Page 2
D-Link Unified Switch CLI Command Reference FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
ABLE OF ONTENTS Section 1: About This Document ..................1 Audience ............................... 1 About Unified Switch Software ........................1 Scope..............................1 Product Concept ............................. 1 Section 2: Using the Command-Line Interface ..............3 Command Syntax ............................3 Command Conventions ..........................4 Common Parameter Values ........................
Page 5
Access Point Profile QoS Commands....................282 Access Point Profile VAP Commands....................286 WS Managed Access Point Commands....................287 Access Point Failure Status Commands ....................305 RF Scan Access Point Status Commands..................... 307 Client Association Status and Statistics Commands ................311 Client Failure and Ad Hoc Status Commands ..................
About This Document S e c t io n 1 : A b o ut Th i s D o c u m e n t This document describes command-line interface (CLI) commands you use to view and configure Unified Switch software. You can access the CLI by using a direct connection to the serial port or by using telnet or SSH over a remote network connection.
[gateway] is an optional parameter, so you are not required to enter a value in place of the parameter. The D-Link Unified Switch CLI Command Reference lists each command by the command name and provides a brief description of the command. Each command reference also contains the following information: •...
Slot/Port Naming Convention AMING ONVENTION Unified Switch software references physical entities such as cards and ports by using a slot/port naming convention. The Unified Switch software also uses this convention to identify certain logical entities, such as Port-Channel interfaces. The slot number has two uses. In the case of physical ports, it identifies the card containing the ports. In the case of logical and CPU ports it also identifies the type of interface or port.
Command Modes Table 5: CLI Command Modes (Cont.) Command Mode Prompt Mode Description AP Config Mode Contains commands to configure entries in the local AP database, DWS-4026 (Config-ap)# which is used for AP validation. AP Profile Config Mode Contains commands to configure the default AP profile settings as DWS-4026 (Config-ap-profile)# well as settings for new AP profile.
CLI Error Messages CLI E RROR ESSAGES If you enter a command and the system is unable to execute it, an error message appears. Table 7 describes the most common CLI error messages. Table 7: CLI Error Messages Message Text Description Indicates that you entered an incorrect or unavailable command.
Accessing the CLI CCESSING THE You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote management host. For the initial connection, you must use a direct connection to the console port. You cannot access the system remotely until the system has an IP address, subnet mask, and default gateway.
Switching Commands Se ction 3 : Switching Comm ands This section describes the switching commands available in the Unified Switch CLI. The Switching Commands section includes the following sections: • “Port Configuration Commands” on page 14 • “Spanning Tree Protocol Commands” on page 18 •...
Page 23
Port Configuration Commands description Use this command to create an alpha-numeric description of the port. Format description <description> Mode Interface Config Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or egress the interface.
Page 25
Port Configuration Commands show port This command displays port information. Format show port {<slot/port> | all} Mode Privileged EXEC Term Definition Interface Valid slot and port number separated by a forward slash. Type If not blank, this field indicates that this port is a special type of port. The possible values are: •...
Page 27
Spanning Tree Protocol Commands Default disabled Format spanning-tree bpdufilter Mode Global Config no spanning-tree bpdufilter default Use this command to disable BPDU Filter on all the edge port interfaces. Default disabled Format no spanning-tree bpdufilter default Mode Global Config spanning-tree bpduflood Use this command to enable BPDU Flood on the interface.
Page 29
Spanning Tree Protocol Commands spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree. This allows this port to transition to Forwarding State without delay. Format spanning-tree edgeport Mode Interface Config no spanning-tree edgeport This command specifies that this port is not an Edge Port within the common and internal spanning tree.
Page 31
Spanning Tree Protocol Commands no spanning-tree max-age This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value. Format no spanning-tree max-age Mode Global Config spanning-tree max-hops This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. The max- hops value is a range from 1 to 127.
Page 33
Spanning Tree Protocol Commands twelve least significant bits are masked according to the 802.1s specification. This causes the priority to be rounded down to the next lower valid priority. Default 32768 Format spanning-tree mst priority <mstid> <0-61440> Mode Global Config no spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance to the default value.
Page 35
Spanning Tree Protocol Commands Term Definition Root Port Bridge Derived value. Forward Delay Hello Time Configured value of the parameter for the CST. Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs). Bridge Max Hops Bridge max-hops count for the device.
Page 37
Spanning Tree Protocol Commands Term Definition Auto-Calculate Indicates whether auto calculation for port path cost is enabled. Port Path Cost Port Path Cost Configured value of the Internal Port Path Cost parameter. Designated Root The Identifier of the designated root for this port. Root Path Cost The path cost to get to the root bridge for this instance.
Page 39
Spanning Tree Protocol Commands show spanning-tree mst summary This command displays summary information about all multiple spanning tree instances in the switch. On execution, the following details are displayed. Format show spanning-tree mst summary Mode • Privileged EXEC • User EXEC Term Definition MST Instance ID...
Page 41
VLAN Commands vlan This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-3965. Format vlan <2-3965> Mode VLAN Config no vlan This command deletes an existing VLAN.
Page 43
VLAN Commands Participation Definition Options auto The interface is dynamically registered in this VLAN by GVRP. The interface will not participate in this VLAN unless a join request is received on this interface. This is equivalent to registration normal. vlan participation all This command configures the degree of participation for all interfaces in a VLAN.
Page 45
VLAN Commands no vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Format no vlan port tagging all Mode Global Config...
Page 47
VLAN Commands vlan pvid This command changes the VLAN ID per interface. Default Format vlan pvid <1-3965> Mode Interface Config no vlan pvid This command sets the VLAN ID per interface to 1. Format no vlan pvid Mode Interface Config vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to enabled.
Page 49
VLAN Commands Term Definition Tagging The tagging behavior for this port in this VLAN. • Tagged - Transmit traffic for this VLAN as tagged frames. • Untagged - Transmit traffic for this VLAN as untagged frames. show vlan brief This command displays a list of all configured VLANs. Format show vlan brief Mode...
Double VLAN Commands VLAN C OUBLE OMMANDS This section describes the commands you use to configure double VLAN (DVLAN). Double VLAN tagging is a way to pass VLAN traffic from one customer domain to another through a Metro Core in a simple and cost effective manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving the VLAN identification of the individual customers when they enter their own 802.1Q domain.
Voice VLAN Commands VLAN C OICE OMMANDS This section describes the commands you use for Voice VLAN. Voice VLAN enables switch ports to carry voice traffic with defined priority so as to enable separation of voice and data traffic coming onto the port. The benefits of using Voice VLAN is to ensure that the sound quality of an IP phone could be safeguarded from deteriorating when the data traffic on the port is high.
Provisioning (IEEE 802.1p) Commands (IEEE 802.1 ROVISIONING OMMANDS This section describes the commands you use to configure provisioning (IEEE 802.1p,) which allows you to prioritize ports. vlan port priority all This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. The range for the priority is 0-7.
GARP Commands Format show interfaces switchport <slot/port> <groupid> Mode • Privileged EXEC • User EXEC Term Definition Name A string associated with this group as a convenience. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. This field is optional. Protected Indicates whether the interface is protected or not.
GVRP Commands GVRP C OMMANDS This section describes the commands you use to configure and view GARP VLAN Registration Protocol (GVRP) information. GVRP-enabled switches exchange VLAN configuration information, which allows GVRP to provide dynamic VLAN creation on trunk ports and automatic VLAN pruning. Note: If GVRP is disabled, the system does not forward GVRP messages.
Page 61
GMRP Commands Format no set gmrp adminmode Mode Privileged EXEC set gmrp interfacemode This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode) or all interfaces (Global Config mode). If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port- channel (LAG), GARP functionality is disabled on that interface.
Page 63
Port-Based Network Access Control Commands To authenticate a user, the first authentication method in the user’s login (authentication login list) is attempted. Unified Switch software does not utilize multiple entries in the user’s login. If the first entry returns a timeout, the user authentication attempt fails.
Page 65
Port-Based Network Access Control Commands Format no dot1x max-req Mode Interface Config dot1x max-users Use this command to set the maximum number of clients supported on the port when MAC-based dot1x authentication is enabled on the port. The maximum users supported per port is dependent on the product. The <count> value is in the range 1 - 16.
Page 67
Port-Based Network Access Control Commands dot1x system-auth-control Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x configuration is retained and can be changed, but is not activated. Default disabled Format dot1x system-auth-control Mode Global Config no dot1x system-auth-control This command is used to disable the dot1x authentication support on the switch.
