Page 2
Reproduction in any manner whatsoever without the written permission of D-Link Computer Corporation is strictly forbidden. Trademarks used in this text: D-Link and the D-Link logo are trademarks of D-Link Computer Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation.
Page 3
EVISION ISTORY Revision Date Change Description Release 2.1 01/31/08 Added : • “dot1x guest-vlan” on page 74 • “dot1x guest-vlan supplicant” on page 74 • “tunnel-mtu” on page 145 • “show wireless tunnel-mtu” on page 149 • “station-isolation” on page 175 •...
This document describes command-line interface (CLI) commands you use to view and configure D-Link Unified Wired/Wireless Access System. You can access the CLI by using a direct connection to the serial port or by using telnet or SSH over a remote network connection.
Using the Command-Line Interface The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH. This chapter describes the CLI syntax, conventions, and modes.
Slot/Port Naming Convention D-Link Unified Wired/Wireless Access System software references physical entities such as cards and ports by using a slot/port naming convention. The D-Link Unified Wired/Wireless Access System software also uses this convention to identify certain logical entities, such as Port-Channel interfaces.
Command Modes The CLI groups commands into modes according to the command function. Each of the command modes supports specific D-Link Unified Wired/Wireless Access System software commands. The commands in one mode are not available until you switch to that particular mode, with the exception of the User EXEC mode commands.
1 Using the Command-Line Interface Table 5. CLI Command Modes Command Prompt Mode Description Mode Contains a limited set of com- User EXEC Switch> mands to view basic system information. Privileged EXEC Allows you to issue any Switch# EXEC command, enter the VLAN mode, or enter the Global Con- figuration mode.
Page 33
1 Using the Command-Line Interface Table 6. CLI Mode Access and Exit Command Access Method Exit or Access Previous Mode Mode Policy-Map From the Global Config mode, enter To exit to the Global Config mode, Config enter . To return to the Privileged policy-map exit EXEC mode, enter Ctrl-Z.
1 Using the Command-Line Interface Table 8. CLI Editing Conventions Key Sequence Description Ctrl-P Go to previous line in history buffer Ctrl-R Rewrites or pastes the line Ctrl-N Go to next line in history buffer Ctrl-Y Prints last deleted character Ctrl-Q Enables serial flow Ctrl-S...
Switching Commands This chapter describes the switching commands available in the D-Link Unified Wired/ Wireless Access System CLI. The Switching Commands chapter includes the following sections: • “Port Configuration Commands” on page 38 • “Spanning Tree Protocol (STP) Commands” on page 41 •...
You can use the command to configure jumbo frame support for physical and port-channel (LAG) interfaces. For the standard D-Link Unified Wired/Wireless Access System implementation, the MTU size is a valid integer between 1522 - 9216 for tagged packets and a valid integer between 1518 - 9216 for untagged packets.
2 Switching Commands Mirror - this port is a monitoring port. For more information, see “Port Mir- roring” on page 93. PC Mbr- this port is a member of a port-channel (LAG). Probe - this port is a probe port. Admin Mode The Port control administration state.
2 Switching Commands no spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value. Format no spanning-tree configuration revision Mode Global Config spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree.
2 Switching Commands spanning-tree max-hops This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. The max-hops value is a range from 1 to 127. Default Format spanning-tree max-hops <1-127> Mode Global Config no spanning-tree max-hops This command sets the Bridge Max Hops parameter for the common and internal spanning...
2 Switching Commands Default 32768 Format spanning-tree mst priority <mstid> <0-61440> Mode Global Config no spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance to the is a number that corresponds to the desired existing default value.
2 Switching Commands CST Regional Root Bridge Identifier of the CST Regional Root. It is made up using the bridge priority and the base MAC address of the bridge. Regional Root Path Cost Path Cost to the CST Regional Root. Associated FIDs List of forwarding database identifiers currently associated with this instance.
2 Switching Commands Port Path Cost The configured path cost for the specified interface. Designated Root Identifier of the designated root for this port within the CST. Designated Port Cost Path Cost offered to the LAN by the Designated Port. Designated Bridge The bridge containing the designated port Designated Port Identifier Port on the Designated Bridge that offers the lowest cost to the Topology Change Acknowledgement Value of flag in next Configuration Bridge Protocol...
2 Switching Commands vlan database This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics. Format vlan database Mode Privileged EXEC network mgmt_vlan This command configures the Management VLAN ID. Default Format network mgmt_vlan <1-3965> Mode Privileged EXEC no network mgmt_vlan...
2 Switching Commands vlan participation This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number Format vlan participation {exclude | include | auto} <1-3965> Mode Interface Config Participation options are:...
2 Switching Commands You should create the referenced VLAN before you create the protocol-based VLAN except when you configure GVRP to create the VLAN. Default none Format protocol vlan group all <groupid> Mode Global Config no protocol vlan group all This command removes all interfaces from this protocol-based VLAN group that is identified by this <groupid>...
2 Switching Commands Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard.
2 Switching Commands Metro Core in a simple and cost effective manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving the VLAN identification of the individual customers when they enter their own 802.1Q domain. dvlan-tunnel ethertype This command configures the ether-type for all interfaces.
