Overview .............................18 Quick Starts .........................18 CLI ............................18 Web View ..........................18 Web Quick Start .........................19 Web Quick Start Parameters ....................19 Web Quick Start Requirements ...................19 Accessing the Web Quick Start ...................20 CLI quickstart Command ......................22 Quickstart Example......................23 D-Link DWS-1008 User Manual...
Page 3
Displaying Port Configuration and Status ................42 Displaying PoE State .......................43 Displaying Port Statistics ....................43 Clearing Statistics Counters ....................44 Monitoring Port Statistics ....................44 Configuring Load-Sharing Port Groups ................45 Load Sharing ........................45 Link Redundancy ......................45 Configuring a Port Group ....................46 D-Link DWS-1008 User Manual...
Page 4
Designating the System IP Address ..................65 Displaying the System IP Address ..................65 Clearing the System IP Address ..................65 Configuring and Managing IP Routes ..................66 Displaying IP Routes......................67 Adding a Static Route ......................68 Removing a Static Route .....................69 D-Link DWS-1008 User Manual...
Page 5
Configuring and Managing NTP ..................82 Adding an NTP Server ......................83 Removing an NTP Server ....................83 Changing the NTP Update Interval ..................83 Resetting the Update Interval to the Default ................84 Enabling the NTP Client ......................84 Displaying NTP Information ....................84 D-Link DWS-1008 User Manual...
Page 6
How a Distributed AP Contacts a Switch (DHCP-Obtained Address) ......109 How a Distributed AP Contacts an Switch (Statically Configured Address) ....111 Loading and Activating an Operational Image ...............113 Obtaining Configuration Information from the Switch ............113 Session Load Balancing ....................114 D-Link DWS-1008 User Manual...
Page 7
Disabling or Reenabling Encryption for an SSID ............136 Disabling or Reenabling Beaconing of an SSID ............137 Changing the Fallthru Authentication Type ..............137 Changing Transmit Rates ....................137 Disabling Idle-Client Probing ..................139 Changing the User Idle Timeout ..................139 D-Link DWS-1008 User Manual...
Page 8
Creating a Service Profile for WPA ................161 Enabling WPA ........................161 Specifying the WPA Cipher Suites .................161 Changing the TKIP Countermeasures Timer Value ............162 Enabling PSK Authentication ..................163 Disabling 802.1X Authentication for WPA ..............164 Displaying WPA Settings ....................164 D-Link DWS-1008 User Manual...
Page 9
Configuring AP Radios to Listen for AeroScout RFID Tags ............186 Locating an RFID Tag .......................188 Configuring Quality of Service ....................189 About QoS ..........................189 Summary of QoS Features ....................189 QoS Mode ..........................190 WMM QoS Mode ......................191 WMM QoS on the DWS-1008 Switch ................191 D-Link DWS-1008 User Manual viii...
Page 10
Configuring and Managing STP Fast Convergence Features ..........207 Port Fast Convergence ......................208 Backbone Fast Convergence .....................208 Uplink Fast Convergence ....................208 Configuring Port Fast Convergence ...................208 Displaying Port Fast Convergence Information ..............209 Configuring Backbone Fast Convergence .................209 D-Link DWS-1008 User Manual...
Page 11
Setting a Source IP ACL ....................227 Wildcard Masks ......................228 Class of Service ......................228 Setting an ICMP ACL ......................229 Setting TCP and UDP ACLs ....................230 Setting a TCP ACL ......................230 Setting a UDP ACL ......................230 Determining the ACE Order ....................231 D-Link DWS-1008 User Manual...
Page 12
Public and Private Keys .....................257 Digital Certificates ......................258 PKCS #7, PKCS #10, and PKCS #12 Object Files ............258 Certificates Automatically Generated by MSS ................260 Creating Keys and Certificates ....................260 Choosing the Appropriate Certificate Installation Method for Your Network ......261 D-Link DWS-1008 User Manual...
Page 13
Adding MAC Users and Groups ..................288 Clearing MAC Users and Groups ..................288 Configuring MAC Authentication and Authorization ............289 Changing the MAC Authorization Password for RADIUS ..........290 Configuring Web Portal WebAAA .....................291 How Web Portal WebAAA Works ..................291 D-Link DWS-1008 User Manual...
Page 14
Displaying and Positioning Location Policy Rules ............326 Clearing Location Policy Rules and Disabling the Location Policy ........326 Configuring Accounting for Wireless Network Users ..............327 Configuring Periodic Accounting Update Records .............328 Enabling System Accounting Messages ................328 D-Link DWS-1008 User Manual xiii...
