands 14 Port Commands 33 VLAN Commands 59 Quality of Service Commands 73 IP Services Commands 77 AAA Commands 170 Cryptography Commands...

Страница 3: ...D Link DWS 1008 CLI Manual ii IGMP Snooping Commands 450 Security ACL Commands 469 Trace Commands 490 Snoop Commands 496 System Log Commands 505 Boot Prompt Commands 513 ...

Страница 4: ... operational burden on IT resources Introducing the D Link Mobility System Read this reference if you are a network administrator responsible for managing DWS 1008 switches and DWL 8220AP access points in a network D Link Mobility System One or more DWS 1008 switches Distributed intelligent machines for managing user connectivity connecting and powering Mobility Point access points and connecting ...

Страница 5: ... square brackets Enclose optional parameters in command syntax curly brackets Enclose mandatory parameters in command syntax vertical bar Separates mutually exclusive options in command syntax Using the Command Line Interface The Mobility System Software MMS has a command line interface CLI on the DWS 1008 switch that you can use to configure and manage the switch and its attached access points Yo...

Страница 6: ...cted users The mmmm portion shows the DWS switch model number for example 1008 and the nnnnnn portion shows the last 6 digits of the switch s media access control MAC address DWS mmmm nnnnnn After you become enabled as an administrative user by typing enable and supplying a suitable password MSS displays the following prompt DWS mmmm nnnnnn For ease of presentation this manual shows the restricted...

Страница 7: ...e following command set port enable I disable port list Syntax Notations Text Entry Conventions and Allowed Characters Unless otherwise indicated the MSS CLI accepts standard ASCII alphanumeric characters except for tabs and spaces and is case insensitive The CLI has specific notation requirements for MAC addresses IP addresses and masks and allows you to group usernames MAC addresses virtual LAN ...

Страница 8: ...se noted use classless interdomain routing CIDR format to express subnet masks for example 192 168 1 112 24 You indicate the subnet mask with a forward slash and specify the number of bits in the mask Wildcard Masks Security access control lists ACLs use source and destination IP addresses and wildcard masks to determine whether the DWS switch filters or forwards IP packets Matching packets are ei...

Страница 9: ...ter matches any number of characters up to but not including a delimiter character in the glob Valid user glob delimiter characters are the at sign and the period For example the following globs identify the following users User Glob User s Designated jose example com User jose at example com example com All users at example com whose usernames do not contain periods for example jose example com a...

Страница 10: ...S 1008 switch known as the location policy to one or more users MSS compares the VLAN glob which can optionally contain wildcard characters against the VLAN Name attribute returned by AAA to determine whether to apply the rule To match all VLANs use the double asterisk wildcard characters with no delimiters To match any number of characters up to but not including a delimiter character in the glob...

Страница 11: ...exists on the switch You can include a single port or multiple ports in a command that includes port port list Use one of the following formats for port list A single port number For example DWS 1008 set port enable 4 A comma separated list of port numbers with no spaces For example DWS 1008 show port poe 1 2 4 6 A hyphen separated range of port numbers with no spaces For example DWS 1008 reset po...

Страница 12: ... new line Ctrl N or Down Arrow key Enters the next command line in the history buffer Ctrl P or Up Arrow key Enters the previous command line in the history buffer Ctrl U or Ctrl X Deletes characters from the cursor to the beginning of the command line Ctrl W Deletes the last word typed Esc B Moves the cursor back one word Esc D Deletes characters from the cursor forward to the end of the word Del...

Страница 13: ...or more information Commit the content of the ACL table Copy from filename or url to filename or url Crypto use crypto help for more information Delete url Show list of files on flash device Disable privileged mode Exit from the Admin session Show this help screen Show contents of history substitution buffer Load use load help for more information Exit from the Admin session Monitor use monitor he...

Страница 14: ...ap name The set ap dap name command has the following complete syntax set ap port list dap dap num name name A brief description of the command s functions The full command syntax Any command defaults The command access which is either enabled or all All indicates that anyone can access this command Enabled indicates that you must enter the enable password before entering the command The command h...

Страница 15: ...access to all commands required for configuring and monitoring the system Syntax enable Access All Usage MSS displays a password prompt to challenge you with the enable password To enable a session your or another administrator must have configured the enable password to this switch with the set enablepass command Examples The following command plus the enable password provides enabled access to t...

Страница 16: ...ass command press Enter If you are entering the first enable password on this switch press Enter at the Enter old password prompt Otherwise type the old password Then type a password of up to 32 alphanumeric characters with no spaces and reenter it at the retype new password prompt Examples The following example illustrates the prompts that the system displays when the enable password is changed T...

Страница 17: ...banner motd on page 28 set confirm on page 20 set length on page 20 set prompt on page 22 set system name on page 27 set system location on page 27 set system contact on page 23 set system countrycode on page 23 set system idle timeout on page 25 set system ip address on page 26 show load on page 29 show system on page 30 clear system on page 16 clear prompt on page 15 help on page 17 history on p...

Страница 18: ...r with an empty banner by typing the following command set banner motd clear history Deletes the command history buffer for the current CLI session Syntax clear history Defaults None Access All Examples To clear the history buffer type the following command DWS 1008 clear history success command buffer was flushed clear prompt Syntax clear prompt Defaults None Access Enabled Examples To reset the ...

Страница 19: ... system location success change accepted Resets the name of contact person for the DWS 1008 switch to null Resets the country code for the DWS 1008 switch to null Resets the number of seconds a CLI management session can remain idle to the default value 3600 seconds Resets the IP address of the DWS 1008 switch to null Resets the location of the DWS 1008 switch to null Resets the name of the DWS 10...

Страница 20: ... All Examples Use this command to see a list of available commands If you have restricted access you see fewer commands than if you have enabled access To display a list of CLI commands available at the enabled access level type the following command at the enabled access level ...

Страница 21: ...actively helps you configure a new switch Caution The quickstart command is for configuration of a new switch only After prompting you for verification the command erases the switch s configuration before continuing If you run this command on a switch that already has a configuration the configuration will be erased In addition error messages such as Critical AP Notice for directly connected APs c...

Страница 22: ...caret then the message then another caret Do not use the following characters with commands in which you set text to be displayed on the DWS 1008 switch such as message of the day MOTD banners Ampersand Angle brackets Double quotation marks Number sign Question mark Single quotation mark Examples To create a banner that says Update meeting at 3 p m type the following command DWS 1008 set banner mo...

Страница 23: ... that can have a potentially large impact on the network For example DWS 1008 clear vlan red This may disrupt user connectivity Do you wish to continue y n n Examples To turn off these confirmation messages type the following command DWS 1008 set confirm off success Confirm state is off set length Defines the number of lines of CLI output to display between paging prompts MSS displays the set numb...

Страница 24: ...u can install a 32 AP upgrade 64 AP upgrade or 96 AP upgrade If you have already installed a 32 AP or 64 AP upgrade you can still install additional upgrades Syntax set license activation key activation key Defaults None Access Enabled Usage This command applies to the DWS 1008 Examples To install an activation key for an additional 80 APs type the following command DWS 1008 set license 3B02 D821 ...

Страница 25: ...ides an DWS mmmm nnnnnn prompt After you become enabled by typing enable and giving a suitable password the DWS mmmm nnnnnn prompt is displayed If you use the set system name command to change the default system name MSS uses that name in the prompt unless you also change the prompt with set prompt Examples The following example sets the prompt from DWS to happy_days DWS 1008 set prompt happy_days...

Страница 26: ...amara example com DWS 1008 set system contact tamara example com success change accepted See Also clear system set system location set system name show system Alphanumeric string up to 256 characters long with no blank spaces set system country code Defines the country specific IEEE 802 11 regulations to enforce on the DWS 1008 switch Syntax set system countrycode code code Two letter code for the...

Страница 27: ...D Link DWS 1008 CLI Manual 24 ...

Страница 28: ... with the switch can remain idle before MSS terminates the session Syntax set system idle timeout seconds seconds Defaults 3600 seconds one hour Number of seconds a CLI management session can remain idle before MSS terminates the session You can specify from 0 to 86400 seconds one day If you specify 0 the idle timeout is disabled The timeout interval is in 30 second increments For example the inte...

Страница 29: ...tem idle timeout 1800 success change accepted See Also clear system show system set system ip address Sets the system IP address so that it can be used by various services in the DWS 1008 switch Syntax set system ip address ip addr ip addr IP address in dotted decimal notation Defaults None Access Enabled Examples The following command sets the IP address of the DWS switch to 192 168 253 1 DWS 100...

Страница 30: ... clear system set system contact set system name show system Alphanumeric string up to 256 characters long with no blank spaces set system name Changes the name of the switch from the default system name and also provides content for the CLI prompt if you do not specify a prompt Syntax set system name string string Defaults By default the system name and command prompt have the same value The fact...

Страница 31: ...he DWS switch DWS 1008 set system name DWS bldg3 success change accepted DWS 1008 bldg3 See Also clear system set prompt set system contact set system location show system show banner motd Shows the banner that was configured with the set banner motd command Syntax show banner motd Defaults None Access Enabled Examples To display the banner with the message of the day type the following command DW...

Страница 32: ...e show load Displays CPU usage on a DWS 1008 switch Syntax show load Defaults None Access Enabled Examples To display the CPU load recorded from the time the switch was booted as well as from the previous time the show load command was run type the following command DWS 1008 show load System Load overall 2 delta 5 The overall field shows the CPU load as a percentage from the time the switch was bo...

Страница 33: ...system Displays system information Syntax show system Defaults None Access Enabled Examples To show system information type the following command DWS 1008 show system The table on the next page describes the fields of show system output ...

Страница 34: ...em MAC DWS 1008 media access control MAC machine address set at the factory in 6 byte hexadecimal format Boot Time Date and time of the last system reboot Uptime Number of days hours minutes and seconds that the switch has been operating since its last restart Fan status Operating status of the three switch cooling fans OK Fan is operating Failed Fan is not operating MSS sends an alert to the syst...

Страница 35: ...des an in depth snapshot of the status of the DWS switch which includes details about the boot image the version ports and other configuration values This command also displays the last 100 log messages Syntax show tech support file subdirname filename subdirname filename Defaults None Access Enabled Usage Enter this command before calling D Link Technical Support Examples To store the location of...

Страница 36: ... on page 58 set port name on page 46 clear port name on page 36 set port on page 43 reset port on page 42 set port media type on page 35 clear port media type on page 36 set port speed on page 49 set port negotiation on page 47 set port poe on page 48 show port poe on page 57 set port trap on page 50 set port group on page 44 clear port group on page 35 set port mirror on page 46 clear port mirror...

Страница 37: ...p 1 This will clear specified DAP devices Would you like to continue y n n y See Also set dap set port type ap Number of the Distributed AP s you want to remove clear port counters Clears port statistics counters and resets them to 0 Syntax clear port counters Defaults None Access Enabled Examples The following command clears all port statistics counters and resets them to 0 DWS 1008 clear port co...

Страница 38: ...ort group server1 DWS 1008 clear port group name server1 success change accepted See Also set port group Name of the port group clear port mirror Removes a port mirroring configuration Syntax clear port mirror Defaults None Access Enabled Examples The following command clears the port mirroring configuration from the switch DWS 1008 clear port mirror See Also set port mirror ...

Страница 39: ... port Removes all configuration settings from a port and resets the port as a network port Syntax clear port type port list port list Defaults The cleared port becomes a network port but is not placed in any VLANs Access Enabled Usage Use this command to change a port back to a network port All configuration settings specific to the port type are removed For example if you clear an access point po...

Страница 40: ...TP Based on the VLAN s you add the port to 802 1X No authorization Port groups None Internet Group Management Protocol IGMP snooping Enabled as port is added to VLANs Access point and radio parameters Not applicable Maximum user sessions Not applicable Examples The following command clears port 5 DWS 1008 clear port type 5 This may disrupt currently authenticated users Are you sure y n n y success...

Страница 41: ...ports MSS refreshes the statistics every 5 seconds This interval cannot be configured Statistics types are displayed in the following order by default Octets Packets Receive errors Transmit errors Collisions Receive Ethernet statistics Transmit Ethernet statistics Access All Displays octet statistics first Displays packet statistics first Displays errors in received packets first Displays errors i...

Страница 42: ...e misalignment errors Jumbo packets with valid CRCs are not counted A short packet can be reported as a short packet a CRC error or an overrun In some circumstances the transmitted octets counter might increment a small amount for a port with nothing attached Examples The following command starts the port statistics monitor beginning with octet statistics the default Syntax monitor port counters A...

Страница 43: ...ude packets that contain errors Tx Unicast Number of unicast packets transmitted This number does not include packets that contain errors Tx NonUnicast Number of broadcast and multicast packets transmitted This number does not include packets that contain errors receive errors Rx Crc Number of frames received by the port that had the correct length but contained an invalid frame check sequence FCS...

Страница 44: ...perienced more than 16 collisions during transmit attempts These frames are dropped and not transmitted Total Coll Best estimate of the total number of collisions on this Ethernet segment receive etherstats Rx 64 Number of packets received that were 64 bytes long Rx 127 Number of packets received that were 65 127 bytes long Rx 255 Number of packets received that were 128 255 bytes long Rx 511 Numb...

Страница 45: ...e specified ports set dap Configures a Distributed AP for an access point that is indirectly connected to the DWS 1008 switch through an intermediate Layer 2 or Layer 3 network Note Before configuring a Distributed AP you must use the set system countrycode command to set the IEEE 802 11 country specific regulations on the DWS 1008 switch See set system countrycode Syntax set dap dap num serial id...

Страница 46: ...lear port type set port type ap set system countrycode set port Administratively disables or reenables a port Syntax set port enable disable port list enable disable port list Defaults All ports are enabled Access Enabled Usage A port that is administratively disabled cannot send or receive packets This command does not affect the link state of the port Examples The following command disables port...

Страница 47: ... the same port group After you add a port to a port group you cannot configure port parameters on the individual port Instead change port parameters on the entire group Specify the group name instead of an individual port name or number in port configuration commands To add or remove ports in a group that is already configured change the mode to off add or remove the ports then change the mode to ...

Страница 48: ...e link for port group server1 change the list of ports in the group and reenable the link DWS 1008 set port group name server1 1 5 mode off success change accepted DWS 1008 set port group name server1 1 4 7 mode on success change accepted See Also clear port group ...

Страница 49: ...observer port at a time The source port can be a network port AP access port or wired authentication port However the observer port must be a network port and cannot be a member of any VLAN or port group Examples The following command sets port 2 to monitor port 1 s traffic DWS 1008 set mirror port 1 observer 2 See Also clear port mirror Number of the port whose traffic you want to analyze You can...

Страница 50: ...l Ethernet ports by default Access Enabled Usage The gigabit Ethernet ports operate at 1000 Mbps only They do not change speed to match 10 Mbps or 100 Mbps links The DWS 1008 Ethernet ports support half duplex and full duplex operation D Link recommends that you do not configure the mode of a DWS 1008 port so that one side of the link is set to autonegotiation while the other side is set to full d...

Страница 51: ... PoE to power D Link access points or PoE enabled devices only If you enable PoE on ports connected to other devices damage can result Syntax set port poe port list enable disable port list enable disable Defaults PoE is disabled on network and wired authentication ports The state on access point ports depends on whether you enabled or disabled PoE when setting the port type See set port type ap A...

Страница 52: ...ecommends that you do not configure the mode of a switch port so that one side of the link is set to autonegotiation while the other side is set to full duplex Although MSS allows this configuration it can result in slow throughput on the link The slow throughput occurs because the side that is configured for autonegotiation falls back to half duplex A stream of large packets sent to a switch port...

Страница 53: ... The set port trap command overrides the global setting of the set snmp trap command The set port type command does not affect the global trap information displayed by the show snmp configuration command For example if you globally enable linkup and linkdown traps but then disable the traps on a single port the show snmp configuration command still indicates that the traps are globally enabled Exa...

Страница 54: ... a Distributed AP Note Before changing the port type from ap to wired auth or from wired auth to ap you must reset the port with the clear port type command Syntax set port type ap port list model DWL 8200 poe enable disable radiotype 11a 11b 11g port list model poe enable disable radiotype 11a 11b 11g Defaults All DWS 1008 ports are network ports by default Access Enabled Usage You cannot set a p...

Страница 55: ... Groups Not applicable IGMP Snooping Enabled as users are authenticated and join VLANs Maximum user sessions Not applicable Examples The following commands set port 2 for access point model DWL 8220AP enables PoE on the port DWS 1008 set port type ap 2 model DWL 8220AP poe enable This may affect the power applied on the configured ports Would you like to continue y n n y success change accepted Se...

Страница 56: ...hat MSS applies when you set a port s type to wired auth Wired Authentication Port Defaults List of physical ports One or more numbers between 1 and 4094 that subdivide a wired authentication port into virtual ports Maximum number of simultaneous user sessions supported Automatically authenticates the user without requiring a user name and password Denies authentication and prohibits the user from...

Страница 57: ... the PAE group address The 802 1X specification prohibits networking devices from forwarding PAE group address packets because this would make it possible for multiple authenticators to acquire the same client For non 802 1X clients who use MAC authentication WebAAA or last resort authentication wired authentication works if the clients are directly attached or indirectly attached Examples The fol...

Страница 58: ... receive etherstats Displays Ethernet statistics for received packets transmit etherstats Displays Ethernet statistics for transmitted packets port port list List of physical ports If you do not specify a port list MSS displays statistics for all ports Defaults None Access All Usage You can specify one statistic type with the command Examples The following command shows octet statistics for port 3...

Страница 59: ...ields in the show port group output Field Description Port group Name and state enabled or disabled of the port group Ports Ports contained in the port group See Also clear port group set port group show port mirror Displays the port mirroring configuration Syntax show port mirror Defaults None Access Enabled Examples The following command displays the port mirroring configuration on the switch DW...

Страница 60: ... disabled off 4 4 down disabled off 5 5 down disabled off 6 6 up AP enabled 1 44 7 7 down disabled invalid 8 8 down disabled invalid The table below describes the fields in this display Field Description Port Port number Name Port name If the port does not have a name the port number is listed Link status Link status of the port up The port is connected down The port is not connected Port type Por...

Страница 61: ...5 5 up down auto network 10 100BaseTx 6 6 up down auto network 10 100BaseTx 7 7 up down auto network no connector 8 8 up down auto network no connector The table below describes the fields in this display Field Description Port Port number Name Port name If the port does not have a name the port number is listed Admin Administrative status of the port up The port is enabled down The port is disabl...

Страница 62: ...hapter based on their use Creation set vlan name on page 66 Ports set vlan port on page 67 clear vlan on page 62 show vlan config on page 71 Restriction of Client Layer 2 Forwarding set security l2 restrict on page 65 show security l2 restrict on page 70 clear security l2 restrict on page 61 clear security l2 restrict counters on page 62 FDB Entries set fdb on page 64 show fdb on page 68 show fdb ...

Страница 63: ...ion vlan vlan id VLAN name or number required for removing permanent and static entries For dynamic entries specifying a VLAN removes entries that match only that VLAN Otherwise dynamic entries that match all VLANs are removed tag tag value VLAN tag value that identifies a virtual port If you do not specify a tag value MSS deletes only entries that match untagged interfaces Specifying a tag value ...

Страница 64: ...N Clients within the VLAN will be able to communicate directly There can be a slight delay before functions such as pinging between clients become available again after Layer 2 restrictions are lifted Even though packets are passed immediately once Layer 2 restrictions are gone it can take 10 seconds or more for upper layer protocols to update their ARP caches and regain their functionality To cle...

Страница 65: ...trict counters vlan abc_air success change accepted See Also clear security l2 restrict set security l2 restrict show security l2 restrict clear vlan Removes physical or virtual ports from a VLAN or removes a VLAN entirely Caution When you remove a VLAN MSS completely removes the VLAN from the configuration and also removes all configuration information that uses the VLAN If you want to remove onl...

Страница 66: ...green DWS 1008 clear vlan green port 1 This may disrupt user connectivity Do you wish to continue y n n y success change accepted The following command removes port 4 which uses tag value 69 from VLAN red DWS 1008 clear vlan red port 4 tag 69 This may disrupt user connectivity Do you wish to continue y n n y success change accepted The following command completely removes VLAN marigold DWS 1008 cl...

Страница 67: ... of a VLAN of which the port is a member The entry is added only for the specified VLAN tag tag value VLAN tag value that identifies a virtual port You can specify a number from 1 through 4093 If you do not specify a tag value an entry is created for an untagged interface only If you specify a tag value an entry is created only for the specified tagged interface Defaults None Access Enabled Usage ...

Страница 68: ...t fdb agingtime orange age 600 success change accepted See Also show fdb agingtime set security l2 restrict Restricts Layer 2 forwarding between clients in the same VLAN When you restrict Layer 2 forwarding in a VLAN MSS allows Layer 2 forwarding only between a client and a set of MAC addresses generally the VLAN s default routers Clients within the VLAN are not permitted to communicate among them...

Страница 69: ...f 11 22 33 44 55 66 success change accepted See Also clear security l2 restrict clear security l2 restrict counters show security l2 restrict set vlan name Creates a VLAN and assigns a number and name to it Syntax set vlan vlan num name name vlan num VLAN number You can specify a number from 2 through 4093 name String up to 16 alphabetic characters long Defaults VLAN 1 is named default by default ...

Страница 70: ...g value Tag value that identifies a virtual port You can specify a value from 1 through 4093 Defaults By default no ports are members of any VLANs A switch cannot forward traffic on the network until you configure VLANs and add network ports to the VLANs Access Enabled Usage You can combine this command with the set port name command to assign the name and add the ports at the same time If you do ...

Страница 71: ...ough aging or after a reboot reset or power cycle system Displays system entries A system entry is added by MSS For example the authentication protocols can add entries for wired and wireless authentication users all Displays all entries in the database or all the entries that match a particular port or ports or a particular VLAN port port list Destination port s for which to display entries Defau...

Страница 72: ...service QoS features Destination Ports Switch port associated with the entry A switch sends traffic to the destination MAC address through this port Protocol Type Layer 3 protocol address types that can be mapped to this entry Total Matching FDB Entries Displayed Number of entries displayed by the command The table below describes the fields in the show fdb output show fdb agingtime Displays the a...

Страница 73: ...entry is automatically removed through aging or after a reboot reset or power cycle vlan vlan id VLAN name or number Entries are listed for only the specified VLAN Defaults None Access All Examples The following command lists the number of dynamic entries that the forwarding database contains DWS 1008 show fdb count dynamic Total Matching Entries 2 See Also show fdb show security l2 restrict Displ...

Страница 74: ... under Permit MAC N Disabled Layer 2 forwarding is not restricted Drops Number of packets dropped because the destination MAC address was not one of the addresses listed under Permit MAC Permit MAC MAC addresses to which clients in the VLAN are allowed to send traffic at Layer 2 Hits Number of packets whose source MAC address was a client in this VLAN and whose destination MAC address was one of t...