Page 69
Port-Based Network Access Control Commands no dot1x user This command removes the user from the list of users with access to the specified port or all ports. Format no dot1x user <user> {<slot/port> | all} Mode Global Config users defaultlogin This command assigns the authentication login list to use for non-configured users when attempting to log in to the system.
Page 71
Port-Based Network Access Control Commands Note: MAC-based dot1x authentication is supported on the BCM56224, BCM56514, BCM56624, and BCM56820 platforms. Term Definition Port The interface whose configuration is displayed. Protocol Version The protocol version associated with this port. The only possible value is 1, corresponding to the first version of the dot1x specification.
Page 73
Port-Based Network Access Control Commands Term Definition EAP Response The number of valid EAP response frames (other than resp/id frames) that have been received by this Frames Received authenticator. EAP Request/Id The number of EAP request/identity frames that have been transmitted by this authenticator. Frames Transmitted EAP Request...
802.1x Supplicant Commands no dot1x supplicant port-control This command sets the port-control mode to the default, auto. Default auto Format no dot1x supplicant port-control Mode Interface Config dot1x supplicant max-start This command configures the number of attempts that the supplicant makes to find the authenticator before the supplicant assumes that there is no authenticator.
Page 77
802.1x Supplicant Commands Format how dot1x summary {all|<slot/port>} Mode • Privileged EXEC • User EXEC Example: The following shows example CLI display output for the command. (DWS-4026) #show dot1x summary 0/1 Operating Interface Control Mode Control Mode Port Status --------- ------------ ------------ ------------ auto...
Page 79
Storm-Control Commands no storm-control broadcast Use this command to disable broadcast storm recovery mode for a specific interface. Format no storm-control broadcast Mode Global Config Interface Config storm-control broadcast level Use this command to configure the broadcast storm recovery threshold for an interface as a percentage of link speed and enable broadcast storm recovery.
Page 81
Storm-Control Commands no storm-control broadcast all rate This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery. Format no storm-control broadcast all rate Mode Global Config storm-control multicast This command enables multicast storm recovery mode for an interface. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 83
Storm-Control Commands no storm-control multicast all level This command sets the multicast storm recovery threshold to the default value for all interfaces and disables multicast storm recovery. Format no storm-control multicast all level Mode Global Config storm-control multicast all rate Use this command to configure the multicast storm recovery threshold for all interfaces in packets per second.
Page 85
Storm-Control Commands Default disabled Format storm-control unicast all Mode Global Config no storm-control unicast all This command disables unicast storm recovery mode for all interfaces. Format no storm-control unicast all Mode Global Config storm-control unicast all level This command configures the unicast storm recovery threshold for all interfaces as a percentage of link speed, and enables unicast storm recovery.
Port-Channel/LAG (802.3ad) Commands Example: The following shows example CLI display output for the command. (DWS-4026) #show storm-control 802.3x Flow Control Mode....... Disable Example: The following shows example CLI display output for the command. (DWS-4026) #show storm-control 0/1 Bcast Bcast Mcast Mcast Ucast Ucast...
Page 89
Port-Channel/LAG (802.3ad) Commands Note: This command is only applicable to port-channel interfaces. no lacp admin key Use this command to configure the default administrative value of the key for the port-channel. Format no lacp admin key Mode Interface Config lacp collector max-delay Use this command to configure the port-channel collector max delay.
Page 91
Port-Channel/LAG (802.3ad) Commands lacp actor admin state longtimeout Use this command to set LACP actor admin state to longtimeout. Format lacp actor admin state longtimeout Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp actor admin state longtimeout Use this command to set the LACP actor admin state to short timeout.
Page 93
Port-Channel/LAG (802.3ad) Commands lacp partner admin state Use this command to configure the current administrative value of actor state for the protocol Partner. The valid value range is 0x00-0xFF. Default 0x07 Format lacp partner admin state {individual|longtimeout|passive} Mode Interface Config Note: This command is only applicable to physical interfaces.
Page 95
Port-Channel/LAG (802.3ad) Commands lacp partner port priority Use this command to configure the LACP partner port priority. The valid range for <priority> is 0 to 255. Default Format lacp partner port priority <priority> Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp partner port priority Use this command to configure the default LACP partner port priority.
Page 97
Port-Channel/LAG (802.3ad) Commands port lacpmode all This command enables Link Aggregation Control Protocol (LACP) on all ports. Format port lacpmode all Mode Global Config no port lacpmode all This command disables Link Aggregation Control Protocol (LACP) on all ports. Format no port lacpmode all Mode Global Config...
Page 99
Port-Channel/LAG (802.3ad) Commands Load-balancing is not supported on every device. The range of options for load-balancing may vary per device. Default Format port-channel load-balance {1 | 2 | 3 | 4 | 5 | 6} {<slot/port> |<all>} Mode Interface Config Global Config Term Definition...
Page 101
Port-Channel/LAG (802.3ad) Commands show port-channel brief This command displays the static capability of all port-channel (LAG) interfaces on the device as well as a summary of individual port-channel interfaces. Format show port-channel brief Mode • Privileged EXEC • User EXEC For each port-channel the following information is displayed: Term Definition...
Static MAC Filtering Default enabled Format no monitor Mode Global Config show monitor session This command displays the Port monitoring information for a particular mirroring session. Note: The <session-id> parameter is an integer value used to identify the session. In the current version of the software, the <session-id>...
Page 105
Static MAC Filtering macfilter adddest all This command adds all interfaces to the destination filter set for the MAC filter with the given <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
L2 DHCP Relay Agent Commands L2 DHCP R ELAY GENT OMMANDS You can enable the switch to operate as a Layer 2 DHCP relay agent to relay DHCP requests from clients to a Layer 3 relay agent or server. The Circuit ID and Remote ID can be added to DHCP requests relayed from clients to a DHCP server. This information is included in DHCP Option 82, as specified in sections 3.1 and 3.2 of RFC3046.
Page 111
L2 DHCP Relay Agent Commands show dhcp l2relay vlan This command shows whether DHCP L2 Relay is enabled globally and on a particular VLAN or range of VLANs. Format show dhcp l2relay vlan <vlan-range> Mode Privileged EXEC Example: The following shows example CLI display output for the command. (DWS-4026) #show dhcp l2relay vlan 1-2 DHCP L2 Relay is Enabled.
DHCP Snooping Configuration Commands Example: The following shows example CLI display output for the command. (DWS-4026) #show dhcp client vendor-id-option DHCP Client Vendor Identifier Option is Enabled DHCP Client Vendor Identifier Option string is D-LinkClient. DHCP S NOOPING ONFIGURATION OMMANDS This section describes commands you use to configure DHCP Snooping.
Page 115
DHCP Snooping Configuration Commands no ip dhcp snooping binding <mac-address> Use this command to remove the DHCP static entry from the DHCP Snooping database. Format no ip dhcp snooping binding <mac-address> Mode Global Config ip verify binding Use this command to configure static IP source guard (IPSG) entries. Format ip verify binding <mac-address>...
Page 117
DHCP Snooping Configuration Commands Term Definition Interface The interface for which data is displayed. Trusted If it is enabled, DHCP snooping considers the port as trusted. The factory default is disabled. Log Invalid Pkts If it is enabled, DHCP snooping application logs invalid packets on the specified interface. Example: The following shows example CLI display output for the command.
Page 119
DHCP Snooping Configuration Commands ----------- ---------- ---------- ----------- 0/10 0/11 0/12 0/13 0/14 0/15 0/16 0/17 0/18 0/19 0/20 clear ip dhcp snooping binding Use this command to clear all DHCP Snooping bindings on all interfaces or on a specific interface. Format clear ip dhcp snooping binding [interface <slot/port>] Mode...
Page 121
Dynamic ARP Inspection Commands its unsuspecting neighbors. The miscreant sends ARP requests or responses mapping another station’s IP address to its own MAC address. DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a binding database of valid {MAC address, IP address, VLAN, and interface} tuples.
Page 123
Dynamic ARP Inspection Commands ip arp inspection filter Use this command to configure the ARP ACL used to filter invalid ARP packets on a list of comma-separated VLAN ranges. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings.
Page 125
Dynamic ARP Inspection Commands Format show ip arp inspection statistics [vlan vlan-list] Mode • Privileged EXEC • User EXEC Term Definition VLAN The VLAN ID for each displayed row. Forwarded The total number of valid ARP packets forwarded in this VLAN. Dropped The total number of not valid ARP packets dropped in this VLAN.
IGMP Snooping Configuration Commands IGMP S NOOPING ONFIGURATION OMMANDS This section describes the commands you use to configure IGMP snooping. Unified Switch software supports IGMP Versions 1, 2, and 3. The IGMP snooping feature can help conserve bandwidth because it allows the switch to forward IP multicast traffic only to connected hosts that request multicast traffic.