Page 15
Enabling and Disabling 802.1X Reauthentication ..............352 Setting the Maximum Number of 802.1X Reauthentication Attempts ........352 Setting the 802.1X Reauthentication Period ..............353 Setting the Bonded Authentication Period .................353 Managing Other Timers ......................354 Setting the 802.1X Quiet Period ..................354 D-Link DWS-1008 User Manual...
Page 16
Changing or Disabling the User Idle Timeout ..............376 Rogue Detection and Countermeasures ..................377 About Rogues and RF Detection ....................377 Rogue Access Points and Clients ..................377 Rogue Classification ......................377 Rogue Detection Lists ....................378 RF Detection Scans ......................379 Dynamic Frequency Selection (DFS) ................379 Countermeasures ......................380 D-Link DWS-1008 User Manual...
Page 17
Specifying the Configuration File to Use After the Next Reboot ........408 Loading a Configuration File ....................409 Specifying a Backup Configuration File ................409 Resetting to the Factory Default Configuration ..............410 Backing Up and Restoring the System ..................411 Managing Configuration Changes ..................412 D-Link DWS-1008 User Manual...
Page 18
Remotely Monitoring Traffic ......................431 How Remote Traffic Monitoring Works ................432 Using Snoop Filters on Radios That Use Active Scan ...........432 All Snooped Traffic Is Sent in the Clear .................432 Best Practices for Remote Traffic Monitoring ..............433 D-Link DWS-1008 User Manual xvii...
Page 19
Traffic Ports Used by MSS ......................448 DHCP Server ..........................449 How the MSS DHCP Server Works ..................450 Configuring the DHCP Server ....................451 Displaying DHCP Server Information ..................452 Glossary ............................453 Technical Specifications ......................475 Warranty ............................478 Registration ...........................483 D-Link DWS-1008 User Manual xviii...
The DWS-1008 switch has been designed and tested to be installed in an operating ambient temperature of 0° C to +40° C (32° F to 104° F). To reduce the risk of equipment damage, install equipment with consideration to these ambient conditions. D-Link DWS-1008 User Manual...
AAA and 802.1x offload capabilities. The D-Link MobileLAN solution is powered by Trapeze Networks and executes Trapeze Networks’ Mobility System Software (MSS), which maintains the intelligence of the MobileLAN system. In addition to managing users’...
PoE is on but no access point is connected to the link. Blinking amber Access point is not connected or is unresponsive, or there is a PoE problem. Unlit Port is not configured as an AP access port, or PoE is off. D-Link DWS-1008 User Manual...
• System log - The DWS-1008 generates log messages to log system events. The log messages are stored locally and also can be exported to syslog servers. • Simple Network Management Protocol (SNMP) - A DWS-1008 switch can be configured to generate SNMP traps for major system events. D-Link DWS-1008 User Manual...
File > New indicates that you select New from the File menu. [ ] (square brackets) Enclose optional parameters in command syntax. { } (curly brackets) Enclose mandatory parameters in command syntax. Separates mutually exclusive options in command | (vertical bar) syntax. D-Link DWS-1008 User Manual...
PoE- Note: Mounting a DWL-8220AP access point on a solid surface requires CAT5 cable that does not have strain relief. For installation on all other surfaces, you can use CAT5 cable with or without strain relief. D-Link DWS-1008 User Manual...
Do not install equipment such that the branch circuit current and voltage protection is exceeded. Pay particular attention to the earthing connection for the supply connections. When using an extension cord or power strip, pay attention to the grounding type. D-Link DWS-1008 User Manual...
(RF) signals to and from wireless users and connect them to a DWS-1008 switch. • Mobility System Software™ (MSS™) - The operating system (firmware) that runs all D-Link DWS-1008 switches and DWL-8220AP access points in a WLAN, and is accessible through a command-line interface (CLI).
Using the Command-Line Interface Mobility System Software (MSS) operates a D-Link wireless LAN (WLAN) consisting of the DWS-1008 switch and DWL-8220AP access points. MSS has a command-line interface (CLI) on the switch that you can use to configure and manage the switch and its attached access points.
MAC addresses, virtual LAN (VLAN) names, and ports in a single command. D-Link recommends that you do not use the same name with different capitalizations for VLANs or access control lists (ACLs). For example, do not configure two separate VLANs with the names red and RED.
The ACL mask must be a contiguous set of zeroes starting from the first bit. For example, 0.255.255.255, 0.0.255.255, and 0.0.0.255 are valid ACL masks. However, 0.255.0.255 is not a valid ACL mask. D-Link DWS-1008 User Manual...