Страница 75: ... The VLAN is connected Tunl Affin Tunnel affinity value assigned to the VLAN Port Member port of the VLAN The port can be a physical port or a virtual port Physical ports are 10 100 Ethernet on the switch and are listed by port number Virtual ports are tunnels to other switches in a mobility domain and are listed as follows t ip addr where ip addr is the system IP address of the switch at the othe...

Страница 76: ...Differentiated Services Code Point DSCP values to internal QoS values The switch s internal QoS map ensures that prioritized traffic remains prioritized while transiting through the DWS 1008 switch A switch uses the QoS map to do the following Classify inbound packets by mapping their DSCP values to one of eight internal QoS values Classify outbound packets by marking their DSCP values based on th...

Страница 77: ...yntax set qos cos to dscp map level dscp dscp value level Internal CoS value You can specify a number from 0 to 7 dscp dscp value DSCP value You can specify the value as a decimal number Valid values are 0 to 63 Defaults The defaults are listed by the show qos command Access Enabled Examples The following command maps internal CoS value 5 to DSCP value 50 DWS 1008 set qos cos to dscp map 5 dscp 50...

Страница 78: ...r from 0 to 7 Defaults The defaults are listed by the show qos command Access Enabled Examples The following command maps DSCP values 40 56 to internal CoS value 6 DWS 1008 set qos dscp to cos map 40 56 cos 6 warning cos 5 is marked with dscp 63 which will be classified as cos 7 warning cos 7 is marked with dscp 56 which will be classified as cos 6 As shown in this example if the change results in...

Страница 79: ... dscp CoS Level 0 1 2 3 4 5 6 7 Egress DSCP 0 8 16 24 32 40 48 56 Egress ToS byte 0x00 0x20 0x40 0x60 0x80 0xA0 0xC0 0xE0 See Also show qos dscp table show qos dscp table Displays a table that maps Differentiated Services Code Point DSCP values to their equivalent combinations of IP precedence values and IP ToS values Syntax show qos dscp table Defaults None Access Enabled Examples The following c...

Страница 80: ...r number Defaults None Access Enabled Usage If the interface you want to remove is configured as the system IP address removing the address can interfere with system tasks that use the system IP address including the following Topology reporting for dual homed access points Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP traps Examples The follo...

Страница 81: ...er1 DWS 1008 clear ip alias server1 success change accepted See Also set ip alias show ip alias clear ip dns domain Removes the default DNS domain name Syntax clear ip dns domain Defaults None Access Enabled Examples The following command removes the default DNS domain name from a switch DWS 1008 clear ip dns domain Default DNS domain name cleared See Also clear ip dns server set ip dns set ip dns...

Страница 82: ...ar ip dns domain set ip dns set ip dns domain set ip dns server show ip dns clear ip route Removes a route from the IP route table Syntax clear ip route default ip addr mask ip addr mask length default router default Default route Note default is an alias for IP address 0 0 0 0 0 ip addr mask IP address and subnet mask for the route destination in dotted decimal notation for example 10 10 10 10 25...

Страница 83: ...p telnet Resets the Telnet server s TCP port number to its default value A DWS 1008 switch listens for Telnet management traffic on the Telnet server port Syntax clear ip telnet Defaults The default Telnet port number is 23 Access Enabled Examples The following command resets the TCP port number for Telnet management traffic to its default DWS 1008 clear ip telnet success change accepted See Also ...

Страница 84: ...guration DWS 1008 clear ntp server 192 168 40 240 success change accepted See Also clear ntp update interval set ntp set ntp server set ntp update interval show ntp clear ntp update interval Resets the NTP update interval to the default value Syntax clear ntp update interval Defaults The default NTP update interval is 64 seconds Access Enabled Examples To reset the NTP interval to the default valu...

Страница 85: ...unity name setswitch2 success change accepted See Also set snmp community show snmp community clear snmp notify profile Clears an SNMP notification profile Syntax clear snmp notify profile profile name profile name Name of the notification profile you are clearing Defaults None Access Enabled Examples The following command clears notification profile snmpprof_rfdetect DWS 1008 clear snmp notify pr...

Страница 86: ...tion target 3 DWS 1008 clear snmp notify target 3 success change accepted See Also set snmp notify target show snmp notify target clear snmp usm Clears an SNMPv3 user Syntax clear snmp usm usm username usm username Name of the SNMPv3 user you want to clear Defaults None Access Enabled Examples The following command clears SNMPv3 user snmpmgr1 DWS 1008 clear snmp usm snmpmgr1 success change accepte...

Страница 87: ...Clears the system IP address Caution Clearing the system IP address disrupts the system tasks that use the address Syntax clear system ip address Defaults None Access Enabled Usage Clearing the system IP address can interfere with system tasks that use the system IP address including the following Topology reporting for dual homed access points Default source IP address used in unsolicited communi...

Страница 88: ...Internet Control Message Protocol ICMP echo packet to the specified device and listens for a reply packet Syntax ping host count num packets dnf flood interval time size size source ip ip addr vlan name host IP address MAC address hostname alias or user to ping count num packets Number of ping packets to send You can specify from 0 through 2 147 483 647 If you enter 0 MSS pings continuously until ...

Страница 89: ... packets Defaults count 5 dnf Disabled interval 100 one tenth of a second size 56 Access Enabled Usage To stop a ping command that is in progress press Ctrl C A DWS 1008 switch cannot ping itself MSS does not support this Examples The following command pings a device that has IP address 10 1 1 1 DWS 1008 ping 10 1 1 1 PING 10 1 1 1 10 1 1 1 from 10 9 4 34 56 84 bytes of data 64 bytes from 10 1 1 1...

Страница 90: ...ress of the entry in dotted decimal notation mac addr MAC address to map to the IP address Use colons to separate the octets for example 00 11 22 aa bb cc Defaults None Access Enabled Examples The following command adds a static ARP entry that maps IP address 10 10 10 1 to MAC address 00 bb cc dd ee ff DWS 1008 set arp static 10 10 10 1 00 bb cc dd ee ff success added arp 10 10 10 1 at 00 bb cc dd...

Страница 91: ...sk ip addr mask length vlan id VLAN name or number ip addr mask IP address and subnet mask in dotted decimal notation for example 10 10 10 10 255 255 255 0 ip addr mask length IP address and subnet mask length in CIDR format for example 10 10 10 10 24 Defaults None Access Enabled Usage You can assign one IP interface to each VLAN If an interface is already configured on theVLAN you specify this co...

Страница 92: ...et interface vlan id ip dhcp client enable disable vlan id VLAN name or number enable Enables the DHCP client on the VLAN disable Disables the DHCP client on the VLAN Defaults The DHCP client is disabled by default on the DWS 1008 Access Enabled Usage You can enable the DHCP client on one VLAN only You can configure the DHCP client on more than one VLAN but the client can be active on only one VLA...

Страница 93: ...of the DHCP client s DNS servers secondary dns ip addr default router ip addr IP address of the DHCP client s default router Defaults The DHCP server is enabled by default on a new unconfigured DWS 1008 in order to provide an IP address to the host connected to the switch for access to the Web Quick Start Access Enabled Usage By default all addresses except the host address of the VLAN the network...

Страница 94: ...amples The following command enables the DHCP server on VLAN red vlan to serve addresses from the 192 168 1 5 to 192 168 1 25 range DWS 1008 set interface red vlan ip dhcp server enable start 192 168 1 5 stop 192 168 1 25 success change accepted See Also set ip dns domain set ip dns server show dhcp server set interface status Administratively disables or reenables an IP interface Syntax set inter...

Страница 95: ...ommand configures the alias HR1 for IP address 192 168 1 2 DWS 1008 set ip alias HR1 192 168 1 2 success change accepted See Also clear ip alias show ip alias set ip dns Enables or disables DNS on a DWS 1008 switch Syntax set ip dns enable disable enable Enables DNS disable Disables DNS Defaults DNS is disabled by default Access Enabled Examples The following command enables DNS on a DWS 1008 swit...

Страница 96: ...ris example com Aliases take precedence over DNS When you enter a hostname MSS checks for an alias with that name first before using DNS to resolve the name Examples The following command configures the default domain name example com DWS 1008 set ip dns domain example com Domain name changed See Also clear ip dns domain clear ip dns server set ip dns set ip dns server Specifies a DNS server to us...

Страница 97: ...ccepted See Also clear ip dns domain clear ip dns server set ip dns set ip dns domain show ip dns set ip https server Enables the HTTPS server on a DWS 1008 switch The HTTPS server is required for Web View access to the switch Caution If you disable the HTTPS server Web View access to the switch is disabled Syntax set ip https server enable disable enable Enables the HTTPS server disable Disables ...

Страница 98: ...ou add an IP interface to a VLAN if the VLAN is up If one of these added routes can resolve the static route MSS can use the static route Before you add a static route use the show interface command to verify that the switch has an IP interface in the same subnet as the route s next hop router If not the VLAN Interface field of the show ip route command output shows that the route is down You can ...

Страница 99: ...wing command adds an explicit route from a DWS 1008 switch to any host on the 192 168 4 x subnet through the local router 10 5 4 2 and gives the route a cost of 1 DWS 1008 set ip route 192 168 4 0 255 255 255 0 10 5 4 2 1 success change accepted The following command adds another explicit route using CIDR notation to specify the subnet mask DWS 1008 set ip route 192 168 5 0 24 10 5 5 2 1 success c...

Страница 100: ...a DWS 1008 switch listens for Secure Shell SSH management traffic Caution If you change the SSH port number from an SSH session MSS immediately ends the session To open a new management session you must configure the SSH client to use the new TCP port number Syntax set ip ssh port port num port num TCP port number Defaults The default SSH port number is 22 Access Enabled Examples The following com...

Страница 101: ...lly generates a 1024 byte SSH key If you want to use a 2048 byte key instead use the crypto generate key ssh 2048 command to generate one The maximum number of SSH sessions supported on a DWS 1008 switch is eight If Telnet is also enabled the switch can have up to eight Telnet or SSH sessions in any combination and one Console session See Also crypto generate key set ip ssh set ip ssh server set i...

Страница 102: ...ss to the switch is also disabled Syntax set ip telnet server enable disable enable Enables the Telnet server disable Disables the Telnet server Defaults The Telnet server is disabled by default Access Enabled Usage The maximum number of Telnet sessions supported on a DWS 1008 switch is eight If SSH is also enabled the switch can have up to eight Telnet or SSH sessions in any combination and one c...

Страница 103: ...avoid a significant delay in convergence Examples The following command enables the NTP client DWS 1008 set ntp enable success NTP Client enabled See Also clear ntp server clear ntp update interval set ntp server set ntp update interval show ntp set ntp server Configures a DWS 1008 switch to use an NTP server Syntax set ntp server ip addr ip addr IP address of the NTP server in dotted decimal nota...

Страница 104: ...ow often MSS sends queries to the NTP servers for updates Syntax set ntp update interval seconds seconds Number of seconds between queries You can specify from 16 through 1024 seconds Defaults The default NTP update interval is 64 seconds Access Enabled Examples The following command changes the NTP update interval to 128 seconds DWS 1008 set ntp update interval 128 success change accepted See Als...

Страница 105: ...ing to get object values on the switch but not to set them The switch can use the string to send notifications notify only Allows the switch to use the string to send notifications read write Allows an SNMP management application using the string to get and set object values on the switch notify read write Allows an SNMP management application using the string to get and set object values on the s...

Страница 106: ...y set snmp notify profile Configures an SNMP notification profile A notification profile is a named list of all the notification types that can be generated by a switch and for each notification type the action to take drop or send when an event occurs You can configure up to ten notification profiles Syntax set snmp notify profile default profile name drop send notification type all default profi...

Страница 107: ... when the RFAuto Tuning feature changes the power setting on a radio ClientAssociationFailureTraps Generated when a client s attempt to associate with a radio fails ClientAuthorizationSuccessTraps Generated when a client is successfully authorized ClientAuthenticationFailureTraps Generated when authentication fails for a client ClientAuthorizationFailureTraps Generated when authorization fails for...

Страница 108: ...tViaRogueWiredAPTraps Generated when MSS detects on the wired part of the network the MAC address of a wireless client associated with a third party AP RFDetectDoSPortTraps Generated when MSS detects an associate request flood reassociate request flood or disassociate request flood RFDetectDoSTraps Generated when MSS detects a DoS attack other than an associate request flood reassociate request fl...

Страница 109: ...pted DWS 1008 set snmp notify profile snmpprof_rfdetect send RFDetectClientViaRogueWiredAPTraps success change accepted DWS 1008 set snmp notify profile snmpprof_rfdetect send RFDetectDoSTraps success change accepted DWS 1008 set snmp notify profile snmpprof_rfdetect send RFDetectAdhocUserTraps success change accepted DWS 1008 set snmp notify profile snmpprof_rfdetect send RFDetectInterferingRogue...

Страница 110: ...traps Some of the command options differ depending on the SNMP version and the type of notification you specify You can configure up to 10 notification targets SNMPv3 with Informs To configure a notification target for informs from SNMPv3 use the following command Syntax set snmp notify target target num ip addr udp port number usm inform user username snmp engine id ip hex hex string profile prof...

Страница 111: ...NMP engine will resend a notification that has not been acknowledged by the target You can specify from 0 to 3 retries timeout num Specifies the number of seconds MSS waits for acknowledgement of a notification You can specify from 1 to 5 seconds SNMPv3 with Traps To configure a notification target for traps from SNMPv3 use the following command Syntax set snmp notify target target num ip addr udp...

Страница 112: ...to the switch and does not need to correspond to a value on the target itself You can specify a number from 1 to 10 ip addr udp port number IP address of the server You also can specify the UDP port number to send notifications to community string Community string profile profile name Notification profile this SNMP user will use to specify the notification types to send or drop retries num Specifi...

Страница 113: ... specify a number from 1 to 10 ip addr udp port number IP address of the server You also can specify the UDP port number to send notifications to community string Community string profile profile name Notification profile this SNMP user will use to specify the notification types to send or drop Defaults The default UDP port number on the target is 162 The default minimum required security level is...

Страница 114: ...et snmp security set snmp usm show snmp notify target set snmp protocol Enables an SNMP protocol MSS supports SNMPv1 SNMPv2c and SNMPv3 Syntax set snmp protocol v1 v2c usm all enable disable v1 SNMPv1 v2c SNMPv2c usm SNMPv3 with the user security model all Enables all supported versions of SNMP enable Enables the specified SNMP version s disable Disables the specified SNMP version s Defaults All S...

Страница 115: ...ssage exchanges are authenticated but are not encrypted and notifications are neither authenticated nor encrypted Defaults By default MSS allows nonsecure unsecured SNMP message exchanges Access Enabled Usage SNMPv1 and SNMPv2c do not support authentication or encryption If you plan to use SNMPv1 or SNMPv2c leave the minimum level of SNMP security set to unsecured Examples The following command se...

Страница 116: ...specify local as the engine ID hex hex string ID is a hexadecimal string ip ip addr ID is based on the IP address of the station running the management application Enter the IP address of the station MSS calculates the engine ID based on the address local Uses the value computed from the switch s system IP address Specifies the access level of the user read only An SNMP management application usin...

Страница 117: ...ssphrase use the encrypt pass phrase string option The string can be from 8 to 32 alphanumeric characters long with no spaces To specify a key use the encrypt key hex string option auth type none md5 sha auth pass phrase string auth key hex string encrypt type none des 3des aes encrypt pass phrase string encrypt key hex string Defaults No SNMPv3 users are configured by default When you configure a...

Страница 118: ... jan feb mar apr may jun jul aug sep oct nov and dec hour Hour to start or end the time change a value between 0 and 23 on the 24 hour clock min Minute to start or end the time change a value between 0 and 59 end End of the time change period Defaults If you do not specify a start and end time the system implements the time change starting at 2 00 a m on the first Sunday in April and ending at 2 0...

Страница 119: ...tted decimal notation The address must be configured on one of the switch s VLANs Defaults None Access Enabled Usage You must use an address that is configured on one of the switch s VLANs To display the system IP address use the show system command Examples The following commands configure an IP interface on VLAN taupe and configure the interface to be the system IP address DWS 1008 set interface...

Страница 120: ...of the time will make the time incorrect if the date is within the summertime period Examples The following command sets the date to March 13 2003 and time to 11 11 12 DWS 1008 set timedate date feb 29 2004 time 23 58 00 Time now is Sun Feb 29 2004 23 58 02 PST set timezone Sets the number of hours and optionally the number of minutes that the switch s real time clock is offset from Coordinated Un...

Страница 121: ...so clear summertime clear timezone set summertime set timedate show summertime show timedate show timezone show arp Displays the ARP table Syntax show arp ip addr ip addr IP address Defaults If you do not specify an IP address the whole ARP table is displayed Access All Examples The following command displays ARP entries DWS 1008 show arp ARP aging time 1200 seconds Host HW Address VLAN Type State...

Страница 122: ...NT Entry does not age out and remains in the configuration even following a reboot STATIC Entry does not age out but is removed after a reboot State Entry state RESOLVING MSS sent an ARP request for the entry and is waiting for the reply RESOLVED Entry is resolved See Also set arp set arp agingtime show dhcp client Displays DHCP client information for all VLANs Syntax show dhcp client Defaults Non...

Страница 123: ...ide an address DHCP Server IP address of the DHCP server DNS Servers DNS server IP address es received from the DHCP server DNS Domain Name Default DNS domain name received from the DHCP server See Also set interface dhcp client show dhcp server Displays MSS DHCP server information Syntax show dhcp server interface vlan id verbose interface vlan id Displays the IP addresses leased by the specified...

Страница 124: ...lds the lease for the address Lease Remaining Number of seconds remaining before the address lease expires Field Description Interface VLAN name and number Status Status of the interface UP DOWN Address Range Range from which the server can lease addresses Hardware Address MAC address of the DHCP client State State of the address lease SUSPEND MSS is checking for the presence of another DHCP serve...

Страница 125: ... to each VLAN If an interface is already configured on the VLAN you specify this command replaces the interface If you replace an interface that is in use as the system IP address replacing the interface can interfere with system tasks that use the system IP address including the following Topology reporting for dual homed access points Default source IP address used in unsolicited communications ...

Страница 126: ...e You can enable the DHCP client on one VLAN only You can configure the DHCP client on more than one VLAN but the client can be active on only one VLAN MSS also has a configurable DHCP server You can configure a DHCP client and DHCP server on the same VLAN but only the client or the server can be enabled The DHCP client and DHCP server cannot both be enabled on the same VLAN at the same time Examp...

Страница 127: ...ress range also called the address pool stop ip addr2 Specifies the ending address of the address range dns domain domain name Name of the DHCP client s default DNS domain primary dns ip addr IP addresses of the DHCP client s DNS servers secondary dns ip addr default router ip addr IP address of the DHCP client s default router Defaults The DHCP server is enabled and cannot be disabled for directl...

Страница 128: ...n use the value set by the set ip route command A default route configured by set ip route can be used if the route is in the DHCP client s subnet Otherwise the MSS DHCP server does not specify a router address Examples The following command enables the DHCP server on VLAN red vlan to serve addresses from the 192 168 1 5 to 192 168 1 25 range DWS 1008 set interface red vlan ip dhcp server enable s...

Страница 129: ...command configures the alias HR1 for IP address 192 168 1 2 DWS 1008 set ip alias HR1 192 168 1 2 success change accepted See Also clear ip alias show ip alias set ip dns Enables or disables DNS on a DWS 1008 switch Syntax set ip dns enable disable enable Enables DNS disable Disables DNS Defaults DNS is disabled by default Access Enabled Examples The following command enables DNS on a DWS 1008 swi...

Страница 130: ...m Aliases take precedence over DNS When you enter a hostname MSS checks for an alias with that name first before using DNS to resolve the name Examples The following command configures the default domain name example com DWS 1008 set ip dns domain example com Domain name changed See Also clear ip dns domain clear ip dns server set ip dns set ip dns server show ip dns set ip dns server Specifies a ...

Страница 131: ...0 10 30 69 24 secondary success change accepted See Also clear ip dns domain clear ip dns server set ip dns set ip dns domain show ip dns set ip https server Enables the HTTPS server on a DWS 1008 switch The HTTPS server is required for Web View access to the switch Caution If you disable the HTTPS server Web View access to the switch is disabled Syntax set ip https server enable disable enable En...

Страница 132: ... an IP interface to a VLAN if the VLAN is up If one of these added routes can resolve the static route MSS can use the static route Before you add a static route use the show interface command to verify that the switch has an IP interface in the same subnet as the route s next hop router If not the VLAN Interface field of the show ip route command output shows that the route is down You can config...

Страница 133: ...ute from a switch to any host on the 192 168 4 x subnet through the local router 10 5 4 2 and gives the route a cost of 1 DWS 1008 set ip route 192 168 4 0 255 255 255 0 10 5 4 2 1 success change accepted The following command adds another explicit route using CIDR notation to specify the subnet mask DWS 1008 set ip route 192 168 5 0 24 10 5 5 2 1 success change accepted set ip snmp server Enables...

Страница 134: ...s or reenables the SSH server on a DWS 1008 switch Caution If you disable the SSH server SSH access to the switch is also disabled Syntax set ip ssh server enable disable enable Enables the SSH server disable Disables the SSH server Defaults The SSH server is enabled by default Access Enabled Usage SSH requires an SSH authentication key You can generate one or allow MSS to generate one The first t...

Страница 135: ...t Telnet port number is 23 Access Enabled Examples The following command changes the Telnet port number on a DWS 1008 switch to 5000 DWS 1008 set ip telnet 5000 success change accepted See Also clear ip telnet set ip https server set ip telnet server show ip https show ip telnet set ip telnet server Enables the Telnet server on a DWS 1008 switch Caution If you disable the Telnet server Telnet acce...

Страница 136: ... on a DWS 1008 switch Syntax set ntp enable disable enable Enables the NTP client disable Disables the NTP client Defaults The NTP client is disabled by default Access Enabled Usage If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes convergence of the switch time can take many NTP update intervals D Link recommends that you set the time man...

Страница 137: ...the NTP client with the set ntp command Examples The following command configures a switch to use NTP server 192 168 1 5 DWS 1008 set ntp server 192 168 1 5 See Also clear ntp server clear ntp update interval set ntp set ntp update interval show ntp set ntp update interval Changes how often MSS sends queries to the NTP servers for updates Syntax set ntp update interval seconds seconds Number of se...

Страница 138: ...e string to send notifications notify only Allows the switch to use the string to send notifications read write Allows an SNMP management application using the string to get and set object values on the switch notify read write Allows an SNMP management application using the string to get and set object values on the switch The switch also can use the string to send notifications Defaults None Acc...