Page 129
IGMP Snooping Configuration Commands particular interface before deleting the interface from the entry. This value must be greater than the IGMPv3 Maximum Response time value. The range is 2 to 3600 seconds. Default 260 seconds Format set igmp groupmembership-interval <2-3600> Mode •...
Page 131
IGMP Snooping Configuration Commands set igmp mrouter interface This command configures the interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs. Default disabled Format set igmp mrouter interface Mode Interface Config...
IGMP Snooping Querier Commands show mac-address-table igmpsnooping This command displays the IGMP Snooping entries in the MFDB table. Format show mac-address-table igmpsnooping Mode Privileged EXEC Term Definition MAC Address A multicast MAC address for which the switch has forwarding or filtering information. The format is two- digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB.
Page 135
IGMP Snooping Querier Commands no set igmp querier version Use this command to set the IGMP Querier version to its default value. Format no set igmp querier version Mode Global Config set igmp querier election participate Use this command to enable the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN.
Port Security Commands ECURITY OMMANDS This section describes the command you use to configure Port Security on the switch. Port security, which is also known as port MAC locking, allows you to secure the network by locking allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally, and all other packets are discarded.
Page 139
Port Security Commands For each interface, or for the interface you specify, the following information appears: Term Definition Admin Mode Port Locking mode for the Interface. Dynamic Limit Maximum dynamically allocated MAC Addresses. Static Limit Maximum statically allocated MAC Addresses. Violation Trap Whether violation traps are enabled.
Page 141
LLDP (802.1AB) Commands seconds. The <hold-value> is the multiplier on the transmit interval that sets the TTL in local data LLDPDUs. The multiplier range is 2-10. The <reinit-seconds> is the delay before re-initialization, and the range is 1-0 seconds. Default •...
Page 143
LLDP (802.1AB) Commands clear lldp remote-data Use this command to delete all information from the LLDP remote data table, including MED-related information. Format clear lldp remote-data Mode Global Config show lldp Use this command to display a summary of the current LLDP configuration. Format show lldp Mode...
Page 145
LLDP (802.1AB) Commands Interface RemID Chassis ID Port ID System Name ------- ------- -------------------- ------------------ ------------------ 00:FC:E3:90:01:0F 00:FC:E3:90:01:11 00:FC:E3:90:01:0F 00:FC:E3:90:01:12 00:FC:E3:90:01:0F 00:FC:E3:90:01:13 00:FC:E3:90:01:0F 00:FC:E3:90:01:14 00:FC:E3:90:01:0F 00:FC:E3:90:03:11 00:FC:E3:90:01:0F 00:FC:E3:90:04:11 0/10 0/11 0/12 --More-- or (q)uit show lldp remote-device detail Use this command to display detailed information about remote devices that transmit current LLDP data to an interface on the system.
LLDP-MED Commands Term Definition Chassis ID The chassis of the local device. Port ID Subtype The type of port on the local device. Port ID The port number that transmitted the LLDPDU. System Name The system name of the local device. System Describes the local system by identifying the system name and versions of hardware, operating Description...
Page 149
LLDP-MED Commands lldp med faststartrepeatcount Use this command to set the value of the fast start repeat count. [count] is the number of LLDP PDUs that will be transmitted when the product is enabled. The range is 1 to 10. Default Format lldp med faststartrepeatcount [count]...
Page 151
LLDP-MED Commands Disabled Disabled Disabled TLV Codes: 0- Capabilities, 1- Network Policy 2- Location, 3- Extended PSE 4- Extended Pd, 5- Inventory (DWS-4026) # show lldp med local-device detail Use this command to display detailed information about the LLDP MED data that a specific interface transmits. <slot/ port>...
Page 153
LLDP-MED Commands Example: The following shows example CLI display output for the command. (DWS-4026) #show lldp med remote-device detail 0/8 LLDP MED Remote Device Detail Local Interface: 0/8 Remote Identifier: 18 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse MED Capabilities Enabled: capabilities, networkpolicy Device Class: Endpoint Class I Network Policies Media Policy Application Type : voice...
Page 155
Denial of Service Commands dos-control firstfrag This command enables Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller then the configured value, the packets will be dropped if the mode is enabled.The default is disabled.
Page 157
Denial of Service Commands dos-control smacdmac Note: This command is only supported on the BCM56224, BCM56514, BCM56624, and BCM56820platforms. This command enables Source MAC address = Destination MAC address (SMAC = DMAC) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with SMAC = DMAC, the packets will be dropped if the mode is enabled.
Page 159
Denial of Service Commands This command enables TCP Offset Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP Header Offset equal to one (1), the packets will be dropped if the mode is enabled.
Page 161
Denial of Service Commands dos-control icmpv6 Note: This command is only supported on the BCM56224, BCM56514, BCM56624, and BCM56820platforms. This command enables Maximum ICMPv6 Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If ICMPv6 Echo Request (PING) packets ingress having a size greater than the configured value, the packets will be dropped if the mode is enabled.
Page 163
MAC Database Commands bridge aging-time This command configures the forwarding database address aging timeout in seconds. The <seconds> parameter must be within the range of 10 to 1,000,000 seconds. Default Format bridge aging-time <10-1,000,000> Mode Global Config no bridge aging-time This command sets the forwarding database address aging timeout to the default value.
Page 165
ISDP Commands isdp holdtime This command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds. Default 180 seconds Format...
Page 167
ISDP Commands show isdp interface This command displays ISDP settings for the specified interface. Format show isdp interface {all | <slot/port>} Mode Privileged EXEC Term Definition Mode ISDP mode enabled/disabled status for the interface(s). show isdp entry This command displays ISDP entries. If the device id is specified, then only entries for that device are shown. Format show isdp entry {all | deviceid} Mode...
Page 169
ISDP Commands Term Definition ISDPv1 Packets Received Total number of ISDPv1 packets received ISDPv1 Packets Transmitted Total number of ISDPv1 packets transmitted ISDPv2 Packets Received Total number of ISDPv2 packets received ISDPv2 Packets Transmitted Total number of ISDPv2 packets transmitted ISDP Bad Header Number of packets received with a bad header ISDP Checksum Error...
Routing Commands S e c t io n 4 : R ou t in g C o m m a n ds This section describes the routing commands available in the Unified Switch CLI. The Routing Commands section contains the following subsections: •...
Page 173
Address Resolution Protocol Commands no arp dynamicrenew This command prevents dynamic ARP entries from renewing when they age out. Format no arp dynamicrenew Mode Privileged EXEC arp purge This command causes the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command.
Page 175
Address Resolution Protocol Commands show arp This command displays the Address Resolution Protocol (ARP) cache. The displayed results are not the total ARP entries. To view the total ARP entries, the operator should view the show arp results in conjunction with the show arp switch results.
Page 177
IP Routing Commands ip routing This command enables the IP Router Admin Mode for the master switch. Format ip routing Mode Global Config no ip routing This command disables the IP Router Admin Mode for the master switch. Format no ip routing Mode Global Config ip address...
Page 179
IP Routing Commands no ip route distance This command sets the default static route preference value in the router. Lower route preference values are preferred when determining the best route. Format no ip route distance Mode Global Config ip netdirbcast This command enables the forwarding of network-directed broadcasts.
Page 181
IP Routing Commands Maximum Routes......... 6000 ICMP Rate Limit Interval....... 1000 msec ICMP Rate Limit Burst Size..... 100 messages ICMP Echo Replies......Enabled ICMP Redirects......... Enabled show ip interface This command displays all pertinent information about the IP interface. Format show ip interface <slot/port>...
Page 183
IP Routing Commands Format show ip route [{<ip-address> [<protocol>] | {<ip-address> <mask> [longer- prefixes] [<protocol>] | <protocol>} [all] | all}] Modes • Privileged EXEC • User EXEC Term Definition Route Codes The key for the routing protocol codes that might appear in the routing table output. The show ip route command displays the routing tables in the following format: Code IP-Address/Mask [Preference/Metric] via Next-Hop, Route-Timestamp, Interface...
Router Discovery Protocol Commands Format show ip stats Modes • Privileged EXEC • User EXEC OUTER ISCOVERY ROTOCOL OMMANDS This section describes the commands you use to view and configure Router Discovery Protocol settings on the switch. The Router Discovery Protocol enables a host to discover the IP address of routers on the subnet. ip irdp This command enables Router Discovery on an interface.