All users with usernames that have no delimiters. All users in the Windows Domain EXAMPLE with usernames that ® EXAMPLE\* have no delimiters. All users in the Windows Domain EXAMPLE whose usernames ® EXAMPLE\*.* contain a period. All users D-Link DWS-1008 User Manual...
MAC address, or VLAN to a glob. To verify the order, view the output of the show aaa or show config command. MSS checks globs that appear higher in the list before items lower in the list and uses the first successful match. D-Link DWS-1008 User Manual...
• A hyphen-separated range of port numbers, with no spaces. For example: DWS-1008# reset port 1-4 • Any combination of single numbers, lists, and ranges. Hyphens take precedence over commas. For example: DWS-1008# show port status 1-3,6 D-Link DWS-1008 User Manual...
Up Arrow and Down Arrow keys to select a command that you want to repeat from the history buffer. Tabs The MSS CLI uses the Tab key for command completion. You can type the first few characters of a command and press the Tab key to display the command(s) that begin with those characters. D-Link DWS-1008 User Manual...
Show, use ‘show help’ for more information telnet telnet IP address [server port] traceroute Print the route packets take to network host To see a subset of the online help, type the command for which you want more information. D-Link DWS-1008 User Manual...
Understanding Command Descriptions Each command description in the D-Link Command Reference contains the following elements: • A command name, which shows the keywords but not the variables. For example, the following command name appears at the top of a command description and in the index:...
IP connectivity. (Web View access also requires the switch’s HTTPS server to be enabled.) The Web Quick Start application is accessible only on unconfigured switches. D-Link DWS-1008 User Manual...
• PC with an Ethernet port that you can connect directly to the switch • Category 5 (Cat 5) or higher Ethernet cable If the PC is connected to the network, power down the PC or disable its network interface card (NIC), then unplug the PC from the network. D-Link DWS-1008 User Manual...
Do not click the browser’s Refresh or Reload button at any time while using the wizard. If you do click Refresh or Reload, all the information you have entered in the wizard will be cleared. D-Link DWS-1008 User Manual...
Page 40
If you click Finish, the wizard saves the configuration settings into the switch’s configuration file. If the switch is rebooted, the configuration settings are restored when the reboot is finished. The switch is ready for operation. You do not need to restart the switch. D-Link DWS-1008 User Manual...
2. Press Enter three times, to display a username prompt (Username:), a password prompt (Password:), and then a command prompt such as the following: DWS-1008-aabbcc> 3. Access the enabled level (the configuration level) of the CLI: DWS-1008-aabbcc> enable D-Link DWS-1008 User Manual...
If you configure time and date parameters, you will be required to enter a name for the timezone, and then enter the value of the timezone (the offset from UTC) separately. You can use a string of up to 32 alphabetic characters as the timezone name. D-Link DWS-1008 User Manual...
Page 43
Type “save config” to save the configuration DWS-1008-aabbcc# save config 6. Optionally, enable Telnet. DWS-1008-aabbcc# set ip telnet server enable 7. Verify the configuration changes. DWS-1008-aabbcc# show config 8. Save the configuration changes. DWS-1008-aabbcc# save config D-Link DWS-1008 User Manual...
Here is an overview of configuration topics: 1. Console connection - By default, any administrator can connect to the console port and manage the switch, because no authentication is enforced. D-Link recommends that you enforce authentication on the console port after initial connection.
D-Link recommends enforcing authentication for administrative access using usernames and passwords stored either locally or on RADIUS servers. Before You Start Before reading more of this chapter, use the Quick Installation Guide to set up your DWS-1008 switch and the attached access points for basic service.
DWS-1008> enable 4. Press Enter to display an enabled-mode command prompt: DWS-1008# Once you see this prompt after you have typed the enable command, you have administrative privileges, which allow you to further configure the switch. D-Link DWS-1008 User Manual...
There is one enable password for the entire switch. You can optionally change the enable password from the default. Caution: D-Link recommends that you change the enable password from the default (no password) to prevent unauthorized users from entering configuration commands.
Authenticating at the Console You can configure the console so that authentication is required, or so that no authentication is required. D-Link recommends that you enforce authentication on the console port. To enforce console authentication, take the following steps: 1. Add a user in the local database by typing the following command with a username and...
Like usernames, passwords are case-sensitive. To make passwords secure, make sure they contain uppercase and lowercase letters and numbers. D-Link recommends that all users create passwords that are memorable to themselves, difficult for others to guess, and not subject to a dictionary attack.
Adding and Clearing Local Users for Administrative Access Usernames and passwords can be stored locally on the switch. D-Link recommends that you enforce console authentication after the initial configuration to prevent anyone with unauthorized access to the console from logging in. The local database on the switch is the simplest way to store user information.