Страница 139: ...default profile name drop send notification type all default profile name Name of the notification profile you are creating or modifying The profile name can be up to 32 alphanumeric characters long with no spaces To modify the default notification profile specify default drop send Specifies the action that the SNMP engine takes with regard to the notifications you specify with notification type o...

Страница 140: ...t severity occurs DeviceOkayTraps Generated when a device returns to its normal state LinkDownTraps Generated when the link is lost on a port LinkUpTraps Generated when the link is detected on a port MichaelMICFailureTraps Generated when two Michael message integrity code MIC failures occur within 60 seconds triggering Wi Fi Protected Access WPA countermeasures PoEFailTraps Generated when a seriou...

Страница 141: ...lnotifications in the default profile are dropped by default Access Enabled Examples The following command changes the action in the default notification profile from drop to send for all notification types DWS 1008 set snmp notify profile default send all success change accepted The following commands create notification profile snmpprof_rfdetect and change the action to send for all RF detection...

Страница 142: ...APTraps success change accepted DWS 1008 set snmp notify profile snmpprof_rfdetect send RFDetectSpoofedSsidAPTraps success change accepted DWS 1008 set snmp notify profile snmpprof_rfdetect send RFDetectUnAuthorizedAPTraps success change accepted DWS 1008 set snmp notify profile snmpprof_rfdetect send RFDetectUnAuthorizedOuiTraps success change accepted DWS 1008 set snmp notify profile snmpprof_rf...

Страница 143: ... a value on the target itself You can specify a number from 1 to 10 ip addr udp port number IP address of the server You also can specify the UDP port number to send notifications to username USM username This option is applicable only when the SNMP version is usm If the user will send informs rather than traps you also must specify the snmp engine id of the target snmp engine id SNMP engine ID of...

Страница 144: ...e target This ID is local to the switch and does not need to correspond to a value on the target itself You can specify a number from 1 to 10 ip addr udp port number IP address of the server You also can specify the UDP port number to send notifications to username USM username This option is applicable only when the SNMP version is usm profile profile name Notification profile this SNMP user will...

Страница 145: ...fies the number of times the MSS SNMP engine will resend a notification that has not been acknowledged by the target You can specify from 0 to 3 retries timeout num Specifies the number of seconds MSS waits for acknowledgement of a notification You can specify from 1 to 5 seconds SNMPv2c with Traps To configure a notification target for traps from SNMPv2c use the following command Syntax set snmp ...

Страница 146: ...fault number of retries is 0 and the default timeout is 2 seconds Access Enabled Usage The inform or trap option specifies whether the MSS SNMP engine expects the target to acknowledgenotificationssenttothetargetbytheswitch Useinformifyouwantacknowledgements Use trap if you do not want acknowledgements The inform option is applicable to SNMP version v2c or usm only Examples The following command c...

Страница 147: ...mples The following command enables all SNMP versions DWS 1008 set snmp protocol all enable success change accepted See Also set ip snmp server set snmp community set snmp notify target set snmp notify profile set snmp security set snmp usm show snmp status set snmp security Sets the minimum level of security MSS requires for SNMP message exchanges Syntax set snmp security unsecured authenticated ...

Страница 148: ...mp community set snmp notify target set snmp notify profile set snmp protocol set snmp usm show snmp status set snmp usm Creates a USM user for SNMPv3 Note This command does not apply to SNMPv1 or SNMPv2c For these SNMP versions use the set snmp community command to configure community strings Syntax set snmp usm usm username snmp engine id ip ip addr local hex hex string access read only read not...

Страница 149: ...ch s system IP address access read only read notify Specifies the access level of the user notify only read write notify read write read only An SNMP management application using the string can get read object values on the switch but cannot set write them read notify An SNMP management application using the string can get object values on the switch but cannot set them The switch can use the stri...

Страница 150: ... long with no spaces To specify a key use the auth key hex string option encrypt type none des Specifies the encryption type used for SNMP traffic You can 3des aes specify for SNMP traffic You can specify one of the following encrypt pass phrase string encrypt key hex string none No encryption is used This is the default des Data Encryption Standard DES encryption is used 3des Triple DES encryptio...

Страница 151: ...mp usm securesnmpmgr1 snmp engine id ip 192 168 40 2 auth type sha auth pass phrase myauthpword encrypt type 3des encrypt pass phrase mycryptpword success change accepted See Also clear snmp usm set ip snmp server set snmp community set snmp notify target set snmp notify profile set snmp protocol set snmp security show snmp usm set summertime Offsets the real time clock of a switch by 1 hour and r...

Страница 152: ...arting at 2 00 a m on the first Sunday in April and ending at 2 00 a m on the last Sunday in October according to the North American standard Access Enabled Usage You must first set the time zone with the set timezone command for the offset to work properly without the start and end values Configure summertime before you set the time and date Otherwise summertime s adjustment of the time will make...

Страница 153: ... decimal notation The address must be configured on one of the DWS 1008 switch s VLANs Defaults None Access Enabled Usage You must use an address that is configured on one of the switch s VLANs To display the system IP address use the show system command Examples The following commands configure an IP interface on VLAN taupe and configure the interface to be the system IP address DWS 1008 set inte...

Страница 154: ... time and date Configure summertime before you set the time and date Otherwise summertime s adjustment of the time will make the time incorrect if the date is within the summertime period Examples The following command sets the date to March 13 2003 and time to 11 11 12 DWS 1008 set timedate date feb 29 2004 time 23 58 00 Time now is Sun Feb 29 2004 23 58 02 PST See Also clear summertime clear tim...

Страница 155: ...To set the time zone for Pacific Standard Time PST type the following command DWS 1008 set timezone PST 8 Timezone is set to PST offset from UTC is 8 0 hours See Also clear summertime clear timezone set summertime set timedate show summertime show timedate show timezone show arp Displays the ARP table Syntax show arp ip addr ip addr IP address Defaults If you do not specify an IP address the whole...

Страница 156: ...NT Entry does not age out and remains in the configuration even following a reboot STATIC Entry does not age out but is removed after a reboot State Entry state RESOLVING MSS sent an ARP request for the entry and is waiting for the reply RESOLVED Entry is resolved See Also set arp set arp agingtime show dhcp client Displays DHCP client information for all VLANs Syntax show dhcp client Defaults Non...

Страница 157: ...ide an address DHCP Server IP address of the DHCP server DNS Servers DNS server IP address es received from the DHCP server DNS Domain Name Default DNS domain name received from the DHCP server See Also set interface dhcp client show dhcp server Displays MSS DHCP server information Syntax show dhcp server interface vlan id verbose interface vlan id Displays the IP addresses leased by the specified...

Страница 158: ...holds the lease for the address Lease Remaining Number of seconds remaining before the address lease expires Field Description Interface VLAN name and number Status Status of the interface UP DOWN Address Range Range from which the server can lease addresses Hardware Address MAC address of the DHCP client State State of the address lease SUSPEND MSS is checking for the presence of another DHCP ser...

Страница 159: ... vlan id VLAN name or number Defaults If you do not specify a VLAN ID interfaces for all VLANs are displayed Access All Usage The IP interface table flags an address assigned by a DHCP server with an asterisk Examples The following command displays all the IP interfaces configured on a switch DWS 1008 show interface VLAN Name Address Mask Enabled State RIB 1 default 10 10 10 10 255 255 255 0 YES U...

Страница 160: ...me all aliases are displayed Access Enabled Examples The following command displays all the aliases configured on a switch DWS 1008 show ip alias Name IP Address HR1 192 168 1 2 payroll 192 168 1 3 radius1 192 168 7 2 The table below describes the fields in this display Field Description Name Alias string IP Address IP address associated with the alias See Also clear ip alias set ip alias ...

Страница 161: ...DNS Status enabled IP Address Type 10 1 1 1 PRIMARY 10 1 1 2 SECONDARY 10 1 2 1 SECONDARY The table below describes the fields in this display Field Description Domain Name Default domain name configured on the switch DNS Status Status of the switch s DNS client Enabled Disabled IP Address IP address of the DNS server Type Server type PRIMARY SECONDARY See Also clear ip dns domain clear ip dns ser...

Страница 162: ...nabled Disabled HTTPS is set to use port TCP port number on which the switch listens for HTTPS connections Last 10 connections List of the last 10 devices to establish connections to the switch s HTTPS server IP Address IP address of the device that established the connection Note If a browser connects to a switch from behind a proxy then only the proxy IP address is shown If multiple browsers con...

Страница 163: ... route table DWS 1008 show ip route Router table for IPv4 Destination Mask Proto Metric NH Type Gateway VLAN Interface ___________________________________________________________________________ 0 0 0 0 0 Static 1 Router 10 0 1 17 Down 0 0 0 0 0 Static 2 Router 10 0 2 17 vlan 2 ip 10 0 2 1 24 IP 0 Direct vlan 2 ip 10 0 2 1 32 IP 0 Direct vlan 2 ip 10 0 1 1 24 10 0 2 255 32 IP 0 Direct vlan 2 ip 10...

Страница 164: ...ce that is in the same IP subnet as the next hop router The IP interface must be on a VLAN containing the port that is attached to the default router show ip telnet Displays information about the Telnet management port Syntax show ip telnet Defaults None Access All Examples The following command shows the status and port number for theTelnet management interface to the switch DWS 1008 show ip teln...

Страница 165: ...o the NTP servers for updates Current time System time that was current on the switch when you pressed Enter after typing the show ntp command Timezone Time zone configured on the switch MSS offsets the time reported by the NTP server based on the time zone Note This field is displayed only if you change the time zone Summertime Summertime period configured on the switch MSS offsets the system tim...

Страница 166: ...MP statistics counters Syntax show snmp counters Defaults None Access Enabled show snmp notify profile Displays SNMP notification profiles Syntax show snmp notify profile Defaults None Access Enabled See Also clear snmp notify profile set snmp notify profile show snmp notify target Displays SNMP notification targets Syntax show snmp notify target Defaults None Access Enabled See Also clear snmp no...

Страница 167: ... See Also set snmp community set snmp notify target set snmp notify profile set snmp protocol set snmp security set snmp usm show snmp community show snmp counters show snmp notify profile show snmp notify target show snmp usm show snmp usm Displays information about SNMPv3 users Defaults None Access Enabled See Also clear snmp usm show snmp usm ...

Страница 168: ...yes starting at 2 00 am of first Sunday of April and ending at 2 00 am on last Sunday of October See Also clear summertime clear timezone set summertime set timedate set timezone show timedate show timezone show timedate Shows the date and time of day currently set on a DWS 1008 switch s real time clock Syntax show timedate Defaults None Access All Examples To display the time and date set on a sw...

Страница 169: ...hostname port port num ip addr IP address of the remote device hostname Hostname of the remote device port port num TCP port number on which the TCP server on the remote device listens for Telnet connections Defaults MSS attempts to establish Telnet connections with TCP port 23 by default Access Enabled Usage To end aTelnet session from the remote device press Ctrl t or type exit in the management...

Страница 170: ...r is t Copyright c 2002 2003 D Link Systems Inc Username username Password password DWS 1008 remote show vlan Admin VLAN Tunl Port VLAN Name Status State Affin Port Tag State 1 default Up Up 5 1 none Up 3 red Up Up 5 4 backbone Up Up 5 7 none Up 8 none Up When the administrator presses Ctrl t to end the Telnet connection the management session returns to the local DWS prompt DWS 1008 remote Sessio...

Страница 171: ...ize size Probe packet size in bytes You can specify from 40 through 1460 ttl hops Maximum number of hops which can be from 1 through 255 wait ms Probe wait in milliseconds You can specify from 1 through 100 000 Defaults dnf Disabled no dns Disabled port 33434 queries 3 size 38 ttl 30 wait 5000 Access All Usage To stop a traceroute command that is in progress press Ctrl C Examples The following exa...

Страница 172: ...maximum hop count in its ICMP reply The reply does not arrive at the source until the destination receives a traceroute packet with a maximum hop count equal to the number of hops between the source and destination An asterisk indicates that the timeout period expired before MSS received a Time Exceeded message for the packet If Traceroute receives an ICMP error message other than a Time Exceeded ...

Страница 173: ...n proxy on page 174 clear authentication web on page 175 Local Authorization for set user on page 206 Password Users clear user on page 179 set user attr on page 207 clear user attr on page 180 set usergroup on page 208 clear usergroup on page 181 set user group on page 208 clear user group on page 180 clear usergroup attr on page 182 Local Authorization for set mac user on page 200 MAC Users clea...

Страница 174: ...to a RADIUS server if previously enabled When this command is entered an Accounting Off message is generated and sent to the server or server group specified with the set accounting system command user glob Single user or set of users with administrative access or network access Specify a username use the double asterisk wildcard character to specify all usernames or use the single asterisk wildca...

Страница 175: ... and behavior for the clear authentication admin command are the same as in previous releases Examples The following command clears authentication for administrator Jose DWS 1008 clear authentication admin Jose success change accepted See Also clear authentication console clear authentication dot1x clear authorization mac clear authentication web set authentication admin show aaa clear authenticat...

Страница 176: ...cation console show aaa clear authentication dot1x Removes an 802 1X authentication rule Syntax clear authentication dot1x ssid ssid name wired user glob ssid ssid name SSID name to which this authentication rule applies wired Clears a rule used for access over a switch s wired authentication port user glob User glob associated with the rule you are removing Defaults None Access Enabled Examples T...

Страница 177: ...ses beginning with aa bb cc DWS 1008 clear authentication mac ssid thatcorp aa bb cc See Also clear authentication admin clear authentication console clear authentication dot1x clear authentication web set authentication mac show aaa clear authentication proxy Removes a proxy rule for third party AP users Syntax clear authentication proxy ssid ssid name user glob ssid ssid name SSID name to which ...

Страница 178: ...r authentication admin clear authentication console clear authentication dot1x clear authentication mac set authentication web show aaa clear location policy Removes a rule from the location policy on a switch Syntax clear location policy rule number rule number Index number of a location policy rule to remove from the location policy Defaults None Access Enabled Usage To determine the index numbe...

Страница 179: ...ollowing command removes the user profile for a user at MAC address 01 02 03 04 05 06 DWS 1008 clear mac user 01 02 03 04 05 06 success change accepted See Also set mac usergroup attr set mac user attr show aaa clear mac user attr Removes an authorization attribute from the user profile in the local database on the switch for a user who is authenticated by a MAC address To remove an authorization ...

Страница 180: ...roup profile in RADIUS see the documentation for your RADIUS server Syntax clear mac user mac addr group mac addr MAC address of the user in hexadecimal numbers separated by colons You can omit leading zeros Defaults None Access Enabled Usage Removing a MAC user from a MAC user group removes the group name from the user s profile but does not delete the user group from the local database To remove...

Страница 181: ...ase DWS 1008 clear mac usergroup eastcoasters success change accepted See Also clear mac usergroup attr set mac usergroup attr show aaa clear mac usergroup attr Removes an authorization attribute from a MAC user group in the local database on the switch for a group of users who are authenticated by a MAC address To unconfigure an authorization attribute in RADIUS see the documentation for your RAD...

Страница 182: ...r user Removes a user profile from the local database on the switch for a user with a password To remove a user profile in RADIUS see the documentation for your RADIUS server Syntax clear user username username Username of a user with a password Defaults None Access Enabled Usage Deleting the user s profile from the database deletes the assignment of any attributes in the profile to the user Examp...

Страница 183: ...xamples The following command removes the Session Timeout attribute from Hosni s user profile DWS 1008 clear user Hosni attr session timeout success change accepted See Also set user attr show aaa clear user group Removes a user with a password from membership in a user group in the local database on the switch To remove a user from a user group in RADIUS see the documentation for your RADIUS serv...

Страница 184: ...th passwords To delete a user group in RADIUS see the documentation for your RADIUS server Syntax clear usergroup group name group name Name of an existing user group Defaults None Access Enabled Usage Removing a user group from the local database does not remove the user profiles of the group s members from the database Examples The following command deletes the cardiology user group from the loc...

Страница 185: ...iology attr time of day success change accepted See Also clear usergroup set usergroup show aaa set accounting admin console Sets up accounting services for specified wireless users with administrative access and defines the accounting records and where they are sent Syntax set accounting admin console user glob start stop stop only method1 method2 method3 method4 admin Users with administrative a...

Страница 186: ...an also enter the names of existing RADIUS server groups as methods Defaults Accounting is disabled for all users by default Access Enabled Usage For network users with start stop accounting whose records are sent to a RADIUS server MSS sends interim updates to the RADIUS server when the user roams Examples The following command issues start and stop accounting records at the local database for ad...

Страница 187: ...t apply if mac or last resort is specified For mac specify a mac addr glob mac addr glob A single user or set of users with access via a MAC address Specify a MAC address or use the wildcard character to specify a set of MAC addresses For details see MAC Address Globs on page 7 This option applies only when mac is specified start stop Sends accounting records at the start and end of a network sess...

Страница 188: ...s not valid for this command Defaults By default MSS does not send Accounting On or Accounting Off messages Access Enabled Usage Use this command to configure MSS to send an Accounting On message Acct Status Type 7 to a RADIUS server when the switch starts and an Accounting Off message Acct Status Type 8 to the RADIUS server when the switch is adminstratively shut down When you enable this command...

Страница 189: ...order you enter them A method can be one of the following local Uses the local database of usernames and user groups on the switch for authentication server group name Uses the defined group of RADIUS servers for authentication You can enter up to four names of existing RADIUS server groups as methods none For users with administrative access only MSS performs no authentication but prompts for a u...

Страница 190: ...cal as a secondary AAA method to be used if the RADIUS servers are unavailable and MSS authenticates a client with the local method MSS starts again at the beginning of the method list when attempting to authorize the client This can cause unexpected delays during client processing and can cause the client to time out before completing logon Examples The following command configures administrator ...

Страница 191: ...sers with administrative access only MSS performs no authentication but prompts for a username and password and accepts any combination of entries including blanks Note The authentication method none you can specify for administrative access is different from the fallthru authentication type none which applies only to network access The authentication method none allows access to the switch by an ...

Страница 192: ... success change accepted See Also clear authentication console set authentication admin set authentication dot1x set authentication mac set authentication web show aaa set authentication dot1x Configures authentication and defines how and where it is performed for specified wireless or wired authentication clients who use an IEEE 802 1X authentication protocol to access the network through the swi...

Страница 193: ...cation integrity protected negotiation and key exchange Requires X 509 public key certificates on both sides of the connection Provides encryption and integrity checking for the connection Cannot be used with RADIUS server authentication requires user information to be in the switch s local database peap mschapv2 Protected EAP PEAP with Microsoft Challenge Handshake Authentication Protocol version...

Страница 194: ...igure a rule either for wireless access to an SSID or for wired access through a switch s wired authentication port If the rule is for wireless access to an SSID specify the SSID name or specify any to match on all SSID names If the rule is for wired access specify wired instead of an SSID name You cannot configure client authentication that uses both the EAP TLS protocol and one or more RADIUS se...

Страница 195: ...peap mschapv2 sg1 sg2 sg3 success change accepted See Also clear authentication dot1x set authentication admin set authentication console set authentication mac set authentication web set service profile auth fallthru show aaa set authentication mac Configures authentication and defines where it is performed for specified non 802 1X users with network access through a media access control MAC addr...

Страница 196: ...command MSS applies them in the order in which they appear in the command with these results If the first method responds with pass or fail the evaluation is final If the first method does not respond MSS tries the second method and so on However if local appears first followed by a RADIUS server group MSS ignores any failed searches in the local database and sends an authentication request to the...

Страница 197: ...rnames up to or following the first delimiter character either an at sign or a period For details see User Globs on page 6 radius server group A group of RADIUS servers used for authentication Defaults None Access Enabled Usage AAA for third party AP users has additional configuration requirements Examples The following command configures a proxy authentication rule that matches on all usernames a...

Страница 198: ...ply the rule to all SSIDs type any wired Applies this authentication rule specifically to users connected to a wired authentication port method1 4 At least one and up to four methods that MSS uses to handle authentication Specify one or more of the following methods in priority order MSS applies multiple methods in the order you enter them A method can be one of the following local Uses the local ...

Страница 199: ...n However if local appears first followed by a RADIUS server group MSS overrides any failed searches in the local database and sends an authentication request to the server group MSS uses a WebAAA rule only under the following conditions The client is not denied access by 802 1X or does not support 802 1X The client s MAC address does not match a MAC authentication rule The fallthru type is web po...

Страница 200: ...it rule MSS changes the attributes assigned to the user to the values specified by the following options vlan vlan name Name of an existing VLAN to assign to users with characteristics that match the location policy rule inacl inacl name Name of an existing security ACL to apply to packets sent to the switch with characteristics that match the location policy rule Optionally you can add the suffix...

Страница 201: ...use the single asterisk wildcard character to specify a set of usernames up to or following the first delimiter character either an at sign or a period For details see User Globs on page 6 before rule number Inserts the new location policy rule in front of another rule in the location policy Specify the number of the existing location policy rule To determine the number use the show location polic...

Страница 202: ...cl name and outacl name so that they match the names of security ACLs stored in the local database Examples The following command denies network access to all users at theirfirm com causing them to fail authorization DWS 1008 set location policy deny if user eq theirfirm com The following command authorizes access to the guest_1 VLAN for all users who are not at wodefirm com DWS 1008 set location ...

Страница 203: ...through the switch MSS does not support passwords for MAC users Examples The following command creates a user profile for a user at MAC address 01 02 03 04 05 06 and assigns the user to the eastcoasters user group DWS 1008 set mac user 01 02 03 04 05 06 group eastcoasters success change accepted See Also clear mac user show aaa set mac user attr Assigns an authorization attribute in the local data...

Страница 204: ...access by the client Clients who attempt to use an unauthorized encryption method are rejected Note Encryption Type is a D Link vendor specific attribute VSA The vendor ID is 14525 and the vendor type is 3 One of the following numbers that identifies an encryption algorithm 1 AES_CCM Advanced Encryption Standard using Counter with CBC MAC 2 Reserved 4 TKIP Temporal Key Integrity Protocol 8 WEP_104...

Страница 205: ... mode only In this mode the user can still enter the enable command and the correct enable password to access the enabled mode For administrative sessions the switch always sends 6 Administrative The RADIUS server can reply with one of the values listed above If the service type is not set on the RADIUS server administrative users receive NAS Prompt access and network users receive Framed access s...

Страница 206: ...Monday and Friday Separate values or a series of ranges except time ranges with commas or a vertical bar Do not use spaces The maximum number of characters is 253 For example to allow access only on Tuesdays and Thursdays between 10 a m and 4 p m specify the following time of day tu1000 1600 th1000 1600 To allow access only on weekdays between 9 a m and 5 p m and on Saturdays from 10 p m until 2 a...