2 Switching Commands vlan port priority all This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. The range for the priority is 0-7. Any subsequent per port configuration will override this configuration setting. Format vlan port priority all <priority>...
2 Switching Commands Mode User EXEC Privileged EXEC Name A string associated with this group as a convenience. It can be up to 32 alpha- numeric characters long, including blanks. The default is blank. This field is optional. Protected Indicates whether the interface is protected or not. It shows TRUE or FALSE. If the group is a multiple groups then it shows TRUE in Group <groupid>...
2 Switching Commands GVRP Commands This section describes the commands you use to configure and view GARP VLAN Registration Protocol (GVRP) information. GVRP-enabled switches exchange VLAN configuration information, which allows GVRP to provide dynamic VLAN creation on trunk ports and automatic VLAN pruning. If GVRP is disabled, the system does not forward GVRP messages.
2 Switching Commands no set gmrp adminmode This command disables GARP Multicast Registration Protocol (GMRP) on the system. Format no set gmrp adminmode Mode Privileged EXEC set gmrp interfacemode This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode) or all interfaces (Global Config mode).
To authenticate a user, the first authentication method in the user’s login (authentication login list) is attempted. D-Link Unified Wired/Wireless Access System software does not utilize multiple entries in the user’s login. If the first entry returns a timeout, the user authentication attempt fails.
2 Switching Commands dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Format dot1x initialize <slot/port>...
2 Switching Commands dot1x system-auth-control Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x configuration is retained and can be changed, but is not activated. Default disabled Format dot1x system-auth-control Mode Global Config no dot1x system-auth-control This command is used to disable the dot1x authentication support on the switch.
2 Switching Commands show authentication This command displays the ordered authentication methods for all authentication login lists. Format show authentication Mode Privileged EXEC Authentication Login List The authentication login listname. Method 1 The first method in the specified authentication login list, if any. Method 2 The second method in the specified authentication login list, if any.
Page 81
2 Switching Commands Server Timeout The timer used by the authenticator on this port to timeout the authentication server. The value is expressed in seconds and will be in the range of 1 and 65535. Maximum Requests The maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request/Identity before timing out the supplicant.
2 Switching Commands storm-control broadcast Use this command to enable broadcast storm recovery mode for a specific interface. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
2 Switching Commands enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold. Default Format storm-control multicast level <0-100>...
2 Switching Commands storm-control unicast all This command enables unicast storm recovery mode for all interfaces. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
2 Switching Commands port-channel This command configures a new port-channel (LAG) and generates a logical slot/port number for the port-channel. The field is a character string which allows the dash “-” character <name> as well as alphanumeric characters. Use the command to display the slot/ show port channel port number for the logical interface.
2 Switching Commands port lacptimeout (Interface Config) This command sets the timeout on a physical interface of a particular device type (actor or partner) to either long or short timeout. Default long Format port lacptimeout {actor | partner} {long | short} Mode Interface Config no port lacptimeout...
2 Switching Commands show port-channel This command displays an overview of all port-channels (LAGs) on the switch. Format show port-channel {<logical slot/port> | all} Modes Privileged EXEC User EXEC Logical Interface Valid slot and port number separated by forward slashes. Port-Channel Name The name of this port-channel (LAG).
Use the parameter to disable the administrative mode of the session. mode Since the current version of D-Link Unified Wired/Wireless Access System NOTE: software only supports one session, if you do not supply optional parameters, the behavior of this command is similar to the behavior of the no monitor command.
2 Switching Commands The port, which is configured as mirrored port (source port) for the session Source Port identified with . If no source port is configured for the ses- <session-id> sion then this field is blank. D irection in which source port configured for port mirroring.Types are tx Type for transmitted packets and rx for receiving packets.
(Flt:). IGMP Snooping Configuration Commands This section describes the commands you use to configure IGMP snooping. D-Link Unified Wired/Wireless Access System software supports IGMP Versions 1, 2, and 3. The IGMP snooping feature can help conserve bandwidth because it allows the switch to forward IP multicast traffic only to connected hosts that request multicast traffic.
2 Switching Commands set igmp groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN, one interface or all interfaces. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.
2 Switching Commands Default disabled Format set igmp mrouter interface Mode Interface Config no set igmp mrouter interface This command disables the status of the interface as a statically configured multicast router interface. Format no set igmp mrouter interface Mode Interface Config show igmpsnooping This command displays IGMP Snooping information.
2 Switching Commands Interfaces The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). Port Security Commands This section describes the command you use to configure Port Security on the switch. Port security, which is also known as port MAC locking, allows you to secure the network by locking allowable MAC addresses on a given port.
2 Switching Commands Dynamic Limit Maximum dynamically allocated MAC Addresses. Static Limit Maximum statically allocated MAC Addresses. Violation Trap Mode Whether violation traps are enabled. show port-security dynamic This command displays the dynamically locked MAC addresses for the port. Format show port-security dynamic <slot/port>...
2 Switching Commands to transmit the port description TLV. To configure the port description, see See port-desc “description” on page 38. Default no optional TLVs are included Format lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc] Mode Interface Config no lldp transmit-tlv Use this command to remove an optional TLV from the LLDPDUs.