1812 1813 5 Server groups sg1: r1 Web Portal: enabled set authentication console * local set authentication admin * local set accounting admin Geetha stop-only local set accounting admin * start-stop local user Geetha Password = 1214253d1d19 (encrypted) D-Link DWS-1008 User Manual...
To enable local authentication for a console user, you must configure a local username. Natasha types the following commands in this order: DWS-1008# set user natasha password m@Jor User natasha created DWS-1008# set authentication console * local success: change accepted. DWS-1008# save config success: configuration saved. D-Link DWS-1008 User Manual...
DWS-1008# set radius server r1 address 192.168.253.1 key sunFLOW#$ success: change accepted. DWS-1008# set server group sg1 members r1 success: change accepted. DWS-1008# set authentication console * local sg1 success: change accepted. DWS-1008# save config success: configuration saved. D-Link DWS-1008 User Manual...
DWS-1008# set server group sg1 members r1 success: change accepted. DWS-1008# set authentication console * sg1 none success: change accepted. DWS-1008# set authentication admin * sg1 none success: change accepted. DWS-1008# save config success: configuration saved. D-Link DWS-1008 User Manual...
MSS applies default settings appropriate for the port type. The table on the next page lists the default settings applied for each port type. For example, the access point column lists default settings that MSS applies when you change a port type to ap (DWL-8220AP access point). D-Link DWS-1008 User Manual...
To set ports 4 through 6 for access point model DWL-8220AP and enable PoE on the ports, type the following command: DWS-1008# set port type ap 4-6 model dwl-8220ap poe enable This may affect the power applied on the configured ports. Would you like to continue? (y/n) [n]y success: change accepted. D-Link DWS-1008 User Manual...
To set port 2 as a wired authentication port, type the following command: DWS-1008# set port type wired-auth 2 success: change accepted This command configures port 2 as a wired authentication port supporting one interface and one simultaneous user session. D-Link DWS-1008 User Manual...
For example, to clear the port-related settings from port 5 and reset the port as a network port, type the following command: DWS-1008# clear port type 5 This may disrupt currently authenticated users. Are you sure? (y/n) [n]y success: change accepted. D-Link DWS-1008 User Manual...
To set the name of port 2 to adminpool, type the following command: DWS-1008# set port 2 name adminpool success: change accepted. Note: To avoid confusion, D-Link recommends that you do not use numbers as port names. Removing a Port Name To remove a port name, use the following command:...
Autonegotiation is enabled by default on a switch’s 10/100 Ethernet ports. Note: D-Link recommends that you do not configure the mode of a switch port so that one side of the link is set to autonegotiation while the other side is set to full-duplex. Although MSS allows this configuration, it can result in slow throughput on the link.
Admin Oper Config Actual Type Media ================================================================== auto 100/full network 10/100BaseTx down auto network 10/100BaseTx down auto network 10/100BaseTx down auto network 10/100BaseTx down auto network 10/100BaseTx auto 100/full 10/100BaseTx down auto network down auto network D-Link DWS-1008 User Manual...
DWS-1008# show port counters octets port 3 Port Status Rx Octets Tx Octets ======================================= 27965420 34886544 Note: To display all types of statistics with the same command, use the monitor port counters command. D-Link DWS-1008 User Manual...
Advances to the next statistics type. Spacebar Exits the monitor. MSS stops displaying the statistics and displays a new command prompt. Clears the statistics counters for the currently displayed statistics type. The counters begin incrementing again. D-Link DWS-1008 User Manual...
When the failed port starts operating again, the switch begins using it for new traffic flows. Traffic that belonged to the port before it failed continues to be assigned to other ports. D-Link DWS-1008 User Manual...
State Affin Port State ------------------------------------------------------------------------------------------------- default server2 none Up To indicate that the ports are configured as a port group, the show vlan config output lists the port group name instead of the individual port numbers. D-Link DWS-1008 User Manual...
Interoperating with Cisco Systems EtherChannel Load-sharing port groups are interoperable with Cisco Systems EtherChannel capabilities. To configure a Cisco Catalyst switch to interoperate with a D-Link DWS-1008 switch, use the following command on the Catalyst switch: set port channel port-list mode on...
You must assign the system IP address to one of the VLANs, for communications between switches and for unsolicited communications such as SNMP traps and RADIUS accounting messages. Any IP address configured on a switch can be used for management access unless explicitly restricted. D-Link DWS-1008 User Manual...
VLANs but on different network ports. If you use a tag value, D-Link recommends that you use the same value as the VLAN number. MSS does not require the VLAN number and tag value to be the same, but some other vendors’ devices do.
Specify a VLAN number from 2 to 4093, and specify a name up to 16 alphabetic characters long. You cannot use a number as the first character in a VLAN name. D-Link recommends that you do not use the same name with different capitalizations for VLANs or ACLs. For example, do not configure two separate VLANs with the names red and RED.
VLAN. To remove port 4 from VLAN red, type the following command: DWS-1008# clear vlan red port 4 This may disrupt user connectivity. Do you wish to continue? (y/n) [n]y success: change accepted. D-Link DWS-1008 User Manual...
Note: You cannot remove the default VLAN (VLAN 1). However, you can add and remove ports. You can also rename the default VLAN, but D-Link recommends against it. Restricting Layer 2 Forwarding Among Clients By default, clients within a VLAN are able to communicate with one another directly at Layer 2. You can enhance network security by restricting Layer 2 forwarding among clients in the same VLAN.
State Affin Port State -------------------------------------------------------------------------------------------------------------------------- burgundy none none none none none Note: The display can include access ports and wired authentication ports, because MSS dynamically adds these ports to a VLAN when handling user traffic for the VLAN. D-Link DWS-1008 User Manual...
Added by the switch itself - For example, the authentication protocols can add entries for wired and wireless authentication users. The switch also adds any static entries added by the system administrator and saved in the configuration file. D-Link DWS-1008 User Manual...
To clear all dynamic forwarding database entries that match all VLANs, type the following command: DWS-1008# clear fdb dynamic success: change accepted. To clear all dynamic forwarding database entries that match ports 3 and 5, type the following command: DWS-1008# clear fdb port 3,5 success: change accepted. D-Link DWS-1008 User Manual...
To change the aging timeout period, use the following command: set fdb agingtime vlan-id age seconds For example, to set the aging timeout period for VLAN 2 to 600 seconds, type the following command: DWS-1008# set fdb agingtime 2 age 600 success: change accepted. D-Link DWS-1008 User Manual...
2. Configure the country code for operation in the US and verify the configuration change. Type the following commands: DWS-1008# set system countrycode US success: change accepted. DWS-1008# show system =============================================== Product Name: DWS-1008 System Name: DWS-1008 System Countrycode: System Location: System Contact: System IP: 0.0.0.0 D-Link DWS-1008 User Manual...
Page 78
DWS-1008# show port poe Port Name Link Status Port Type PoE Config PoE Draw(Watts) ============================================================ mgmt disabled finance enabled 7.04 accounting enabled 7.04 shipping enabled 7.04 lobby enabled 7.04 conf_room1 enabled 7.04 Backbone down invalid Backbone down invalid D-Link DWS-1008 User Manual...
Page 79
DWS-1008# show vlan config VLAN Name Admin Status VLAN State Tunl Affin Port Port Tag State =============================================================== default none roaming none none 7. Save the configuration. Type the following command: DWS-1008# save config success: configuration saved. D-Link DWS-1008 User Manual...
D-Link device for tunneling. If the path MTU between D-Link devices is less than 1384 bytes, a device in the path might further fragment or drop a tunneled packet. If the packet is further fragmented, the receiving switch will not be able to reassemble the fragments, and the packet is dropped.
MSS also has a configurable DHCP server. You can configure a DHCP client and DHCP server on the same VLAN, but only the client or the server can be enabled. The DHCP client and DHCP server cannot both be enabled on the same VLAN at the same time. D-Link DWS-1008 User Manual...
{enable | disable} The vlan-id can be the VLAN name or number. The following command enables the DHCP client on VLAN corpvlan: DWS-1008# set interface corpvlan ip dhcp-client enable success: change accepted. D-Link DWS-1008 User Manual...
To remove an IP interface, use the following command: clear interface vlan-id ip Caution: If you remove the IP interface that is being used as the system IP address, features that require the system IP address will not work correctly. D-Link DWS-1008 User Manual...
To display the system IP address, use the following command: show system Clearing the System IP Address Caution: Clearing the system IP address disrupts the features that use the address. To clear the system IP address, use the following command: clear system ip-address D-Link DWS-1008 User Manual...
MSS uses a default route. For example, if the route table does not have a route to host 192.168.1.10, the switch uses the default route to forward a packet addressed to that host. D-Link recommends that you configure at least one default route.
MSS changes the static route state to Down. If the route table contains other static routes to the same destination, MSS selects the resolved route that has the lowest cost. In the following example, the default route to 10.0.1.17 is down, so MSS selects the default route to 10.0.2.17. D-Link DWS-1008 User Manual...
To add an explicit route from a switch to any host on the 192.168.4.x subnet through the local router 10.5.4.2, and give the route a cost of 1, type the following command: DWS-1008# set ip route 192.168.4.0 255.255.255.0 10.5.4.2 1 success: change accepted. D-Link DWS-1008 User Manual...
If you do not press Enter or complete the login before the timer expires, MSS ends the session. These timers are not configurable. Note: To ensure that all CLI management sessions are encrypted, after you configure SSH, disable Telnet. D-Link DWS-1008 User Manual...
Optionally, you also can configure MSS either to locally authenticate the user or to use a RADIUS server to authenticate the user. Use the following command: set authentication admin {user-glob} method1 [method2] [method3] [method4] D-Link DWS-1008 User Manual...
Caution: If you change the SSH port number from an SSH session, MSS immediately ends the session. To open a new management session, you must configure the SSH client to use the new SSH port number. D-Link DWS-1008 User Manual...
If you do not press Enter or complete the login before the timer expires, MSS ends the session. This timer is not configurable. Enabling Telnet Telnet is disabled by default. To enable Telnet, use the following command: set ip telnet server {enable | disable} D-Link DWS-1008 User Manual...
To open a new management session, you must Telnet to the switch with the new Telnet port number. Resetting the Telnet Service Port Number to Its Default To reset the Telnet management service to its default TCP port, use the following command: clear ip telnet D-Link DWS-1008 User Manual...
Enabling HTTPS HTTPS is disabled by default. To enable HTTPS, use the following command: set ip https server {enable | disable} Caution: If you disable the HTTPS server, Web View access to the switch is also disabled. D-Link DWS-1008 User Manual...
This command applies to all types of CLI management sessions: console, Telnet, and SSH. The timeout change applies to existing sessions only, not to new sessions. The following command sets the idle timeout to 1800 seconds (one half hour): DWS-1008# set system idle-timeout 1800 success: change accepted. D-Link DWS-1008 User Manual...
You can configure a switch to use one primary DNS server and up to five secondary DNS servers to resolve DNS queries. The switch always sends a request to the primary DNS server first. The switch sends a request to a secondary DNS server only if the primary DNS server does not respond. D-Link DWS-1008 User Manual...
To add the default domain name, use the following command: set ip dns domain name Specify a domain name of up to 64 alphanumeric characters. Removing the Default Domain Name To remove the default domain name, use the following command: clear ip dns domain D-Link DWS-1008 User Manual...
DWS-1008# set ip alias HR1 192.168.1.2 success: change accepted. After configuring the alias, you can use HR1 in commands in place of the IP address. For example, to ping 192.168.1.2, you can type the command ping HR1. D-Link DWS-1008 User Manual...
You also can configure MSS to offset the time by an additional hour for daylight savings time or similar summertime period. Note: D-Link recommends that you set the time and date parameters before you install certificates on the switch. If the switch’s time and date are incorrect, the certificate might not be valid.
For example, to display the time zone, type the following command: DWS-1008# show timezone Timezone set to ‘PST’, offset from UTC is -8 hours Clearing the Time Zone To clear the time zone, use the following command: clear timezone D-Link DWS-1008 User Manual...
Recurring :yes, starting at 2:00 am of first Sunday of April and ending at 2:00 am on last Sunday of October. Clearing the Summertime Period To clear the summertime period, use the following command: clear summertime D-Link DWS-1008 User Manual...
64 seconds and waits 15 seconds for a reply. If the switch does not receive a reply to an NTP query within 15 seconds, the switch tries again up to 16 times. You can change the update interval but not the timeout or number of retries. D-Link DWS-1008 User Manual...
Note: If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes, convergence of the switch time may take many NTP update intervals. D-Link recommends that you set the time manually to the NTP server time before enabling NTP to avoid a significant delay in convergence.
Timezone is set to ‘PST’, offset from UTC is -8:0 hours. Summertime is enabled. Last NTP update: Sun Feb 29 2004, 23:58:00 NTP Server Peer state Local State -------------------------------------------------- 192.168.1.5 SYSPEER SYNCED The Timezone and Summertime fields are displayed only if you change the timezone or enable summertime. D-Link DWS-1008 User Manual...
The ARP table can also contain static and permanent entries, which are added by an administrator. The State field indicates whether an entry is resolved (RESOLVED) or whether MSS has sent an ARP request for the entry and is waiting for the reply (RESOLVING). D-Link DWS-1008 User Manual...
For example, to disable aging of dynamic ARP entries, type the following command: DWS-1008# set arp agingtime 0 success: set arp aging time to 0 seconds Note: To reset the ARP aging timeout to its default value, use the set arp agingtime 1200 command. D-Link DWS-1008 User Manual...
5 packets transmitted, 5 packets received, 0 errors, 0% packet loss In this example, the ping is successful, indicating that the switch has IP connectivity with the other device. Note: A switch cannot ping itself. MSS does not support this. D-Link DWS-1008 User Manual...