Страница 207: ...g message if the value is below 60 seconds Note If both a RADIUS server and the switch supply a value for the acct interim interval attribute then the value from the switch takes precedence Examples The following command assigns input access control list ACL acl 03 to filter the packets from a user at MAC address 01 02 03 04 05 06 DWS 1008 set mac user 01 02 03 04 05 06 attr filter id acl 03 in su...

Страница 208: ...s Enabled Usage To change the value of an attribute enter set mac usergroup attr with the new value To delete an attribute use clear mac usergroup attr You can assign attributes to individual MAC users and to MAC user groups If attributes are configured for a MAC user and also for the group the MAC user is in the attributes assigned to the individual MAC user take precedence for that user For exam...

Страница 209: ... option The encrypted option appears in the configuration because MSS automatically encrypts the password when you create the user unless you use the encrypted option when you enter the password Although MSS allows you to configure a user password for the special last resort guest user the password has no effect Last resort users can never access a switch in administrative mode and never require a...

Страница 210: ...al users and to user groups If attributes are configured for a user and also for the group the user is in the attributes assigned to the individual user take precedence for that user For example if the start date attribute conhefigured for a user is sooner than the start date configured for the user group the user is in the user s network access can begin as soon as the user start date The user do...

Страница 211: ...adds user Hosni to the cardiology user group DWS 1008 set user Hosni group cardiology success change accepted See Also clear user group show aaa set usergroup Creates a user group in the local database on the switch for users and assigns authorization attributes for the group To create user groups and assign authorization attributes in RADIUS see the documentation for your RADIUS server Syntax set...

Страница 212: ...r start date The user does not need to wait for the user group s start date Examples The following command adds the user group cardiology to the local database and assigns all the group members to VLAN crimson DWS 1008 set usergroup cardiology attr vlan name crimson success change accepted See Also clear usergroup clear usergroup attr show aaa set web portal Globally enables or disables WebAAA on ...

Страница 213: ... 77 11 2 UP rs 5 198 162 1 3 1821 1813 42 23 0 UP Server groups sg1 rs 3 sg2 rs 4 sg3 rs 5 Web Portal enabled set authentication admin Jose sg3 set authentication console none set authentication mac ssid mycorp local set authentication dot1x ssid mycorp Geetha eap tls set authentication dot1x ssid mycorp peap mschapv2 sg1 sg2 sg3 set authentication dot1x ssid any peap mschapv2 sg1 sg2 sg3 set acco...

Страница 214: ...to a RADIUS server The default is no key null author pass Password used for authorization to a RADIUS server for MAC authentication The client s MAC address is sent as the username and the author pass string is sent as the password Radius Servers Information about active RADIUS servers Server Name of each RADIUS server currently active Addr IP address of each RADIUS server currently active Ports U...

Страница 215: ... 24bb1223 Acct Session Id SESS 3 01f82f 520236 24bb1223 User Name vineet AAA_ACCT_SVC_ATTR 2 Acct Session Time 551 Event Timestamp 1134520788 Acct Output Octets 3204 Acct Input Octets 1691 Acct Output Packets 20 Acct Input Packets 19 AAA_VLAN_NAME_ATTR default Calling Station Id 00 06 25 12 06 38 Nas Port Id 3 1 Called Station Id 00 0B 0E 00 CC 01 AAA_SSID_ATTR vineet dot1x Dec 14 00 39 53 Acct St...

Страница 216: ...ent during the session Acct Input Octets Number of octets the switch has received during the session Acct Output Packets Number of packets the switch has sent during the session Acct Input Packets Number of packets the switch has received during the session Vlan Name Name of the client s VLAN Calling Station Id MAC address of the supplicant client Nas Port Id Number of the port and radio on the ac...

Страница 217: ...ates the missing ones the first time you boot using MSS Version 4 2 or later You do not need to install certificates unless you want to replace the ones automatically generated by MSS Note Before installing a new certificate verify with the show timedate and show timezone commands that the switch is set to the correct date time and time zone Otherwise certificates might not be installed correctly ...

Страница 218: ...enticates the switch to clients who use WebAAA PEM formatted certificate ASCII text representation of the certificate authority PKCS 7 certificate consisting of up to 5120 characters that you have obtained from the certificate authority Defaults None Access Enabled Usage The Privacy Enhanced Mail protocol PEM format is used for representing a PKCS 7 certificate in ASCII text PEM uses base64 encodi...

Страница 219: ... Syntax crypto certificate admin eap web PEM formatted certificate admin Stores the certificate authority s administrative certificate which authenticates the switch to Web View eap Stores the certificate authority s Extensible Authentication Protocol EAP certificate which authenticates the switch to 802 1X supplicants clients web Stores the certificate authority s WebAAA certificate which authent...

Страница 220: ...DA2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQOEx GjAYBgNVBAMU EXR1Y2hwdWJzQHRycHouY29tMIGfMAOGCSqGSIb3DQ EBAQAA4GNADCBiQKBgQC4 2L8Q9tk G2As84QYLm8wmVY xP56M CUAm908C2foYgOY40 END CERTIFICATE See Also crypto generate request crypto generate self signed crypto generate key Generates an RSA public private encryption key pair that is required for a Certificate Signing Request CSR or a self signed certificate F...

Страница 221: ...4 key pair generated See Also show crypto key ssh crypto generate request Generates a Certificate Signing Request CSR This command outputs a PEM formatted PKCS 10 text string that you can cut and paste to another location for delivery to a certificate authority This command generates either an administrative CSR for use with Web View or an EAP CSR for use with 802 1X clients Syntax crypto generate...

Страница 222: ...hanumeric characters string with no spaces Defaults None Access Enabled Usage To use this command you must already have generated a public private encryption key pair with the crypto generate key command Enter crypto generate request admin crypto generate request eap or crypto generate request web and press Enter When you are prompted type the identifying values in the fields or press Enter if the...

Страница 223: ...certificate for use with 802 1X wireless users Syntax crypto generate self signed admin eap web admin Generates an administrative certificate to authenticate the switch to Web View eap Generates an EAP certificate to authenticate the switch to 802 1X supplicants clients web Generates a WebAAA certificate to authenticate the switch to WebAAA clients After type the command you are prompted for the f...

Страница 224: ...tted like one Email Address Optional Specify your email address in up to 80 alphanumeric string characters with no spaces Unstructured Name Optional Specify any name in up to 80 alphanumeric characters string with no spaces Defaults None Access Enabled Usage To use this command you must already have generated a public private encryption key pair with the crypto generate key command Examples To req...

Страница 225: ...character with no spaces for clients other than Microsoft Windows clients The password must be the same as the password protecting the PKCS 12 object file Note On a switch that handles communications to and from Microsoft Windows clients use a one time password of 31characters or fewer The following characters cannot be used as part of the one time password of a PKCS 12 file Quotation marks Questi...

Страница 226: ...tion url Location of the PKCS 12 object file to be installed Specify a location of between 1 and 128 alphanumeric characters with no spaces Defaults The password you enter with the crypto otp command must be the same as the one protecting the PKCS 12 file Access Enabled Usage To use this command you must have already created a one time password with the crypto otp command You must also have the PK...

Страница 227: ... information about the certificate authority s certificate that signed the WebAAA certificate for the switch The WebAAA certificate authenticates the switch to WebAAA clients Defaults None Access Enabled Examples To display information about the certificate of a certificate authority type the following command DWS 1008 show crypto ca certificate The table below describes the fields in the display ...

Страница 228: ...f signed certificate or obtained a certificate from a certificate authority before displaying information about the certificate Examples To display information about a cryptographic certificate type the following command DWS 1008 show crypto certificate eap The table below describes the fields in the display Crypto Certificate Output Fields Description Version Version of the X 509 certificate Seri...

Страница 229: ...entication key information This command displays the checksum also called a fingerprint of the public key When you connect to the switch with an SSH client you can compare the SSH key checksum displayed by the switch with the one displayed by the client to verify that you really are connected to the switch and not another device Generally SSH clients remember the encryption key after the first con...

Страница 230: ...nt set radius client system ip on page 234 clear radius client system ip on page 229 RADIUS Servers set radius on page 232 set radius server on page 236 clear radius on page 228 clear radius server on page 231 Server Groups set server group on page 238 set server group load balance on page 239 clear server group on page 231 RADIUS Proxy set radius proxy client on page 234 set radius proxy port on ...

Страница 231: ...S server to respond before retransmitting Defaults Global RADIUS parameters have the following default values deadtime 0 zero minutes The switch does not designate unresponsive RADIUS servers as unavailable key No key retransmit 3 the total number of attempts including the first attempt timeout 5 seconds Access Enabled Usage To override the globally set values on a particular RADIUS server use the...

Страница 232: ...responsive RADIUS server unavailable timeout Number of seconds to wait for the RADIUS server to respond before retransmitting Defaults None Access Enabled Usage The clear radius client system ip command causes the switch to use the IP address of the interface through which it sends a RADIUS client request as the source IP address The switch selects a source interface address based on information i...

Страница 233: ... entries from the switch DWS 1008 clear radius proxy client all success change accepted See Also set radius proxy client clear radius proxy port Removes RADIUS proxy ports configured for third party APs Syntax clear radius proxy port all Defaults None Access Enabled Examples The following command clears all RADIUS proxy port entries from the switch DWS 1008 clear radius proxy port all success chan...

Страница 234: ...radius server show aaa clear server group Removes a RADIUS server group from the configuration or disables load balancing for the group Syntax clear server group group name load balance group name Name of a RADIUS server group configured to perform remote AAA services for switches load balance Ability of group members to share demand for services among servers Defaults None Access Enabled Usage De...

Страница 235: ...e encrypted password that is defined on the RADIUS server The password can be 1 to 64 characters long with no spaces or tabs MSS does not encrypt the string you enter and instead displays the string in show config and show aaa output exactly as you entered it Note Use this option only if you are entering the key in its encrypted form To enter the key in unencrypted form use the key string option i...

Страница 236: ...Usage You can specify only one parameter per command line Examples The following commands sets the dead time to 5 minutes the RADIUS key to goody the number of retransmissions to 1 and the timeout to 21 seconds on all RADIUS servers connected to the switch DWS 1008 set radius deadtime 5 success change accepted DWS 1008 set radius key goody success change accepted DWS 1008 set radius retransmit 1 s...

Страница 237: ...See Also clear radius client system ip set system ip address set radius proxy client Adds a RADIUS proxy entry for a third party AP The proxy entry specifies the IP address of the AP and the UDP ports on which the switch listens for RADIUS traffic from the AP Syntax set radius proxy client address ip address acct port acct udp port number port udp port number key string address ip address IP addre...

Страница 238: ...IUS proxy for the SSID supported by the AP Syntax set radius proxy port port list tag tag value ssid ssid name port port list Switch port s connected to the third party AP tag tag value 802 1Q tag value in packets sent by the third party AP for the SSID ssid ssid name SSID supported by the third party AP Defaults None Access Enabled Usage AAA for third party AP users has additional configuration r...

Страница 239: ...ve RADIUS server unavailable You can specify from 1 to 100 retries deadtime minutes Number of minutes the switch waits after declaring an unresponsive RADIUS server unavailable before retrying that RADIUS server Specify between 0 zero and 1440 minutes 24 hours A zero value causes the switch to identify unresponsive servers as available key string Password shared secret key the switch uses to authe...

Страница 240: ... parameters for a given RADIUS server To configure the server as a remote authenticator for the switch you must add it to a server group with the set server group command Do not use the same name for a RADIUS server and a RADIUS server group Examples To set a RADIUS server named RS42 with IP address 198 162 1 1 to use the default accounting and authorization ports with a timeout interval of 30 sec...

Страница 241: ...ur server names server name2 server name3 server name4 Defaults None Access Enabled Usage You must assign all group members simultaneously as shown in the example To enable load balancing use set server group load balance enable Do not use the same name for a RADIUS server and a RADIUS server group Examples To set server group shorebirds with members heron egret and sandpiper type the following co...

Страница 242: ...t one on the list and skipping unresponsive servers If no server in the group responds MSS moves to the next method configured with set authentication and set accounting In contrast if load balancing is not configured MSS always begins with the first server in the list and sends unfulfilled requests to each subsequent server in the group before moving on to the next configured AAA method Examples ...

Страница 243: ...ntrol clear dot1x port control on page 242 set dot1x authcontrol on page 245 Keys set dot1x key tx on page 247 set dot1x tx period on page 251 clear dot1x tx period on page 245 set dot1x wep rekey on page 252 set dot1x wep rekey period on page 252 Bonded Authentication clear dot1x bonded period on page 241 set dot1x bonded period on page 246 Reauthentication set dot1x reauth max on page 249 clear ...

Страница 244: ...eriod success change accepted See Also set dot1x bonded period show dot1x clear dot1x max req Resets to the default setting the number of Extensible Authentication Protocol EAP requests that the switch retransmits to a supplicant client Syntax clear dot1x max req Defaults The default number is 20 Access Enabled Examples To reset the number of 802 1X requests the switch can send to the default sett...

Страница 245: ...d returns port control to the method configured This command applies only to wired authentication ports Examples Type the following command to reset the wired authentication port control DWS 1008 clear dot1x port control success change accepted See Also set dot1x port control show dot1x clear dot1x quiet period Resets the quiet period after a failed authentication to the default setting Syntax cle...

Страница 246: ...default DWS 1008 clear dot1x reauth max success change accepted See Also set dot1x reauth max show dot1x clear dot1x reauth period Resets the time period that must elapse before a reauthentication attempt to the default time period Syntax clear dot1x reauth period Defaults The default is 3600 seconds 1hour Access Enabled Examples Type the following command to reset the default reauthentication tim...

Страница 247: ...eout auth server success change accepted See Also set dot1x timeout auth server show dot1x clear dot1x timeout supplicant Resets to the default setting the number of seconds that must elapse before the switch times out an authentication session with a supplicant client Syntax clear dot1x timeout supplicant Defaults The default for the authentication timeout sessions is 30 seconds Access Enabled Ex...

Страница 248: ...uration on wired authentication ports Syntax set dot1x authcontrol enable disable enable Allows all wired authentication ports running 802 1X to use the authentication specified per port by the set dot1X port control command disable Forcesallwiredauthenticationportsrunning802 1Xtounconditionally accept all 802 1X authentication attempts with an EAP Success message ForceAuth Defaults By default aut...

Страница 249: ...ture Access Enabled Usage Normally the Bonded Auth period needs to be set only if the network has Bonded Auth clients that use dynamic WEP or use WEP 40 or WEP 104 encryption with WPA or RSN These clients can be affected by the 802 1X reauthentication parameter or the RADIUS Session Timeout parameter D Link recommends that you try 60 seconds and change the period to a longer value only if clients ...

Страница 250: ...on enabled See Also show dot1x set dot1x max req Sets the maximum number of times the switch retransmits an EAP request to a supplicant client before ending the authentication session Syntax set dot1x max req number of retransmissions number of retransmissions Specify a value between 0 and 10 Defaults The default number of EAP retransmissions is 2 Access Enabled Usage To support SSIDs that have bo...

Страница 251: ...ditionally reject all 802 1X authentication attempts with an EAP failure message auto Allows the specified wired authentication ports to process 802 1X authentication normally as determined for the user by the set authentication dot1X command port list One or more wired authentication ports for which to set 802 1X port control Defaults By default wired authentication ports are set to auto Access E...

Страница 252: ...umber of reauthentication attempts that the switch makes before the supplicant client becomes unauthorized Syntax set dot1x reauth max number of attempts number of attempts Specify a value between 1 and 10 Defaults The default number of reauthentication attempts is 2 Access Enabled Usage If the number of reauthentications for a wired authentication client is greater than the maximum number of reau...

Страница 253: ...However if the global reauthentication timeout is shorter than the session timeout MSS uses the global timeout instead Examples Type the following command to set the number of seconds to 100 before reauthentication is attempted DWS 1008 set dot1x reauth period 100 success dot1x auth server timeout set to 100 See Also clear dot1x reauth period show dot1x set dot1x timeout auth server Sets the numbe...

Страница 254: ...meout to 300 DWS 1008 set dot1x timeout supplicant 300 success dot1x supplicant timeout set to 300 See Also clear dot1x timeout auth server show dot1x set dot1x tx period Sets the number of seconds that must elapse before the switch retransmits an EAPoL packet Syntax set dot1x tx period seconds seconds Specify a value between 1 and 65 535 Defaults The default is 5 seconds Access Enabled Examples T...

Страница 255: ...thentication is not required for WEP key rotation to take place Broadcast and multicast keys are always rotated at the same time so all members of a given radio VLAN or encryption type receive the new keys at the same time Examples Type the following command to disable WEP key rotation DWS 1008 set dot1x wep rekey disable success wep rekeying disabled See Also set dot1x wep rekey period show dot1x...

Страница 256: ...enticated vlan it EXAMPLE jose 00 05 5d 7e 94 83 Authenticated vlan eng EXAMPLE singh 00 02 2d 86 bd 38 Authenticated vlan eng bard xmple com 00 05 5d 7e 97 b4 Authenticated vlan eng EXAMPLE havel 00 05 5d 7e 98 1a Authenticated vlan eng EXAMPLE nash 00 0b be a9 dc 4e Authenticated vlan pm xalik xmple com 00 05 5d 7e 96 e3 Authenticated vlan eng EXAMPLE mishan 00 02 2d 6f 44 77 Authenticated vlan ...

Страница 257: ...802 1X parameter setting supplicant timeout 30 auth server timeout 30 quiet period 5 transmit period 5 reauthentication period 3600 maximum requests 2 key transmission enabled reauthentication enabled authentication control enabled WEP rekey period 1800 WEP rekey enabled Bonded period 60 port 5 authcontrol auto max sessions 16 port 6 authcontrol auto max sessions 1 port 7 authcontrol auto max sess...

Страница 258: ...state wildcard transitions Success While Authenticating Number of times the switch state transitions from AUTHENTICATING from AUTHENTICATED as a result of an EAP Response Identity message being received from the supplicant client Timeouts While Authenticating NumberoftimesthattheswitchstatewildcardtransitionsfromAUTHENTICATING to ABORTING Failures While Authenticating Numberoftimesthattheswitchsta...

Страница 259: ...administrative access to the switch through a Telnet or SSH connection or a console plugged into the switch console Clears sessions for all users with administrative access to the switch through a console plugged into the switch telnet Clears sessions for all users with administrative access to the switch through a Telnet connection telnetclient Clears all Telnet client sessions from the CLI to re...

Страница 260: ...pecify a set of usernames up to or following the first delimiter character either an at sign or a period For details see User Globs on page 6 mac addr Clears all network sessions for a MAC address Specify a MAC address in mac addr glob hexadecimal numbers separated by colons or use the wildcard character to specify a set of MAC addresses For details see MAC Address Globs on page 7 vlan vlan glob C...

Страница 261: ...racters Jo type the following command DWS 1008 clear sessions network user Jo To clear the sessions of all users on VLAN red type the following command DWS 1008 clear sessions network vlan red See Also show sessions show sessions network show sessions Displays session information and statistics for all users with administrative access to the switch or for administrative users with either console o...

Страница 262: ... SSH 3 admin sessions To view information about console users sessions type the following command DWS 1008 show sessions console Tty Username Time s console 8573 1 console session To view information about Telnet users sessions type the following command DWS 1008 show sessions telnet TTty Username Time s tty2 sea 7395 To view information about Telnet client sessions type the following command DWS ...

Страница 263: ...nt side of the session See Also clear sessions show sessions network Displays summary or verbose information about all network sessions or network sessions for a specified username or set of usernames MAC address or set of MAC addresses VLAN or set of VLANs or session ID Syntax Syntax show sessions network user user glob mac addr mac addr glob ssid ssid name vlan vlan glob session id session id wi...

Страница 264: ...ed by username MAC address or VLAN name Defaults None Access All Usage MSS displays information about network sessions in three types of displays See the following tables for field descriptions Summary display Verbose display show sessions network session id display Authorization attribute values can be changed during authorization If the values are changed show sessions output shows the values th...

Страница 265: ...el 13 10 10 10 40 vlan eng 1 2 2 sessions match criteria of 3 total The following command displays verbose output about the sessions of all current network users DWS 1008 show sessions network verbose User Sess IP or MAC VLAN Port Name ID Address Name Radio SHUTTLE2 exmpl 3 10 8 255 8 default 7 1 Client MAC 00 0b 7d 26 b1 fb GID SESS 3 00040c 287058 657673d4 State ACTIVE prev AUTHORIZED now on 172...

Страница 266: ...t packets out 18 Unicast bytes out 2627 Multicast packets in 0 Multicast bytes in 0 Number of packets with encryption errors 0 Number of bytes with encryption errors 0 Last packet data rate 48 Last packet signal strength 60 dBm Last packet data S N ratio 35 Protocol 802 11 Session CAC disabled Field Description User Name Up to 30 characters of the name of the authenticated user of this session Not...

Страница 267: ...about the AP and radio the session is currently on IP address and port number of the switch managing the AP Serial number and radio number of the AP Amount of time the session has been on this AP from Shows information about the APs from which the session has roamed See the descriptions above for the now on field Host name Host name of the user s networking device Vlan Name and other attributes if...

Страница 268: ...ailure entry of a clear command or some other event SSID Name of the SSID the user is on Port Radio Number of the port and radio through which the user is accessing this session MAC address MAC address of the session user User Name Name of the authenticated user of this session IP Address IP address of the session user Vlan Name Name of the VLAN associated with the session Tag System wide supporte...

Страница 269: ... number of decryption failures Number of bytes with encryption errors Total number of bytes with decryption errors Last packet data rate Data transmit rate in megabits per second Mbps of the last packet received by the access point Last packet signal strength Signal strength in decibels referred to 1milliwatt dBm of the last packet received by the access point Last packet data S N ratio Signal to ...

Страница 270: ... 275 show rfdetect data on page 280 show rfdetect visible on page 283 show rfdetect counters on page 278 Countermeasures show rfdetect countermeasures on page 277 Permitted Vendor List set rfdetect vendor list on page 274 show rfdetect vendor list on page 282 clear rfdetect vendor list on page 269 Permitted SSID List set rfdetect ssid list on page 273 show rfdetect ssid list on page 282 clear rfde...

Страница 271: ...ee Also set rfdetect attack list show rfdetect attack list clear rfdetect ignore Removes a device from the ignore list for RF scans MSS does not generate log messages or traps for the devices in the ignore list Syntax clear rfdetect ignore mac addr mac addr Basic service set identifier BSSID which is a MAC address of the device to remove from the ignore list Defaults None Access Enabled Examples T...

Страница 272: ...detect ssid list clear rfdetect vendor list Removes an entry from the permitted vendor list Syntax clear rfdetect vendor list client ap all mac addr all macs client ap all Specifies whether the entry is for an AP brand or a client brand or both types mac addr all macs Organizationally Unique Identifier OUI to remove or all of them Defaults None Access Enabled Examples The following command removes...