2 Switching Commands Format show lldp interface {<slot/port> | all} Mode Privileged EXEC. Interface The interface in a slot/port format. Link Shows whether the link is up or down. Transmit Shows whether the interface transmits LLDPDUs. Receive Shows whether the interface receives LLDPDUs. Notify Shows whether the interface sends remote data change notifications.
This section describes the commands you use to configure Denial of Service (DoS) Control. D-Link Unified Wired/Wireless Access System software provides support for classifying and blocking specific types of Denial of Service attacks. You can configure your system to monitor and block six types of attacks: •...
2 Switching Commands no dos-control tcpfrag This command disabled TCP Fragment Denial of Service protection. Format no storm-control broadcast all Mode Global Config dos-control tcpflag This command enables TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attacks.
2 Switching Commands no bridge aging-time This command sets the forwarding database address aging timeout to the default value. Format no bridge aging-time Mode Global Config show forwardingdb agetime This command displays the timeout for address aging. In an IVL system, the [fdbid | all] parameter is required.
Routing Commands This chapter describes the routing commands available in the D-Link Unified Wired/Wireless Access System CLI. The Routing Commands chapter contains the following sections: • “Address Resolution Protocol (ARP) Commands” on page 117 • “IP Routing Commands” on page 121 •...
3 Routing Commands no arp dynamicrenew This command prevents dynamic ARP entries from renewing when they age out. Format no arp dynamicrenew Mode Privileged EXEC arp purge This command causes the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command.
3 Routing Commands The following are displayed for each ARP entry. IP Address The IP address of a device on a subnet attached to an existing routing inter- face. MAC Address The hardware MAC address of that device. Interface The routing slot/port associated with the device ARP entry. Type The type that is configurable.
3 Routing Commands Mode Interface Config ip route This command configures a static route. The parameter is a valid IP address, and <ipaddr> is a valid subnet mask. The parameter is a valid IP address of the <subnetmask> <nexthopip> next hop router. The optional parameter is an integer (value from 1 to 255) that <preference>...
This command sets the IP Maximum Transmission Unit (MTU) on a routing interface. The IP MTU is the size of the largest IP packet that can be transmitted on the interface without fragmentation. D-Link Unified Wired/Wireless Access System software currently does not fragment IP packets.
3 Routing Commands • Packets forwarded in software are dropped if they exceed the IP MTU of the outgoing interface. Packets originated on the router may be fragmented by the IP stack. The IP stack uses its default IP MTU and ignores the value set using the ip mtu command. The IP MTU size refers to the maximum size of the IP packet (IP Header + IP NOTE: payload).
3 Routing Commands Example: show ip interface (r2) #show ip interface 0/2 Routing Configuration......Enable Interface Configuration Status....Enable Forward Net Directed Broadcasts....Disable Proxy ARP........Enable Local Proxy ARP........ Disable Active State........Active Link Speed Data Rate......100 Full MAC Address........
3 Routing Commands User EXEC Local The local route preference value. Static The static route preference value. OSPF Intra The OSPF Intra route preference value. OSPF Inter The OSPF Inter route preference value. OSPF Ext T1 The OSPF External Type-1 route preference value. OSPF Ext T2 The OSPF External Type-2 route preference value.
3 Routing Commands Format no ip vrrp <vrid> Mode Interface Config ip vrrp mode This command enables the virtual router configured on the specified interface. Enabling the status field starts a virtual router. The parameter is the virtual router ID which has an <vrid>...
3 Routing Commands Mode Interface Config ip vrrp timers advertise This command sets the frequency, in seconds, that an interface on the specified virtual router sends a virtual router advertisement. Default Format ip vrrp <vrid> timers advertise <1-255> Mode Interface Config no ip vrrp timers advertise This command sets the default virtual router advertisement value for an interface.
3 Routing Commands show ip vrrp interface brief This command displays information about each virtual router configured on the switch. This command takes no options. It displays information about each virtual router. Format show ip vrrp interface brief Modes Privileged EXEC User EXEC Interface Valid slot and port number separated by forward slashes.
3 Routing Commands no bootpdhcprelay serverip This command configures the default server IP address for BootP/DHCP Relay on the system. Format no bootpdhcprelay serverip Mode Global Config show bootpdhcprelay This command displays the BootP/DHCP Relay information. Format show bootpdhcprelay Modes Privileged EXEC User EXEC Maximum Hop Count The maximum allowable relay agent hops.
Wireless Commands This chapter describes the CLI commands you use to manage the wireless features on the switch as well as the wireless access points that a switch manages. This chapter contains the following sections: • “Unified Switch Commands” on page 140 •...
4 Wireless Commands peer-group This command indicates the peer group for this switch. There may be more than one group of peer switches on the same WLAN. A peer group is created by configuring all peers within the group with the same identifier. Default Format peer-group <1-255>...
4 Wireless Commands no ap authentication version of this command disables AP authentication. APs are not required to authenticate to the Unified Switch upon discovery. Format no ap authentication Mode Wireless Config snmp-server enable traps wireless This command globally enables the Unified Switch SNMP traps. The specific wireless trap groups are configured using the command in Wireless Config Mode.
4 Wireless Commands 1-120 Time in seconds from 1 to 120. no client roam-timeout version of this command returns the configured client age timeout to the default. Format no client roam-timeout Mode Wireless Config tunnel-mtu Use this command to set the Tunnel MTU value. Format tunnel-mtu {1500 | 1520} Mode...