Page 187
Router Discovery Protocol Commands ip irdp preference This command configures the preferability of the address as a default router address, relative to other router addresses on the same subnet. Default Format ip irdp preference <-2147483648 to 2147483647> Mode Interface Config no ip irdp preference This command configures the default preferability of the address as a default router address, relative to other router addresses on the same subnet.
Virtual Router Redundancy Protocol Commands IRTUAL OUTER EDUNDANCY ROTOCOL OMMANDS This section describes the commands you use to view and configure Virtual Router Redundancy Protocol (VRRP) and to view VRRP status information. VRRP helps provide failover and load balancing when you configure two devices as a VRRP pair.
Page 191
Virtual Router Redundancy Protocol Commands ip vrrp preempt This command sets the preemption mode value for the virtual router configured on a specified interface. The parameter <vrid> is the virtual router ID, which is an integer from 1 to 255. Default enabled Format...
Page 193
Virtual Router Redundancy Protocol Commands no ip vrrp track ip route Use this command to remove the route from the tracked list or to restore the priority decrement to its default. When removing a tracked IP route from the tracked list, the priority should be incremented by the decrement value if the route is not reachable.
IP Helper Commands no bootpdhcprelay minwaittime This command configures the default minimum wait time in seconds for BootP/DHCP Relay on the system. Format no bootpdhcprelay minwaittime Mode Global Config show bootpdhcprelay This command displays the BootP/DHCP Relay information. Format show bootpdhcprelay Modes •...
Page 199
Routing Information Protocol Commands no enable (RIP) This command sets the administrative mode of RIP in the router to inactive. Format no enable Mode Router RIP Config ip rip This command enables RIP on a router interface. Default disabled Format ip rip Mode Interface Config...
Page 201
Routing Information Protocol Commands no distribute-list out This command is used to specify the access list to filter routes received from the source protocol. Format no distribute-list <1-199> out {static | connected} Mode Router RIP Config ip rip authentication This command sets the RIP Version 2 Authentication Type and Key for the specified interface. The value of <type> is either none, simple, or encrypt.
Page 203
Routing Information Protocol Commands redistribute (RIP) This command configures RIP protocol to redistribute routes from the specified source protocol/routers. There are five possible match options. Internal routes are redistributed by default. Default • metric—not-configured • match—internal Format for redistribute {static | connected} [metric <0-15>] source protocol Mode...
ICMP Throttling Commands Term Definition Bad Packets The number of RIP response packets received by the RIP process which were subsequently discarded Received for any reason. Bad Routes The number of routes contained in valid RIP packets that were ignored for any reason. Received Updates Sent The number of triggered RIP updates actually sent on this interface.
Wireless Commands Sec t io n 5 : Wi re le ss Co mm an ds This section describes the CLI commands you use to manage the wireless features on the switch as well as the wireless access points that a switch manages. This section contains the following subsections: •...
Page 209
Unified Switch Commands no country-code The no version of this command returns the configured country code to the default. Format no country-code Mode Wireless Config OUI database This command adds a new entry to the OUI database, if not already present. Each entry consists of an OUI Value, which is composed of the higher three octets of the Ethernet MAC address of the AP/Client and the organization name for the OUI, which is a 32-byte string.
Page 211
Unified Switch Commands Format no discovery ip-list [<ipaddr>] Mode Wireless Config discovery vlan-list This command adds VLAN IDs on which to send L2 discovery multicast frames. Up to 16 VLAN IDs can be configured. By default, there is one entry in the list, 1 - Default VLAN. Default 1 –...
Page 213
Unified Switch Commands trapflags (Wireless Config Mode) This command enables Unified Switch SNMP trap groups for wireless system events. If no parameters are specified, then all traps are enabled. Default All - Disable Format trapflags [{ap-failure | ap-state | client-state | peer-ws | rf-scan | rogue- ap | ws-status}] Mode Wireless Config...
Page 215
Unified Switch Commands Format no peer-switch configuration [{ap-database|ap-profile|captive-portal| channel- power|discovery|global|known-client|radius-client}] Mode Wireless Config wireless peer-switch configure This command allows the administrator to initiate a configuration push to one or all peer switches. If no parameters are given, all peer switches are configured. If the optional IP address parameter is specified, only that peer switch is configured. Format wireless peer-switch configure [<ipaddr>] Mode...
Page 217
Unified Switch Commands Example: The following shows examples of the command. (DWS-4026) #radius server-name auth “Wireless_Auth-Server 1” ? <cr> Press Enter to execute the command. (DWS-4026) #no radius server-name auth ? <cr> Press Enter to execute the command. (DWS-4026) #radius server-name acct “Wireless_Acct_Server 1”...
Page 219
Unified Switch Commands Field Description Country Code Shows the country in which the WLAN is operating. Peer Group ID Shows the Peer group ID. Cluster Priority Priority of this switch for the Cluster election. Cluster Controller Indicates whether or not this switch is the Cluster controller. Cluster Controller The IP address of the switch that acts as the Cluster controller.
Page 221
Unified Switch Commands IP Address Status ---------------- ------------ 1.1.1.1 Not Polled show wireless discovery vlan-list This show command displays the configured VLAN ID list for L2 discovery. Format show wireless discovery vlan-list Mode Privileged EXEC Field Description VLAN Shows the ID and name of each VLAN in the L2 Discovery list. Example: The following shows example CLI display output for the command.
Page 223
Unified Switch Commands Maximum Pre-authentication History Entries..500 Total Pre-authentication History Entries..0 Maximum Roam History Entries....500 Total Roam History Entries..... 0 show wireless statistics This show command displays the current global Unified Switch statistics. The counters are aggregated for the peer group the switch acts as the Cluster Controller for the group.
Page 225
Unified Switch Commands Distributed Tunnel Clients..... 0 WLAN Utilization....... 0 % On the switch that is not acting as a Cluster Controller the summary command displays entries in the following format: (DWS-4026) #show wireless switch 192.168.37.60 status Error! Only Cluster Controller can display the peer switch status parameters. (DWS-4026) #show wireless switch 192.168.37.61 status Switch IP Address ......
Page 227
Unified Switch Commands Field Description RF Scan Traps Shows whether RF Scan Traps are enabled. Rogue AP Traps Shows whether Rogue AP Traps are enabled. WIDS Status Traps Shows whether WIDS Status Traps are enabled. Wireless Status Shows whether Wireless Status Traps are enabled. Traps Example: The following shows example CLI display output for the command.
Page 229
Unified Switch Commands Format show wireless configuration request status Mode Privileged EXEC Field Description Status The global status for the configuration push request. Total Count The total number of peer switches configuration being pushed in the current configuration push request. This may be to one peer switch or to the total number of peer switches at the time the configuration push request is started.
Page 231
(DWS-4026) #show wireless ap capability hw_dwl8600 radio 2 Hardware Type........DWL-8600AP Dual Radio a/b/g/n Radio Count........2 Image Type........DWL-8600AP Image Radio.......... 2 Radio Type Description......D-Link Enterprise b/g/n VAP Count........16 802.11a Support........ Disable 802.11bg Support....... Enable 802.11n Support........ Enable show wireless ap capability image-table This command displays the access point image capability table.
Page 233
Unified Switch Commands clear wireless statistics This clear command resets the global Unified Switch statistics. Format clear wireless statistics Mode Privileged EXEC Example: The following shows an example of the command. (DWS-4026) #clear wireless statistics Are you sure you want to clear the wireless switch statistics? (y/n)y Sent clear statistics request to the wireless switch.
Unified Switch Channel and Power Commands NIFIED WITCH HANNEL AND OWER OMMANDS The commands in this section provide status and configuration for automatic channel planning and power adjustment. channel-plan mode This command configures the channel plan mode for each 802.11a/n and 802.11b/g/n frequency band. If it is <interval>, a channel plan is computed and applied at every defined interval.
Page 237
Unified Switch Channel and Power Commands Format no channel-plan {an | bgn} history-depth Mode Wireless Config power-plan mode This command configures the power plan mode for managed APs. If it is <interval>, power adjustments are computed and applied at every defined interval. If it is <manual>, you must start and apply proposed power adjustments manually. Default manual Format...
Page 239
Unified Switch Channel and Power Commands show wireless channel-plan history This command displays a history for the automatic channel algorithm. The channel plan type argument must be specified. A channel history is maintained separately for each radio frequency. The channel algorithm maintains a configured number of iterations of applied channel changes to avoid frequent channel changes to the same managed AP radio.