Страница 273: ...o countermeasures In this case devices found to be rogues by other means such as policy violations or by determining that the device is providing connectivity to the wired network are not attacked Examples The following command adds MAC address aa bb cc 44 55 66 to the attack list DWS 1008 set rfdetect attack list 11 22 33 44 55 66 success MAC 11 22 33 44 55 66 is now in attacklist See Also clear ...

Страница 274: ...d during an RF scan Access Enabled Usage Use this command to identify third party APs and other devices you are already aware of and do not want MSS to report following RF scans If you try to initiate countermeasures against a device on the ignore list the ignore list takes precedence and MSS does not issue the countermeasures Countermeasures apply only to rogue devices If you add a device that MS...

Страница 275: ... log buffer command to display the messages in the seed switch s log message buffer Examples The following command enables RF detection logging for the Mobility Domain managed by this seed switch DWS 1008 set rfdetect log enable success rfdetect logging is enabled See Also show log buffer set rfdetect signature Enables AP signatures An AP signature is a set of bits in a management frame sent by an...

Страница 276: ...me SSID name you want to add to the permitted SSID list Defaults The permitted SSID list is empty by default and all SSIDs are allowed However after you add an entry to the list MSS allows traffic only for the SSIDs that are on the list Access Enabled Usage The permitted SSID list applies only to the switch on which the list is configured Switches do not share permitted SSID lists If you add a dev...

Страница 277: ...permitted vendor list applies only to the switch on which the list is configured Switches do not share permitted vendor lists If you add a device that MSS has classified as a rogue to the permitted vendor list but not to the ignore list MSS can still classify the device as a rogue Adding an entry to the permitted vendor list merely indicates that the device is from an allowed vendor However to cau...

Страница 278: ...client black list Syntax show rfdetect black list Defaults None Access Enabled Examples The following example shows the client black list on switch DWS 1008 show rfdetect black list Total number of entries 1 Blacklist MAC Type Port TTL 11 22 33 44 55 66 configured 11 23 34 45 56 67 assoc req flood 3 25 See Also clear rfdetect black list set rfdetect black list show rfdetect clients Displays the wi...

Страница 279: ...ress 00 0c 41 63 fd 6d Vendor Linksys Port dap 1 Radio 1 Channel 11 RSSI 82 Rate 2 Last Seen secs ago 84 Bssid 00 0b 0e 01 02 00 Vendor D Link Type intfr Dst ff ff ff ff ff ff Last Rogue Status Check secs ago 3 The first line lists information for the client The other lines list information about the most recent 802 11 packet detected from the client show rfdetect clients Output Field Description ...

Страница 280: ...gue client is associated Vendor Company that manufactures or sells the AP with which the rogue client is associated Typ Classification of the rogue device rogue Wireless device that is on the network but is not supposed to be on the network intfr Wireless device that is not part of your network and is not a rogue but might be causing RF interference with AP radios known Device that is a legitimate...

Страница 281: ...the network intfr Wireless device that is not part of your network and is not a rogue but might be causing RF interference with AP radios known Device that is a legitimate member of the network Countermeasures Radio MAC MAC address of the D Link radio sending countermeasures against the rogue IPaddr System IP address of the switch that is managing the AP that is sending or will send countermeasure...

Страница 282: ...lood 0 0 802 11 mgmt type f flood 0 0 802 11 association flood 0 0 802 11 reassociation flood 0 0 802 11 disassociation flood 0 0 Weak wep initialization vectors 0 0 Spoofed access point mac address attacks 0 0 Spoofed client mac address attacks 0 0 Ssid masquerade attacks 1 12 Spoofed deauthentication attacks 0 0 Spoofed disassociation attacks 0 0 Null probe responses 626 11380 Broadcast deauthen...

Страница 283: ...the devices detected by this switch during the most recent RF detection scan DWS 1008 show rfdetect data Total number of entries 197 Flags i infrastructure a ad hoc c CCMP t TKIP 1 104 bit WEP 4 40 bit WEP w WEP non WPA BSSID Vendor Type Port Radio Flags RSSI Age SSID Ch 00 07 50 d5 cc 91 Cisco intfr 3 1 6 i w 61 6 r27 cisco1200 2 00 07 50 d5 dc 78 Cisco intfr 3 1 6 i w 82 6 r116 cisco1200 2 00 09...

Страница 284: ...nnection number is labeled dap This stands for distributed ap Flags Classification and encryption information for the rogue The i a or u flag indicates the classification The other flags indicate the encryption used by the rogue For flag definitions see the key in the command output RSSI Received signal strength indication RSSI the strength of the RF signal detected by the AP radio in decibels ref...

Страница 285: ... entries 3 SSID mycorp corporate guest See Also clear rfdetect ssid list set rfdetect ssid list show rfdetect vendor list Displays the entries in the permitted vendor list Syntax show rfdetect vendor list Defaults None Access Enabled Examples The following example shows the permitted vendor list on switch DWS 1008 show rfdetect vendor list Total number of entries 1 OUI Type aa bb cc 00 00 00 clien...

Страница 286: ...splay neighboring BSSIDs radio 1 Shows neighbor information for radio 1 radio 2 Shows neighbor information for radio 2 This option does not apply to single radio models Defaults None Access Enabled Usage If a D Link radio is supporting more than one SSID each of the corresponding BSSIDs is listed separately Examples To following command displays information about the rogues detected by radio 1 on ...

Страница 287: ...to 1 milliwatt dBm Flags Classification and encryption information for the rogue The i a or u flag indicates the classification The other flags indicate the encryption used by the rogue For flag definitions see the key in the command output SSID SSID used by the detected device See Also show rfdetect data test rflink Provides information about the RF link between the switch and the client based on...

Страница 288: ...s in this display Field Description Packets Sent The number of test packets sent from the switch to the client Packets Rcvd The number of test packets acknowledged by the client RSSI Received signal strength indication RSSI the strength of the RF signal from the client in decibels referred to 1 milliwatt dBm SNR Signal to noise ratio SNR in decibels dB of the data received from the client RTT micr...

Страница 289: ...ion on page 302 set boot configuration file on page 301 set boot backup configuration on page 301 show boot on page 302 clear boot config on page 288 clear boot backup configuration on page 288 File Management dir on page 292 copy on page 289 md5 on page 296 delete on page 291 mkdir on page 296 rmdir on page 299 Configuration File save config on page 300 load config on page 295 show config on page...

Страница 290: ...f you also want to back up or restore WebAAA pages backup configuration files image files and any other files stored in the user files area of nonvolatile storage The maximum supported file size is 32MB If the file size of the tarball is too large delete unnecessary files such as unneeded copies of system image files and try again or use the critical option instead of the all option Neither option...

Страница 291: ...ot time a backup configuration file is not used Syntax clear boot backup configuration Defaults None Access Enabled Usage You can create an archive located on a TFTP server or in the switch s nonvolatile storage If you specify a TFTP server as part of the filename the archive is copied directly to the TFTP server and not stored locally on the switch Examples The following command clears the name s...

Страница 292: ...o a new filename in nonvolatile storage Syntax copy source url destination url source url Name and location of the file to copy The uniform resource locator URL can be one of the following subdirname filename file subdirname filename tftp ip addr subdirname filename tmp filename For the filename specify between 1 and 128 alphanumeric characters with no spaces Enter the IP address in dotted decimal...

Страница 293: ...and copies a file called floormx from nonvolatile storage to a TFTP server DWS 1008 copy floormx tftp 10 1 1 1 floormx success sent 365 bytes in 0 401 seconds 910 bytes sec The following command copies a file called closetmx from a TFTP server to nonvolatile storage DWS 1008 copy tftp 10 1 1 1 closetmx closetmx success received 637 bytes in 0 253 seconds 2517 bytes sec The following command copies...

Страница 294: ...y specify the subdirectory name followed by a forward slash in front of the filename For example subdir_a file_a Defaults None Access Enabled Usage You might want to copy the file to a TFTP server as a backup before deleting the file Examples The following commands copy file testconfig to a TFTP server and delete the file from nonvolatile storage DWS 1008 copy testconfig tftp 10 1 1 1 testconfig s...

Страница 295: ...e boot1 partition Defaults None Access Enabled Examples The following command displays the files in the root directory DWS 1008 dir file Filename Size Created file configuration 48 KB Jul 12 2005 15 02 32 file corp2 corp2cnfig 17 KB Mar 14 2005 22 20 04 corp_a 512 bytes May 21 2004 19 15 48 file dangcfg 14 KB Mar 14 2005 22 20 04 old 512 bytes May 16 2004 17 23 44 file pubsconfig april062005 40 KB...

Страница 296: ... 2004 17 23 44 file pubsconfig april062005 40 KB May 09 2005 21 08 30 file sysa_bak 12 KB Mar 15 2005 19 18 44 file testback 28 KB Apr 19 2005 16 37 18 Total 159 Kbytes used 207663 Kbytes free The following command limits the output to the contents of the tmp core subdirectory DWS 1008 dir core file Filename Size Created core command_audit cur 37 bytes Aug 28 2005 21 11 41 Total 37 bytes used 9170...

Страница 297: ... agent agent file agent directory directory agent file Name of a zip file on the switch containing SODA agent files directory Directory on the switch where SODA agent files are to be installed The command automatically creates this directory Defaults None Access Enabled Usage Use this command to install a zip file containing SODA agent files into a directory on the switch Prior to installing the S...

Страница 298: ...ot load a configuration file directly from a TFTP server If you do not specify a filename MSS uses the same configuration filename that was used for the previous configuration load For example if the switch used configuration for the most recent configuration load MSS uses configuration again unless you specify a different filename To display the filename of the configuration file MSS loaded durin...

Страница 299: ...t the file does not exist Examples The following command calculates the checksum for image file MX040003 020 in boot partition 0 DWS 1008 md5 boot0 MX040003 020 MD5 boot0 MX040003 020 b9cf7f527f74608e50c70e8fb896392a See Also copy dir mkdir Creates a new subdirectory in nonvolatile storage Syntax mkdir subdirname subdirname Subdirectory name Specify between 1 and 32 alphanumeric characters with no...

Страница 300: ...4 18 01 02 Boot0 Total 8928 Kbytes used 3312 Kbytes free Boot1 Total 8197 Kbytes used 4060 Kbytes free temporary files Filename Size Created Total 0 bytes used 93537 Kbytes free See Also dir rmdir reset system Restarts a switch and reboots the software Syntax reset system force force Immediately restarts the system and reboots without comparing the running configuration to the configuration file D...

Страница 301: ...copies the files from the archive onto the switch Syntax restore system tftp ip addr filename all critical force tftp ip addr filename Name of the archive file to load The archive can be located in the switch s nonvolatile storage or on a TFTP server all Restores system files and the user files from the archive critical Restores system files only including the configuration file used when booting ...

Страница 302: ... another switch Caution Do not use the force option unless you are certain you want to replace the switch s files with files from another switch If you restore one switch s system files onto another switch you must generate new key pairs and certificates on the switch If the configuration running on the switch is different from the one in the archive or you renamed the configuration file and you w...

Страница 303: ... last reboot Access Enabled Usage If you do not specify a filename MSS replaces the configuration file loaded during the most recent reboot To display the filename of the configuration file MSS loaded during the most recent reboot use the show boot command The command completely replaces the specified configuration file with the running configuration Examples The following command saves the runnin...

Страница 304: ...onfiguration backup cfg success backup boot config filename set See Also clear boot backup configuration show boot set boot configuration file Changes the configuration file to load after rebooting Syntax set boot configuration file filename filename Filename Specify between 1 and 128 alphanumeric characters with no spaces To load the file from a subdirectory specify the subdirectory name followed...

Страница 305: ... command Examples The following command sets the boot partition for the next software reload to partition 1 DWS 1008 set boot partition boot1 success Boot partition set to boot1 show boot Displays the system image and configuration filenames used after the last reboot and configured for use after the next reboot Syntax show boot Defaults None Access Enabled Examples The following command shows the...

Страница 306: ...t configuration file next time the software is rebooted Booted version Software version the switch is running Booted image Boot partition and image filename MSS used the last time the software was rebooted MSS is running this software image Booted configuration Configuration filename MSS used to load the configuration the last time the software was rebooted See Also clear boot config reset system ...

Страница 307: ...use the all option the display also includes commands for configuration items that are set to their default values Examples The following command shows configuration information for VLANs DWS 1008 show config area vlan Configuration nvgen d at 2004 5 21 19 36 48 Image 3 0 0 Model switch Last change occurred at 2004 5 21 18 20 50 set vlan 1 port 1 See Also load config save config show version Displ...

Страница 308: ...lowing command displays additional software build information and access point information DWS 1008 show version details Mobility System Software Version 4 1 0 QA 67 Copyright c 2002 2003 2004 2005 D Link Inc All rights reserved Build Information build 67 TOP 2005 07 21 04 41 00 Label 4 1 0 67_072105_MX20 Build Suffix d O1 Model DWS 1008 Hardware Mainboard version 24 revision 3 FPGA version 24 CPU...

Страница 309: ...dware firmware and software versions uninstall soda agent Removes the contents of a directory containing SODA agent files Syntax uninstall soda agent agent directory directory directory Directory on the switch where SODA agent files are to be removed Defaults None Access Enabled Usage Use this command to remove a SODA agent directory and all of its contents All files in the specified directory are...

Страница 310: ...figure all DWL 8220AP access points clear ap dap radio Disables an DWL 8220AP radio and resets it to its factory default settings Syntax clear ap port list dap dap num radio 1 2 all ap port list dap dap num radio 1 radio 2 radio all Defaults The clear ap radio command resets the radio to the default settings Usage When you clear a radio MSS performs the following actions Clears the transmit power ...

Страница 311: ...Usage When the static IP configuration is cleared for a Distributed AP the next time the Distributed AP is rebooted it uses the standard boot process Examples The following command clears the static IP address configuration for Distributed AP 1 DWS 1008 clear dap 1 boot configuration This will clear specified DAP devices Would you like to continue y n n y success change accepted See Also set dap b...

Страница 312: ...use this profile must be disabled before you can delete the profile Examples The following commands disable the radios that are using radio profile rp1 and reset the beaconed interval parameter to its default value DWS 1008 set radio profile rp1 mode disable DWS 1008 clear radio profile rp1 beacon interval success change accepted The following commands disable the radios that are using radio profi...

Страница 313: ...he radio profile use the clear radio profile name service profile name command Resets the directory for Sygate On Demand SODA agent files to the default directory By default the directory name for SODA agent files is the same as the service profile name Resets the page that is loaded when a client fails the checks performed by the SODA agent By default the page is generated dynamically Disablesuse...

Страница 314: ...ess change accepted See Also clear radio profile set radio profile mode show service profile reset ap dap Restarts an access point Syntax reset ap port list dap dap num ap port list dap dap num Defaults None Access Enabled Usage When you enter this command the AP drops all sessions and reboots Examples The following command resets the AP on port 4 DWS 1008 reset ap 4 This will reset specified AP d...

Страница 315: ...ses the default radio profile by default You can change the profile using the set dap auto radio radio profile command You can use set dap auto commands to change settings for the parameters listed in the following table The commands are listed in the See Also section Parameter Default Value AP Parameters bias high blink Not shown in show dap config output disable force image download None group l...

Страница 316: ... profile set ap dap upgrade firmware set dap auto mode Enables an DWS 1008 s profile for automatic Distributed AP configuration Syntax set dap auto mode enable disable enable disable Defaults The AP configuration profile is disabled by default Access Enabled Usage You must use the set dap auto command to create the profile before you can enable it Examples The following command enables the profile...

Страница 317: ...onfiguration of Auto AP 10 into a permanent configuration DWS 1008 set dap auto persistent 10 success change accepted See Also set dap auto set dap auto mode set dap auto radiotype Converts the configuration of the Distributed AP that has the specified connection number into a permanent configuration Converts the configurations of all Auto APs being managed by the switch into permanent configurati...

Страница 318: ...AP Syntax set ap port list dap dap num auto bias high low ap port list dap dap num dap auto high low Defaults The default bias is high Access Enabled Usage High bias is preferred over low bias Bias applies only to DWS 1008 switches that are indirectly attached to the AP through an intermediate Layer 2 or Layer 3 network An AP always attempts to boot on AP port 1 first and if a DWS 1008 is directly...

Страница 319: ... with high bias for the AP becomes available The following command changes the bias for a Distributed AP to low DWS 1008 set dap 1 bias low success change accepted See Also show ap dap config set ap dap blink Enables or disables LED blink mode on a DWL 8220AP access point to make it easy to identify When blink mode is enabled on DWL 8220AP xxx models the health and radio LEDs alternately blink gre...

Страница 320: ...rather than a using a manually assigned IP address Access Enabled Usage Normally DistributedAPsuseDHCPtoobtainIPaddressinformation Insomeinstallations DHCP may not be available In this case you can assign static IP address information to the AP including the AP s IP address and netmask and default gateway If the manually assigned IP information is incorrect the AP uses DHCP to obtain its IP addres...

Страница 321: ...le Defaults By default APs use the process described in Default AP Boot Process in the D Link Mobility System Software Configuration Guide to boot from a DWS 1008 instead of using a manually specified DWS 1008 Access Enabled Usage When you specify a boot switch for a distributed AP to boot from it boots using the process described in AP Boot Process Using Static IP Configuration in the D Link Mobi...

Страница 322: ...ted AP 1 to use the DWS switch with the name dws2 as its boot device The DNS server at 172 16 0 1 is used to resolve the name of the DWS switch DWS 1008 set dap 1 boot switch name dws2 dns 172 16 0 1 mode enable success change accepted See Also clear dap boot configuration set dap boot ip set dap boot vlan show dap boot configuration set dap boot switch Specifies 802 1Q VLAN tagging information fo...

Страница 323: ... configuration set ap dap contact Specifies contact information for an AP Syntax set ap port list dap dap num contact string ap port list dap dap num contact string Defaults None Access Enabled Usage Use this command to specify an individual or department to contact for information or maintenance on the AP Examples The following command specifies the contact person for AP 7 as Bob the IT guy DWS 1...

Страница 324: ...aaa If an AP is already installed and operating you can use the show dap status command to display the fingerprint The show dap config command lists an AP s fingerprint only if the fingerprint has been verified in MSS If the fingerprint has not been verified the fingerprint information in the command output is blank Examples The following example verifies the fingerprint for Distributed AP 8 DWS 1...

Страница 325: ...lt Access Enabled Usage A change to the forced image download option takes place the next time the AP is restarted Even when forced image download is disabled the default the AP still checks with the DWS 1008 to verify that the AP has the latest image Examples The following command enables forced image download on Distributed AP 69 DWS 1008 set dap 69 force image download enable success change acc...

Страница 326: ... any subset or all of the access points connected to a DWS 1008 to a group on that switch All access points in a group must be connected to the same DWS 1008 If you use the name none spelled in any combination of capital or lowercase letters the specified access point is cleared from all AP groups Examples The following command configures an DWL 8220AP access point group named loadbalance1 that co...

Страница 327: ...ation of the AP Examples The following command specifies the location of AP 7 as The conference room DWS 1008 set ap 7 location The conference room success change accepted See Also show ap dap config set ap dap contact List of ports on which to specify location information for directly connected APs Number of a Distributed AP for which to specify location information Location information for the A...

Страница 328: ...of the AP on port 1 to techpubs DWS 1008 set ap 1 name techpubs success change accepted See Also show ap dap config List of ports connected to the AP access point to rename Number of a Distributed AP to rename Alphanumeric string of up to 16 characters with no spaces set ap dap radio antenna location Specifies the location indoors or outdoors of an external antenna Use this command to ensure that ...

Страница 329: ... Syntax set ap port list dap dap num radio 1 antennatype ANT1060 ANT1120 ANT1180 internal 2 antennatype ANT5060 ANT5120 ANT5180 internal ap port list dap dap num radio 1 radio 2 radio 1 antennatype radio 2 antennatype List of ports connected to the DWL 8220AP access points on which to set the channel Number of a Distributed AP on which to set the channel Radio 1 of the DWL 8220AP Radio 2 of the DW...

Страница 330: ... The default maximum power setting that RF Auto Tuning can set on a radio is the highest setting allowed for the country of operation or highest setting supported on the hardware whichever is lower Access Enabled List of ports connected to the DWL 8220AP access points on which to set the maximum power Number of a Distributed AP on which to set the maximum power Sets the maximum power for radios co...

Страница 331: ...m radio 1 radio 2 channel number Defaults The default channel depends on the radio type The default channel number for 802 11b g is 6 The default channel number for 802 11a is the lowest valid channel number for the country of operation Access Enabled Usage You can configure a radio s transmit power on the same command line Use the tx power option This command is not valid if dynamic channel tunin...

Страница 332: ...adio tx power show ap dap config set ap dap radio mode Enables or disables a radio on a DWL 8220AP access point Syntax set ap port list dap dap num auto radio 1 2 mode enable disable ap port list dap dap num dap auto radio 1 radio 2 enable disable Defaults DWL 8220AP access point radios are disabled by default Access Enabled List of ports connected to the DWL 8220AP access point s on which to turn...

Страница 333: ... radio 2 mode enable success change accepted set ap dap radio radio profile Assigns a radio profile to an DWL 8220AP radio and enables or disables the radio Syntax set ap port list dap dap num auto radio 1 2 radio profile name mode enable disable ap port list dap dap num dap auto radio 1 radio 2 radio profile name mode enable mode disable List of ports Number of a Distributed AP Sets the radio pro...

Страница 334: ...Usage To enable or disable one or more radios to which a profile is assigned use the set ap radio radio profile command To enable or disable all radios that use a specific radio profile use the set radio profile command List of ports connected to the DWL 8220AP access points on which to set the transmit power Number of a Distributed AP on which to set the transmit power Radio 1 of the DWL 8220AP R...

Страница 335: ... are connected to the switch Note The maximum transmission unit MTU for encrypted DWL 8220AP management traffic is 1498 bytes whereas the MTU for unencrypted management traffic is 1474 bytes Make sure the devices in the intermediate network between the switch and Distributed AP can support the higher MTU Syntax set dap security require optional none require optional none Defaults By default encryp...

Страница 336: ...t ap port list dap dap num auto upgrade firmware enable disable ap port list dap dap num dap auto enable disable Defaults Automatic firmware upgrades of DWL 8220AP access points are enabled by default Access Enabled Usage When the feature is enabled on a DWS 1008 port a DWL 8220AP access point connected to that port upgrades its boot firmware to the latest version stored on the switch while bootin...

Страница 337: ...disable name enable disable Defaults Active scanning is enabled by default Access Enabled Usage You can enter this command on any DWS 1008 switch The command takes effect only on that switch Examples The following command disables active scan in radio profile radprof3 DWS 1008 set radio profile radprof3 active scan disable success change accepted See Also show radio profile Radio profile name Conf...