4 Wireless Commands Mode Privileged EXEC IP Address Shows the IP addresses configured in the L3/IP Discovery List Status Shows the L3 discovery status. Possible values are Not Polled, Unreachable, or Discovered. show wireless discovery vlan-list This show command displays the configured VLAN ID list for L2 discovery. Format show wireless discovery vlan-list Mode...
Rogue AP Traps Shows whether Rogue AP Traps are enabled. Wireless Status Traps Shows whether Wireless Status Traps are enabled. show trapflags (modified command) The existing D-Link Unified Wired/Wireless Access System show trapflags command is modified to show the global Unified Switch trap configuration. See the command “snmp- server enable traps wireless”...
4 Wireless Commands Ad Hoc Client Status Age (hours) Shows how long to continue to display an ad hoc client in the status list since it was last detected. AP Failure Status Age (hours) Shows how long to continue to display a failed AP in the sta- tus list since it was last detected.
4 Wireless Commands channel-plan history-depth This command configures the number of channel plan history iterations that are maintained for each 802.11a and 802.11b/g frequency band. The number of iterations stored for each channel plan affects channel assignment; the channel algorithm will not assign the same channel to an AP more than once within the number of stored iterations of the channel plan.
4 Wireless Commands Channel Plan The channel plan type or mode, managed AP radios operating in the specified mode will be considered for this channel plan. Channel Plan Mode The frequency for automatic channel planning manual, fixed time, or interval. If the mode is manual, the channel algorithm will not run unless you request it.
4 Wireless Commands show wireless peer-switch This command displays status information for peer Unified Switches. If no parameters are entered, the command will display summary status for all peer switches. If a peer switch IP address is entered, detailed status for that peer switch is displayed. Format show wireless peer-switch [<ipaddr>] Mode...
4 Wireless Commands Mode AP Config profile This command configures the AP profile to be used to configure this AP. The profile configuration is used only if the AP mode is WS Managed. Default 1 - Default Format profile <1-16> Mode AP Config 1-16...
4 Wireless Commands Format < > ssid name Mode Network Config name Service Set Identifier, must be between 1-32 alphanumeric characters. To use spaces in the SSID, use quotes around the name. vlan (Network Config Mode) This command configures the default VLAN ID for the network. If there is no RADIUS server configured or a client is not associated with a VLAN via RADIUS, this is the VLAN assigned.
4 Wireless Commands no wep tx-key version of this command sets the WEP transmit key index to its default value. Format no wep tx-key Mode Network Config mac authentication This command enables and configures the mode for client MAC authentication on the network.
4 Wireless Commands no wpa versions version of this command configures the supported WPA versions to the default value. Format no wpa versions Mode Network Config wpa ciphers This command configures the WPA cipher suites supported on the network; one or both parameters must be specified.
4 Wireless Commands Format wpa2 pre-authentication timeout <0-1440> Mode Network Config 0-1440 The WPA2 pre-authentication timeout in minutes, where 0 indicates pre- authentications do not timeout on the AP. no wpa2 pre-authentication timeout version of this command sets the WPA2 pre-authentication timeout to its default value. Format no wpa2 pre-authentication timeout Mode...
64 bit —ASCII: 5 characters; Hex: 10 characters 128 bit —ASCII: 13 characters; Hex: 26 characters 152 bit —ASCII: 16 characters; Hex: 32 characters. For more information, please see the “Static WEP” table in the D-Link Unified Wired/Wireless Access System WLAN Switching Administrator’s Guide. no wep key version of this command removes the corresponding WEP key configuration.
4 Wireless Commands number of characters required for a valid WEP key, and therefore changing the WEP key length will reset all keys. Default ASCII Format wep key type {ascii | hex} Mode Network Config ascii Set WEP key type to ASCII. Set WEP key type to hexadecimal.
4 Wireless Commands WPA2 Key Forwarding Mode If WPA2 encryption is enabled, indicates Dynamic Key For- warding support for roaming WPA2 clients. WPA2 Key Caching Holdtime Length of time a PMK will be cached by an AP after the cli- ent using this PMK has roamed away from this AP.
4 Wireless Commands mac authentication action This command configures the client MAC authentication action for the AP profile. The action indicates what action to take on MAC addresses configured in the MAC authentication list, i.e. if the default action is deny all configured MAC addresses will be denied access. The action is applied to the MAC authentication list configured either locally or on the RADIUS server.
4 Wireless Commands Access Point Profile RF Commands The commands in this section provide RF configuration per radio interface within an access point profile. radio This command enters the AP profile radio configuration mode. In this mode you can modify the radio configuration parameters for an AP profile.
4 Wireless Commands station-isolation Use this command to enable Station Isolation. When Station Isolation is enabled, the AP blocks communication between wireless stations. The AP still allows data traffic between its wireless clients and wired devices on the network, but not among wireless clients. The Station Isolation setting is part of the configuration profile that the switch sends to the Managed AP.
4 Wireless Commands Default 10 Beacons Format dtim-period <1-255> Mode AP Profile Radio Config 1-255 Number of beacons between DTIMs. no dtim-period version of this command configures the DTIM period to the default value. Format no dtim-period Mode AP Profile Radio Config fragmentation-threshold This command configures the fragmentation threshold for the radio.