Page 241
Unified Switch Channel and Power Commands Field Description Power Plan Mode The mode for automatic power adjustment, manual or interval. If the mode is manual, the power algorithm will not run unless you request it. Power Plan Interval If the power adjustment mode is interval, this indicates the frequency in minutes that power adjustments are computed and applied.
Page 243
Peer Unified Switch Commands Format show wireless peer-switch [<ipaddr>] configure status Mode Privileged EXEC Field Description ipaddr The <ipaddr> is a valid IP address. IP Address The IP address of the peer switch. Configuration The peer switch IP address last config received. Switch IP Address Configuration Config push status from the Unified Switch to this peer switch.
Local Access Point Database Commands OCAL CCESS OINT ATABASE OMMANDS The commands in this section provide configuration of the local valid AP database. These configurations may also be performed on an external RADIUS server. ap database This command adds an AP to the local valid AP database (if not already present) and enters the AP configuration mode identified by the AP MAC address.
Page 247
Local Access Point Database Commands Default The default password is blank. Format password encrypted <password> Mode AP Config Parameter Description password The password in encrypted format, 128 hexadecimal characters. profile This command configures the AP profile to be used to configure this AP. The profile configuration is used only if the AP mode is Unified Switch-managed.
Page 249
Local Access Point Database Commands Default “ “ (empty string – any SSID is allowed). Format standalone ssid <name> Mode AP Config Parameter Description name The service set ID must be between 1 and 32 characters. Use the no form of the command to configure the AP to operate on any SSID.
Page 251
Local Access Point Database Commands Radio 1 Channel....... Auto Radio 1 Power......... Auto Radio 2 Channel....... Auto Radio 2 Power......... Auto Stand-alone Expected Channel....0 Stand-alone Expected Security Mode..... Any Stand-alone Expected SSID...... Stand-alone Expected WDS Mode....Any (DWS-4026) #show wireless ap-database MAC Address Location AP Mode...
Page 253
Wireless Network Commands Default 1 – Default VLAN Format vlan <1-4094> Mode Network Config Parameter Description 1-4094 A valid VLAN ID. no vlan The no version of this command sets the default VLAN ID for the network to its default value. Format no vlan Mode...
Page 255
Wireless Network Commands no client-qos enable The no version of this command disables AP client QoS operation for the network. Client traffic is not subject to QoS processing for any clients attached to this wireless network. Format no client-qos enable Mode Network Config deny-broadcast...
Page 257
Wireless Network Commands Default Open System Format wep authentication {open-system [shared-key] | shared-key} Mode Network Config Parameter Description open system No authentication required. shared-key Clients are required to authenticate to the network using a shared key. no wep authentication The no version of this command sets WEP authentication mode to the default value, which is open system. Format no wep authentication Mode...
Page 259
Wireless Network Commands no wep key length The no version of this command returns the WEP key length to its default value. Format no wep key length Mode Network Config mac authentication This command enables and configures the mode for client MAC authentication on the network. Default Disable Format...
Page 261
Wireless Network Commands <cr>Press Enter to execute the command. (DWS-4026) # no radius use-network-configuration ? <cr>Press Enter to execute the command. radius accounting (Network Config) This command enables RADIUS accounting mode for authentication on this network. Default Disable Format radius accounting Mode Network Config no radius accounting...
Page 263
Wireless Network Commands Default Subnet IP - None Subnet mask - 255.255.255.0 Format tunnel subnet <ipaddr> [mask <mask>] Mode Network Config Parameter Description ipaddr A valid IP address. mask A valid subnet mask. no tunnel subnet The no version of this command deletes the configured tunnel subnet parameters. Format no tunnel subnet Mode...
Page 265
Wireless Network Commands Parameter Description 0-1440 WPA2 key caching hold time in minutes. no wpa2 key-caching holdtime The no version of this command sets the WPA2 key caching hold time to its default value. Format no wpa2 key-caching holdtime Mode Network Config dot1x bcast-key-refresh-rate This command specifies the interval after which the broadcast keys are changed.
Page 267
Wireless Network Commands Field Description WPA Versions Indicates the WPA versions allowed when the WPA encryption mode is enabled. WPA Ciphers Indicates the encryption solutions to use when the WPA encryption mode is enabled. WPA Key Type Specifies the type of the WPA key configured (ASCII only). Passphrase The WPA passphrase WPA2 Pre-Authentication...
Access Point Profile Commands CCESS OINT ROFILE OMMANDS The commands in this section provide configuration of access point profiles. Access point profiles can be applied to multiple physical APs. ap profile This command adds an AP profile (if not already present) and enters the AP profile configuration mode. In this mode, you can modify the profile configuration parameters.
Page 271
Access Point Profile Commands Example: The following shows an example of the command. DWS-4026 (Config-ap-profile)# vlan 10 ? <cr> Press Enter to execute the command. no vlan (AP Profile Config Mode) This command allows you to set the wired network detection VLAN ID to the default value. “1”. Format no vlan Mode...
Page 275
Access Point Profile RF Commands Parameter Description Indicates 802.11b/g/n as physical mode. Only applicable for radio 2. n-only-a Indicates 802.11n in 5GHz band as physical mode. Only applicable for radio 1. n-only-g Indicates 802.11n in 2.4GHz band as physical mode. Only applicable for radio 2. If the user attempts to change the radio mode to one that is not applicable to that radio, then the following error displays: (DWS-4026) (Config-ap-profile)#radio 1 (DWS-4026) (Config-ap-radio)#mode bg...
Page 277
Access Point Profile RF Commands Default Disabled Format station-isolation Mode AP Profile Radio Config no station-isolation The no version of this command disables the station isolation mode on the radio. Format no station-isolation Mode AP Profile Radio Config rate-limit This command is used to enable broadcast and multicast traffic rate limiting on the radio. If no optional parameters are entered, the command enables rate limiting on the radio with the default values.
Page 279
Access Point Profile RF Commands Format no fragmentation-threshold Mode AP Profile Radio Config rts-threshold This command configures the RTS threshold for the radio. This indicates the number of octets in an MPDU, below which an RTS/CTS handshake shall not be performed. Default 2347 Format...
Page 281
Access Point Profile RF Commands no power auto The no version of this command disables auto power adjustment for the radio. Format no power auto Mode AP Profile Radio Config power default This command configures a power setting for the radio. When auto power adjustment is enabled, this indicates an initial default power setting;...
Page 283
Access Point Profile RF Commands dot11n channel-bandwidth This command selects the bandwidth used in the channel when operating in 802.11n mode. Default 40 MHz Format dot11n channel-bandwidth {20 | 40} Mode AP Profile Radio Config Parameter Description The Radio operates in 20 MHz bandwidth. The Radio operates in 40 MHz bandwidth.
Page 285
Access Point Profile RF Commands Parameter Description rate A valid rate based on the radio mode. When the radio is operating in the 5 GHz band, values are 6, 11, 12, 18, 24, 36, 48, and 54 Mbps. When the radio is operating in the 2.4 GHz band, the values are 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54 Mbps.
Page 287
Access Point Profile RF Commands Parameter Description Automatic Channel Indicates if automatic channel adjustment is enabled. If enabled, the initial AP channel assignment can Adjustment be automatically adjusted by the switch due to changes in the network. Automatic Power Indicates if automatic power adjustment is enabled. If enabled, the switch may modify the power on Adjustment the radio due to changes in performance.
Page 289
Access Point Profile RF Commands 36 Mbps 48 Mbps 54 Mbps show wireless multicast tx-rates This command displays the multicast transmit rates valid for a specified physical mode. This is intended to help you determine valid values for the radio configuration command. Format show wireless multicast tx-rates {a | bg} Mode...
Page 291
Access Point Profile QoS Commands qos station-edca This command configures the upstream traffic flowing from the client station to the access point EDCA queues for voice (0), video (1), best-effort (2), and background (3) queues. The commands allow you to configure AIFS (Arbitration Inter-Frame Spacing), Minimum Contention Window, Maximum Contention Window, and Transmission Opportunity Limit for each of these queues.
WS Managed Access Point Commands WS M ANAGED CCESS OINT OMMANDS The commands in this section provide views and management of all status and statistics for an access point managed by the Unified Switch. This includes views of neighbors within the RF area for each managed AP radio interface. This section also lists commands available via Privileged EXEC mode to control the WS Managed APs.
Page 296
This command sets a TFTP path and file name for the specified AP system type. The download request can be initiated for all the image types or for a specific image type. Currently the D-Link UWS supports only one image type: for DWL-8600AP.