Страница 338: ...ile auto tune power config show radio profile Radio profile name Configures radios to dynamically select their channels when the radios are started Configures radios to use their statically assigned channels or the default channels if unassigned when the radios are started Configures radios to change channels regardless of client status Without this option a radio changes the channel only if the r...

Страница 339: ...can specify from 0 to 65535 seconds set radio profile auto tune channel interval Sets the interval at which RF Auto Tuning decides whether to change the channels on radios in a radio profile At the end of each interval MSS processes the results of the RF scans performed during the previous interval and changes radio channels if needed Syntax set radio profile name auto tune channel interval second...

Страница 340: ...tically configured channel assignments on the radios RF Auto Tuning of channels is then disabled in the radio profile Syntax set radio profile name auto tune channel lockdown name Defaults By default when RF Auto Tuning of channels is enabled channels continue to be changed dynamically based on network conditions Access Enabled Usage To save this command and the static channel configuration comman...

Страница 341: ...ng for power is enabled MSS does not allow you to manually change the power level Examples The following command enables dynamic power tuning for radios in the rp2 radio profile DWS 1008 set radio profile rp2 auto tune power config enable success change accepted See Also set ap dap radio auto tune max power set radio profile auto tune channel config set radio profile auto tune power interval set r...

Страница 342: ...ase a radio s power level to preserve the minimum data rate for an associated client In this case the radio reduces its power in 1 dBm increments until the power returns to the expected level Examples The following command sets the power interval for radios in radio profile rp2 to 240 seconds DWS 1008 set radio profile rp2 auto tune power interval 240 success change accepted See Also set ap dap ra...

Страница 343: ...figuration Examples The following command locks down the power settings for radios in radio profile rp2 DWS 1008 set radio profile rp2 auto tune power lockdown success change accepted See Also set ap dap radio auto tune max power set radio profile auto tune channel lockdown set radio profile auto tune power config set radio profile auto tune power interval set radio profile auto tune power ramp in...

Страница 344: ...the rate at which each DWL 8220AP radio in a radio profile advertises its service set identifier SSID Syntax set radio profile name beacon interval interval name interval Defaults The beacon interval for DWL 8220AP radios is 100 ms by default Access Enabled Usage You must disable all radios that are using a radio profile before you can change parameters in the profile Use the set radio profile mod...

Страница 345: ...our network the device might be causing RF interference with DWL 8220AP radios Syntax set radio profile name countermeasures all rogue configured none name all rogue configured none Defaults Countermeasures are disabled by default Access Enabled Examples The following command enables countermeasures in radio profile radprof3 for rogues only DWS 1008 set radio profile radprof3 countermeasures rogue...

Страница 346: ...ticast and broadcast frames stored in its buffers to clients who request them in response to the DTIM Note The DTIM interval applies to both the beaconed SSID and the nonbeaconed SSID Syntax set radio profile name beacon interval interval name interval Defaults By default DWL 8220AP access points send the DTIM once after each beacon Access Enabled Usage You must disable all radios that are using a...

Страница 347: ...sage You must disable all radios that are using a radio profile before you can change parameters in the profile Use the set radio profile mode command The frag threshold does not specify the maximum length a frame is allowed to be without being broken into multiple frames before transmission The frag threshold does not change the RTS threshold which specifies the maximum length a frame can be befo...

Страница 348: ...The following command changes the maximum receive threshold for radio profile rp1 to 4000 ms DWS 1008 set radio profile rp1 max rx lifetime 4000 success change accepted See Also set radio profile mode set radio profile max tx lifetime show radio profile Radio profile name Number of milliseconds You can enter a value from 500 0 5 second through 250 000 250 seconds set radio profile max tx lifetime ...

Страница 349: ...de set radio profile max tx lifetime show radio profile set radio profile mode Creates a new radio profile or disables or reenables all DWL 8220AP radios that are using a specific profile Syntax set radio profile name mode enable disable radio profile name mode enable mode disable Defaults Each radio profile that you create has a set of properties with factory default values that you can change wi...

Страница 350: ...ws a frame that is scheduled for transmission to stay in the buffer for up to 2000ms 2 seconds preamble length short Advertises support for short 802 11b preambles and generates unicast frames with the preamble length specified by the client Note This parameter applies only to 802 11b g radios qos mode wmm Classifies and marks traffic based on 802 1q and DSCP and optimizes forwarding prioritizatio...

Страница 351: ...se the set ap radio command Examples The following command configures a new radio profile named rp1 DWS 1008 set radio profile rp1 success change accepted The following command enables the radios that use radio profile rp1 DWS 1008 set radio profile rp1 mode enable success change accepted The following commands disable the radios that use radio profile rp1 change the beacon interval then reenable ...

Страница 352: ...traffic the DWL 8220AP access point still accepts frames with short preambles but does not transmit frames with short preambles This change also occurs if the access point overhears a beacon from an 802 11b g radio on another access point that indicates the radio has clients that require long preambles You must disable all radios that use a radio profile before you can change parameters in the pro...

Страница 353: ...changes the QoS mode for radio profile rp1 to SVP DWS 1008 set radio profile rp1 qos mode svp success change accepted See Also set radio profile mode 6 show radio profile Radio profile name Optimizes forwarding prioritization of AP radios for SpectraLink Voice Priority SVP Classifies and marks traffic based on 802 1p and DSCP and optimizes forwarding prioritization of AP radios for Wi Fi Multimedi...

Страница 354: ...s set radio profile rts threshold Changes the RTS threshold for the AP radios in a radio profile The RTS threshold specifies the maximum length a frame can be before the radio uses the RTS CTS method to send the frame The RTS CTS method clears the air of other traffic to avoid corruption of the frame due to a collision with another frame Syntax set radio profile name rts threshold threshold name t...

Страница 355: ...controlled by the service profile The following table lists the parameters controlled by a service profile and their default values Radio profile name of up to 16 alphanumeric characters with no spaces Service profile name of up to 16 alphanumeric characters with no spaces Parameter Default Value Radio Behavior When Parameter Set to Default Value attr No attributes configured Does not assign the S...

Страница 356: ...c cos is set to enable assigns CoS to all data traffic to or from clients dhcp restrict disable Does not restrict a client s traffic to only DHCP traffic while the client is being authenticated and authorized idle client probing enable Sends a keepalive packet a null data frame to each client every 10 seconds keep initial vlan disable Reassigns the user to a VLAN after roaming instead of leaving t...

Страница 357: ...da disable Sygate On Demand Agent SODA files are not downloaded to connecting clients ssid name dlink Uses the SSID name dlink static cos disable Assigns CoS based on the Qos mode wmm or svp or based on ALCs tkip me time 6000 Uses Michael countermeasures for 60 000ms 60 seconds followin detertion of a second MIC failure within 60 seconds transmit rates 802 11a mandantory 6 0 12 0 24 0 beacon rate ...

Страница 358: ...tal radios do not use the web portal acl setting web portal form Not configured For WebAAA users serves the D Link login page web portal session timeout 5 AllowsaWebPortalWebAAAsessiontoremainintheDeassociated state 5 seconds before being terminated automatically wep key index No Keys defined Uses dynamic WEP rather than static WEP Note If you configure a WEP key for static WEP MSS continues to al...

Страница 359: ...o profile wmm powersave Enables Unscheduled Automatic Powersave Delivery U APSD on AP radios managed by the radio profile U APSD enables WMM clients that use powersave mode to more efficiently request buffered unicast packets from AP radios When U APSD is enabled a client can retrieve buffered unicast packets for a traffic priority enabled for U APSD by sending a QoS data or QoS Null frame for tha...

Страница 360: ...ll traffic priorities even if the client does not request U APSD for them However to retrieve buffered packets for priorities that are not using U APSD a client must send a separate PSpoll for each buffered packet Syntax set radio profile name wmm powersave enable disable name enable disable Defaults U APSD is disabled by default Access Enabled Usage U APSD is supported only for QoS mode WMM If WM...

Страница 361: ...S server and the RADIUS server returns the vlan name attribute set to orange then that user will have a total of two attributes set service type and vlan name If the service profile is configured with the vlan name attribute set to blue and the RADIUS server returns the vlan name attribute set to orange then the attribute from the RADIUS server takes precedence the user is placed in the orange VLA...

Страница 362: ...he WPA IE if not already enabled and disable the 40 bit WEP and 104 bit WEP cipher suites in the WPA IE if they are not already disabled To use 802 1X authentication for WPA clients you also must enable the WPA IE If you disable 802 1X authentication of WPA clients the only method available for authenticating the clients is preshared key PSK authentication To use this you must enable PSK support a...

Страница 363: ...ge located on the DWS 1008 The user must type a valid username and password on the web page to access the SSID Access Enabled Usage The last resort fallthru authentication type allows any user to access any SSID managed by the service profile This method does not require the user to provide a username or password Use the last resort method only if none of the SSIDs managed by the service profile r...

Страница 364: ...aults When the WPA IE is enabled PSK authentication of WPA clients is enabled by default If the WPA IE is disabled the auth psk setting has no effect Access Enabled Usage This command affects authentication of WPA clients only To use PSK authentication you also must configure a passphrase or key In addition you must enable the WPA IE Examples The following command enables PSK authentication for se...

Страница 365: ... profile name beacon enable disable name enable disable Defaults Beaconing is enabled by default Access Enabled Examples The following command disables beaconing of the SSID managed by service profile sp2 DWS 1008 set service profile sp2 beacon disable success change accepted See Also set radio profile beacon interval set service profile ssid name set service profile ssid type show service profile...

Страница 366: ... radio can have when session based CAC is enabled When an DWL 8220AP has reached the maximum allowed number of active sessions the radio refuses connections from additional clients Syntax set service profile name cac session max sessions name max sessions Defaults The default number of sessions allowed is 14 Access Enabled Usage This command applies only when the CAC mode is session If the CAC mod...

Страница 367: ...a service profile Syntax set service profile name cipher ccmp enable disable name enable disable Defaults CCMP encryption is disabled by default Access Enabled Usage To use CCMP you must also enable the WPA IE Examples The following command configures service profile sp2 to use CCMP encryption DWS 1008 set service profile sp2 cipher ccmp enable success change accepted See Also set service profile ...

Страница 368: ...2 DWS 1008 set service profile sp2 cipher tkip disable success change accepted See Also set service profile cipher ccmp set service profile cipher wep104 set service profile cipher wep40 set service profile wpa ie show service profile Service profile name Enables TKIP encryption for WPA clients Disables TKIP encryption for WPA clients set service profile cipher wep104 Enables dynamic Wired Equival...

Страница 369: ... use the set service profile wep commands To support non WPA clients that use static WEP you must configure static WEP keys Use the set service profile wep key index command Examples The following command configures service profile sp2 to use 104 bit WEP encryption DWS 1008 set service profile sp2 cipher wep104 enable success change accepted See Also set service profile cipher ccmp set service pro...

Страница 370: ...namic WEP for XP clients leave WPA disabled and use the set service profile wep commands To support non WPA clients that use static WEP you must configure static WEP keys Use the set service profile wep key index command Examples The following command configures service profile sp2 to use 40 bit WEP encryption DWS 1008 set service profile sp2 cipher wep40 enable success change accepted See Also se...

Страница 371: ...associated client s traffic to allow DHCP traffic only until the client has been authenticated and authorized All other traffic is captured by the DWS 1008 and is not forwarded After the client is successfully authorized the traffic restriction is removed Syntax set service profile name dhcp restrict enable disable name enable disable Defaults DHCP Restrict is disabled by default Access Enabled Us...

Страница 372: ...le client probing is enabled by default Access Enabled Usage The length of time a client can remain idle unresponsive to idle client probes is specified by the user idle timeout command Examples The following command disables idle client keepalives on service profile sp1 DWS 1008 set service profile sp1 idle client probing disable success change accepted See Also set service profile user idle time...

Страница 373: ...he local switch reassigns the VLAN The user is configured in the switch s local database and theVLAN Name attribute is set on the user or on a user group the user is in The access rule on the roamed to switch uses RADIUS and the VLAN Name attribute is set on the RADIUS server set service profile long retry count Changes the long retry threshold for a service profile The long retry threshold specif...

Страница 374: ...t of broadcast traffic sent to the phones When enabled the no broadcast mode prevents AP radios from sending DHCP or ARP broadcasts to clients on the service profile s SSID Instead an AP radio handles this traffic as follows The no broadcast mode does not affect other types of broadcast traffic and does not prevent clients from sending broadcasts Syntax set service profile name no broadcast enable...

Страница 375: ...D Disables the no broadcast mode set service profile proxy arp Enables proxy ARP When proxy ARP is enabled the DWS 1008 replies to ARP requests for client IP address on behalf of the clients This feature reduces broadcast overhead on a service profile s SSID by eliminating ARP broadcasts from APs to the SSID s clients If the ARP request is for a client whose IP address the DWS 1008 does not alread...

Страница 376: ...authentication to use for authenticating WPA clients in a service profile Radios use the PSK as a pairwise master key PMK to derive unique pairwise session keys for individual WPA clients Syntax set service profile name psk phrase passphrase name passphrase Defaults None Access Enabled Usage MSS converts the passphrase into a 256 bit binary number for system use and a raw hexadecimal key to store ...

Страница 377: ...derive unique pairwise session keys for individual WPA clients Syntax set service profile name psk raw hex name hex Defaults None Access Enabled Usage MSS converts the hexadecimal number into a 256 bit binary number for system use MSS also stores the hexadecimal key in the DWS 1008 s configuration The binary number is never displayed in the configuration To use PSK authentication you must enable i...

Страница 378: ... default Access Enabled Usage When the RSN IE is enabled the default authentication method is 802 1X There is no default cipher suite You must enable the cipher suites you want the radios to support Examples The following command enables the RSN IE in service profile sprsn DWS 1008 set service profile sprsn rsn ie enable success change accepted See Also set service profile auth dot1x set service p...

Страница 379: ...e set service profile auth psk command Syntax set service profile name shared key auth enable disable name enable disable Defaults Shared key authentication is disabled by default Access Enabled Usage Shared key authentication is supported only for encrypted SSIDs In addition if you enable shared key authentication RSN WPA TKIP and CCMP must be disabled By default RSN WPA and CCMP are already disa...

Страница 380: ...ch where the SODA agent files for a service profile are located Syntax set service profile name soda agent directory directory name directory Defaults By default the DWS 1008 expects SODA agent files to be located in a directory with the same name as the service profile Access Enabled Usage If the same SODA agent is used for multiple service profiles you can use this command to specify a single di...

Страница 381: ...nt checks the client performs an HTTP Get operation to load the success page Upon loading the success page the client is granted access to the network In order for the client to load the success page you must make sure the SODA agent is configured through SODA Manager with the correct URL of the success page so that the DWS 1008 can serve the page to the client Similarly you must make sure the SOD...

Страница 382: ...e checks option is enabled for the service profile The enforce checks option is enabled by default The page is assumed to reside in the root directory on the DWS 1008 You can optionally specify a different directory where the page resides Examples The following command specifies failure html as the page to load when a client fails the SODA agent checks DWS 1008 set service profile sp1 soda failure...

Страница 383: ...as a logout page The page is assumed to reside in the root directory on the DWS 1008 You can optionally specify a different directory where the page resides Note that you must also enable the HTTPS server on the DWS 1008 so that clients can log out of the network and access the logout page using HTTPS To do this use the set ip https server enable command Examples The following command specifies lo...

Страница 384: ...l WebAAA also be enabled for the service profile Examples The following command enables SODA functionality for service profile sp1 DWS 1008 set service profile sp1 soda mode enable success change accepted See Also install soda agent set service profile soda enforce checks show service profile Service profile name Enables SODA functionality for the service profile Disables SODA functionality for th...

Страница 385: ...command configures the DWS 1008 to apply acl 1 to a client when it loads the failure page DWS 1008 set service profile sp1 soda remediation acl acl 1 success change accepted See Also set service profile soda enforce checks set service profile soda failure page show service profile set service profile soda success page Specifies a page on the DWL 1008 switch that is loaded when a client passes the ...

Страница 386: ...h resides in the soda files directory on the DWS 1008 as the page to load when a client passes the SODA agent checks DWS 1008 set service profile sp1 soda success page soda files success html success change accepted See Also set service profile soda enforce checks set service profile soda mode show service profile set service profile ssid name Configures the SSID name in a service profile Syntax s...

Страница 387: ...id type show service profile set service profile ssid type Specifies whether the SSID managed by a service profile is encrypted or unencrypted Syntax set service profile name ssid type clear crypto name clear crypto Defaults The default SSID type is crypto Access Enabled Examples The following command changes the SSID type for service profile clear_wlan to clear DWS 1008 set service profile clear_...

Страница 388: ...by default Access Enabled Usage The CoS level is specified by the set service profile cos command Examples The following command enables static CoS on service profile sp1 DWS 1008 set service profile sp1 static cos enable success change accepted See Also set service profile cos show service profile Service profile name Enables static CoS on the service profile Disables static CoS on the service pr...

Страница 389: ...es WPA WEP clients and non WPA WEP clients CCMP clients are not affected The TKIP cipher suite must be enabled The WPA IE also must be enabled Examples The following command changes the countermeasures wait time for service profile sp3 to 30 000 ms 30 seconds DWS 1008 set service profile sp3 tkip mc time 30000 success change accepted See Also set service profile cipher tkip set service profile wpa...

Страница 390: ...0 Use a comma to separate multiple rates for example 6 0 9 0 12 0 Data transmission rates that APs will not use to transmit data This setting applies only to data sent by the APs The radios will still accept frames from clients at disabled data rates The valid rates depend on the radio type and are the same as the valid rates for mandatory Data rate of beacon frames sent by APs This rate is also u...

Страница 391: ...ed Examples The following command sets 802 11a mandatory rates for service profile sp1 to 6 Mbps and 9 Mbps disables rates 48 Mbps and 54 Mbps and changes the beacon rate to 9 Mbps DWS 1008 set service profile sp1 transmit rates 11a mandatory 6 0 9 0 disabled 48 0 54 0 beacon rate 9 0 success change accepted See Also show service profile set service profile user idle timeout Changes the number of ...

Страница 392: ... Changes the ACL name MSS uses to filter a Web Portal user s traffic during authentication Use this command if you create a custom Web Portal ACL to allow more than just DHCP traffic during authentication For example if you configure an ACL that allows a Web Portal user to access a credit card server use this command to use the custom ACL for Web Portal users that associate with the service profil...

Страница 393: ...rvr DWS 1008 set service profile sp3 web portal acl creditsrvr success change accepted See Also set service profile auth fallthru show service profile set service profile web portal form Specifies a custom login page to serve to WebAAA users who request the SSID managed by the service profile Syntax set service profile name web portal form url name url Defaults The D Link Web login page is served ...

Страница 394: ...vice profile corpa service to corpa login html DWS 1008 mkdir corpa success change accepted DWS 1008 copy tftp 10 1 1 1 corpa login html corpa corpa login html success received 637 bytes in 0 253 seconds 2517 bytes sec DWS 1008 copy tftp 10 1 1 1 corpa logo jpg corpa corpa logo jpg success received 1202 bytes in 0 402 seconds 2112 bytes sec DWS 1008 dir corpa file Filename Size Created file corpa ...

Страница 395: ...eing terminated automatically This configurable amount of time is called the Web Portal WebAAA session timeout period You can use this command to set the number of seconds in the Web Portal WebAAA session timeout period Note that the Web Portal WebAAA session timeout period applies only to Web Portal WebAAA sessions already authenticated with a username and password For all other Web Portal WebAAA...

Страница 396: ...d configures service profile sp2 to useWEP key 2 for encrypting multicast traffic DWS 1008 set service profile sp2 wep active multicast index 2 success change accepted See Also set service profile wep active unicast index set service profile wep key index show service profile Service profile name WEP key number You can enter a value from 1 through 4 set service profile wep active unicast index Spe...

Страница 397: ...ts the value of one of four static Wired Equivalent Privacy WEP keys for static WEP encryption Syntax Syntax set service profile name wep key index num key value name key index num key value Defaults By default no static WEP keys are defined Access Enabled Usage MSS automatically enables static WEP when you define a WEP key MSS continues to support dynamic WEP Service profile name WEP key index Yo...

Страница 398: ...and cipher suites supported by radios in the radio profile mapped to the service profile Syntax set service profile name wpa ie enable disable name enable disable Defaults The WPA IE is disabled by default Access Enabled Usage When the WPA IE is enabled the default authentication method is 802 1X There is no default cipher suite You must enable the cipher suites you want the radios to support Exam...

Страница 399: ... The following example shows configuration information for a Distributed AP access point configured on connection 1 DWS 1008 show dap config 1 Port 2 AP model DWL 8220AP POE enable bias high name DWL 8220AP02 boot download enable YES force image download NO load balancing group none location The conference room contact Bob the IT guy Radio 1 type 802 11g mode disabled channel 6 tx pwr 1 profile de...

Страница 400: ...enabled NO automatic upgrades are disabled force image download State of the option to force the AP to download a new image YES automatic upgrades are enabled NO automatic upgrades are disabled load balancing group Names of the AP load balancing groups to which the DWL 8220AP access point belongs If the value is None the access point does not belong to any load balancing groups location Location i...

Страница 401: ... r adio 1 LastPktXferRate 2 PktTxCount 73473 NumCntInPwrSave 0 MultiPktDrop 0 LastPktRxSigStrength 89 MultiBytDrop 0 LastPktSigNoiseRatio 4 User Sessions 0 TKIP Pkt Transfer Ct 0 MIC Error Ct 0 TKIP Pkt Replays 0 TKIP Decrypt Err 0 CCMP Pkt Decrypt Err 0 CCMP Pkt Replays 0 CCMP Pkt Transfer Ct 0 RadioResets 0 Radio Recv Phy Err Ct 0 Transmit Retries 60501 Radio Adjusted Tx Pwr 15 Noise Floor 93 80...

Страница 402: ...tly connected to the DWS 1008 and the DWS 1008 port is configured as an AP access port radio Radio number LastPktXferRate Data transmit rate in Mbps of the last packet received by the DWL 8220AP access point NumCntInPwrSave Number of clients currently in power save mode LastPktRxSigStrength Signal strength in dBm of the last packet received by the DWL 8220AP access point LastPktSigNoiseRatio Signa...

Страница 403: ...d Rate specific Phy errors are instead counted in the PhyError columns for individual data rates Radio Adjusted Tx Pwr Current power level set on the radio If RF Auto Tuning of power is enabled this value is the power set by RF Auto Tuning If RF Auto Tuning is disabled this value is the statically configured power level 802 3 Packet Tx Ct Number of raw 802 3 packets transmitted by the radio These ...