4 Wireless Commands Mode AP Profile Radio Config no power auto version of this command disables auto power adjustment for the radio. Format no power auto Mode AP Profile Radio Config power default This command configures a power setting for the radio. When auto power adjustment is enabled, this indicates an initial default power setting;...
4 Wireless Commands show wireless ap profile radio This command displays the radio configuration for an AP profile. When you enter the required profile ID, a summary view of the radio configuration is displayed. If you enter a radio index, the radio configuration detail is displayed.
4 Wireless Commands Access Point Profile QoS Commands The commands in this section provide QoS configuration per radio interface and QoS queue within an access point profile. qos ap-edca This command configures the downstream traffic flowing from the access point to the client station EDCA queues –...
4 Wireless Commands no qos station-edca version of this command allows you to reset the chosen queue configuration values for AIFS, Minimum Contention Window, Maximum Contention Window, and Transmission Opportunity Limit. Format no qos station-edca {background | best-effort | video | voice} { aifs | cwmin | cwmax | txop-limit } Mode AP Profile Radio Config...
4 Wireless Commands wireless ap channel set This command sets a new channel on the managed AP radio. The channel is not saved in the configuration, it is maintained until the next time the AP is discovered (AP or switch reset). Format wireless ap channel set <macaddr>...
4 Wireless Commands clear wireless ap neighbors This command deletes entries from the managed AP client and AP neighbor lists. Note that client neighbor entries added via a client association to the managed AP will not be cleared; these are only removed by the system when a client disassociates. Format clear wireless ap neighbors <macaddr>...
Switch IP address. Switch IP DHCP - The managed AP learned the correct Unified Switch IP address through DHCP option 43. L2 Poll Received - The AP was discovered through the D-Link Wireless Device Discovery Protocol. Status The current managed state of the AP. The possible values are: Discovered - The AP is discovered and by the switch, but is not yet authenti- cated.
4 Wireless Commands macaddr Switch managed AP MAC address. The radio interface on the AP. MAC Address The Ethernet address of the switch managed AP. Location A location description for the AP, this is the value configured in the valid AP database (either locally or on the RADIUS server).
Neighbor AP MAC The Ethernet MAC address of the neighbor AP network, this could be a physical radio interface or VAP MAC address. For D-Link APs, this is always a VAP MAC address. The neighbor AP MAC address may be cross-refer- enced in the RF Scan status.
4 Wireless Commands WLAN Bytes Transmitted Total bytes transmitted by the AP on the wireless network. Ethernet Packets Received Total packets received by the AP on the wired network. Ethernet Bytes Received Total bytes received by the AP on the wired network. Ethernet Multicast Packets Received Total multicast packets received by the AP on the wired network.
4 Wireless Commands Format show wireless ap download Mode Privileged EXEC File Name The AP image file name on the TFTP server. File Path The file path on the TFTP server. Server Address The TFTP server IP address. Group Size If a code download request is for all managed APs, the switch processes the request for one group of APs at a time before starting the next group.
AP MAC address detected in RF scan. MAC Address The Ethernet MAC address of the detected AP, this could be a physical radio interface or VAP MAC. For D-Link APs, this is always a VAP MAC address. SSID Service Set ID of the network, this is broadcast in detected beacon frame.
4 Wireless Commands Status Indicates the managed status of the AP, whether this is a valid AP known to the switch or a Rogue on the network. The valid values are: WS Managed - The neighbor AP is managed by this switch, the neighbor AP status can be referenced using its base MAC address.
4 Wireless Commands Bytes Transmitted Total bytes transmitted to the client station. Duplicate Packets Received Total duplicate packets received from the client station. Fragmented Packets Received Total fragmented packets received from the client station. Fragmented Packets Transmitted Total fragmented packets transmitted to the client station. Transmit Retry Count Number of times transmits to the client station succeeded after one or more retries.
4 Wireless Commands Mode Privileged EXEC show wireless client failure status This command displays the client failure status parameters. Format show wireless client [<macaddr>] failure status Mode Privileged EXEC macaddr Client MAC address. MAC Address The Ethernet address of the client. VAP MAC Address The managed AP VAP Ethernet MAC address on which the client attempted to associate and/or authenticate.
4 Wireless Commands statistics interval Use this command to configure the interval at which statistics are reported to the cluster controller. The variable is the reporting interval, which is a number in the range of <interval> 15-3600 seconds. Default Format statistics interval <interval>...
4 Wireless Commands Format [no] enable Mode Captive Portal Instance Mode no enable This command disables a captive portal configuration. Default Enable Format no enable Mode Captive Portal Instance Mode name This command configures the name for a captive portal configuration. The name can contain up to 32 alphanumeric characters.
4 Wireless Commands Default Format rate-limit up <rate> Mode Captive Portal Instance Mode Rate Rate in bps. 0 indicates the limit is not enforced. Example: The following shows an example of the command. (Switch)(Config-CP) #rate-limit up 100<cr> no rate-limit up Use this command to set the rate-limit up to the default value.