Page 297
WS Managed Access Point Commands Format wireless ap download start [image-type img_dwl8600] [<macaddr>] Mode Privileged EXEC Parameter Description img_dwl8600 The image type. macaddr Managed AP MAC Address. Example: The following shows an example of the command. (DWS-4026) #wireless ap download start image-type img_dwl8600 (DWS-4026) #wireless ap download start (DWS-4026) #wireless ap download start 00:00:84:00:50 The following text displays after you enter the command:...
Page 299
WS Managed Access Point Commands Field Description Location A location description for the AP, this is the value configured in the valid AP database (either locally or on the RADIUS server). IP Address The network IP address of the managed AP. IP Subnet Mask The network mask of the managed AP.
Page 300
• Switch IP DHCP - The managed AP learned the correct Unified Switch IP address through DHCP option 43. • L2 Poll Received - The AP was discovered through the D-Link Wireless Device Discovery Protocol. Authenticated Total number of clients currently authenticated to the AP. This is the sum of all authenticated clients for Clients all the VAPs enabled on the AP.
Page 301
WS Managed Access Point Commands Profile........1 - Default Vendor ID........D-Link Protocol Version....... 2 Software Version....... D.05.22.1 Hardware Type........9hw_dwl8600 - DWL-8600AP Dual Radio a/b/ Serial Number........H05167353 Part Number........dwl8600ap Discovery Reason....... L2 Poll Received Authenticated Clients......0 System Up Time.........
Page 303
WS Managed Access Point Commands show wireless ap radio power status This command displays the manual power adjustment status for a radio on a WS managed AP. This indicates the individual AP status for a wireless power plan apply request or a wireless AP power set request. Format show wireless ap <macaddr>...
Page 304
Neighbor AP MAC The Ethernet MAC address of the neighbor AP network, this could be a physical radio interface or VAP MAC address. For D-Link APs, this is always a VAP MAC address. The neighbor AP MAC address may be cross-referenced in the RF Scan status.
Page 305
WS Managed Access Point Commands Field Description RSSI Received Signal Strength Indication, this is an indicator of the signal strength relative to the neighbor and may give an idea of the neighbor’s distance from the managed AP. Status Indicates the managed status of the AP, whether this is a valid AP known to the switch or a Rogue on the network.
Page 307
WS Managed Access Point Commands Field Description WLAN Packets Total packets transmitted by the AP on the wireless network. Transmitted WLAN Bytes Total bytes transmitted by the AP on the wireless network. Transmitted WLAN Packets Total receive packets discarded by the AP on the wireless network. Receive Dropped WLAN Bytes Total receive bytes discarded by the AP on the wireless network.
Page 309
WS Managed Access Point Commands Field Description Failed Count Number of times an MSDU is not transmitted successfully due to transmit attempts exceeding either the short retry limit or the long retry limit. Retry Count Number of time an MSDU is successfully transmitted after one or more retries. Multiple Retry Number of times an MSDU is successfully transmitted after more than one retry.
Page 311
WS Managed Access Point Commands WLAN Bytes Received......0 WLAN Bytes Transmitted......0 WLAN Packets Receive Dropped....0 WLAN Packets Transmit Dropped....0 WLAN Bytes Receive Dropped..... 0 WLAN Bytes Transmit Dropped....0 Client Association Failures....0 Client Authentication Failures....0 show wireless ap download This command displays global configuration and status for an AP code download request.
Access Point Failure Status Commands CCESS OINT AILURE TATUS OMMANDS The commands in this section provide views and management of data maintained for access point association and authentication failures. clear wireless ap failure list This command deletes all entries from the AP failure list, entries normally age out according to the configured age time. The AP failure list includes entries for all APs that have failed to validate or authenticate to the Unified Switch.
MAC Address The Ethernet MAC address of the detected AP, this could be a physical radio interface or VAP MAC. For D-Link APs, this is always a VAP MAC address. BSSID Basic Service Set Identifier advertised by the AP in the beacon frames.
Page 317
RF Scan Access Point Status Commands Transmit Rate (Mpbs)......1 Mbps Beacon Period (msecs)......100 Discovered Age......... 0d:00:03:01 Age..........0d:00:02:57 Security Mode........Open Highest Supported Rate (per 100Kbps)... 10 802.11n Mode........Supported Ad hoc Network......... Not Ad hoc Rogue Mitigation....... Not Required (DWS-4026) # show wireless ap rf-scan triangulation This command displays the signal triangulation status for the specified RF scan entry.
Client Association Status and Statistics Commands LIENT SSOCIATION TATUS AND TATISTICS OMMANDS The commands in this section provide views and management of all status and statistics for wireless clients. In addition to commands to display data from the associated client perspective, this section includes commands to display a view of all clients associated to a specific VAP, and to display a view of all clients associated to a specific SSID.
Page 321
Client Association Status and Statistics Commands Location........Radio.......... 2 - 802.11b/g/n Associating Switch......Local Switch Switch MAC Address......00:FC:E3:90:01:07 Switch IP Address......10.27.64.121 Tunnel IP Address......----- SSID........... ALT-VLAN-8 NetBIOS Name........PCRDU-ATSIGLER Status......... Authenticated Channel........1 User Name........VLAN........... 8 Transmit Data Rate......
Page 323
Client Association Status and Statistics Commands Diffserv Policy Up......<none> show wireless client client-qos radius status This command displays detailed client QoS data for clients associated to a managed AP. These are the configured values successfully obtained from a RADIUS server for the specified client. Format show wireless client <macaddr>...
Page 325
Client Association Status and Statistics Commands (DWS-4026) # show wireless client neighbor ap status This command displays all the APs an associated client can see in its RF area; for associated clients this provides a reverse view of the managed AP client neighbor list. It allows you to view where a client may roam based on its neighbor APs. Format show wireless client <macaddr>...
Page 327
Client Association Status and Statistics Commands On the Cluster Controller, it displays entries in the following format: (DWS-4026) #show wireless switch client status Client Switch IP Address MAC Address Channel Status -------------------------------- ----------------- ------- -------------------- 192.168.37.60 00.0F.B5.86.93.95 Authenticated 00:14:C2:0C:47:6D Authenticated 192.168.37.61 00.0F.B5.86.93.85 Authenticated...
Page 329
Client Failure and Ad Hoc Status Commands Example: The following shows example CLI display output for the command. (DWS-4026) #show wireless client failure status Failure MAC Address VAP MAC Address SSID Type ----------------- ----------------- ----------------------- ------- ----------- 00:01:21:18:01:01 00:01:01:02:02:02 Network2 Auth 0h:1m:38s 00:01:32:18:01:01 00:01:01:02:01:03 Network3...
Page 331
WIDS Access Point RF Security Commands wids-security fakeman-ap-managed-ssid Use this command to enable Rogue reporting for fake managed AP’s detected with a managed SSID. Default Enable Format wids-security fakeman-ap-managed-ssid Mode Wireless Config no wids-security fakeman-ap-managed-ssid Use this command to disable Rogue reporting for fake managed AP’s detected with a managed SSID. Format no wids-security fakeman-ap-managed-ssid Mode...
Page 333
WIDS Access Point RF Security Commands no wids-security rogue-det-trap-interval Use this command to restore the rogue detected trap interval to its default value. Format no wids-security rogue-det-trap-interval Mode Wireless Config wids-security standalone-cfg-invalid (Standalone AP is operating with unexpected channel, SSID, security, or WIDS mode Rogue Detection.) Use this command to enable rogue reporting for standalone APs operating with unexpected channel, SSID, security, or WIDS mode.
Page 335
WIDS Access Point RF Security Commands Format no wids-security wired-detection-interval Mode Wireless Config show wireless wids-security This command displays the configured wireless WIDS security settings. Format show wireless wids-security Mode Privileged EXEC Field Description Rogue - admin If the local database indicates that the AP is rogue, then reports the AP as rogue in the RF Scan. configured Rogue Rogue - APs on an Enable or disable rogue reporting for APs operating on an illegal channel.
Page 337
WIDS Access Point RF Security Commands show wireless wids-security rogue-test-descriptions This command displays the WIDS AP rogue classification test identifier descriptions. Format show wireless wids-security rogue-test-descriptions Mode Privileged EXEC Example: The following shows example CLI display output for the command. (DWS-4026) # show wireless wids-security rogue-test-descriptions WIDSAPROGUE01......
Detected Clients Database Commands ETECTED LIENTS ATABASE OMMANDS This section provides status and configuration commands for the detected client database. wids-security client rogue-det-trap-interval Use this command to set the interval in seconds between transmissions of the trap telling you that rogue clients are present in the Detected Clients Database.
Page 341
Detected Clients Database Commands Format no wids-security client configured-deauth-rate Mode Wireless Config wids-security client max-auth-failure Use this command to enable the test which marks the client as rogue if it exceeds the maximum number of authentication failures. Default Enable Format wids-security client max-auth-failure Mode Wireless Config...
Page 343
Detected Clients Database Commands wids-security client threshold-value-auth Use this command to configure the maximum number of authentication messages a switch can receive during the threshold interval. Default Format wids-security client threshold-value-auth <1-99999> Mode Wireless Config Parameter Description 1-99999 The range of the threshold value. no wids-security client threshold-value-auth Use this command to set the threshold value for authentication messages to its default.
Page 345
Detected Clients Database Commands wids-security client known-db-location Use this command to configure the location of the Known-Client database for detected clients. Default Local Format wids-security client known-db-location <local | radius-server> Mode Wireless Config Parameter Description local Database defined locally. radius-server Database defined on a radius-server.
Page 347
Detected Clients Database Commands Format show wireless client <macaddr> detected-client roam-history Mode Privileged EXEC Field Description Mac Address The Ethernet address of the client. AP Mac Address The Ethernet address of the Access Point with which the client is pre-authenticated. (Radio) Radio The radio interface on the AP.
Page 351
Detected Clients Database Commands Field Description Auth Threshold The maximum number of authentication messages the client can send without being reported as Value rogue. Probe Threshold The number of seconds for counting the probe messages. Interval Probe Threshold The maximum number of probe messages the client can send without being reported as rogue. Value Auth Failure The maximum number of authentication failures that triggers the client to be reported as rogue.
Captive Portal Commands S e c ti o n 6 : C a pt i v e P o r ta l C om m a n d s This section describes the CLI commands you use to manage the Captive Portal features on the switch. This section contains the following subsections: •...
Page 355
Captive Portal Global Commands Default Format statistics interval <interval> Mode Captive Portal Config no statistics interval Use this command to set the reporting interval to the default. Format no statistics interval Mode Captive Portal Config snmp-server enable traps captive-portal This command globally enables the captive portal traps. The specific captive portal traps are configured using the trapflags command in Captive Portal Config Mode.
Page 357
Captive Portal Global Commands Format show captive-portal status Mode Privileged EXEC Field Description Additional HTTP Displays the port number of the additional HTTP port configured for traffic. A value of 0 indicates that Port only port 80 is configured for HTTP traffic. Additional HTTP Displays the port number of the additional HTTPS secure port.
Captive Portal Configuration Commands APTIVE ORTAL ONFIGURATION OMMANDS The commands in this section are related to captive portal configurations. configuration (Captive Portal) Use this command to enter the Captive Portal Instance Mode. The captive portal configuration, identified by CP ID 1, is the default CP configuration. You can create up to nine additional captive portal configurations.
Page 361
Captive Portal Configuration Commands Default Disable Format radius-auth-server <server-name> Mode Captive Portal Instance no radius-auth-server This command disables a captive portal configuration RADIUS authentication server. Format no radius-auth-server Mode Captive Portal Instance redirect-url mode This command enables the redirect mode for a captive portal configuration. Default Disable Format...
Page 363
Captive Portal Configuration Commands no max-input-octets This command sets to the default the maximum number of octets the user is allowed to transmit. Format no max-input-octets Mode Captive Portal Instance max-output-octets This command configures the maximum number of octets the user is allowed to receive. After this limit has been reached the user will be disconnected.
Page 365
Captive Portal Configuration Commands Format interface <slot/port> Mode Captive Portal Instance no interface This command removes the association between an interface and a captive portal configuration. Format no interface <slot/port> Mode Captive Portal Instance block This command blocks all traffic for a captive portal configuration. Format block Mode...
Captive Portal Status Commands APTIVE ORTAL TATUS OMMANDS Use the commands in this section to view information about the status of one or more captive portal instances. show captive-portal configuration This command displays the operational status of each captive portal configuration. The <cp-id> variable is the captive portal ID, which ranges from 1-10.
Page 371
Captive Portal Client Connection Commands Field Description Client MAC Identifies the MAC address of the wireless client (if applicable). Address Bytes Received Total bytes the client has received. Bytes Transmitted Total bytes the client has transmitted. Packets Total packets the client has transmitted. Transmitted Packets Received Total packets the client has received.
Captive Portal Interface Commands APTIVE ORTAL NTERFACE OMMANDS Use the commands in this section to view information about the interfaces on the switch that are associated with captive portals or that are capable of supporting a captive portal. show captive-portal interface configuration status This command displays the interface to configuration assignments for all captive portal configurations or a specific configuration.
Captive Portal Local User Commands APTIVE ORTAL OCAL OMMANDS Use these commands to view and configure captive portal users in the local database. user (Captive Portal Config Mode) This command is used to create a local user. The <user-id> variable is the user ID, which can be a number between 1 and 128.
Page 377
Captive Portal Local User Commands Default Format user <user-id> session-timeout <timeout> Mode Captive Portal Config Example: The following shows an example of the command. (DWS-4026)(Config-CP) #user 1 session-timeout 86400<cr> no user session-timeout This command sets the session timeout value for the associated captive portal user to the default value. The <user-id> variable is a user configured in the local database.
Page 379
Captive Portal Local User Commands Parameter Description user-id User ID from 1 to 128 characters. octets Number of bytes. no user max-input-octets Use this command to set to the default the number of octets in bytes that the user is allowed to transmit. Format no user <user-id>...
Page 381
Captive Portal Local User Commands clear captive-portal users This command deletes all captive portal user entries. Format clear captive-portal users Mode Privileged EXEC...
Quality of Service Commands Se ction 7: Quality of Serv ic e Comma nds This section describes the Quality of Service (QoS) commands available in the Unified Switch CLI. The QoS Commands section contains the following subsections: • “Class of Service Commands” on page 375 •...
Page 385
Class of Service Commands cos-queue min-bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue. The total number of queues supported per interface is 8. A value from 0-100 (percentage of link rate) must be specified for each supported queue, with 0 indicating no guaranteed minimum bandwidth.
Page 387
Class of Service Commands show classofservice ip-dscp-mapping This command displays the current IP DSCP mapping to internal traffic classes for the global configuration settings. Format show classofservice ip-dscp-mapping Mode Privileged EXEC The following information is repeated for each user priority. Term Definition IP DSCP...
Differentiated Services Commands -------- -------------- -------------- --------------------- Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop IFFERENTIATED ERVICES OMMANDS This section describes the commands you use to configure QOS Differentiated Services (DiffServ). You configure DiffServ in several stages by specifying three DiffServ components: 1.
Page 391
DiffServ Class Commands no class-map This command eliminates an existing DiffServ class. The <class-map-name> is the name of an existing DiffServ class. (The class name default is reserved and is not allowed here.) This command may be issued at any time; if the class is currently referenced by one or more policies or by any other class, the delete action fails.
Page 393
DiffServ Class Commands match ip dscp This command adds to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet, which is defined as the high-order six bits of the Service Type octet in the IP header (the low-order two bits are not checked).
DiffServ Policy Commands To specify the match condition as a numeric value, one layer 4 port number is required. The port number is an integer from 0 to 65535. Default none Format match srcl4port {<portkey> | <0-65535>} Mode Class-Map Config Ipv6-Class-Map Config OLICY OMMANDS...
Page 397
DiffServ Policy Commands mark cos This command marks all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header (the only tag in a single tagged packet or the first or outer 802.1Q tag of a double VLAN tagged packet). If the packet does not already contain this header, one is inserted.
DiffServ Show Commands This set of commands consists of service addition/removal. The CLI command root is service-policy. service-policy This command attaches a policy to an interface in the inbound direction. The <policyname> parameter is the name of an existing DiffServ policy. This command causes a service to create a reference to the policy. Note: This command effectively enables DiffServ on an interface in the inbound direction.
Page 401
DiffServ Show Commands show diffserv This command displays the DiffServ General Status Group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. This command takes no options.
Page 403
DiffServ Show Commands show diffserv service This command displays policy service information for the specified interface and direction. The <slot/port> parameter specifies a valid slot/port number for the system. Format show diffserv service <slot/port> in Mode Privileged EXEC Term Definition DiffServ Admin The current setting of the DiffServ administrative mode.
MAC Access Control List Commands The following information is repeated for each interface and direction (only those interfaces configured with an attached policy are shown): Term Definition Interface Valid slot and port number separated by a forward slash. Operational Status The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface.
Page 407
MAC Access Control List Commands The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule. The allowed <queue-id> value is 0–7, and the number of user-configurable queues available for the switch is 8. The assign-queue parameter is valid only for a permit rule.