Страница 404: ...Generally a reset occurs as a result of RF noise It is normal for this counter to increment a few times per day Transmit Retries Number of times the radio retransmitted a unicast packet because it was not acknowledged The AP uses this counter to adjust the transmit data rate for a client in order to minimize retries The ratio of transmit retries to transmitted packets TxUniPkt indicates the overal...

Страница 405: ...ndicate an attack For example a client might be sending incorrect key information However if the counter increments rapidly there might be a problem in the network UndcrptByte Number of undecryptable bytes received by the radio See the description for UndcrptPkt PhyError Number of packets that could not be decoded by the AP This condition can have any of the following causes Collision of an 802 11...

Страница 406: ...mand shows statistics for the AP forwarding queues on a Distributed AP DWS 1008 set service profile sp2 wpa ie enable CoS Queue Tx TxDrop The following Table describes the fields in this display Number of a Distributed AP for which to display QoS statistics counters List of ports connected to the DWL 8220AP access point s for which to display QoS statistics counters Clears the counters after displ...

Страница 407: ...isy Also it is normal for a mildly congested radio to drop low priority packets proportionally more often than high priority packets However continuous packet drops from the Voice queue can indicate over subscription or excessive interference in the RF environment show ap dap etherstats Displays Ethernet statistics for an DWL 8220AP s Ethernet ports Syntax show ap dap etherstats port list dap num ...

Страница 408: ... RxBroadcast 11 TxLateColl 0 RxGoodFrames 86188 TxMaxColl 0 RxAlignErrs 0 TxMultiColl 12 RxShortFrames 0 TxUnderruns 0 RxCrcErrors 0 TxCarrierLoss 0 RxOverruns 0 TxDeferred 111 RxDiscards 0 The following Table describes the fields in this display Field Description RxUnicast Number of unicast frames received RxMulticast Number of multicast frames received RxBroadcast Number of broadcast frames rece...

Страница 409: ...cause they encountered the maximum allowed number of collisions Typically this occurs only during periods of heavy traffic on the network TxMultiColl Number of transmitted frames that encountered more than one collision TxUnderruns Number of frames that were not transmitted or retransmitted due to temporary lack of hardware resources TxCarrierLoss Number of frames transmitted despite the detection...

Страница 410: ...r of active client sessions on the DWL 8220AP access point Status Association status of the DWL 8220AP access point Accepting The access point is accepting new associations Refusing The access point is refusing new associations Refused Number of association requests refused by the DWL 8220AP access point due to load balancing MSS resets this counter to 0 when the DWS 1008 is restarted MSS is reloa...

Страница 411: ...802 11g state configure succeed Enabled 802 11b protect operational channel 1 operational power 14 base mac 00 0b 0e 00 d2 c0 bssid1 00 0b 0e 00 d2 c0 ssid public bssid2 00 0b 0e 00 d2 c2 ssid employee net bssid3 00 0b 0e 00 d2 c4 ssid mycorp tkip Radio 2 type 802 11a state configure succeed Enabled operational channel 64 operational power 14 base mac 00 0b 0e 00 d2 c1 bssid1 00 0b 0e 00 d2 c1 ssi...

Страница 412: ... operational power 15 base mac 00 0b 0e 00 d1 00 bssid1 00 0b 0e 00 d1 00 ssid public bssid2 00 0b 0e 00 d1 02 ssid empl net bssid3 00 0b 0e 00 d1 04 ssid mycorp tkip Radio 2 type 802 11a state configure succeed Enabled operational channel 48 operational power 11 base mac 00 0b 0e 00 d1 01 bssid1 00 0b 0e 00 d1 01 ssid public bssid2 00 0b 0e 00 d1 03 ssid empl net bssid3 00 0b 0e 00 d1 05 ssid myc...

Страница 413: ...been recognized by the DWS 1008 but has not yet begun booting booting The AP has asked the DWS 1008 for a boot image image downloading The AP is receiving a boot image from the DWS 1008 image downloaded The AP has received a boot image from the DWS 1008 and is booting configuring The AP has booted and is ready to receive or is already receiving configuration parameters from the DWS 1008 operationa...

Страница 414: ...f the radio does detect radar the flag changes to Radar Detected Radar Detected indicates that DFS has detected radar on the channel When this occurs the AP stops transmitting on the channel for 30 minutes If RF Auto Tuning is enabled for channel assignment the radio selects another channel and performs the initial channel availability check on the new channel during which time the flag changes ba...

Страница 415: ...led The channel and power settings are shown as channel power Radio2 State channel and power information for radio 2 Uptime Amount of time since the AP booted using this link show auto tune attributes Displays the current values of the RF attributes RF Auto Tuning uses to decide whether to change channel or power settings Syntax show auto tune attributes ap mp num radio 1 2 all Syntax show auto tu...

Страница 416: ... Noise Noise threshold on the active channel RF Auto Tuning prefers channels with low noise levels over channels with higher noise levels Utilization Number of multicast packets per second that a radio can send on a channel while continuously sending fixed size frames over a period of time The number of packets that are successfully transmitted indicates how busy the channel is CRC Errors count Nu...

Страница 417: ...adio sends beacon frames or responds to probe requests Even if a radio s SSIDs are unadvertised D Link radios detect the empty beacon frames beacon frames without SSIDs sent by the radio and include the radio in the neighbor list Examples The following command displays neighbor information for radio 1 on the directly connected AP access point on port 2 DWS 1008 show auto tune neighbors ap 2 radio ...

Страница 418: ...tune max power set radio profile auto tune channel config set radio profile auto tune channel holddown set radio profile auto tune channel interval set radio profile auto tune power config set radio profile auto tune power interval show auto tune attributes show radio profile show dap boot configuration Displays information about the static IP address configuration if any on a Distributed AP Synta...

Страница 419: ...et mask assigned to this Distributed AP Gateway The IP address of the default gateway assigned to this Distributed AP Vlan Tag The VLAN tag that the Distributed AP is configured to use if any Switch IP The IP address of the DWS 1008 that this Distributed AP is configured to use as its boot device if any Switch Name The name of the DWS 1008 that this Distributed AP is configured to use as its boot ...

Страница 420: ...switch where you use the command The switch does not need to be the one that booted the AP but it must have the AP in its configuration If a Distributed AP is configured on this DWS 1008 but does not have an active connection the command does not display information for the AP To show connection information for Distributed APs use the show dap global command on one of the switches where the APs ar...

Страница 421: ...tributed APs configured on this DWS 1008 that have active connections DWS 1008 show dap connection Total number of entries 1 Field Description DAP Connection ID you assigned to the Distributed AP If the connection is configured on another DWS 1008 this field contains a hyphen Serial Id Serial ID of the Distributed AP DAP IP Address IP address assigned by DHCP to the Distributed AP DWS 1008 IP Addr...

Страница 422: ...ins a hyphen the Distributed AP configuration displayed in the row of output is on another DWS 1008 Serial Id Serial ID of the Distributed AP DAP IP Address System IP address of the DWS 1008 on which the Distributed AP is configured A separate row of output is displayed for each DWS 1008 on which the Distributed AP is configured Bias Bias of the DWS 1008 for the Distributed AP High Low The followi...

Страница 423: ...that are not configured DWS 1008 show dap unconfigured Total number of entries 2 Field Description Serial Id Serial ID of the Distributed AP Model AP model number IP Address IP address of the AP This is the address that the AP receives from a DHCP server The AP uses this address to send a Find DWS message to request configuration information from DWL 1008 However the AP cannot use the address to e...

Страница 424: ...D DTIM Interval Number of times after every beacon that each AP radio in the radio profile sends a delivery traffic indication map DTIM Max Tx Lifetime Number of milliseconds that a frame received by a radio in the radio profile can remain in buffer memory Max Rx Lifetime Number of milliseconds that a frame scheduled to be transmitted by a radio in the radio profile can remain in buffer memory The...

Страница 425: ...Power Interval Interval in seconds at which RF Auto Tuning decides whether to change the power level on radios in a radio profile At the end of each interval MSS processes the results of the RF scans performed during the previous interval and changes radio power levels if needed Power ramp interval Number of seconds a radio waits before increasing or decreasing its power by 1 dBm in response to a ...

Страница 426: ... power interval set radio profile auto tune power lockdown set radio profile auto tune power ramp interval set radio profile beacon interval set radio profile countermeasures set radio profile dtim interval set radio profile frag threshold set radio profile max rx lifetime set radio profile max tx lifetime set radio profile mode set radio profile preamble length set radio profile qos mode set radi...

Страница 427: ...Custom logout web page Custom agent directory Static COS no COS 0 CAC mode none CAC sessions 14 User idle timeout 180 Idle client probing yes Keep initial vlan no Web Portal Session Timeout 5 Web Portal ACL WEP Key 1 value none WEP Key 2 value none WEP Key 3 value none WEP Key 4 value none WEP Unicast Index 1 WEP Multicast Index 1 Shared Key Auth NO WPA enabled ciphers cipher tkip authentication 8...

Страница 428: ...does not have an authentication rule with a userglob that matches the username last resort Automatically authenticates the user and allows access to the SSID requested by the user without requiring a username and password none Denies authentication and prohibits the user from accessing the SSID web portal Redirects the user to a web page for login to the SSID Sygate On Demand SODA Whether SODA fun...

Страница 429: ... timeout Indicates how many seconds a user session can remain idle indicated by no user traffic and no reply to client keepalive probes before the session is changed to the Disassociated state Idle client probing Indicates whether client keepalive probes are enabled Keep initial VLAN Indicates whether the keep initial vlan option is enabled Web Portal Session Timeout When a Web Portal WebAAA sessi...

Страница 430: ...t are applied by default to a user accessing the SSID managed by this service profile in addition to any attributes assigned to the user by a RADIUS server or the local database Attributes are listed here only if they have been configured as default attribute settings for the service profile 11a 11b 11g transmit rate fields Data transmission rate settings for each radio type beacon rate Data rate ...

Страница 431: ...spantree portvlancost on page 499 show spantree portvlancost on page 508 clear spantree portcost on page 488 clear spantree portvlancost on page 490 Port Priority set spantree portpri on page 498 set spantree portvlanpri on page 500 clear spantree portpri on page 489 clear spantree portvlanpri on page 491 Timers set spantree fwddelay on page 494 set spantree hello on page 495 set spantree maxage o...

Страница 432: ...tcost 5 6 success change accepted See Also clear spantree portvlancost set spantree portcost set spantree portvlancost show spantree show spantree portvlancost clear spantree portpri Resets to the default value the priority of a network port or ports for selection as part of the path to the STP root bridge in all VLANs on a DWS 1008 switch Syntax clear spantree portpri port list port list List of ...

Страница 433: ...e one s you specify Examples The following command resets the STP cost for port 12 in VLAN sunflower DWS 1008 clear spantree portvlancost 12 vlan sunflower success change accepted See Also clear spantree portcost set spantree portcost set spantree portvlancost show spantree show spantree portvlancost clear spantree portvlanpri Resets to the default value the priority of a network port or ports for...

Страница 434: ...pri show spantree clear spantree statistics Clears STP statistics counters for a network port or ports and resets them to 0 Syntax clear spantree statistics port list vlan vlan id port list List of ports Statistics counters are reset on the specified ports vlan vlan id VLAN name or number MSS resets statistics counters for only the specified VLAN Defaults None Access Enabled Examples The following...

Страница 435: ... or disables STP on only the specified ports within the specified VLAN Defaults Disabled Access Enabled Examples The following command enables STP on all VLANs configured on a switch DWS 1008 set spantree enable success change accepted The following command disables STP on VLAN burgundy DWS 1008 set spantree disable vlan burgundy success change accepted See Also show spantree set spantree backbone...

Страница 436: ...y change that a switch which is not the root bridge waits to begin forwarding Layer 2 traffic on one or all of its configured VLANs The root bridge always forwards traffic Syntax set spantree fwddelay delay all vlan vlan id delay Delay value You can specify from 4 through 30 seconds all Changes the forwarding delay on all VLANs vlan vlan id VLAN name or number MSS changes the forwarding delay on o...

Страница 437: ...VLANs to 4 seconds DWS 1008 set spantree hello 4 all success change accepted See Also show spantree set spantree maxage Changes the maximum age for an STP root bridge hello packet that is acceptable to a switch acting as a designated bridge on one or all of its VLANs After waiting this period of time for a new hello packet the switch determines that the root bridge is unavailable and issues a topo...

Страница 438: ...r cost paths over higher cost paths Defaults The default port cost depends on the port speed and link type The table below lists the defaults for STP port path cost Port Speed Link Type Default Port Path Cost 100 Mbps Full Duplex Aggregate Link Port Group 19 100 Mbps Full Duplex 18 100 Mbps Half Duplex 19 10 Mbps Full Duplex Aggregate Link Port Group 19 10 Mbps Full Duplex 95 10 Mbps Half Duplex 1...

Страница 439: ... 1 3 5 enable success change accepted See Also show spantree portfast set spantree portpri Changes the STP priority of a network port or ports for selection as part of the path to the STP root bridge in the default VLAN on a DWS 1008 switch Syntax set spantree portpri port list priority value port list List of ports MSS changes the priority on the specified ports priority value Priority value You ...

Страница 440: ...s Enabled Examples The following command changes the cost on ports 3 and 4 to 20 in VLAN mauve DWS 1008 set spantree portvlancost 3 4 cost 20 vlan mauve success change accepted See Also clear spantree portcost clear spantree portvlancost set spantree portcost show spantree show spantree portvlancost set spantree portvlanpri Changes the priority of a network port or ports for selection as part of t...

Страница 441: ...ch on one or all of its VLANs Syntax set spantree priority value all vlan vlan id priority value Priority value You can specify a value from 0 through 65 535 The bridge with the lowest priority value is elected to be the root bridge for the spanning tree all Changes the bridge priority on all VLANs vlan vlan id VLAN name or number MSS changes the bridge priority on only the specified VLAN Defaults...

Страница 442: ...ccess switches to the network core distribution layer but are not in the core themselves Do not enable the feature on DWS 1008 switches that are in the network core Examples The following command enables uplink fast convergence DWS 1008 set spantree uplinkfast enable success change accepted See Also show spantree uplinkfast show spantree Displays STP configuration and port state information Syntax...

Страница 443: ...es the fields in this display Field Description VLAN VLAN number Spanning Tree Mode In the current software version the mode is always PVST which means Per VLAN Spanning Tree Spanning Tree Type In the current software version the type is always IEEE which means STP is based on the IEEE 802 standards Spanning Tree Enabled State of STP on the VLAN Designated Root MAC address of the spanning tree s r...

Страница 444: ...ate can indicate any of the following conditions The port is inactive The port is disabled STP is enabled on the port but the port is not forwarding traffic The port is active and enabled but STP has just started to come up Forwarding The port is forwarding Layer 2 traffic Learning The port is learning the locations of other devices in the spanning tree before changing state to forwarding Listenin...

Страница 445: ... has blocked on one or all of its VLANs Syntax show spantree blockedports vlan vlan id vlan vlan id VLAN name or number If you do not specify aVLAN MSS displays information for blocked ports on all VLANs Defaults None Access All Usage The command lists information separately for each VLAN Examples The following command shows information about blocked ports on a switch for the default VLAN VLAN 1 D...

Страница 446: ...e information for all ports Defaults None Access All Examples The following command shows uplink fast convergence information for all ports DWS 1008 show spantree portfast Port Vlan Portfast 1 1 disable 2 1 disable 3 1 disable 4 1 enable 5 2 disable 6 2 disable 7 2 disable 8 2 disable The table below describes the fields in this display Field Description Port Port number VLAN VLAN number Portfast ...

Страница 447: ...ath cost 19 See Also clear spantree portcost clear spantree portvlancost set spantree portcost set spantree portvlancost show spantree show spantree statistics Displays STP statistics for one or more switch network ports Syntax show spantree statistics port list vlan vlan id port list List of ports If you do not specify any ports MSS displays STP statistics for all ports vlan vlan id VLAN name or ...

Страница 448: ...inconsistency none Port based information statistics config BPDU s xmitted port VLAN 0 1 config BPDU s received port VLAN 21825 43649 tcn BPDU s xmitted port VLAN 0 0 tcn BPDU s received port VLAN 2 2 forward transition count port VLAN 1 1 scp failure count 0 root inc trans count port VLAN 1 1 inhibit loopguard FALSE loop inc trans count 0 0 Status of Port Timers forward delay timer INACTIVE forwa...

Страница 449: ...ow describes the fields in this display Field Description Port Port number VLAN VLAN ID Spanning Tree enabled for vlan State of the STP feature on the VLAN port spanning tree State of the STP feature on the port state STP state of the port Blocking The port is not forwarding Layer 2 traffic but is listening to and forwarding STP control traffic Disabled The port is not forwarding any traffic inclu...

Страница 450: ...the root bridge changed inhibit loopguard State of the loop guard In the current release the state is always FALSE loop inc trans count Number of loops that have occurred forward delay timer Status of the forwarding delay timer This timer monitors the time spent by a port in the listening and learning states forward delay timer value Current value of the forwarding delay timer in seconds message a...

Страница 451: ...e from which the switch last received a topology change dynamic max age transition Number of times the maximum age parameter was changed dynamically port BPDU ok count Number of valid port BPDUs received msg age expiry count Number of expired messages link loading Indicates whether the link is oversubscribed BPDU in processing Indicates whether BPDUs are currently being processed num of similar BP...

Страница 452: ...LANs DWS 1008 show spantree uplinkfast VLAN port list 1 1 fwd 2 3 The table below describes the fields in this display Field Description VLAN VLAN number port list Ports in the uplink group The port that is forwarding traffic is indicated by fwd The other ports are blocking traffic See Also set spantree uplinkfast ...

Страница 453: ...460 Proxy Reporting set igmp proxy report on page 455 Pseudo querier set igmp querier on page 458 show igmp querier on page 464 Timers set igmp qi on page 456 set igmp oqi on page 454 set igmp qri on page 457 set igmp lmqi on page 452 set igmp rv on page 459 Router Solicitation set igmp mrsol on page 453 set igmp mrsol mrsi on page 454 Multicast Routers set igmp mrouter on page 452 show igmp mrout...

Страница 454: ...mp statistics IGMP statistics cleared for all vlans See Also show igmp statistics set igmp Disables or reenables IGMP snooping on one VLAN or all VLANs on a switch Syntax set igmp enable disable vlan vlan id enable Enables IGMP snooping disable Disables IGMP snooping vlan vlan id VLAN name or number If you do not specify a VLAN IGMP snooping is disabled or reenabled on all VLANs Defaults IGMP snoo...

Страница 455: ...mer change applies to all VLANs Defaults The default last member query interval is 10 tenths of a second 1 second Access Enabled Examples The following command changes the last member query interval on VLAN orange to 5 tenths of a second DWS 1008 set igmp lmqi 5 vlan orange success change accepted See Also set igmp oqi set igmp qi set igmp mrouter set igmp mrouter Adds or removes a port in a switc...

Страница 456: ...WS 1008 set igmp mrouter port 5 disable success change accepted See Also show igmp mrouter set igmp mrsol Enables or disables multicast router solicitation by a switch on one VLAN or all VLANs Syntax set igmp mrsol enable disable vlan vlan id enable Enables multicast router solicitation disable Disables multicast router solicitation vlan vlan id VLAN name or number If you do not specify a VLAN mul...

Страница 457: ... Also set igmp mrsol set igmp oqi Changes the IGMP other querier present interval timer on one VLAN or all VLANs on a switch Syntax set igmp oqi seconds vlan vlan id oqi seconds Number of seconds that the switch waits for a general query to arrive before electing itself the querier You can specify a value from 1 through 65 535 vlan vlan id VLAN name or number If you do not specify a VLAN the timer...

Страница 458: ...les proxy reporting vlan vlan id VLAN name or number If you do not specify a VLAN proxy reporting is disabled or reenabled on all VLANs Defaults Proxy reporting is enabled on all VLANs by default Access Enabled Usage Proxy reporting reduces multicast overhead by sending only one membership report for a group to the multicast routers and discarding other membership reports for the same group If you...

Страница 459: ...e default query interval is 125 seconds Access Enabled Usage The query interval is applicable only when the switch is querier for the subnet For the switch to become the querier the pseudo querier feature must be enabled on the switch and the switch must have the lowest IP address among all the devices eligible to become a querier To enable the pseudo querier feature use the set igmp querier comma...

Страница 460: ...s to all VLANs Defaults The default query response interval is 100 tenths of a second 10 seconds Access Enabled Usage The query response interval is applicable only when the switch is querier for the subnet For the switch to become the querier the pseudo querier feature must be enabled on the switch and the switch must have the lowest IP address among all the devices eligible to become a querier T...

Страница 461: ... subnet Examples The following example enables the pseudo querier on the orange VLAN DWS 1008 set igmp querier enable vlan orange success change accepted See Also show igmp querier set igmp receiver Adds or removes a network port in the list of ports on which a switch forwards traffic to multicast receivers Static multicast receiver ports are immediately added to or removed from the list of receiv...

Страница 462: ... show igmp receiver table set igmp rv Changes the robustness value for one VLAN or all VLANs on a DWS 1008 switch Robustness adjusts the IGMP timers to the amount of traffic loss that occurs on the network Syntax set igmp rv num vlan vlan id num Robustness value You can specify a value from 2 through 255 Set the robustness value higher to adjust for more traffic loss vlan vlan id VLAN name or numb...

Страница 463: ...uration values qi 125 oqi 300 qri 100 lmqi 10 rvalue 2 Multicast router information Port Mrouter IPaddr Mrouter MAC Type TTL 5 192 28 7 5 00 01 02 03 04 05 dvmrp 17 Group Port Receiver IP Receiver MAC TTL 224 0 0 2 none none none undef 237 255 255 255 5 10 10 10 11 00 02 04 06 08 0b 258 237 255 255 255 5 10 10 10 13 00 02 04 06 08 0d 258 237 255 255 255 5 10 10 10 14 00 02 04 06 08 0e 258 237 255 ...

Страница 464: ...qi Query interval Configuration values oqi Other querier present interval Configuration values qri Query response interval Configuration values lmqi Last member query interval Configuration values rvalue Robustness value Multicast router information List of multicast routers and active multicast groups The fields containing this information are described separately The show igmp mrouter command sh...

Страница 465: ...mp querier command shows the same information Querier for vlan VLAN containing the querier Information is listed separately for each VLAN Querier IP IP address of the querier Querier MAC MAC address of the querier TTL Number of seconds before this entry ages out if the switch does not receive a query message from the querier IGMP vlan member ports Physical ports in the VLAN This list includes all ...

Страница 466: ...ters Ports are listed separately for each VLAN Port Number of the physical port through which the switch can reach the router Mrouter IPaddr IP address of the multicast router Mrouter MAC MAC address of the multicast router Type How the switch learned that the port is a multicast router port conf Static multicast port configured by an administrator madv Multicast advertisement quer IGMP query dvmr...