4 Wireless Commands Default Format rate-limit total-octets <bytes> Mode Captive Portal Instance Mode Bytes Total octets in bytes. 0 indicates the limit is not enforced. Example: The following shows an example of the command. (Switch)(Config-CP) #rate-limit total-octets 100<cr> no rate-limit total-octets Use this command to set the rate-limit total-octets to the default value.
4 Wireless Commands block This command blocks all traffic for a captive portal configuration. Format block Mode Captive Portal Instance Config Mode no block This command unblocks all traffic for a captive portal configuration. Format no block Mode Captive Portal Instance Config Mode Captive Portal Status Commands Use the commands in this section to view information about the status of one or more captive portal instances.
4 Wireless Commands Format show captive-portal configuration locales Mode Privileged EXEC CP ID Shows the captive portal ID the connected client is using. CP Name Shows the name of the captive portal the connected client is using. Language Code Shows the language code. Local Link Shows the local description.
4 Wireless Commands CP ID Shows the captive portal ID the connected client is using. CP Name Shows the name of the captive portal the connected client is using. Interface Valid slot and port number separated by forward slashes. Interface Description Describes the interface. User Name Displays the user name (or Guest ID) of the connected client show captive-portal client failure status...
4 Wireless Commands Captive Portal Local User Commands Use this command to view and configure captive portal users in the local database. user This command is used to create a local user. The variable is the user ID, which can <user-id>...
4 Wireless Commands Default Format user <user-id> rate-limit up <bps> Mode Captive Portal Config Mode Example: The following shows an example of the command. (Switch)(Config-CP) #user 1 rate-limit up 128000<cr> no user rate-limit up This command sets the user rate-limit up to the default value. Format no user <user-id>...
4 Wireless Commands user rate-limit total-octets Use this command to limit the number of bytes the user is allowed to transmit and receive. The maximum number of octets is the sum of octets transmitted and received. After this limit has been reached, the user will be disconnected.
4 Wireless Commands show captive-portal activity-log This command displays the information in the captive portal activity log. Format show captive-portal activity-log Mode Privileged EXEC clear captive-portal activity-log This command deletes all entries from the captive portal activity log. Format clear captive-portal activity-log Mode Privileged EXEC Captive Portal Activity Log Commands...
Quality of Service (QoS) Commands This chapter describes the Quality of Service (QoS) commands available in the D-Link Unified Wired/Wireless Access System CLI. The QoS Commands chapter contains the following sections: • “Class of Service (CoS) Commands” on page 227 •...
5 Quality of Service (QoS) Commands no classofservice trust This command sets the interface mode to the default value. Format no classofservice trust Modes Global Config Interface Config cos-queue min-bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue.
5 Quality of Service (QoS) Commands IP DSCP The IP DSCP value. Traffic Class The traffic class internal queue identifier to which the IP DSCP value is mapped. show classofservice trust This command displays the current trust mode setting for a specific interface. The <slot/ parameter is optional and is only valid on platforms that support independent per-port port>...
5 Quality of Service (QoS) Commands Format diffserv Mode Global Config no diffserv This command sets the DiffServ operational mode to inactive. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, Diffserv services are activated.
5 Quality of Service (QoS) Commands no match class-map This command removes from the specified class definition the set of match conditions defined for another class. The is the name of an existing DiffServ class whose match <refclassname> conditions are being referenced by the specified class definition. Format no match class-map <refclassname>...
5 Quality of Service (QoS) Commands Default none Format match protocol {<protocol-name> | <0-255>} Mode Class-Map Config match srcip This command adds to the specified class definition a match condition based on the source IP address of a packet. The parameter specifies an IP address.
5 Quality of Service (QoS) Commands Mode Policy-Map Config no class This command deletes the instance of a particular class and its defined treatment from the specified policy. is the names of an existing DiffServ class. <classname> This command removes the reference to the class definition for the specified NOTE: policy.
5 Quality of Service (QoS) Commands policy-map rename This command changes the name of a DiffServ policy. The s the name of an <policyname> i existing DiffServ class. The parameter is a case-sensitive alphanumeric <newpolicyname> string from 1 to 31 characters uniquely identifying the policy. Format policy-map rename <policyname>...
5 Quality of Service (QoS) Commands show diffserv This command displays the DiffServ General Status Group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. This command takes no options. Format show diffserv Mode...
5 Quality of Service (QoS) Commands Direction The traffic direction of this interface service. Operational Status The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface in the indicated direction. Policy Details Attached policy details, whose content is identical to that described for the show policy-map command (content not repeated here for...
5 Quality of Service (QoS) Commands mac access-list extended rename This command changes the name of a MAC Access Control List (ACL). The <name> parameter is the name of an existing MAC ACL. The parameter is a case-sensitive <newname> alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list. This command fails if a MAC ACL by the name already exists.
The following rules apply to IP ACLs: • D-Link Unified Wired/Wireless Access System software does not support IP ACL config- uration for IP packet fragments. • The maximum number of ACLs you can create is 100, regardless of type.
5 Quality of Service (QoS) Commands Format no access-list <accesslistnumber> Mode Global Config ip access-group This command attaches a specified IP ACL to one interface or to all interfaces. An optional sequence number may be specified to indicate the order of this IP access list relative to other IP access lists already assigned to this interface and direction.
Clear commands clear some or all of the settings to factory defaults. Power Over Ethernet Commands This section describes the Power over Ethernet (PoE) commands available in the D-Link Unified Wired/Wireless Access System CLI. When a port starts or stops delivering power to a connected device, there will NOTE: be a trap indicating the change.
6 Utility Commands Format no poe usagethreshold Mode Global Config show poe This command displays the total power available, the total power consumed in the system, and the globally set usage threshold. Format show poe Mode Privileged EXEC Total Power Available Amount of power available, in watts. Total Power Consumed Power consumed, in watts.
CLI Command Reference Dual Image Commands D-Link Unified Wired/Wireless Access System software supports a dual image feature that allows the switch to have two software images in the permanent storage. You can specify which image is the active image to be loaded in subsequent reboots. This feature allows reduced down-time when you upgrade or downgrade the software.
6 Utility Commands System Information and Statistics Commands This section describes the commands you use to view information about system features, components, and configurations. show arp switch This command displays the contents of the IP stack’s Address Resolution Protocol (ARP) table.
6 Utility Commands Collisions Frames The best estimate of the total number of collisions on this Ethernet seg- ment. Time Since Counters Last Cleared The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were last cleared. The display parameters, when the argument is “switchport”...
Page 261
6 Utility Commands Packets RX and TX 1523-2047 Octets - The total number of packets received and transmitted that were between 1523 and 2047 octets in length inclusive (excluding framing bits, but including FCS octets) and were other- wise well formed. Packets RX and TX 2048-4095 Octets - The total number of packets received that were between 2048 and 4095 octets in length inclusive (exclud- ing framing bits, but including FCS octets) and were otherwise well formed.
Page 263
6 Utility Commands Packets Transmitted 512-1023 Octets - The total number of packets (includ- ing bad packets) received that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets). Packets Transmitted 1024-1518 Octets - The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
Page 265
6 Utility Commands If you use the keyword, the following information appears: switchport Octets Received The total number of octets of data received by the processor (excluding framing bits but including FCS octets). Total Packets Received Without Error The total number of packets (including broadcast packets and multicast packets) received by the processor.
6 Utility Commands GMRP Learned—The value of the corresponding was learned via GMRP and applies to Multicast. Other—The value of the corresponding instance does not fall into one of the other categories. If you enter the parameter, in addition to the MAC Address and interface <slot/port>...
Format no logging buffered wrap Mode Privileged EXEC logging cli-command This command enables the CLI command logging feature, which enables the D-Link Unified Wired/Wireless Access System software to log all CLI commands issued on the system. Default enabled Format logging cli-command...
6 Utility Commands Format no logging syslog Mode Global Config show logging This command displays logging configuration information. Format show logging Mode Privileged EXEC Logging Client Local Port Port on the collector/relay to which syslog messages are sent. CLI Command Logging Shows whether CLI Command logging is enabled. Console Logging Shows whether console logging is enabled.
6 Utility Commands clear counters This command clears the statistics for a specified for all the ports, or for the <slot/port>, entire switch based upon the argument. Format clear counters {<slot/port> | all} Mode Privileged EXEC clear igmpsnooping This command clears the tables managed by the IGMP Snooping function and attempts to delete these entries from the Multicast Forwarding Database.
6 Utility Commands copy command uploads and downloads files to and from the switch. You can also use the copy copy command to manage the dual images ( ) on the file system. Upload image1 image2 and download files from a server by using TFTP or Xmodem. Format copy <source>...
6 Utility Commands Format show key-features Modes Privileged EXEC User EXEC Function This is the name of the keyable component or feature. Status Enabled or disabled. Simple Network Time Protocol (SNTP) Commands This section describes the commands you use to automatically configure the system time and date by using SNTP.
6 Utility Commands no sntp unicast client poll-retry This command will reset the poll retry for SNTP unicast clients to its default value. Format no sntp unicast client poll-retry Mode Global Config sntp multicast client poll-interval This command will set the poll interval for SNTP multicast clients in seconds as a power of two where can be a value from 6 to 16.
6 Utility Commands DHCP Server Commands This section describes the commands you to configure the DHCP server settings for the switch. DHCP uses UDP as its transport protocol and supports a number of features that facilitate in administration address allocations. ip dhcp pool This command configures a DHCP address pool name on a DHCP server and enters DHCP pool configuration mode.
6 Utility Commands Default ethernet Format hardware-address <hardwareaddress> <type> Mode DHCP Pool Config no hardware-address This command removes the hardware address of the DHCP client. Format no hardware-address Mode DHCP Pool Config host This command specifies the IP address and network mask for a manual binding to a DHCP client.
6 Utility Commands netbios-name-server This command configures NetBIOS Windows Internet Naming Service (WINS) name servers that are available to DHCP clients. One IP address is required, although one can specify up to eight addresses in one command line. Servers are listed in order of preference (address1 is the most preferred server, address2 is the next most preferred server, and so on).
6 Utility Commands ip dhcp ping packets Use this command to specify the number, in a range from 2-10, of packets a DHCP server sends to a pool address as part of a ping operation. By default the number of packets sent to a pool address is 2, which is the smallest allowed number when sending packets.
6 Utility Commands IP address The IP address of the client. Hardware Address The MAC Address or the client identifier. Lease expiration The lease expiration time of the IP address assigned to the client. Type The manner in which IP address was assigned to the client. show ip dhcp global configuration This command displays address bindings for the specific IP address on the DHCP server.
6 Utility Commands responses received on a trusted port are forwarded. Make sure that all other ports are untrusted so that any DHCP (or BootP) responses received are discarded. You can configure DHCP filtering on physical ports and LAGs. DHCP filtering is not operable on VLAN interfaces.
Management Commands This chapter describes the management commands available in the D-Link Unified Wired/ Wireless Access System CLI. The Management Commands chapter contains the following sections: • “Network Interface Commands” on page 293 • “Console Port Access Commands” on page 297 •...
7 Management Commands • Bit 7 of byte 0 (called the I/G bit) indicates whether the destination address is an individ- ual address (b'0') or a group address (b'1'). • The second character, of the twelve character macaddr, must be 2, 6, A or E. A locally administered address must have bit 6 On (b'1') and bit 7 Off (b'0').
7 Management Commands Console Port Access Commands This section describes the commands you use to configure the console port. You can use a serial cable to connect a management host directly to the console port of the switch. configuration This command gives you access to the Global Config mode. From the Global Config mode, you can configure a variety of system settings, including user accounts.
7 Management Commands Format no ip telnet server enable Mode Privileged EXEC telnet This command establishes a new outbound Telnet connection to a remote host. The host value must be a valid IP address. Valid values for port should be a valid decimal integer in the range of 0 to 65535, where the default value is 23.
7 Management Commands no telnetcon maxsessions This command sets the maximum number of Telnet connection sessions that can be established to the default value. Format no telnetcon maxsessions Mode Privileged EXEC telnetcon timeout This command sets the Telnet connection session timeout value, in minutes. A session is active as long as the session has not been idle for the value set.
7 Management Commands ip ssh server enable This command enables the IP secure shell server. Default disabled Format ip ssh server enable Mode Privileged EXEC no ip ssh server enable This command disables the IP secure shell server. Format no ip ssh server enable Mode Privileged EXEC sshcon maxsessions...
7 Management Commands no ip http secure-server This command is used to disable the secure socket layer for secure HTTP. Format no ip http secure-server Mode Privileged EXEC ip http secure-port This command is used to set the SSL port where port can be 1-65535 and the default is port 443.
Shows the type of session, which can be telnet, serial, or SSH. User Account Commands This section describes the commands you use to add, manage, and delete system users. D-Link Unified Wired/Wireless Access System software has two default users: admin and guest. The admin user can view and configure system settings, and the guest user can view settings.
7 Management Commands same case you used when you added the user. To see the case of the <user- , enter the command. name> show users Format users name <username> Mode Global Config no users name This command removes a user account. Format no users name <username>...
7 Management Commands as the snmpv3 encryption password, so it must be a minimum of eight characters. If you select , you do not need to provide a key. none value is the login user name associated with the specified encryption. You <username>...
7 Management Commands Format no snmp-server community ipaddr <name> Mode Global Config snmp-server community ipmask This command sets a client IP mask for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP address value to denote a range of IP addresses from which SNMP clients may use that community to access the device.
7 Management Commands This command may not be available on all platforms. NOTE: Default enabled Format snmp-server enable traps bcaststorm Mode Global Config no snmp-server enable traps bcaststorm This command disables the broadcast storm trap. When enabled, broadcast storm traps are sent only if the broadcast storm recovery mode setting associated with the port is enabled.
7 Management Commands snmptrap ipaddr This command assigns an IP address to a specified community name. The maximum length of name is 16 case-sensitive alphanumeric characters. IP addresses in the SNMP trap receiver table must be unique. If you make NOTE: multiple entries using the same IP address, the first entry is retained and pro- cessed.
7 Management Commands Format show snmptrap Mode Privileged EXEC SNMP Trap Name The community string of the SNMP trap packet sent to the trap manager. The string is case sensitive and can be up to 16 alphanumeric characters. IP Address The IP address to receive SNMP traps from this device.
7 Management Commands no radius server host This command is used to remove the configured RADIUS authentication server or the RADIUS accounting server. If the 'auth' token is used, the previously configured RADIUS authentication server is removed from the configuration. Similarly, if the 'acct' token is used, the previously configured RADIUS accounting server is removed from the configuration.
7 Management Commands no radius server timeout This command sets the timeout value to the default value. Format no radius server timeout Mode Global Config authorization network radius Use this command to allow the switch to accept VLAN assignment by the RADIUS server. Default disabled Format...
7 Management Commands show radius statistics This command is used to display the statistics for RADIUS or configured server. To show the configured RADIUS server statistic, the IP address specified must match that of a previously configured RADIUS server. On execution, the following fields are displayed. Format show radius statistics [<ipaddr>] Mode...
7 Management Commands tacacs-server timeout Use the command to set the timeout value for communication with tacacs-server timeout the TACACS+ servers. The parameter has a range of 1-30 and is the timeout value <timeout> in seconds. Default Format tacacs-server timeout <timeout> Mode Global Config no tacacs-server timeout...
7 Management Commands The following lines show an example of a script: ! Script file for displaying management access show telnet !Displays the information about remote connections ! Display information about direct connections show serial ! End of the script file! To specify a blank password for a user in the configuration script, you must NOTE: specify it as a space within quotes.