IP Access Control List Commands IP Standard ACL: Format access-list <1-99> {deny | permit} {every | <srcip> <srcmask>} [log] [assign- queue <queue-id>] [mirror <slot/port>] Mode Global Config IP Extended ACL: Format access-list <100-199> {deny | permit} {every | {{icmp | igmp | ip | tcp | udp | <number>} <srcip>...
Page 411
IP Access Control List Commands fields may be specified using the keyword to indicate a match on any value in that field. The remaining command parameters are all optional, but the most frequently used parameters appear in the same relative order as shown in the command format.
Page 413
IP Access Control List Commands Match All........TRUE Mirror Interface....... 0/3 show access-lists This command displays IP ACLs, IPv6 ACLs, and MAC access control lists information for a designated interface and direction. Format show access-lists interface <slot/port> in Mode Privileged EXEC Term Definition ACL Type...
Page 415
Auto-Voice over IP Commands Format show auto-voip interface {<slot/port>|all} Mode Privileged EXEC Field Description AutoVoIP Mode The Auto VoIP mode on the interface. Traffic Class The CoS Queue or Traffic Class to which all VoIP traffic is mapped to. This is not configurable and defaults to the highest CoS queue available in the system for data traffic.
Utility Commands S ec t io n 8 : Ut i l it y C omm an ds This section describes the utility commands available in the Unified Switch CLI. The Utility Commands section includes the following subsections: • “Dual Image Commands” on page 409 •...
Page 419
System Information and Statistics Commands Term Definition Interface For a service port the output is Management. For a network port, the output is the slot/port of the physical interface. show eventlog This command displays the event log, which contains error messages from the system. The event log is not cleared on a system reset.
Page 421
System Information and Statistics Commands Term Definition Transmit Packet The number of outbound packets that could not be transmitted because of errors. Errors Address Entries The total number of Forwarding Database Address Table entries now active on the switch, including Currently In Use learned and static entries.
Page 423
System Information and Statistics Commands Term Definition Packets Received • Total Packets Received Without Error - The total number of packets received that were without Successfully errors. • Unicast Packets Received - The number of subnetwork-unicast packets delivered to a higher-layer protocol.
Page 425
System Information and Statistics Commands Term Definition Transmit Discards • Total Discards - The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. • Total Output Packets Dropped - The total number of Aged packets. •...
Page 427
System Information and Statistics Commands forwarding database table. Use the interface <slot/port> parameter to view MAC addresses on a specific interface. Use the vlan <vlan_id> parameter to display information about MAC addresses on a specified VLAN. Format show mac-addr-table [{<macaddr> <vlan_id> | all | count | interface <slot/port> | vlan <vlan_id>}] Mode Privileged EXEC...
Page 429
System Information and Statistics Commands The following shows example CLI display output for the command for VxWorks. (DWS-4026) #show process cpu Memory Utilization Report status bytes ------ ---------- free 101133744 alloc 134315888 CPU Utilization: Name 5 Sec 1 Min 5 Min --------------------------------------------------------- 1f9e520 tNetTask 0.00%...
Page 433
System Information and Statistics Commands command terminal length 0 disables pagination and, as a result, the output of the show running-config command is displayed immediately. Default 24 lines per page Format terminal length <0|5-48> Mode Privileged EXEC no terminal length Use this command to set the terminal length to the default value.
Page 435
Logging Commands no logging cli-command This command disables the CLI command Logging feature. Format no logging cli-command Mode Global Config logging console This command enables logging to the console. You can specify the <severitylevel> value as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7).
Page 437
Logging Commands Term Definition Syslog Logging Shows whether syslog logging is enabled. Log Messages Number of messages received by the log process. This includes messages that are dropped or Received ignored. Log Messages Number of messages that could not be processed due to error or lack of resources. Dropped Log Messages Number of messages sent to the collector/relay.
Page 439
System Utility and Clear Commands Parameter Description count Use the optional count parameter to specify the number of probes to send for each TTL value. Range is 1 to 10 probes. port Use the optional port parameter to specify destination UDP port of the probe. This should be an unused port on the remote destination system.
Page 441
System Utility and Clear Commands enable passwd encrypted This command allows the administrator to transfer the enable password between devices without having to know the password. The <password> parameter must be exactly 128 hexadecimal characters. Format enable passwd encrypted <password> Mode Privileged EXEC logout...
System Utility and Clear Commands Xmodem. SFTP and SCP are available as additional transfer methods if the software package supports secure management. Format copy <source> <destination> Mode Privileged EXEC Replace the <source> and <destination> parameters with the options in Table 11.
Page 445
SNTP and Clock Commands no sntp client mode This command disables Simple Network Time Protocol (SNTP) client mode. Format no sntp client mode Mode Global Config sntp client port This command sets the SNTP client port id to a value from 1-65535. Default Format sntp client port <portid>...
Page 447
SNTP and Clock Commands no sntp server This command deletes an server from the configured SNTP servers. Format no sntp server remove <ipaddress|hostname> Mode Global Config show sntp This command is used to display SNTP settings and status. Format show sntp Mode Privileged EXEC Term...
Page 449
SNTP and Clock Commands Term Definition minutes Replace <minutes> with the number of minutes your time zone differs from the UTC, in addition to the offset, in the range -59 to +59. zone <zone> Replace <zone> with an acronym for the time zone. Example: The following example configures the time zone to 5 hours and 30 minutes earlier than UTC, and names it IST .
Page 451
DHCP Server Commands no client-name This command removes the client name. Format no client-name Mode DHCP Pool Config default-router This command specifies the default router list for a DHCP client. {address1, address2… address8} are valid IP addresses, each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Default none Format...
Page 453
DHCP Server Commands network (DHCP Pool Config) Use this command to configure the subnet number and mask for a DHCP address pool on the server. Network-number is a valid IP address, made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Mask is the IP subnet mask for the specified address pool.
Page 455
DHCP Server Commands no next-server This command removes the boot server list. Format no next-server Mode DHCP Pool Config option The option command configures DHCP Server options. The <code> parameter specifies the DHCP option code and ranges from 1-254. The <ascii string> parameter specifies an NVT ASCII character string. ASCII character strings that contain white space must be delimited by quotation marks.
Page 457
DHCP Server Commands ip dhcp conflict logging This command enables conflict logging on DHCP server. Default enabled Format ip dhcp conflict logging Mode Global Config no ip dhcp conflict logging This command disables conflict logging on DHCP server. Format no ip dhcp conflict logging Mode Global Config clear ip dhcp binding...
Page 459
DHCP Server Commands The following additional fields are displayed for Manual pool type: Field Definition Client Name The name of a DHCP client. Client Identifier The unique identifier of a DHCP client. Hardware Address The hardware address of a DHCP client. Hardware Address The protocol of the hardware platform.
Page 461
DNS Client Commands Example: The CLI command ip domain name yahoo.com will configure yahoo.com as a default domain name. For an unqualified hostname xxx, a DNS query is made to find the IP address corresponding to xxx.yahoo.com. no ip domain name Use this command to remove the default domain name configured using the ip domain name command.
Page 463
DNS Client Commands clear host Use this command to delete entries from the host name-to-address cache. This command clears the entries from the DNS cache maintained by the software. This command clears both IPv4 and IPv6 entries. Format clear host {<name> | all} Mode Privileged EXEC Field...
Page 465
Serviceability Packet Tracing Commands debug clear This command disables all previously enabled “debug” traces. Default disabled Format debug clear Mode Privileged EXEC debug console This command enables the display of “debug” trace output on the login session in which it is executed. Debug console display must be enabled in order to view any trace output.
Page 467
Serviceability Packet Tracing Commands debug igmpsnooping packet receive This command enables tracing of IGMP Snooping packets received by the switch. Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface. Default disabled Format debug igmpsnooping packet receive...
Page 469
Serviceability Packet Tracing Commands Default disabled Format debug mldsnooping packet [receive|transmit] Mode Privileged EXEC no debug mldsnooping packet Use this command to disable debug tracing of MLD snooping packet reception and transmission. debug ping packet This command enables tracing of ICMP echo requests and responses. The command traces pings on the network port/ serviceport for switching packages.
Page 471
Serviceability Packet Tracing Commands Default disabled Format debug sflow packet Mode Privileged EXEC no debug sflow packet Use this command to disable sFlow debug packet trace. Format no debug sflow packet Mode Privileged EXEC debug spanning-tree bpdu This command enables tracing of spanning tree BPDUs received and transmitted by the switch. Default disabled Format...
Need help?
Do you have a question about the DWS-4000 Series and is the answer not in the manual?
Questions and answers