Страница 467: ...1 193 122 135 178 00 0b cc d2 e9 b4 23 The following command shows the information MSS displays when the querier is the switch itself DWS 1008 show igmp querier vlan default Querier for vlan default I am the querier for vlan default time to next query is 20 The output indicates how many seconds remain before the pseudo querier on the switch broadcasts the next general query report to IP address 22...

Страница 468: ...tax show igmp receiver table vlan vlan id group group ip addr mask length vlan vlan id VLAN name or number If you do not specify a VLAN MSS displays the multicast receivers on all VLANs group group ip addr mask length IP address and subnet mask of a multicast group in CIDR format for example 239 20 20 10 24 If you do not specify a group address MSS displays the multicast receivers for all groups D...

Страница 469: ...on VLAN VLAN that contains the multicast receiver ports Ports are listed separately for each VLAN Session IP address of the multicast group being received Port Physical port through which the switch can reach the receiver Receiver IP IP address of the receiver Receiver MAC MAC address of the receiver TTL Number of seconds before this entry ages out if the switch does not receive a group membership...

Страница 470: ...roups Report V2 IGMP version 2 group membership reports sent by clients who want to be receivers for the groups Leave IGMP version 2 leave messages sent by clients who want to stop receiving traffic for a group Leave messages apply only to IGMP version 2 Mrouter Adv Multicast router advertisement packets A multicast router sends this type of packet to advertise the IP address of the sending interf...

Страница 471: ...opology notifications Number of Layer 2 topology change notifications received by the switch Note In the current software version the value in this field is always 0 Packets with unknown IGMP type Number of multicast packets received with an unrecognized multicast type Packets with bad length Number of packets with an invalid length Packets with bad IGMP checksum Number of packets with an invalid ...

Страница 472: ...hischapterpresentssecurityACLcommandsalphabetically Usethefollowingtabletolocate commands in this chapter based on their use Create Security ACLs clear security acl on page 470 set security acl on page 475 show security acl on page 482 show security acl editbuffer on page 483 show security acl info on page 484 Commit Security ACLs commit security acl on page 472 rollback security acl on page 474 M...

Страница 473: ...onvolatile storage The clear security acl command deletes a security ACL but does not stop its current filtering function if the ACL is mapped to any virtual LANs VLANs ports or virtual ports or if the ACL is applied in a Filter Id attribute to an authenticated user or group of users with current sessions Examples The following commands display the current security ACL configuration clear acl_ 133...

Страница 474: ...group attr To delete a security ACL from a user or group on an external RADIUS server see the documentation for your RADIUS server Syntax clear security acl map acl name all vlan vlan id port port list tag tag value dap dap num in out acl name Name of an existing security ACL to clear ACL names start with a letter and are case insensitive all Removes security ACL mapping from all physical ports vi...

Страница 475: ... accepted To clear all physical ports virtual ports and VLANs on a switch of the ACLs mapped for incoming and outgoing traffic type the following command DWS 1008 clear security acl map all success change accepted See Also clear security acl set security acl map show security acl map commit security acl Saves a security ACL or all security ACLs in the edit buffer to the running configuration and n...

Страница 476: ...ion of whatever show security acl info all editbuffer shows to be currently stored in the edit buffer Examples The following commands commit all the security ACLs in the edit buffer to the configuration display a summary of the committed ACLs and show that the edit buffer has been cleared DWS 1008 commit security acl all configuration accepted DWS 1008 show security acl ACL table ACL Type Class Ma...

Страница 477: ...committed ACEs Defaults None Access Enabled Examples The following commands show the edit buffer before a rollback clear any changes in the edit buffer to security acl_122 and show the edit buffer after the rollback DWS 1008 show security acl info all editbuffer ACL edit buffer information for all set security acl ip acl_122 ACEs 3 add 3 del 0 modified 0 1 permit IP source IP 20 0 1 11 0 0 0 255 d...

Страница 478: ...t cos cos deny ip source ip addr mask any destination ip addr mask any precedence precedence tos tos dscp codepoint before editbuffer index modify editbuffer index hits By ICMP packets set security acl ip acl name permit cos cos deny icmp source ip addr mask any destination ip addr mask any type icmp type code icmp code precedence precedence tos tos dscp codepoint before editbuffer index modify ed...

Страница 479: ...ditbuffer permit Allows traffic that matches the conditions in the ACE cos cos For permitted packets a class of service CoS level for packet handling Specify a value from 0 through 7 1 or 2 Background Packets are queued in AP forwarding queue 4 0 or 3 Best effort Packets are queued in AP forwarding queue 3 4 or 5 Video Packets are queued in AP forwarding queue 2 Use CoS level 4 or 5 for voice over...

Страница 480: ...ress and wildcard mask of the network or host to which the packet is being sent Specify both address and mask in dotted decimal notation To match on any address specify any or 0 0 0 0 255 255 255 255 type icmp type Filters ICMP messages by type Specify a value from through 255 code icmp code For ICMP messages filtered by type additionally filters ICMP messages by code Specify a value from 0 throug...

Страница 481: ...ith a DSCP value based on the internal CoS value If the ACE contains the cos option this option overrides the switch s CoS map and marks the packet based on the ACE Access Enabled Usage The switch does not apply security ACLs until you activate them with the commit security acl command and map them to a VLAN port or virtual port or to a user If the switch is reset or restarted any ACLs in the edit...

Страница 482: ...ecurity acl all configuration accepted See Also clear security acl commit security acl show security acl set security acl map Assigns a committed security ACL to a VLAN physical port or ports virtual port or Distributed AP on the switch Note To assign a security ACL to a user or group in the local database use the command set user attr set mac user attr set usergroup attr or set mac usergroup attr...

Страница 483: ...tch out Assigns the security ACL to traffic coming from the switch Defaults None Access Enabled Usage Before you can map a security ACL you must use the commit security acl command to save the ACL in the running configuration and nonvolatile storage For best results map only one input security ACL and one output security ACL to each VLAN physical port virtual port or Distributed AP to filter a flo...

Страница 484: ...how security acl info acl name command To view the hits for all security ACLs use the show security acl hits command Examples The first command sets MSS to sample ACL hits every 15 seconds The second and third commands display the results The results show that 916 packets matching security acl_153 were sent since the ACL was mapped DWS 1008 set security acl hit sample rate 15 DWS 1008 show securit...

Страница 485: ...CLs use the show security acl info command To list ACLs that have not yet been committed use the show security acl editbuffer command Examples To display a summary of the mapped security ACLs on a DWS 1008 switch type the following command DWS 1008 show security acl ACL table ACL Type Class Mapping acl_123 IP Static Port 2 In acl_133 IP Static Port 4 In acl_124 IP Static See Also clear security ac...

Страница 486: ...t buffer table ACL Type Status acl_111 IP Not committed acl a IP Not committed To view details about these uncommitted ACLs type the following command DWS 1008 show security acl info all editbuffer ACL edit buffer information for all set security acl ip acl 111 ACEs 3 add 3 del 0 modified 2 1 permit IP source IP 192 168 254 12 0 0 0 0 destination IP any 2 permit IP source IP 192 168 253 11 0 0 0 0...

Страница 487: ...cl_2 2 0 acl_175 3 916 acl_123 See Also hit sample rate set security acl show security acl info Displays the contents of a specified security ACL or all security ACLs that are committed saved in the running configuration and nonvolatile storage or the contents of security ACLs in the edit buffer before they are committed Syntax show security acl info acl name all editbuffer acl name Name of an exi...

Страница 488: ...n IP any enable hits set security acl ip acl_135 hits 2 0 1 deny IP source IP 192 168 1 1 0 0 0 0 destination IP any enable hits The following command displays the contents of acl_123 in the edit buffer including the committed ACE rules 1 and 2 and the uncommitted rule 3 DWS 1008 show security acl info acl_123 editbuffer ACL edit buffer information for acl_123 set security acl ip acl_123 ACEs 3 ad...

Страница 489: ...Access Enabled Examples The following command displays the port to which security ACL acl_111 is mapped DWS 1008 show security acl map acl_111 ACL acl_111 is mapped to Port 4 in See Also clear security acl map set security acl map show security acl show security acl resource usage Displays statistics about the resources used by security ACL filtering on the switch Syntax show security acl resource...

Страница 490: ... max 512 PSCBs in secondary memory 0 max 9728 Leaves in primary 2 max 151 Leaves in secondary 0 max 12096 Sum node depth 1 Information on Network Processor status Fragmentation control 0 UC switchdest 0 ACL resources Port number 0 Number of action types 2 LUdef in use 5 Default action pointer c8007dc L4 global True No rules False Non IP rules False Root in first True Static default action False No...

Страница 491: ... handling fragmented IP packets Note The current MSS version filters only the first packet of a fragmented IP packet and passes the remaining fragments UC switchdest Control value for handling fragmented IP packets Note The current MSS version filters only the first packet of a fragmented IP packet and passes the remaining fragments Port number Control value for handling fragmented IP packets Note...

Страница 492: ... are mapped to outgoing traffic In mapping Application of security ACLs to incoming traffic on the switch True Security ACLs are mapped to incoming traffic False No security ACLs are mapped to incoming traffic No VLAN or PORT mapping Application of security ACLs to VLANs or ports on the switch True No security ACLs are mapped to VLANs or ports False Security ACLs are mapped to VLANs or ports No VP...

Страница 493: ...e commands and slowly increase the levels to get the data you need This chapter presents trace commands alphabetically Use the following table to locate commands in this chapter based on their use Trace clear log trace on page 490 clear trace on page 491 save trace on page 492 set trace authentication on page 492 set trace authorization on page 493 set trace dot1x on page 493 set trace sm on page ...

Страница 494: ...tion trace dot1x Ends an 802 1X trace authentication Ends an authentication trace sm Ends a session manager trace all Ends all trace processes Defaults None Access Enabled Examples To clear all trace processes type the following command DWS 1008 clear trace all success clear trace all To clear the session manager trace type the following command DWS 1008 clear trace sm success clear trace sm See A...

Страница 495: ...me level level mac addr mac address Traces a MAC address Specify a MAC address using colons to separate the octets for example 00 11 22 aa bb cc port port num Traces a port number Specify a port number between 1 and 22 user username Traces a user Specify a username of up to 32 alphanumeric characters with no spaces level level Determines the quantity of information included in the output You can s...

Страница 496: ...he output You can set the level with an integer from 1 to 10 where level 10 provides the most information Levels 1 through 5 provide user readable information If you do not specify a level level 5 is the default Defaults The default trace level is 5 Access Enabled Examples The following command starts a trace for information for authorization for MAC address 00 01 02 03 04 05 DWS 1008 set trace au...

Страница 497: ... 02 03 04 05 DWS 1008 set trace dot1x mac addr 00 01 02 03 04 05 success change accepted See Also clear trace show trace set trace sm Traces session manager activity Syntax set trace sm mac addr mac address port port num user username level level mac addr mac address Traces a MAC address Specify a MAC address using colons to separate the octets for example 00 11 22 aa bb cc port port num Traces a ...

Страница 498: ...lays information about traces that are currently configured on the switch or all possible trace options Syntax show trace all all Displays all possible trace options and their configuration Defaults None Access Enabled Examples To view the traces currently running type the following command DWS 1008 show trace milliseconds spent printing traces 1885 614 Trace Area Level Mac User Port Filter dot1x ...

Страница 499: ... locate commands in this chapter based on their use Remote monitoring snooping clear snoop on page 496 clear snoop map on page 497 set snoop on page 497 set snoop map on page 500 set snoop mode on page 501 show snoop on page 502 show snoop info on page 502 show snoop map on page 503 show snoop stats on page 503 clear snoop Deletes a snoop filter Syntax clear snoop filter name filter name Name of t...

Страница 500: ...ts None Access Enabled Examples The following command removes snoop filter snoop2 from radio 2 on Distributed AP 3 DWS 1008 clear snoop map snoop2 dap 3 radio 2 success change accepted The following command removes all snoop filter mappings from all radios DWS 1008 clear snoop map all success change accepted See Also set snoop map show snoop show snoop map set snoop Configures a snoop filter Synta...

Страница 501: ... This option matches for either direction of a flow and either MAC address can be the source or destination address If you omit a condition all packets match that condition For example if you omit frame type all frame types match the filter For most conditions you can use eq equal to match only on traffic that matches the condition value Use neq not equal to match only on traffic that is not equal...

Страница 502: ...If the observer is not present the AP still sends the snoop packets which use bandwidth If the observer is present but is not listening to TZSP traffic the observer continuously sends ICMP error indications back to the AP These ICMP messages can affect network and AP performance Examples The following command configures a snoop filter named snoop1 that matches on all traffic and copies the traffic...

Страница 503: ... Usage You can map the same filter to more than one radio You can map up to eight filters to the same radio If more than one filter has the same observer the AP sends only one copy of a packet that matches a filter to the observer After the first match the AP sends the packet and stops comparing the packet against other filters for the same observer If the filter does not have an observer the AP s...

Страница 504: ... stop after option the filter operates until you disable it or until the AP is restarted disable Disables the snoop filter Defaults Snoop filters are disabled by default Access Enabled Usage The filter mode is not retained if you change the filter configuration or disable and reenable the radio or when the AP or the switch is restarted You must reenable the filter to place it back into effect Exam...

Страница 505: ...op Dap 3 Radio 2 snoop1 snoop2 Dap 2 Radio 2 snoop2 See Also clear snoop map set snoop map show snoop map show snoop info Shows the configured snoop filters Syntax show snoop filter name filter name Name of the snoop filter Defaults None Access Enabled Examples The following command shows the snoop filters configured in the examples above DWS 1008 show snoop info snoop1 observer 10 10 30 2 snap le...

Страница 506: ...oop show snoop stats Displays statistics for enabled snoop filters Examples show snoop stats filter name dap num radio 1 2 filter name Name of the snoop filter dap dap num Number of a Distributed AP to which the snoop filter is mapped radio 1 Radio 1 of the AP radio 2 Radio 2 of the AP This option does not apply to single radio models Defaults None Access Enabled Usage The AP retains statistics fo...

Страница 507: ...ved by the radio that match the filter Tx Match Number of packets sent by the radio that match the filter Dropped Number of packets that matched the filter but that were not copied to the observer due to memory or network problems Stop After Filter state running enabled stopped disabled number of packets If the filter is running and the stop after option was used to stop the filter this field disp...

Страница 508: ...s stored in the log buffer or removes the configuration for a syslog server and stops sending log messages to that server Syntax clear log buffer server ip addr buffer Deletes the log messages stored in nonvolatile storage server ip addr Deletes the configuration for and stops sending log messages to the syslog server at this IP address Specify an address in dotted decimal notation Defaults None A...

Страница 509: ...t defaults for the following log parameters Severity Logging state enabled or disabled To override the session defaults for an individual session type the set log command from within the session and use the current option trace Sets log parameters for trace files port port number Sets the TCP port for sending messages to the syslog server You can specify a number from 1 to 65535 The default syslog...

Страница 510: ...able Enables messages to the specified target disable Disables messages to the specified target Defaults Events at the error level and higher are logged to the switch console Events at the error level and higher are logged to the switch system buffer Trace logging is enabled and debug level output is stored in the switch trace buffer Access Enabled Usage Using the command with only enable or disab...

Страница 511: ...ables the mark messages disable Disables the mark messages severity level Log severity at which the messages are logged emergency alert critical error warning notice info debug interval interval Interval at which MSS generates the mark messages You can specify from 1 to 2147483647 seconds Defaults Mark messages are disabled by default When they are enabled MSS generates a message at the notice lev...

Страница 512: ...space and a question mark after show log buffer facility for a list of valid facilities matching string Displays messages that match a string for example a username or IP address severity severity level Displays messages at a severity level greater than or equal to the level specified Specify one of the following emergency The switch is unusable alert Action must be taken immediately critical You ...

Страница 513: ...he following command displays logged messages for the AAA facility DWS 1008 show log buffer facility AAA AAA Jun 25 09 11 32 579848 ERROR AAA_NOTIFY_ERR AAA got SM special event 98 on locality 3950 which is gone See Also clear log show log config show log config Displays log configuration information Syntax show log config Defaults None Access Enabled Examples To display how logging is configured ...

Страница 514: ...y facility name Area of MSS that is sending the log message Type a space and a question mark after show log trace facility for a list of valid facilities matching string Displays messages that match a string for example a username or IP address severity severity level Displays messages at a severity level greater than or equal to the level specified Specify one of the following emergency The switc...

Страница 515: ...ility DWS 1008 show log trace 5 facility ROGUE ROGUE Oct 28 16 30 19 695141 ERROR ROGUE_AP_ALERT Xmtr Mac 01 0b 0e ff 00 3b Po rt 7 Radio 1 Chan 36 RSSI 18 Tech DOT_11A SSID dlink ROGUE Oct 28 16 30 19 7046 37 ERROR ROGUE_AP_ALERT Xmtr Mac 01 0b 0e 00 09 5f Port 7 Radio 1 Chan 36 RSSI 15 Tech DOT_11A SSID examplewlan ROGUE Oct 28 16 30 19 711253 ERROR ROGUE_AP_ALER T Xmtr Mac 01 0b 0e 00 06 b7 Por...

Страница 516: ...nds only when working with D Link to diagnose a system issue In particular commands that change boot parameters can interfere with a switch s ability to boot successfully This chapter presents boot prompt commands alphabetically Use the following table to locate commands in this chapter based on their use Command Information help on page 521 ls on page 522 Booting autoboot on page 514 boot on page...

Страница 517: ...ot The autoboot flag is on See Also boot boot Loads and executes a system image file Syntax boot BT type DEV device FN filename HA ip addr FL num OPT option OPT option BT type Boot type c Compact flash Boots using nonvolatile storage or a flash card n Network Boots using a TFTP server DEV device Location of the system image file c Nonvolatile storage area containing boot partition 0 d Nonvolatile ...

Страница 518: ...age If you use an optional parameter the parameter setting overrides the setting of the same parameter in the currently active boot profile However the boot profile itself is not changed To display the currently active boot profile use the show command To change the currently active boot profile use the change command Examples The following command loads system image file MX010101 020 from boot pa...

Страница 519: ...to change the setting to its default value To back up to the previous parameter type hyphen Examples The following command enters the configuration mode for the currently active boot profile changes the device to boot1 and leaves the other parameters with their current settings boot change Changing the default configuration is not recommended Are you sure that you want to proceed y n y BOOT TYPE c...

Страница 520: ...the profile If all four slots already contain profiles and you try to create a fifth profile the switch displays a message advising you to change one of the existing profiles instead To make a new boot profile the currently active boot profile use the next command To change boot parameter settings use the change command Examples The following command creates a new boot profile in slot 1 on a switc...

Страница 521: ...ofile 3 You cannot delete boot profile 0 Examples To remove the currently active boot profile type the following command boot delete BOOT Index 1 BOOT TYPE c DEVICE boot1 FILENAME default FLAGS 00000000 OPTIONS run nos boot 0 See Also change create next show dhcp Displays or changes the state of the DHCP option The DHCP option controls whether a switch uses DCHP to obtain its IP address when it is...

Страница 522: ...mode is disabled by default Access Boot prompt Usage Access to the diagnostic mode requires a password which is not user configurable Use this mode only if advised to do so by D Link dir Displays the boot code and system image files on a DWS 1008 switch Syntax dir c d e f boot0 boot1 c Nonvolatile storage area containing boot partition 0 primary d Nonvolatile storage area containing boot partition...

Страница 523: ... 5524593 bytes See Also fver version fver Displays the version of a system image file installed in a specific location on a DWS 1008 switch Syntax fver c d e f boot0 boot1 filename c Nonvolatile storage area containing boot partition 0 primary d Nonvolatile storage area containing boot partition 1 secondary e Primary partition of the flash card in the flash card slot f Secondary partition of the f...

Страница 524: ...command Defaults None Access Boot prompt Usage If you specify a command name detailed information is displayed for that command If you do not specify a command name all the boot prompt commands are listed Examples The following command displays detailed information for the fver command boot help fver fver Display the version of the specified device filename USAGE fver c file d file e file f file b...

Страница 525: ... the autoboot option boot Load and execute an image using the current boot configuration profile change Change the current boot configuration profile create Create a new boot configuration profile delete Delete the current boot configuration profile next Select the next boot configuration profile show Display the current boot configuration profile dir Display the contents of the specified boot par...

Страница 526: ...rough 3 This command activates the boot profile in the next slot in ascending numerical order If the currently active slot is 3 the command activates the boot profile in slot 0 Examples To activate the boot profile in the next slot and display the profile type the following command boot next BOOT Index 0 BOOT TYPE c DEVICE boot1 FILENAME testcfg FLAGS 00000000 OPTIONS run nos boot 0 See Also chang...

Страница 527: ... boot prompt boot reset D Link Systems Bootstrap 1 17 Release Testing Low Memory 1 Testing Low Memory 2 CISTPL_VERS_1 4 1 SanDisk SDP 5 3 0 6 Reset Cause 0x02 is COLD D Link Systems Bootstrap Bootloader Version 1 6 5 Release Bootstrap 0 version 1 17 Active Bootloader 0 version 1 6 5 Active Bootstrap 1 version 1 17 Bootloader 1 version 1 6 3 Board Revision 3 Controller Revision 24 POE Board Revisio...

Страница 528: ...e can be active at a time You can create change and delete boot profiles You also can activate another boot profile in place of the currently active one Syntax show Defaults None Access Boot prompt Examples To display the currently active boot profile type the following command at the boot prompt boot show BOOT Index 0 BOOT TYPE c DEVICE boot 1 FILENAME default FLAGS 00000000 OPTIONS run nos boot ...

Страница 529: ...he boot type is Network the device can be one of the following mgmt or tsec0 The 10 100 port labelled Mgmt HOST IP For network booting the IP address of the host where the system image resides LOCAL IP For network booting the IP address of the switch If the DHCP option is enabled this does not need to be specified GATEWAY IP For network booting the default router gateway used by the switch If the ...

Страница 530: ...ct as OFF Defaults The poweron test flag is disabled by default Access Boot prompt Examples The following command displays the current setting of the poweron test flag boot test The diagnostic execution flag is not set See Also boot version Displays version information for a switch s hardware and boot code Syntax version Defaults None Access Boot prompt Usage This command does not list the system ...

Страница 531: ...mand at the boot prompt boot version D Link Systems Bootstrap Bootloader Version 1 6 5 Release Bootstrap 0 version 1 17 Active Bootloader 0 version 1 6 5 Active Bootstrap 1 version 1 17 Bootloader 1 version 1 6 3 Board Revision 3 Controller Revision 24 POE Board Revision 1 POE Controller Revision 6 See Also dir fver ...

Отзывы: