Page 2 Reproduction in any manner whatsoever without the written permission of D-Link Computer Corporation is strictly forbidden. Trademarks used in this text: D-Link and the D-Link logo are trademarks of D-Link Computer Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation.
Page 3 EVISION ISTORY Revision Date Change Description Release 2.1 01/31/08 Added : • “dot1x guest-vlan” on page 74 • “dot1x guest-vlan supplicant” on page 74 • “tunnel-mtu” on page 145 • “show wireless tunnel-mtu” on page 149 • “station-isolation” on page 175 •...
Page 5: Table Of Contents
Table of Contents Table of Contents List of Tables ......... . 23 About This Book .
Page 7 Table of Contents show dot1q-tunnel ..........show dvlan-tunnel .
Page 9 Table of Contents set igmp groupmembership-interval ....... . set igmp maxresponse ......... . . set igmp mcrtrexpiretime .
Page 11 Table of Contents show ip vrrp interface stats ........show ip vrrp.
Page 13 Table of Contents Access Point Profile Commands ....... . ap profile ........... . name .
Page 15 Table of Contents name ............protocol .
Page 17 Table of Contents policy-map rename ..........DiffServ Service Commands .
Page 19 Table of Contents client-identifier ..........client-name .
Page 21 Table of Contents snmp-server enable traps violation ....... . snmp-server enable traps ........snmp-server enable traps bcaststorm .
Page 23: List Of Tables
List of Tables List of Tables Table 1. Parameter Conventions ........28 Table 2.
Page 25: About This Book
This document describes command-line interface (CLI) commands you use to view and configure D-Link Unified Wired/Wireless Access System. You can access the CLI by using a direct connection to the serial port or by using telnet or SSH over a remote network connection.
Page 27: Using The Command-Line Interface
Using the Command-Line Interface The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH. This chapter describes the CLI syntax, conventions, and modes.
Page 28: Command Conventions
Common Parameter Values Parameter values might be names (strings) or numbers.To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 29: Slot/Port Naming Convention
Slot/Port Naming Convention D-Link Unified Wired/Wireless Access System software references physical entities such as cards and ports by using a slot/port naming convention. The D-Link Unified Wired/Wireless Access System software also uses this convention to identify certain logical entities, such as Port-Channel interfaces.
Page 30: Using The "No" Form Of A Command
Command Modes The CLI groups commands into modes according to the command function. Each of the command modes supports specific D-Link Unified Wired/Wireless Access System software commands. The commands in one mode are not available until you switch to that particular mode, with the exception of the User EXEC mode commands.
Page 31: Table 5. Cli Command Modes
1 Using the Command-Line Interface Table 5. CLI Command Modes Command Prompt Mode Description Mode Contains a limited set of com- User EXEC Switch> mands to view basic system information. Privileged EXEC Allows you to issue any Switch# EXEC command, enter the VLAN mode, or enter the Global Con- figuration mode.
Page 32: Table 6. Cli Mode Access And Exit
<id> Line Config From the Global Config mode, enter To exit to the Global Config mode, enter . To return to the Privileged lineconfig exit EXEC mode, enter Ctrl-Z. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 33 1 Using the Command-Line Interface Table 6. CLI Mode Access and Exit Command Access Method Exit or Access Previous Mode Mode Policy-Map From the Global Config mode, enter To exit to the Global Config mode, Config enter . To return to the Privileged policy-map exit EXEC mode, enter Ctrl-Z.
Page 34: Command Completion And Abbreviation
Ctrl-B Go backward one character Ctrl-D Delete current character Ctrl-U, X Delete to beginning of line Ctrl-K Delete to end of line Ctrl-W Delete previous word Ctrl-T Transpose previous character © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 35: Using Cli Help
1 Using the Command-Line Interface Table 8. CLI Editing Conventions Key Sequence Description Ctrl-P Go to previous line in history buffer Ctrl-R Rewrites or pastes the line Ctrl-N Go to next line in history buffer Ctrl-Y Prints last deleted character Ctrl-Q Enables serial flow Ctrl-S...
Page 36: Accessing The Cli
You can set the network configuration information manually, or you can configure the system to accept these settings from a BOOTP or DHCP server on your network. For more information, see “Network Interface Commands” on page 293. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 37: Switching Commands
Switching Commands This chapter describes the switching commands available in the D-Link Unified Wired/ Wireless Access System CLI. The Switching Commands chapter includes the following sections: • “Port Configuration Commands” on page 38 • “Spanning Tree Protocol (STP) Commands” on page 41 •...
Page 38: Port Configuration Commands
This command disables automatic negotiation on all ports. Format no auto-negotiate all Mode Global Config description Use this command to create an alpha-numeric description of the port. Format description <description> Mode Interface Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 39: Mtu
You can use the command to configure jumbo frame support for physical and port-channel (LAG) interfaces. For the standard D-Link Unified Wired/Wireless Access System implementation, the MTU size is a valid integer between 1522 - 9216 for tagged packets and a valid integer between 1518 - 9216 for untagged packets.
Page 40: Speed
Valid slot and port number separated by forward slashes. Type If not blank, this field indicates that this port is a special type of port. The pos- sible values are: © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 41: Show Port Protocol
2 Switching Commands Mirror - this port is a monitoring port. For more information, see “Port Mir- roring” on page 93. PC Mbr- this port is a member of a port-channel (LAG). Probe - this port is a probe port. Admin Mode The Port control administration state.
Page 42: Spanning-Tree Bpdumigrationcheck
The Configuration Identifier Revision Level is a number in the range of 0 to 65535. Default Format spanning-tree configuration revision <0-65535> Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 43: Spanning-Tree Edgeport
2 Switching Commands no spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value. Format no spanning-tree configuration revision Mode Global Config spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree.
Page 44: Spanning-Tree Hello-Time
Global Config no spanning-tree max-age This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value. Format no spanning-tree max-age Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 45: Spanning-Tree Max-Hops
2 Switching Commands spanning-tree max-hops This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. The max-hops value is a range from 1 to 127. Default Format spanning-tree max-hops <1-127> Mode Global Config no spanning-tree max-hops This command sets the Bridge Max Hops parameter for the common and internal spanning...
Page 46: Spanning-Tree Mst Instance
0 to 61440. The twelve least significant bits are masked according to the 802.1s specification. This causes the priority to be rounded down to the next lower valid priority. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 47: Spanning-Tree Mst Vlan
2 Switching Commands Default 32768 Format spanning-tree mst priority <mstid> <0-61440> Mode Global Config no spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance to the is a number that corresponds to the desired existing default value.
Page 48: Spanning-Tree Port Mode All
Configured value of the parameter for the CST. Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs) Bridge Max Hops Bridge max-hops count for the device. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 49: Show Spanning-Tree Brief
2 Switching Commands CST Regional Root Bridge Identifier of the CST Regional Root. It is made up using the bridge priority and the base MAC address of the bridge. Regional Root Path Cost Path Cost to the CST Regional Root. Associated FIDs List of forwarding database identifiers currently associated with this instance.
Page 50: Show Spanning-Tree Mst Port Detailed
Port Priority The priority of the port within the CST. Port Forwarding State The forwarding state of the port within the CST. Port Role The role of the specified interface within the CST. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 51: Show Spanning-Tree Mst Port Summary
2 Switching Commands Port Path Cost The configured path cost for the specified interface. Designated Root Identifier of the designated root for this port within the CST. Designated Port Cost Path Cost offered to the LAN by the Designated Port. Designated Bridge The bridge containing the designated port Designated Port Identifier Port on the Designated Bridge that offers the lowest cost to the Topology Change Acknowledgement Value of flag in next Configuration Bridge Protocol...
Page 52: Show Spanning-Tree Summary
Associated Instance Identifier for the associated multiple spanning tree instance or “CST” if associated with the common and internal spanning tree. VLAN Commands This section describes the commands you use to configure VLAN settings. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 53: Vlan Database
2 Switching Commands vlan database This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics. Format vlan database Mode Privileged EXEC network mgmt_vlan This command configures the Management VLAN ID. Default Format network mgmt_vlan <1-3965> Mode Privileged EXEC no network mgmt_vlan...
Page 54: Vlan Ingressfilter
<2-3965> <name> Mode VLAN Config no vlan name This command sets the name of a VLAN to a blank string. Format no vlan name <2-3965> Mode VLAN Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 55: Vlan Participation
2 Switching Commands vlan participation This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number Format vlan participation {exclude | include | auto} <1-3965> Mode Interface Config Participation options are:...
Page 56: Vlan Port Ingressfilter All
If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Format vlan port tagging all <1-3965> © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 57: Vlan Protocol Group
The possible values for protocol are ip, arp, D-Link Unified Wired/Wireless Access System software supports IPv4 proto- NOTE: col-based VLANs.
Page 58: Protocol Group
If adding an interface to a group causes any conflicts with protocols currently associated with the group, this command will fail and the interface(s) will not be added to the group. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 59: Vlan Pvid
2 Switching Commands You should create the referenced VLAN before you create the protocol-based VLAN except when you configure GVRP to create the VLAN. Default none Format protocol vlan group all <groupid> Mode Global Config no protocol vlan group all This command removes all interfaces from this protocol-based VLAN group that is identified by this <groupid>...
Page 60: Vlan Association Mac
Include - This port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE 802.1Q standard. Exclude - This port is never a member of this VLAN. This is equivalent to registration forbidden in the IEEE 802.1Q standard. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 61: Show Vlan Brief
2 Switching Commands Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard.
Page 62: Show Vlan Association Subnet
This section describes the commands you use to configure double VLAN (DVLAN). Double VLAN tagging is a way to pass VLAN traffic from one customer domain to another through a © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 63: Dvlan-Tunnel Ethertype
2 Switching Commands Metro Core in a simple and cost effective manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving the VLAN identification of the individual customers when they enter their own 802.1Q domain. dvlan-tunnel ethertype This command configures the ether-type for all interfaces.
Page 64: Show Dot1Q-Tunnel
0 to 65535. Provisioning (IEEE 802.1p) Commands This section describes the commands you use to configure provisioning, which allows you to prioritize ports. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 65: Vlan Port Priority All
2 Switching Commands vlan port priority all This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. The range for the priority is 0-7. Any subsequent per port configuration will override this configuration setting. Format vlan port priority all <priority>...
Page 66: Switchport Protected (Interface Config)
. If no port is configured as protected for this group, this <groupid> field is blank. show interfaces switchport This command displays the status of the interface (protected/unprotected) under the groupid. Format show interfaces switchport <slot/port> <groupid> © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 67: Garp Commands
2 Switching Commands Mode User EXEC Privileged EXEC Name A string associated with this group as a convenience. It can be up to 32 alpha- numeric characters long, including blanks. The default is blank. This field is optional. Protected Indicates whether the interface is protected or not. It shows TRUE or FALSE. If the group is a multiple groups then it shows TRUE in Group <groupid>...
Page 68: Set Garp Timer Leaveall
GMRP Admin Mode The administrative mode of GARP Multicast Registration Protocol (GMRP) for the system. GVRP Admin Mode The administrative mode of GARP VLAN Registration Protocol (GVRP) for the system © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 69: Gvrp Commands
2 Switching Commands GVRP Commands This section describes the commands you use to configure and view GARP VLAN Registration Protocol (GVRP) information. GVRP-enabled switches exchange VLAN configuration information, which allows GVRP to provide dynamic VLAN creation on trunk ports and automatic VLAN pruning. If GVRP is disabled, the system does not forward GVRP messages.
Page 70: Gmrp Commands
If GMRP is disabled, the system does not forward GMRP messages. NOTE: set gmrp adminmode This command enables GARP Multicast Registration Protocol (GMRP) on the system. Default disabled Format set gmrp adminmode Mode Privileged EXEC © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 71: Set Gmrp Interfacemode
2 Switching Commands no set gmrp adminmode This command disables GARP Multicast Registration Protocol (GMRP) on the system. Format no set gmrp adminmode Mode Privileged EXEC set gmrp interfacemode This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode) or all interfaces (Global Config mode).
Page 72: Show Mac-Address-Table Gmrp
This section describes the commands you use to configure port-based network access control (802.1x). Port-based network access control allows you to permit access to network services only to and devices that are authorized and authenticated. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 73: Authentication Login
To authenticate a user, the first authentication method in the user’s login (authentication login list) is attempted. D-Link Unified Wired/Wireless Access System software does not utilize multiple entries in the user’s login. If the first entry returns a timeout, the user authentication attempt fails.
Page 74: Clear Radius Statistics
Mode Global Config no dot1x guest-vlan supplicant Use this command to prohibit 802.1x-capable supplicants from accessing the guest VLAN. Format no dot1x guest-vlan supplicant Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 75: Dot1X Initialize
2 Switching Commands dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Format dot1x initialize <slot/port>...
Page 76: Dot1X Port-Control All
This command enables re-authentication of the supplicant for the specified port. Default disabled Format dot1x re-authentication Mode Interface Config no dot1x re-authentication This command disables re-authentication of the supplicant for the specified port. Format no dot1x re-authentication Mode Interface Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 77: Dot1X System-Auth-Control
2 Switching Commands dot1x system-auth-control Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x configuration is retained and can be changed, but is not activated. Default disabled Format dot1x system-auth-control Mode Global Config no dot1x system-auth-control This command is used to disable the dot1x authentication support on the switch.
Page 78: No Dot1X Timeout
CLI, web, and telnet sessions will be blocked until the authentication is complete. Note that the login list associated with the ‘admin’ user can not be changed to prevent accidental lockout from the switch. Format users login <user> <listname> Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 79: Show Authentication
2 Switching Commands show authentication This command displays the ordered authentication methods for all authentication login lists. Format show authentication Mode Privileged EXEC Authentication Login List The authentication login listname. Method 1 The first method in the specified authentication login list, if any. Method 2 The second method in the specified authentication login list, if any.
Page 80 Supplicant Timeout The timer used by the authenticator state machine on this port to time- out the supplicant. The value is expressed in seconds and will be in the range of 1 and 65535. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 81 2 Switching Commands Server Timeout The timer used by the authenticator on this port to timeout the authentication server. The value is expressed in seconds and will be in the range of 1 and 65535. Maximum Requests The maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request/Identity before timing out the supplicant.
Page 82: Show Dot1X Users
The Storm Control feature allows you to limit the rate of specific types of packets through the switch on a per-port, per-type, basis. The Storm Control feature can help maintain network performance. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 83: Storm-Control Broadcast
2 Switching Commands storm-control broadcast Use this command to enable broadcast storm recovery mode for a specific interface. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 84: Storm-Control Broadcast All Level
This command configures the multicast storm recovery threshold in terms of percentage of the interface speed for an interface and enables multicast storm recovery mode. If the mode is © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 85: Storm-Control Multicast All
2 Switching Commands enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold. Default Format storm-control multicast level <0-100>...
Page 86: Storm-Control Unicast
This command sets the unicast storm recovery threshold to the default value for an interface and disables unicast storm recovery. Format no storm-control unicast level Mode Interface Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 87: Storm-Control Unicast All
2 Switching Commands storm-control unicast all This command enables unicast storm recovery mode for all interfaces. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 88: Show Storm-Control
If you configure the maximum number of dynamic port-channels (LAGs) that NOTE: your platform supports, additional port-channels that you configure are auto- matically static. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 89: Port-Channel
2 Switching Commands port-channel This command configures a new port-channel (LAG) and generates a logical slot/port number for the port-channel. The field is a character string which allows the dash “-” character <name> as well as alphanumeric characters. Use the command to display the slot/ show port channel port number for the logical interface.
Page 90: Port-Channel Static
Format port lacpmode all Mode Global Config no port lacpmode all This command disables Link Aggregation Control Protocol (LACP) on all ports. Format no port lacpmode all Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 91: Port Lacptimeout (Interface Config)
2 Switching Commands port lacptimeout (Interface Config) This command sets the timeout on a physical interface of a particular device type (actor or partner) to either long or short timeout. Default long Format port lacptimeout {actor | partner} {long | short} Mode Interface Config no port lacptimeout...
Page 92: Port-Channel Linktrap
LACP Device Type/Timeout The timeout (long or short) for the type of device (actor or partner) Mbr Ports The members of this port-channel. Active Ports The ports that are actively participating in the port-channel. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 93: Show Port-Channel
2 Switching Commands show port-channel This command displays an overview of all port-channels (LAGs) on the switch. Format show port-channel {<logical slot/port> | all} Modes Privileged EXEC User EXEC Logical Interface Valid slot and port number separated by forward slashes. Port-Channel Name The name of this port-channel (LAG).
Page 94: No Monitor
Use the parameter to disable the administrative mode of the session. mode Since the current version of D-Link Unified Wired/Wireless Access System NOTE: software only supports one session, if you do not supply optional parameters, the behavior of this command is similar to the behavior of the no monitor command.
Page 95: Static Mac Filtering
2 Switching Commands The port, which is configured as mirrored port (source port) for the session Source Port identified with . If no source port is configured for the ses- <session-id> sion then this field is blank. D irection in which source port configured for port mirroring.Types are tx Type for transmitted packets and rx for receiving packets.
Page 96: Macfilter Addsrc All
The format is 6 or 8 two-digit hexadecimal numbers that are sep- arated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 97: Igmp Snooping Configuration Commands
(Flt:). IGMP Snooping Configuration Commands This section describes the commands you use to configure IGMP snooping. D-Link Unified Wired/Wireless Access System software supports IGMP Versions 1, 2, and 3. The IGMP snooping feature can help conserve bandwidth because it allows the switch to forward IP multicast traffic only to connected hosts that request multicast traffic.
Page 98: Set Igmp Interfacemode
This command disables IGMP Snooping fast-leave admin mode on a selected interface. Format no set igmp fast-leave Modes Interface Config Format no set igmp fast-leave <vlan_id> Mode VLAN Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 99: Set Igmp Groupmembership-Interval
2 Switching Commands set igmp groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN, one interface or all interfaces. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.
Page 100: Set Igmp Mcrtrexpiretime
This command configures the interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 101: Show Igmpsnooping
2 Switching Commands Default disabled Format set igmp mrouter interface Mode Interface Config no set igmp mrouter interface This command disables the status of the interface as a statically configured multicast router interface. Format no set igmp mrouter interface Mode Interface Config show igmpsnooping This command displays IGMP Snooping information.
Page 102: Show Igmpsnooping Mrouter Interface
The type of the entry, which is either static (added by the user) or dynamic (added to the table as a result of a learning process or protocol). Description The text description of this multicast table entry. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 103: Port Security Commands
2 Switching Commands Interfaces The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). Port Security Commands This section describes the command you use to configure Port Security on the switch. Port security, which is also known as port MAC locking, allows you to secure the network by locking allowable MAC addresses on a given port.
Page 104: Port-Security Max-Static
Admin Mode Port Locking mode for the entire system. This field displays if you do not sup- ply any parameters. For each interface, or for the interface you specify, the following information appears: Admin Mode Port Locking mode for the Interface. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 105: Show Port-Security Dynamic
2 Switching Commands Dynamic Limit Maximum dynamically allocated MAC Addresses. Static Limit Maximum statically allocated MAC Addresses. Violation Trap Mode Whether violation traps are enabled. show port-security dynamic This command displays the dynamically locked MAC addresses for the port. Format show port-security dynamic <slot/port>...
Page 106: Lldp Receive
TLV. To configure the system name, see See “snmp-server” on page 310. Use sys-desc transmit the system description TLV. Use to transmit the system capabilities TLV. sys-cap © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 107: Lldp Transmit-Mgmt
2 Switching Commands to transmit the port description TLV. To configure the port description, see See port-desc “description” on page 38. Default no optional TLVs are included Format lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc] Mode Interface Config no lldp transmit-tlv Use this command to remove an optional TLV from the LLDPDUs.
Page 108: Lldp Notification-Interval
Notification Interval How frequently the system sends remote data change notifications, in seconds. show lldp interface Use this command to display a summary of the current LLDP configuration for a specific interface or for all interfaces. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 109: Show Lldp Statistics
2 Switching Commands Format show lldp interface {<slot/port> | all} Mode Privileged EXEC. Interface The interface in a slot/port format. Link Shows whether the link is up or down. Transmit Shows whether the interface transmits LLDPDUs. Receive Shows whether the interface receives LLDPDUs. Notify Shows whether the interface sends remote data change notifications.
Page 110: Show Lldp Remote-Device
LLDPDU should be treated as valid information. show lldp local-device Use this command to display summary information about the advertised LLDP local data. This command can display summary information or detail for each interface. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 111: Show Lldp Local-Device Detail
This section describes the commands you use to configure Denial of Service (DoS) Control. D-Link Unified Wired/Wireless Access System software provides support for classifying and blocking specific types of Denial of Service attacks. You can configure your system to monitor and block six types of attacks: •...
Page 112: Dos-Control Sipdip
Denial of Service prevention is active for this type of attack. If packets ingress having IP Fragment Offset equal to one (1), the packets will be dropped if the mode is enabled. Default disabled Format dos-control tcpfrag Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 113: Dos-Control Tcpflag
2 Switching Commands no dos-control tcpfrag This command disabled TCP Fragment Denial of Service protection. Format no storm-control broadcast all Mode Global Config dos-control tcpflag This command enables TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attacks.
Page 114: Dos-Control Icmp
This command configures the forwarding database address aging timeout in seconds. The parameter must be within the range of 10 to 1,000,000 seconds. <seconds> Default Format bridge aging-time <10-1,000,000> Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 115: Show Forwardingdb Agetime
2 Switching Commands no bridge aging-time This command sets the forwarding database address aging timeout to the default value. Format no bridge aging-time Mode Global Config show forwardingdb agetime This command displays the timeout for address aging. In an IVL system, the [fdbid | all] parameter is required.
Page 116: Show Mac-Address-Table Stats
Most MFDB Entries Ever Used The largest number of entries that have been present in the Multicast Forwarding Database table. This value is also known as the MFDB high-water mark. Current Entries The current number of entries in the MFDB. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 117: Routing Commands
Routing Commands This chapter describes the routing commands available in the D-Link Unified Wired/Wireless Access System CLI. The Routing Commands chapter contains the following sections: • “Address Resolution Protocol (ARP) Commands” on page 117 • “IP Routing Commands” on page 121 •...
Page 118: Ip Proxy-Arp
Mode Global Config arp dynamicrenew This command enables the ARP component to automatically renew dynamic ARP entries when they age out. Default enabled Format arp dynamicrenew Mode Privileged EXEC © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 119: No Arp Dynamicrenew
3 Routing Commands no arp dynamicrenew This command prevents dynamic ARP entries from renewing when they age out. Format no arp dynamicrenew Mode Privileged EXEC arp purge This command causes the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command.
Page 120: Arp Timeout
Total Entry Count Current / Peak The total entries in the ARP table and the peak entry count in the ARP table. Static Entry Count Current / Max The static entry count in the ARP table and maximum static entry count in the ARP table. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 121: Show Arp Brief
3 Routing Commands The following are displayed for each ARP entry. IP Address The IP address of a device on a subnet attached to an existing routing inter- face. MAC Address The hardware MAC address of that device. Interface The routing slot/port associated with the device ARP entry. Type The type that is configurable.
Page 122: Routing
IP <ipaddr> address of the interface. The value for is a 4-digit dotted-decimal number <subnetmask> which represents the Subnet Mask of the interface. Format no ip address <ipaddr> <subnetmask> [secondary] © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 123: Ip Route
3 Routing Commands Mode Interface Config ip route This command configures a static route. The parameter is a valid IP address, and <ipaddr> is a valid subnet mask. The parameter is a valid IP address of the <subnetmask> <nexthopip> next hop router. The optional parameter is an integer (value from 1 to 255) that <preference>...
Page 124: Ip Route Distance
This command sets the IP Maximum Transmission Unit (MTU) on a routing interface. The IP MTU is the size of the largest IP packet that can be transmitted on the interface without fragmentation. D-Link Unified Wired/Wireless Access System software currently does not fragment IP packets.
Page 125: Encapsulation
3 Routing Commands • Packets forwarded in software are dropped if they exceed the IP MTU of the outgoing interface. Packets originated on the router may be fragmented by the IP stack. The IP stack uses its default IP MTU and ignores the value set using the ip mtu command. The IP MTU size refers to the maximum size of the IP packet (IP Header + IP NOTE: payload).
Page 126: Show Ip Interface
Encapsulation Type The encapsulation type for the specified interface. The types are: Ether- net or SNAP. IP MTU The maximum transmission unit (MTU) size of a frame, in bytes. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 127: Show Ip Interface Brief
3 Routing Commands Example: show ip interface (r2) #show ip interface 0/2 Routing Configuration......Enable Interface Configuration Status....Enable Forward Net Directed Broadcasts....Disable Proxy ARP........Enable Local Proxy ARP........ Disable Active State........Active Link Speed Data Rate......100 Full MAC Address........
Page 128: Show Ip Route Summary
Lower router preference values are preferred over higher router preference values. A route with a preference of 255 cannot be used to forward traffic. Format show ip route preferences Modes Privileged EXEC © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 129: Show Ip Stats
3 Routing Commands User EXEC Local The local route preference value. Static The static route preference value. OSPF Intra The OSPF Intra route preference value. OSPF Inter The OSPF Inter route preference value. OSPF Ext T1 The OSPF External Type-1 route preference value. OSPF Ext T2 The OSPF External Type-2 route preference value.
Page 130: Virtual Router Redundancy Protocol Commands
Use this command in Interface Config mode to delete the virtual router associated with the interface. The virtual Router ID, , is an integer value that ranges from 1 to 255. <vrid> © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 131: Ip Vrrp Mode
3 Routing Commands Format no ip vrrp <vrid> Mode Interface Config ip vrrp mode This command enables the virtual router configured on the specified interface. Enabling the status field starts a virtual router. The parameter is the virtual router ID which has an <vrid>...
Page 132: Ip Vrrp Preempt
<vrid> priority <1-254> Mode Interface Config no ip vrrp priority This command sets the default priority value for the virtual router configured on a specified interface. Format no ip vrrp <vrid> priority © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 133: Ip Vrrp Timers Advertise
3 Routing Commands Mode Interface Config ip vrrp timers advertise This command sets the frequency, in seconds, that an interface on the specified virtual router sends a virtual router advertisement. Default Format ip vrrp <vrid> timers advertise <1-255> Mode Interface Config no ip vrrp timers advertise This command sets the default virtual router advertisement value for an interface.
Page 134: Show Ip Vrrp
Pre-Empt Mode The preemption mode configured on the specified virtual router. Administrative Mode The status (Enable or Disable) of the specific router. State The state (Master/backup) of the virtual router. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 135: Show Ip Vrrp Interface Brief
3 Routing Commands show ip vrrp interface brief This command displays information about each virtual router configured on the switch. This command takes no options. It displays information about each virtual router. Format show ip vrrp interface brief Modes Privileged EXEC User EXEC Interface Valid slot and port number separated by forward slashes.
Page 136: Bootpdhcprelay Maxhopcount
This command configures the server IP address for BootP/DHCP Relay on the system. The parameter is an IP address in a 4-digit dotted decimal format. <ipaddr> Default 0.0.0.0 Format bootpdhcprelay serverip <ipaddr> Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 137: No Bootpdhcprelay Serverip
3 Routing Commands no bootpdhcprelay serverip This command configures the default server IP address for BootP/DHCP Relay on the system. Format no bootpdhcprelay serverip Mode Global Config show bootpdhcprelay This command displays the BootP/DHCP Relay information. Format show bootpdhcprelay Modes Privileged EXEC User EXEC Maximum Hop Count The maximum allowable relay agent hops.
Page 139: Wireless Commands
Wireless Commands This chapter describes the CLI commands you use to manage the wireless features on the switch as well as the wireless access points that a switch manages. This chapter contains the following sections: • “Unified Switch Commands” on page 140 •...
Page 140: Unified Switch Commands
Wireless Config code This parameter must identify a valid country code. no country-code version of this command returns the configured country code to the default. Format no country-code Mode Wireless Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 141: Peer-Group
4 Wireless Commands peer-group This command indicates the peer group for this switch. There may be more than one group of peer switches on the same WLAN. A peer group is created by configuring all peers within the group with the same identifier. Default Format peer-group <1-255>...
Page 142: Discovery Vlan-List
This command enables AP authentication. When enabled, all APs are required to authenticate to the Unified Switch using a password upon discovery. Default Disable Format ap authentication Mode Wireless Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 143: Snmp-Server Enable Traps Wireless
4 Wireless Commands no ap authentication version of this command disables AP authentication. APs are not required to authenticate to the Unified Switch upon discovery. Format no ap authentication Mode Wireless Config snmp-server enable traps wireless This command globally enables the Unified Switch SNMP traps. The specific wireless trap groups are configured using the command in Wireless Config Mode.
Page 144: Agetime
AP. Roam-timeout is the time in seconds after disassociation for the entry to be deleted from the managed AP client association database. Default 30 seconds Format client roam-timeout <1-120> Mode Wireless Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 145: Tunnel-Mtu
4 Wireless Commands 1-120 Time in seconds from 1 to 120. no client roam-timeout version of this command returns the configured client age timeout to the default. Format no client roam-timeout Mode Wireless Config tunnel-mtu Use this command to set the Tunnel MTU value. Format tunnel-mtu {1500 | 1520} Mode...
Page 146: Show Wireless Country-Code
This show command displays the configured Unified Switch IP polling list and the polling status for each configured IP address for discovery. Format show wireless discovery ip-list © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 147: Show Wireless Discovery Vlan-List
4 Wireless Commands Mode Privileged EXEC IP Address Shows the IP addresses configured in the L3/IP Discovery List Status Shows the L3 discovery status. Possible values are Not Polled, Unreachable, or Discovered. show wireless discovery vlan-list This show command displays the configured VLAN ID list for L2 discovery. Format show wireless discovery vlan-list Mode...
Page 148: Show Wireless Statistics
Rogue AP Traps Shows whether Rogue AP Traps are enabled. Wireless Status Traps Shows whether Wireless Status Traps are enabled. show trapflags (modified command) The existing D-Link Unified Wired/Wireless Access System show trapflags command is modified to show the global Unified Switch trap configuration. See the command “snmp- server enable traps wireless”...
Page 149: Show Wireless Tunnel-Mtu
4 Wireless Commands Ad Hoc Client Status Age (hours) Shows how long to continue to display an ad hoc client in the status list since it was last detected. AP Failure Status Age (hours) Shows how long to continue to display a failed AP in the sta- tus list since it was last detected.
Page 150: Channel-Plan Interval
The channel plan time in 24 hour time. no channel-plan time version of this command returns the configured channel plan time to the default. Format no channel-plan {a | bg} time Mode Wireless Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 151: Channel-Plan History-Depth
4 Wireless Commands channel-plan history-depth This command configures the number of channel plan history iterations that are maintained for each 802.11a and 802.11b/g frequency band. The number of iterations stored for each channel plan affects channel assignment; the channel algorithm will not assign the same channel to an AP more than once within the number of stored iterations of the channel plan.
Page 152: Wireless Channel-Plan
Format show wireless channel-plan {a | bg} Mode Privileged EXEC Configure channel plan mode for 802.11a. Configure channel plan mode for 802.11b/g. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 153: Show Wireless Channel-Plan History
4 Wireless Commands Channel Plan The channel plan type or mode, managed AP radios operating in the specified mode will be considered for this channel plan. Channel Plan Mode The frequency for automatic channel planning manual, fixed time, or interval. If the mode is manual, the channel algorithm will not run unless you request it.
Page 154: Show Wireless Power-Plan
Current Power The current transmit power on the managed AP radio. New Power The new transmit power computed by the power algorithm. Peer Unified Switch Commands The commands in this section provide peer Unified Switch status. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 155: Show Wireless Peer-Switch
4 Wireless Commands show wireless peer-switch This command displays status information for peer Unified Switches. If no parameters are entered, the command will display summary status for all peer switches. If a peer switch IP address is entered, detailed status for that peer switch is displayed. Format show wireless peer-switch [<ipaddr>] Mode...
Page 156: Mode (Ap Config Mode)
CLI prompts you to enter a password that is between 8-63 alphanumeric characters. Default The default password is blank. Format password Mode AP Config no password version of this command deletes the password for the AP. Format no password © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 157: Profile
4 Wireless Commands Mode AP Config profile This command configures the AP profile to be used to configure this AP. The profile configuration is used only if the AP mode is WS Managed. Default 1 - Default Format profile <1-16> Mode AP Config 1-16...
Page 158: Wireless Network Commands
Except for the default Guest Network, the default SSID for each network is ‘Managed SSID’ followed by the unique Network ID. Default Network 1 - Guest Network Network <networkid> – Managed SSID <networkid> © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 159: Vlan (Network Config Mode)
4 Wireless Commands Format < > ssid name Mode Network Config name Service Set Identifier, must be between 1-32 alphanumeric characters. To use spaces in the SSID, use quotes around the name. vlan (Network Config Mode) This command configures the default VLAN ID for the network. If there is no RADIUS server configured or a client is not associated with a VLAN via RADIUS, this is the VLAN assigned.
Page 160: Wep Authentication
WEP shared key authentication and encryption. Default Format wep tx-key <1-4> Mode Network Config A valid WEP key index value. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 161: Mac Authentication
4 Wireless Commands no wep tx-key version of this command sets the WEP transmit key index to its default value. Format no wep tx-key Mode Network Config mac authentication This command enables and configures the mode for client MAC authentication on the network.
Page 162: Radius Server Secret
This configuration only applies when the configured security mode is WPA. Default wpa/wpa2 Format wpa version {wpa [wpa2] | wpa2} Mode Network Config WPA version allowed. wpa2 WPA2 version allowed. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 163: Wpa Ciphers
4 Wireless Commands no wpa versions version of this command configures the supported WPA versions to the default value. Format no wpa versions Mode Network Config wpa ciphers This command configures the WPA cipher suites supported on the network; one or both parameters must be specified.
Page 164: Tunnel Subnet
This command configures the WPA2 pre-authentication timeout for the network. This specifies a timeout after which an AP can delete a pre-authentication that has not been used by the client. Default 0, no timeout © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 165: Wpa2 Pre-Authentication Limit
4 Wireless Commands Format wpa2 pre-authentication timeout <0-1440> Mode Network Config 0-1440 The WPA2 pre-authentication timeout in minutes, where 0 indicates pre- authentications do not timeout on the AP. no wpa2 pre-authentication timeout version of this command sets the WPA2 pre-authentication timeout to its default value. Format no wpa2 pre-authentication timeout Mode...
Page 166: Wpa2 Key-Caching Holdtime
64 bit —ASCII: 5 characters; Hex: 10 characters 128 bit —ASCII: 13 characters; Hex: 26 characters 152 bit —ASCII: 16 characters; Hex: 32 characters. For more information, please see the “Static WEP” table in the D-Link Unified Wired/Wireless Access System WLAN Switching Administrator’s Guide. no wep key version of this command removes the corresponding WEP key configuration.
Page 167: Wep Key Length
4 Wireless Commands number of characters required for a valid WEP key, and therefore changing the WEP key length will reset all keys. Default ASCII Format wep key type {ascii | hex} Mode Network Config ascii Set WEP key type to ASCII. Set WEP key type to hexadecimal.
Page 168 WPA2 Pre-Authentication Timeout If WPA2 pre-authentication is enabled, specifies a tim- eout in minutes after which an AP can delete a pre-authentication that has not been used by the client. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 169: Access Point Profile Commands
4 Wireless Commands WPA2 Key Forwarding Mode If WPA2 encryption is enabled, indicates Dynamic Key For- warding support for roaming WPA2 clients. WPA2 Key Caching Holdtime Length of time a PMK will be cached by an AP after the cli- ent using this PMK has roamed away from this AP.
Page 170: Radius Server Host
Mode AP Profile Config no radius accounting version of this command disables RADIUS accounting mode global to the AP profile. Format no radius accounting Mode AP Profile Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 171: Mac Authentication Action
4 Wireless Commands mac authentication action This command configures the client MAC authentication action for the AP profile. The action indicates what action to take on MAC addresses configured in the MAC authentication list, i.e. if the default action is deny all configured MAC addresses will be denied access. The action is applied to the MAC authentication list configured either locally or on the RADIUS server.
Page 172: Clear (Ap Profile Config Mode)
RADIUS Accounting Mode Indicates if the global RADIUS accounting mode is enabled or disabled for the AP Profile. MAC Authentication Action Indicates the MAC authentication action, allow or deny. Client MAC Address Ethernet address for a client. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 173: Access Point Profile Rf Commands
4 Wireless Commands Access Point Profile RF Commands The commands in this section provide RF configuration per radio interface within an access point profile. radio This command enters the AP profile radio configuration mode. In this mode you can modify the radio configuration parameters for an AP profile.
Page 174: Rf-Scan Sentry
Time duration in milliseconds no rf-scan duration version of this command returns the configured RF scan duration to its default value. Format no rf-scan duration Mode AP Profile Radio Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 175: Station-Isolation
4 Wireless Commands station-isolation Use this command to enable Station Isolation. When Station Isolation is enabled, the AP blocks communication between wireless stations. The AP still allows data traffic between its wireless clients and wired devices on the network, but not among wireless clients. The Station Isolation setting is part of the configuration profile that the switch sends to the Managed AP.
Page 176: Antenna
The command configures the DTIM period for the radio. The DTIM period is the number of beacons between DTIMs. A DTIM is Delivery Traffic Indication Map which indicates there is buffered broadcast or multicast traffic on the AP. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 177: Fragmentation-Threshold
4 Wireless Commands Default 10 Beacons Format dtim-period <1-255> Mode AP Profile Radio Config 1-255 Number of beacons between DTIMs. no dtim-period version of this command configures the DTIM period to the default value. Format no dtim-period Mode AP Profile Radio Config fragmentation-threshold This command configures the fragmentation threshold for the radio.
Page 178: Max-Clients
AP Profile Radio Config power auto This command enables auto power adjustment for the radio. This indicates the AP power assignment can be automatically adjusted by the switch. Default Disabled Format power auto © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 179: Power Default
4 Wireless Commands Mode AP Profile Radio Config no power auto version of this command disables auto power adjustment for the radio. Format no power auto Mode AP Profile Radio Config power default This command configures a power setting for the radio. When auto power adjustment is enabled, this indicates an initial default power setting;...
Page 180: Wmm
If no parameters are entered, load balancing is disabled. Format no load-balance [utilization] Mode AP Profile Radio Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 181: Show Wireless Ap Profile Radio
4 Wireless Commands show wireless ap profile radio This command displays the radio configuration for an AP profile. When you enter the required profile ID, a summary view of the radio configuration is displayed. If you enter a radio index, the radio configuration detail is displayed.
Page 182: Show Wireless Rates
{a | b | g | prime-a | prime-g | turbo-a | turbo-g} Mode Privileged EXEC Mode Indicates the physical layer technology to use on the radio. Valid Rates Indicates data rates valid for the physical mode. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 183: Access Point Profile Qos Commands
4 Wireless Commands Access Point Profile QoS Commands The commands in this section provide QoS configuration per radio interface and QoS queue within an access point profile. qos ap-edca This command configures the downstream traffic flowing from the access point to the client station EDCA queues –...
Page 184: Qos Station-Edca
AP Profile Radio Config 1-255 Arbitration Inter-Frame Spacing duration value in milliseconds cwmin-time Minimum Contention Window value in milliseconds cwmax-time Maximum Contention Window value in milliseconds 0-65535 Transmission Opportunity Limit value in milliseconds © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 185: Show Wireless Ap Profile Qos
4 Wireless Commands no qos station-edca version of this command allows you to reset the chosen queue configuration values for AIFS, Minimum Contention Window, Maximum Contention Window, and Transmission Opportunity Limit. Format no qos station-edca {background | best-effort | video | voice} { aifs | cwmin | cwmax | txop-limit } Mode AP Profile Radio Config...
Page 186: Vap
Unified Switch. This includes views of neighbors within the RF area for each managed AP radio interface. This section also lists commands available via Privileged EXEC mode to control the Switch Managed APs. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 187: Wireless Ap Channel Set
4 Wireless Commands wireless ap channel set This command sets a new channel on the managed AP radio. The channel is not saved in the configuration, it is maintained until the next time the AP is discovered (AP or switch reset). Format wireless ap channel set <macaddr>...
Page 188: Wireless Ap Download Start
This command deletes one or all managed AP entries with a failed status. A failed status indicates the Unified Switch has lost contact with the managed AP. Format clear wireless ap failed [<macaddr>] Mode Privileged EXEC macaddr Managed AP MAC Address © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 189: Clear Wireless Ap Neighbors
4 Wireless Commands clear wireless ap neighbors This command deletes entries from the managed AP client and AP neighbor lists. Note that client neighbor entries added via a client association to the managed AP will not be cleared; these are only removed by the system when a client disassociates. Format clear wireless ap neighbors <macaddr>...
Page 190: Show Wireless Ap Radio Status
Switch IP address. Switch IP DHCP - The managed AP learned the correct Unified Switch IP address through DHCP option 43. L2 Poll Received - The AP was discovered through the D-Link Wireless Device Discovery Protocol. Status The current managed state of the AP. The possible values are: Discovered - The AP is discovered and by the switch, but is not yet authenti- cated.
Page 191: Show Wireless Ap Radio Channel Status
4 Wireless Commands macaddr Switch managed AP MAC address. The radio interface on the AP. MAC Address The Ethernet address of the switch managed AP. Location A location description for the AP, this is the value configured in the valid AP database (either locally or on the RADIUS server).
Page 192: Show Wireless Ap Radio Power Status
Indicates the total number of clients currently associated to the VAP. show wireless ap radio neighbor ap status This command displays the status parameters for each neighbor AP detected through an RF scan on the specified managed AP radio. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 193: Show Wireless Ap Radio Neighbor Client Status
Neighbor AP MAC The Ethernet MAC address of the neighbor AP network, this could be a physical radio interface or VAP MAC address. For D-Link APs, this is always a VAP MAC address. The neighbor AP MAC address may be cross-refer- enced in the RF Scan status.
Page 194: Show Wireless Ap Statistics
WLAN Packets Received The total packets received by the AP on the wireless network. WLAN Bytes Received Total bytes received by the AP on the wireless network. WLAN Packets Transmitted Total packets transmitted by the AP on the wireless network. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 195: Show Wireless Ap Radio Statistics
4 Wireless Commands WLAN Bytes Transmitted Total bytes transmitted by the AP on the wireless network. Ethernet Packets Received Total packets received by the AP on the wired network. Ethernet Bytes Received Total bytes received by the AP on the wired network. Ethernet Multicast Packets Received Total multicast packets received by the AP on the wired network.
Page 196: Show Wireless Ap Radio Vap Statistics
Client Authentication Failures Number of clients that have failed authentication to the VAP. show wireless ap download This command displays global configuration and status for an AP code download request. It does not accept any parameters. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 197: Access Point Failure Status Commands
4 Wireless Commands Format show wireless ap download Mode Privileged EXEC File Name The AP image file name on the TFTP server. File Path The file path on the TFTP server. Server Address The TFTP server IP address. Group Size If a code download request is for all managed APs, the switch processes the request for one group of APs at a time before starting the next group.
Page 198: Rf Scan Access Point Status Commands
AP MAC address detected in RF scan. MAC Address The Ethernet MAC address of the detected AP, this could be a physical radio interface or VAP MAC. For D-Link APs, this is always a VAP MAC address. SSID Service Set ID of the network, this is broadcast in detected beacon frame.
Page 199: Client Association Status And Statistics Commands
4 Wireless Commands Status Indicates the managed status of the AP, whether this is a valid AP known to the switch or a Rogue on the network. The valid values are: WS Managed - The neighbor AP is managed by this switch, the neighbor AP status can be referenced using its base MAC address.
Page 200: Show Wireless Client Statistics
MAC Address The Ethernet address of the client station. Packets Received Total packets received from the client station. Bytes Received Total bytes received from the client station. Packets Transmitted Total packets transmitted to the client station. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 201: Show Wireless Client Neighbor Ap Status
4 Wireless Commands Bytes Transmitted Total bytes transmitted to the client station. Duplicate Packets Received Total duplicate packets received from the client station. Fragmented Packets Received Total fragmented packets received from the client station. Fragmented Packets Transmitted Total fragmented packets transmitted to the client station. Transmit Retry Count Number of times transmits to the client station succeeded after one or more retries.
Page 202: Show Wireless Vap Client Status
This command deletes all entries from the Ad Hoc client list. Entries normally age out according to the configured age time. Format clear wireless client adhoc list © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 203: Show Wireless Client Failure Status
4 Wireless Commands Mode Privileged EXEC show wireless client failure status This command displays the client failure status parameters. Format show wireless client [<macaddr>] failure status Mode Privileged EXEC macaddr Client MAC address. MAC Address The Ethernet address of the client. VAP MAC Address The managed AP VAP Ethernet MAC address on which the client attempted to associate and/or authenticate.
Page 204: Captive Portal Global Commands
Default Format http port <port-num> Mode Captive Portal Config Mode no http port This command removes the specified additional HTTP port. Format http port <port-num> Mode Captive Portal Config Mode © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 205: Statistics Interval
4 Wireless Commands statistics interval Use this command to configure the interval at which statistics are reported to the cluster controller. The variable is the reporting interval, which is a number in the range of <interval> 15-3600 seconds. Default Format statistics interval <interval>...
Page 206: Show Captive-Portal Status
The default captive portal configuration can not be deleted. Format no configuration <cp-id> Mode Captive Portal Config Mode enable (Captive Portal) This command enables a captive portal configuration. Default Enable © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 207: Name
4 Wireless Commands Format [no] enable Mode Captive Portal Instance Mode no enable This command disables a captive portal configuration. Default Enable Format no enable Mode Captive Portal Instance Mode name This command configures the name for a captive portal configuration. The name can contain up to 32 alphanumeric characters.
Page 208: Radius Accounting
URL Redirect Mode is enabled. This command is only available is the redirect mode is enabled. Format redirect-url <url> Mode Captive Portal Instance Mode rate-limit up Use this command to configure the maximum rate at which a client can send data into the network. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 209: Rate-Limit Down
4 Wireless Commands Default Format rate-limit up <rate> Mode Captive Portal Instance Mode Rate Rate in bps. 0 indicates the limit is not enforced. Example: The following shows an example of the command. (Switch)(Config-CP) #rate-limit up 100<cr> no rate-limit up Use this command to set the rate-limit up to the default value.
Page 210: Rate-Limit Output-Octets
After this limit has been reached, the user will be disconnected. If the value is set to 0, then the limit is not enforced. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 211: Session-Timeout
4 Wireless Commands Default Format rate-limit total-octets <bytes> Mode Captive Portal Instance Mode Bytes Total octets in bytes. 0 indicates the limit is not enforced. Example: The following shows an example of the command. (Switch)(Config-CP) #rate-limit total-octets 100<cr> no rate-limit total-octets Use this command to set the rate-limit total-octets to the default value.
Page 212: Intrusion-Threshold
Captive Portal Instance Config Mode no interface This command removes the association between an interface and a captive portal configuration. Format no interface <slot/port> Mode Captive Portal Instance Config Mode © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 213: Block
4 Wireless Commands block This command blocks all traffic for a captive portal configuration. Format block Mode Captive Portal Instance Config Mode no block This command unblocks all traffic for a captive portal configuration. Format no block Mode Captive Portal Instance Config Mode Captive Portal Status Commands Use the commands in this section to view information about the status of one or more captive portal instances.
Page 214: Show Captive-Portal Configuration Status
Redirect URL Specifies the URL to which the newly authenticated client is redirected if the URL Redirect Mode is enabled. show captive-portal configuration locales This command displays locales associated with a specific captive portal configuration. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 215: Captive Portal Client Connection Commands
4 Wireless Commands Format show captive-portal configuration locales Mode Privileged EXEC CP ID Shows the captive portal ID the connected client is using. CP Name Shows the name of the captive portal the connected client is using. Language Code Shows the language code. Local Link Shows the local description.
Page 216: Show Captive-Portal Interface Client Status
Client IP Address Identifies the IP address of the wireless client (if applicable) Protocol Mode Shows the current connection protocol, which is either HTTP or HTTPS Verification Mode Shows the current account type, which is Guest, Local, or RADIUS. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 217: Show Captive-Portal Client Failure Status
4 Wireless Commands CP ID Shows the captive portal ID the connected client is using. CP Name Shows the name of the captive portal the connected client is using. Interface Valid slot and port number separated by forward slashes. Interface Description Describes the interface. User Name Displays the user name (or Guest ID) of the connected client show captive-portal client failure status...
Page 218: Captive Portal Interface Commands
Format show captive-portal interface capability [slot/port] Mode Privileged EXEC Intf Valid slot and port number separated by forward slashes. Intf Description Describes the interface. Type Shows the type of interface. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 219: Captive Portal Local User Commands
4 Wireless Commands Captive Portal Local User Commands Use this command to view and configure captive portal users in the local database. user This command is used to create a local user. The variable is the user ID, which can <user-id>...
Page 220: User Session-Timeout
ID, which can be from 1 to 128 alphanumeric characters. The <bps> variable is the client transmit rate in bits per second (bps). 0 denotes unlimited bandwidth. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 221: User Rate-Limit Down
4 Wireless Commands Default Format user <user-id> rate-limit up <bps> Mode Captive Portal Config Mode Example: The following shows an example of the command. (Switch)(Config-CP) #user 1 rate-limit up 128000<cr> no user rate-limit up This command sets the user rate-limit up to the default value. Format no user <user-id>...
Page 222: User Rate-Limit Output-Octets
This command sets the user rate-limit output-octets to the default value. Format no user <user-id> rate-limit output-octets Mode Captive Portal Config Mode Example: The following shows an example of the command. (Switch)(Config-CP) #no user 1 rate-limit output-octets<cr> © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 223: User Rate-Limit Total-Octets
4 Wireless Commands user rate-limit total-octets Use this command to limit the number of bytes the user is allowed to transmit and receive. The maximum number of octets is the sum of octets transmitted and received. After this limit has been reached, the user will be disconnected.
Page 224: Clear Captive-Portal Users
<group-id> rename <new-group-id> Mode Captive Portal Config Mode Captive Portal Activity Log Commands Use the commands in this section to view or clear the activity log for the captive portals. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 225: Show Captive-Portal Activity-Log
4 Wireless Commands show captive-portal activity-log This command displays the information in the captive portal activity log. Format show captive-portal activity-log Mode Privileged EXEC clear captive-portal activity-log This command deletes all entries from the captive portal activity log. Format clear captive-portal activity-log Mode Privileged EXEC Captive Portal Activity Log Commands...
Page 227: Quality Of Service (Qos) Commands
Quality of Service (QoS) Commands This chapter describes the Quality of Service (QoS) commands available in the D-Link Unified Wired/Wireless Access System CLI. The QoS Commands chapter contains the following sections: • “Class of Service (CoS) Commands” on page 227 •...
Page 228: Classofservice Ip-Dscp-Mapping
Default dot1p Format classofservice trust {dot1p | ip-dscp | ip-precedence | untrusted} Mode Global Config Interface Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 229: No Classofservice Trust
5 Quality of Service (QoS) Commands no classofservice trust This command sets the interface mode to the default value. Format no classofservice trust Modes Global Config Interface Config cos-queue min-bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue.
Page 230: Show Classofservice Dot1P-Mapping
This command displays the current IP DSCP mapping to internal traffic classes for the global configuration settings. Format show classofservice ip-dscp-mapping Mode Privileged EXEC The following information is repeated for each user priority. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 231: Show Classofservice Trust
5 Quality of Service (QoS) Commands IP DSCP The IP DSCP value. Traffic Class The traffic class internal queue identifier to which the IP DSCP value is mapped. show classofservice trust This command displays the current trust mode setting for a specific interface. The <slot/ parameter is optional and is only valid on platforms that support independent per-port port>...
Page 232: Differentiated Services (Diffserv) Commands
This command sets the DiffServ operational mode to active. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, Diffserv services are activated. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 233: Diffserv Class Commands
5 Quality of Service (QoS) Commands Format diffserv Mode Global Config no diffserv This command sets the DiffServ operational mode to inactive. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, Diffserv services are activated.
Page 234: Class-Map Rename
In some cases, each removal of a refclass rule reduces the maximum number of available rules in the class definition by one. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 235: Match Dstip
5 Quality of Service (QoS) Commands no match class-map This command removes from the specified class definition the set of match conditions defined for another class. The is the name of an existing DiffServ class whose match <refclassname> conditions are being referenced by the specified class definition. Format no match class-map <refclassname>...
Page 236: Match Ip Precedence
IANA and is interpreted as an integer from 0 to 255. This command does not validate the protocol number value against the cur- NOTE: rent list defined by IANA. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 237: Match Srcip
5 Quality of Service (QoS) Commands Default none Format match protocol {<protocol-name> | <0-255>} Mode Class-Map Config match srcip This command adds to the specified class definition a match condition based on the source IP address of a packet. The parameter specifies an IP address.
Page 238: Assign-Queue
This command causes the specified policy to create a reference to the class NOTE: definition. The CLI mode is changed to Policy-Class-Map Config when this command is NOTE: successfully executed. Format class <classname> © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 239: Mark Cos
5 Quality of Service (QoS) Commands Mode Policy-Map Config no class This command deletes the instance of a particular class and its defined treatment from the specified policy. is the names of an existing DiffServ class. <classname> This command removes the reference to the class definition for the specified NOTE: policy.
Page 240: Police-Simple
DiffServ policy. This command may be issued at any time. If the policy is currently referenced by one or more interface service attachments, this delete attempt fails. Format no policy-map <policyname> Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 241: Policy-Map Rename
5 Quality of Service (QoS) Commands policy-map rename This command changes the name of a DiffServ policy. The s the name of an <policyname> i existing DiffServ class. The parameter is a case-sensitive alphanumeric <newpolicyname> string from 1 to 31 characters uniquely identifying the policy. Format policy-map rename <policyname>...
Page 242: Diffserv Show Commands
Ref Class Name The name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 243: Show Diffserv
5 Quality of Service (QoS) Commands show diffserv This command displays the DiffServ General Status Group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. This command takes no options. Format show diffserv Mode...
Page 244: Show Diffserv Service
DiffServ Admin Mode The current setting of the DiffServ administrative mode. An attached policy is only in effect on an interface while DiffServ is in an enabled mode. Interface Valid slot and port number separated by forward slashes. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 245: Show Diffserv Service Brief
5 Quality of Service (QoS) Commands Direction The traffic direction of this interface service. Operational Status The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface in the indicated direction. Policy Details Attached policy details, whose content is identical to that described for the show policy-map command (content not repeated here for...
Page 246: Show Service-Policy
<name> Mode Global Config no mac access-list extended This command deletes a MAC ACL identified by from the system. <name> Format no mac access-list extended <name> Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 247: Mac Access-List Extended Rename
5 Quality of Service (QoS) Commands mac access-list extended rename This command changes the name of a MAC Access Control List (ACL). The <name> parameter is the name of an existing MAC ACL. The parameter is a case-sensitive <newname> alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list. This command fails if a MAC ACL by the name already exists.
Page 248: Mac Access-Group
This command removes a MAC ACL identified by from the interface in a given <name> direction. Format no mac access-list <name> in Modes Global Config Interface Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 249: Show Mac Access-Lists
The following rules apply to IP ACLs: • D-Link Unified Wired/Wireless Access System software does not support IP ACL config- uration for IP packet fragments. • The maximum number of ACLs you can create is 100, regardless of type.
Page 250: Table 10. Acl Command Parameters
This command deletes an IP ACL that is identified by the parameter <accesslistnumber> from the system. The range for 1-99 for standard access lists and 100- <accesslistnumber> 199 for extended access lists. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 251: Ip Access-Group
5 Quality of Service (QoS) Commands Format no access-list <accesslistnumber> Mode Global Config ip access-group This command attaches a specified IP ACL to one interface or to all interfaces. An optional sequence number may be specified to indicate the order of this IP access list relative to other IP access lists already assigned to this interface and direction.
Page 252: Show Access-Lists
If the sequence number is not specified by the user, a sequence num- ber that is one greater than the highest sequence number currently in use for this interface and direction is used. Valid range is (1 to 4294967295). © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 253: Utility Commands
Clear commands clear some or all of the settings to factory defaults. Power Over Ethernet Commands This section describes the Power over Ethernet (PoE) commands available in the D-Link Unified Wired/Wireless Access System CLI. When a port starts or stops delivering power to a connected device, there will NOTE: be a trap indicating the change.
Page 254: Poe Priority
Valid values are 0-100 percent. Default Format poe usagethreshold <0-100> Mode Global Config no poe usagethreshold This command resets the usage threshold for all ports to the default © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 255: Show Poe
6 Utility Commands Format no poe usagethreshold Mode Global Config show poe This command displays the total power available, the total power consumed in the system, and the globally set usage threshold. Format show poe Mode Privileged EXEC Total Power Available Amount of power available, in watts. Total Power Consumed Power consumed, in watts.
Page 256: Dual Image Commands
CLI Command Reference Dual Image Commands D-Link Unified Wired/Wireless Access System software supports a dual image feature that allows the switch to have two software images in the permanent storage. You can specify which image is the active image to be loaded in subsequent reboots. This feature allows reduced down-time when you upgrade or downgrade the software.
Page 257: System Information And Statistics Commands
6 Utility Commands System Information and Statistics Commands This section describes the commands you use to view information about system features, components, and configurations. show arp switch This command displays the contents of the IP stack’s Address Resolution Protocol (ARP) table.
Page 258: Show Version
Packets Transmitted Without Error The total number of packets transmitted out of the interface. Transmit Packets Errors The number of outbound packets that could not be transmitted because of errors. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 259: Show Interface Ethernet
6 Utility Commands Collisions Frames The best estimate of the total number of collisions on this Ethernet seg- ment. Time Since Counters Last Cleared The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were last cleared. The display parameters, when the argument is “switchport”...
Page 260 Packets RX and TX 1519-1522 Octets - The total number of packets (including bad packets) received and transmitted that were between 1519 and 1522 octets in length inclusive (excluding framing bits but including FCS octets). © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 261 6 Utility Commands Packets RX and TX 1523-2047 Octets - The total number of packets received and transmitted that were between 1523 and 2047 octets in length inclusive (excluding framing bits, but including FCS octets) and were other- wise well formed. Packets RX and TX 2048-4095 Octets - The total number of packets received that were between 2048 and 4095 octets in length inclusive (exclud- ing framing bits, but including FCS octets) and were otherwise well formed.
Page 262 Packets Transmitted 256-511 Octets - The total number of packets (includ- ing bad packets) received that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets). © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 263 6 Utility Commands Packets Transmitted 512-1023 Octets - The total number of packets (includ- ing bad packets) received that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets). Packets Transmitted 1024-1518 Octets - The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
Page 264 Time Since Counters Last Cleared The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were last cleared. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 265 6 Utility Commands If you use the keyword, the following information appears: switchport Octets Received The total number of octets of data received by the processor (excluding framing bits but including FCS octets). Total Packets Received Without Error The total number of packets (including broadcast packets and multicast packets) received by the processor.
Page 266: Show Mac-Addr-Table
0/1. and is currently used when enabling VLANs for routing. Self—The value of the corresponding instance is the address of one of the switch’s physical interfaces (the system’s own MAC address). © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 267: Show Running-Config
6 Utility Commands GMRP Learned—The value of the corresponding was learned via GMRP and applies to Multicast. Other—The value of the corresponding instance does not fall into one of the other categories. If you enter the parameter, in addition to the MAC Address and interface <slot/port>...
Page 268: Show Tech-Support
This command enables logging to an in-memory log that keeps up to 128 logs. Default disabled; critical when enabled Format logging buffered Mode Global Config no logging buffered This command disables logging to in-memory log. Format no logging buffered Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 269: Logging Buffered Wrap
Format no logging buffered wrap Mode Privileged EXEC logging cli-command This command enables the CLI command logging feature, which enables the D-Link Unified Wired/Wireless Access System software to log all CLI commands issued on the system. Default enabled Format logging cli-command...
Page 270: Logging Host
This command enables syslog logging. The parameter is an integer with a range of <portid> 1-65535. Default disabled Format logging syslog [port <portid>] Mode Global Config no logging syslog This command disables syslog logging. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 271: Show Logging
6 Utility Commands Format no logging syslog Mode Global Config show logging This command displays logging configuration information. Format show logging Mode Privileged EXEC Logging Client Local Port Port on the collector/relay to which syslog messages are sent. CLI Command Logging Shows whether CLI Command logging is enabled. Console Logging Shows whether console logging is enabled.
Page 272: Show Logging Traplogs
When you issue this command, a prompt appears to confirm that the reset should proceed. When you enter , you automatically reset the current configuration on the switch to the default values. It does not reset the switch. Format clear config Mode Privileged EXEC © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 273: Clear Counters
6 Utility Commands clear counters This command clears the statistics for a specified for all the ports, or for the <slot/port>, entire switch based upon the argument. Format clear counters {<slot/port> | all} Mode Privileged EXEC clear igmpsnooping This command clears the tables managed by the IGMP Snooping function and attempts to delete these entries from the Multicast Forwarding Database.
Page 274: Logout
The switch uses the stored configuration to initialize the switch. You are prompted to confirm that the reset should proceed. The LEDs on the switch indicate a successful reset. Format reload Mode Privileged EXEC © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 275: Copy
6 Utility Commands copy command uploads and downloads files to and from the switch. You can also use the copy copy command to manage the dual images ( ) on the file system. Upload image1 image2 and download files from a server by using TFTP or Xmodem. Format copy <source>...
Page 276: Keying For Advanced Features
<key> Format no license advanced <key> Mode Privileged EXEC show key-features This command displays the enabled or disabled status for all keyable features. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 277: Simple Network Time Protocol (Sntp) Commands
6 Utility Commands Format show key-features Modes Privileged EXEC User EXEC Function This is the name of the keyable component or feature. Status Enabled or disabled. Simple Network Time Protocol (SNTP) Commands This section describes the commands you use to automatically configure the system time and date by using SNTP.
Page 278: Sntp Unicast Client Poll-Interval
This command will set the poll retry for SNTP unicast clients to a value from 0 to 10. Default Format sntp unicast client poll-retry <poll-retry> Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 279: Sntp Multicast Client Poll-Interval
6 Utility Commands no sntp unicast client poll-retry This command will reset the poll retry for SNTP unicast clients to its default value. Format no sntp unicast client poll-retry Mode Global Config sntp multicast client poll-interval This command will set the poll interval for SNTP multicast clients in seconds as a power of two where can be a value from 6 to 16.
Page 280: Show Sntp Client
Last Attempt Time Last server attempt time for the specified server. Last Update Status Last server attempt status for the server. Total Unicast Requests Number of requests to the server. Failed Unicast Requests Number of failed requests from server. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 281: Dhcp Server Commands
6 Utility Commands DHCP Server Commands This section describes the commands you to configure the DHCP server settings for the switch. DHCP uses UDP as its transport protocol and supports a number of features that facilitate in administration address allocations. ip dhcp pool This command configures a DHCP address pool name on a DHCP server and enters DHCP pool configuration mode.
Page 282: Default-Router
MAC address of the hardware platform of the client consisting of 6 bytes in dotted hexadecimal format. Type indicates the protocol of the hardware platform. It is 1 for 10 MB Ethernet and 6 for IEEE 802. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 283: Host
6 Utility Commands Default ethernet Format hardware-address <hardwareaddress> <type> Mode DHCP Pool Config no hardware-address This command removes the hardware address of the DHCP client. Format no hardware-address Mode DHCP Pool Config host This command specifies the IP address and network mask for a manual binding to a DHCP client.
Page 284: Network (Dhcp Pool Config)
Default none Format domain-name <domain> Mode DHCP Pool Config no domain-name This command removes the domain name. Format no domain-name Mode DHCP Pool Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 285: Netbios-Name-Server
6 Utility Commands netbios-name-server This command configures NetBIOS Windows Internet Naming Service (WINS) name servers that are available to DHCP clients. One IP address is required, although one can specify up to eight addresses in one command line. Servers are listed in order of preference (address1 is the most preferred server, address2 is the next most preferred server, and so on).
Page 286: Ip Dhcp Excluded-Address
IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Format no ip dhcp excluded-address <lowaddress> [highaddress] Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 287: Ip Dhcp Ping Packets
6 Utility Commands ip dhcp ping packets Use this command to specify the number, in a range from 2-10, of packets a DHCP server sends to a pool address as part of a ping operation. By default the number of packets sent to a pool address is 2, which is the smallest allowed number when sending packets.
Page 288: Ip Dhcp Conflict Logging
This command displays address bindings for the specific IP address on the DHCP server. If no IP address is specified, the bindings corresponding to all the addresses are displayed. Format show ip dhcp binding [<address>] Modes Privileged EXEC User EXEC © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 289: Show Ip Dhcp Global Configuration
6 Utility Commands IP address The IP address of the client. Hardware Address The MAC Address or the client identifier. Lease expiration The lease expiration time of the IP address assigned to the client. Type The manner in which IP address was assigned to the client. show ip dhcp global configuration This command displays address bindings for the specific IP address on the DHCP server.
Page 290: Show Ip Dhcp Server Statistics
To optimize the DHCP filtering feature, configure the port that is connected to an authorized DHCP server on your network as a trusted port. Any DHCP © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 291: Ip Dhcp Filtering
6 Utility Commands responses received on a trusted port are forwarded. Make sure that all other ports are untrusted so that any DHCP (or BootP) responses received are discarded. You can configure DHCP filtering on physical ports and LAGs. DHCP filtering is not operable on VLAN interfaces.
Page 293: Management Commands
Management Commands This chapter describes the management commands available in the D-Link Unified Wired/ Wireless Access System CLI. The Management Commands chapter contains the following sections: • “Network Interface Commands” on page 293 • “Console Port Access Commands” on page 297 •...
Page 294: Serviceport Ip
This command sets locally administered MAC addresses. The following rules apply: • Bit 6 of byte 0 (called the U/L bit) indicates whether the address is universally adminis- tered (b'0') or locally administered (b'1'). © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 295: Network Mac-Type
7 Management Commands • Bit 7 of byte 0 (called the I/G bit) indicates whether the destination address is an individ- ual address (b'0') or a group address (b'1'). • The second character, of the twelve character macaddr, must be 2, 6, A or E. A locally administered address must have bit 6 On (b'1') and bit 7 Off (b'0').
Page 296: Show Serviceport
ServPort Configuration Protocol Current The network protocol used on the last, or current power-up cycle, if any. Burned in MAC Address The burned in MAC address used for in-band connectivity. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 297: Console Port Access Commands
7 Management Commands Console Port Access Commands This section describes the commands you use to configure the console port. You can use a serial cable to connect a management host directly to the console port of the switch. configuration This command gives you access to the Global Config mode. From the Global Config mode, you can configure a variety of system settings, including user accounts.
Page 298: Show Serial
Use this command to disable Telnet access to the system and to disable the Telnet Server Admin Mode. This command closes the Telnet listening port and disconnects all open Telnet sessions. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 299: Telnet
7 Management Commands Format no ip telnet server enable Mode Privileged EXEC telnet This command establishes a new outbound Telnet connection to a remote host. The host value must be a valid IP address. Valid values for port should be a valid decimal integer in the range of 0 to 65535, where the default value is 23.
Page 300: Session-Limit
This command specifies the maximum number of Telnet connection sessions that can be established. A value of 0 indicates that no Telnet connection can be established. The range is 0-5. Default Format telnetcon maxsessions <0-5> Mode Privileged EXEC © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 301: No Telnetcon Maxsessions
7 Management Commands no telnetcon maxsessions This command sets the maximum number of Telnet connection sessions that can be established to the default value. Format no telnetcon maxsessions Mode Privileged EXEC telnetcon timeout This command sets the Telnet connection session timeout value, in minutes. A session is active as long as the session has not been idle for the value set.
Page 302: Show Telnetcon
This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set. Default 1 and 2 Format ip ssh protocol [1] [2] Mode Privileged EXEC © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 303: Ip Ssh Server Enable
7 Management Commands ip ssh server enable This command enables the IP secure shell server. Default disabled Format ip ssh server enable Mode Privileged EXEC no ip ssh server enable This command disables the IP secure shell server. Format no ip ssh server enable Mode Privileged EXEC sshcon maxsessions...
Page 304: Show Ip Ssh
Mode Privileged EXEC ip http secure-server This command is used to enable the secure socket layer for secure HTTP. Default disabled Format ip http secure-server Mode Privileged EXEC © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 305: Ip Http Secure-Port
7 Management Commands no ip http secure-server This command is used to disable the secure socket layer for secure HTTP. Format no ip http secure-server Mode Privileged EXEC ip http secure-port This command is used to set the SSL port where port can be 1-65535 and the default is port 443.
Page 306: Access Commands
Shows the type of session, which can be telnet, serial, or SSH. User Account Commands This section describes the commands you use to add, manage, and delete system users. D-Link Unified Wired/Wireless Access System software has two default users: admin and guest. The admin user can view and configure system settings, and the guest user can view settings.
Page 307: Users Passwd
7 Management Commands same case you used when you added the user. To see the case of the <user- , enter the command. name> show users Format users name <username> Mode Global Config no users name This command removes a user account. Format no users name <username>...
Page 308: Users Snmpv3 Accessmode
8 to 64 characters long. If you select the protocol but do not provide a key, the user is prompted for the key. When you use the protocol, the login password is also used © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 309: Show Users
7 Management Commands as the snmpv3 encryption password, so it must be a minimum of eight characters. If you select , you do not need to provide a key. none value is the login user name associated with the specified encryption. You <username>...
Page 310: Snmp-Server
<ipaddr> <name> Mode Global Config no snmp-server community ipaddr This command sets a client IP address for an SNMP community to 0.0.0.0. The name is the applicable community name. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 311: Snmp-Server Community Ipmask
7 Management Commands Format no snmp-server community ipaddr <name> Mode Global Config snmp-server community ipmask This command sets a client IP mask for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP address value to denote a range of IP addresses from which SNMP clients may use that community to access the device.
Page 312: Snmp-Server Community Rw
This command enables the broadcast storm trap. When enabled, broadcast storm traps are sent only if the broadcast storm recovery mode setting associated with the port is enabled. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 313: Snmp-Server Enable Traps Linkmode
7 Management Commands This command may not be available on all platforms. NOTE: Default enabled Format snmp-server enable traps bcaststorm Mode Global Config no snmp-server enable traps bcaststorm This command disables the broadcast storm trap. When enabled, broadcast storm traps are sent only if the broadcast storm recovery mode setting associated with the port is enabled.
Page 314: Snmp-Server Enable Traps Stpmode
The parameter options are snmpv1 or <snmpversion> snmpv2. This command does not support a “no” form. NOTE: Default snmpv2 Format snmptrap snmpversion <name> <ipaddr> <snmpversion> Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 315: Snmptrap Ipaddr
7 Management Commands snmptrap ipaddr This command assigns an IP address to a specified community name. The maximum length of name is 16 case-sensitive alphanumeric characters. IP addresses in the SNMP trap receiver table must be unique. If you make NOTE: multiple entries using the same IP address, the first entry is retained and pro- cessed.
Page 316: Show Snmpcommunity
This command displays SNMP trap receivers. Trap messages are sent across a network to an SNMP Network Manager. These messages alert the manager to events occurring within the switch or on the network. Six trap receivers are simultaneously supported. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 317: Show Trapflags
7 Management Commands Format show snmptrap Mode Privileged EXEC SNMP Trap Name The community string of the SNMP trap packet sent to the trap manager. The string is case sensitive and can be up to 16 alphanumeric characters. IP Address The IP address to receive SNMP traps from this device.
Page 318: Radius Commands
To re-configure a RADIUS accounting server to use the default UDP NOTE: <port> set the parameter to 1813. <port> Format radius server host {auth | acct} <ipaddr> [<port>] Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 319: Radius Server Attribute 4
7 Management Commands no radius server host This command is used to remove the configured RADIUS authentication server or the RADIUS accounting server. If the 'auth' token is used, the previously configured RADIUS authentication server is removed from the configuration. Similarly, if the 'acct' token is used, the previously configured RADIUS accounting server is removed from the configuration.
Page 320: Radius Server Primary
RADIUS server if no response is received. The timeout value is an integer in the range of 1 to 30. Default Format radius server timeout <seconds> Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 321: Authorization Network Radius
7 Management Commands no radius server timeout This command sets the timeout value to the default value. Format no radius server timeout Mode Global Config authorization network radius Use this command to allow the switch to accept VLAN assignment by the RADIUS server. Default disabled Format...
Page 322: Show Radius Accounting
Unknown Types The number of RADIUS packets of unknown types, which were received from this server on the accounting port. Packets Dropped The number of RADIUS packets received from this server on the account- ing port and dropped for some other reason. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 323: Show Radius Statistics
7 Management Commands show radius statistics This command is used to display the statistics for RADIUS or configured server. To show the configured RADIUS server statistic, the IP address specified must match that of a previously configured RADIUS server. On execution, the following fields are displayed. Format show radius statistics [<ipaddr>] Mode...
Page 324: Tacacs+ Commands
<key- parameter has a range of 0 - 128 characters This key must match the key used on the string> TACACS+ daemon. Format no tacacs-server key <key-string> Mode Global Config © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 325: Tacacs-Server Timeout
7 Management Commands tacacs-server timeout Use the command to set the timeout value for communication with tacacs-server timeout the TACACS+ servers. The parameter has a range of 1-30 and is the timeout value <timeout> in seconds. Default Format tacacs-server timeout <timeout> Mode Global Config no tacacs-server timeout...
Page 326: Timeout
Any command line that begins with the “!” character is recognized as a comment line and ignored by the parser. © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 327: Script Apply
7 Management Commands The following lines show an example of a script: ! Script file for displaying management access show telnet !Displays the information about remote connections ! Display information about direct connections show serial ! End of the script file! To specify a blank password for a user in the configuration script, you must NOTE: specify it as a space within quotes.
Page 328: Script Validate
Privileged EXEC set prompt This command changes the name of the prompt. The length of name may be up to 64 alphanumeric characters. Format set prompt <prompt_string> Mode Privileged EXEC © 2001- 2008 D-Link Corporation/D-Link Systems, Inc. All Rights Reserved.
Page 329 List of Commands ............user group rename224 {deny | permit} .
Page 331 List of Commands configuration (Captive Portal) ..........206 conform-color .
Page 333 List of Commands key............... . 325 lease .
Page 335 List of Commands power default ............. . . 179 power-plan interval .
Page 337 List of Commands show captive-portal configuration ..........213 show captive-portal interface capability .
Page 339 List of Commands show running-config ............267 show serial .
Page 341 List of Commands snmp-server enable traps violation ..........312 snmp-server enable traps wireless .
Page 343 List of Commands verification ..............207 vlan (Network Config Mode) .

This manual is also suitable for:

Dwl-3500ap

D-Link DWL-8500AP Command Reference Manual

List of Tables

About this Book

1 Using the Command-Line Interface

2 Switching Commands

3 Routing Commands

4 Wireless Commands

Quick Links

CLI Command Reference

Related Manuals for D-Link DWL-8500AP

Summary of Contents for D-Link DWL-8500AP