Session 0 pty tty2.d Trying 10.10.10.90... Connected to 10.10.10.90 Disconnect character is ‘^t’ Copyright (c) 2002, 2003 D-Link Systems, Inc. Username: When you press Ctrl+t or type exit to end the client session, the management session returns to the local prompt:.
1 ms 12 engineering-2.example.com (192.168.196.204) 2 In this example, server1 is four hops away. The hops are listed in order, beginning with the hop that is closest to the switch and ending with the route’s destination. D-Link DWS-1008 User Manual...
• Configure a notification profile or modify the default one, to enable sending of notifications to notification targets. By default, notifications of all types are dropped (not sent). • Configure notification targets. • Enable the MSS SNMP engine. D-Link DWS-1008 User Manual...
{read-only | read-notify | notify-only | read-write | notify-read-write} The comm-string can be up to 32 alphanumeric characters long, with no spaces. You can configure up to 10 community strings. D-Link DWS-1008 User Manual...
To clear a USM user, use the following command: clear snmp usm usm-username snmp-engine-id {ip (ip-addr) | local | hex (hex-string)} The usm-username can be up to 32 alphanumeric characters long, with no spaces. You can configure up to 20 SNMPv3 users. D-Link DWS-1008 User Manual...
Page 112
8 to 32 alphanumeric characters long, with no spaces. Type a string at least 8 characters long for DES or 3DES, or at least 12 characters long for AES. • To specify a key, use the encrypt-key hex-string option. Type a 16-byte hexadecimal string. D-Link DWS-1008 User Manual...
- SNMP message exchanges are authenticated and encrypted. (This security level is the same as the authPriv level described in SNMPv3 RFCs.) auth-req-unsec-notify - SNMP message exchanges are authenticated but are not encrypted, and notifications are neither authenticated nor encrypted. D-Link DWS-1008 User Manual...
AutoTuneRadioChannelChangeTraps - Generated when the RF Auto-Tuning feature changes the channel on a radio. AutoTuneRadioPowerChangeTraps - Generated when the RF Auto-Tuning feature changes the power setting on a radio. ClientAssociationFailureTraps - Generated when a client’s attempt to associate with a radio fails. D-Link DWS-1008 User Manual...
Page 115
RFDetectClientViaRogueWiredAPTraps - Generated when MSS detects, on the wired part of the network, the MAC address of a wireless client associated with a third-party AP. RFDetectDoSPortTraps - Generated when MSS detects an associate request flood, reassociate request flood, or disassociate request flood. D-Link DWS-1008 User Manual...
RFDetectSpoofedMacAPTraps - Generated when MSS detects a wireless packet with the source MAC address of a D-Link AP, but without the spoofed AP’s signature (fingerprint). RFDetectSpoofedSsidAPTraps - Generated when MSS detects beacon frames for a valid SSID, but sent by a rogue AP.
To configure a notification target for traps from SNMPv2c, use the following command: set snmp notify target target-num ip-addr[:udp-port-number] v2c community-string trap [profile profile-name] To configure a notification target for traps from SNMPv1, use the following command: set snmp notify target target-num ip-addr[:udp-port-number] v1 community-string [profile profile-name] D-Link DWS-1008 User Manual...
Page 118
You can specify from 0 to 3 retries. The default is 0. The timeout option specifies the number of seconds MSS waits for acknowledgement of a notification. You can specify from 1 to 5 seconds. The default is 2. D-Link DWS-1008 User Manual...
• Configured community strings • User-based security model (USM) settings • Notification targets • SNMP statistics counters Displaying SNMP Version and Status Information To display SNMP version and status information, use the following command: show snmp status D-Link DWS-1008 User Manual...
Displaying Notification Targets To display a list of the SNMP notification targets, use the following command: show snmp notify target Displaying SNMP Statistics Counters To display SNMP statistics counters, use the following command: show snmp counters D-Link DWS-1008 User Manual...
Overview The diagram below shows an example of a D-Link network containing DWL-8220AP access points and DWS-1008 switches. An AP can be directly connected to a switch port or indirectly connected to a switch through a Layer 2 or IPv4 Layer 3 network.
Distributed AP based on the AP’s serial number. Similar to ports configured for directly connected APs, Distributed AP configurations are numbered and can reference a particular AP. These numbered configurations do not, however, reference any physical port. D-Link DWS-1008 User Manual...
• Power - PoE must be provided on one of the Ethernet connections to the AP. Be sure to use a PoE injection device that has been tested by D-Link. Providing PoE on both of the Ethernet connections (on models that have two Ethernet ports) allows redundant PoE.
You can use an IP address list or a hostname list, but not both. If the list contains both types of values, the AP does not attempt to use the list. D-Link DWS-1008 User Manual...
LED blink mode - blinking LEDs on upgrade-firmware enable disable an AP make the AP visually easy to identify. Information about the physical location None location of an AP. contact None Contact information for the AP. D-Link DWS-1008 User Manual...
DWS-1008 and Ethernet switch. If an intermediate Ethernet connection is used, you also need a Distributed AP configuration on a switch somewhere in the network. Dual-homing support for data link redundancy is automatically enabled when you connect both AP Ethernet ports. D-Link DWS-1008 User Manual...
3. The AP broadcasts a DHCP Request to the DHCP servers, and receives an Ack from a DHCP server. The AP then configures its network connection with the information contained in the Ack message from that server. D-Link DWS-1008 User Manual...
Find switch message to each address. The process skips to step 6. • If no switches reply, the AP repeatedly resends the Find switch messages. If no switches reply, the process continues with step 3. D-Link DWS-1008 User Manual...
Page 129
• If both DLINK and wlan-switch are defined in DNS, and the AP is unable to contact the IP address returned for DLINK, the AP never contacts the IP address returned for wlan-switch. The AP does not boot. D-Link DWS-1008 User Manual...
B. The IP address of a suitable switch for the AP to use as a boot device. C. The fully qualified domain name of a switch to use as a boot device, and the IP address of a DNS server used to resolve the switch’s name. D-Link DWS-1008 User Manual...
Page 131
• If a response is received from the switch, then the AP sends a unicast message to the switch, to request an operational image. • If a response is not received from the switch, then the process skips to step 4 on page 113. D-Link DWS-1008 User Manual...
AP, regulate power levels, assign SSIDs, and so on. After the AP receives the configuration information from the switch, it is then operational on the network as a wireless access point. D-Link DWS-1008 User Manual...
D-Link recommends that you configure small groups and ensure that all the radios in the group provide comparable coverage within the same service area.
Page 134
WPA. To enable PSK encryption for WPA, use the set radio-profileauth-psk command. Sends a short unicast frame up to five times without short-retry-count acknowledgment. Sygate On Demand Agent (SODA) files are not downloaded soda Disable to connecting clients. D-Link DWS-1008 User Manual...
Page 135
Acks instead of forwarding them as multicasts. Uses WEP key 1 for static WEP encryption of unicast traffic wpa-ie if WEP encryption is enabled and keys are defined. shared-key-auth Disable Does not use the WPA IE intransmitted frames. D-Link DWS-1008 User Manual...
MAC address assignments by using the show {ap | dap} status command. Encryption Encrypted SSIDs can use the following encryption methods: • Wi-Fi Protected Access (WPA) • Non-WPA dynamic Wired Equivalent Privacy (WEP) • Non-WPA static WEP Dynamic WEP is enabled by default. D-Link DWS-1008 User Manual...
You must configure a profile. The service profile sets service-profile No service profiles defined defined the SSID name and other parameters. Requires clients to send a separate PSpoll to retrieve wmm-powersave Disable each unicast packet buffered by the AP radio. D-Link DWS-1008 User Manual...
Location of the radio’s antenna. Note: This parameter applies only to APs that support antenna-location indoors external antennas. D-Link external antenna model antennatype internal. Note: This parameter is configurable only on APs that support external antennas. Highest setting allowed for the...
Although these parameters have default values, D-Link recommends that you change the values for each radio for optimal performance. For example, leaving the channel number on each radio set to its default value can result in high interference among the radios.
DWS-1008# show system =============================================================== Product Name: DWS-1008 System Name: DWS-1008 System Countrycode: System Location: System Contact: System IP: 30.30.30.2 System idle timeout: 3600 System MAC: 00:0B:0E:02:76:F6 =============================================================== Boot Time: 2003-05-07 08:28:39 Uptime: 0 days 04:00:07 D-Link DWS-1008 User Manual...
• Maximum number of APs that can be configured on the switch, minus the number that are configured. • Maximum number of APs that can be active on the switch, minus the number that are active. D-Link DWS-1008 User Manual...
Auto-AP profile parameters and their defaults. The only parameter that requires configuration is the Auto-AP profile mode. The Auto-AP profile is disabled by default. To use the Auto-AP profile to configure Distributed APs, you must enable the profile. D-Link DWS-1008 User Manual...
{11a | 11b| 11g} set dap auto radio {1 | 2} auto-tune max-power power-level set dap auto radio {1 | 2} mode {enable | disable} set dap auto radio {1 | 2} radio-profile name mode {enable | disable} D-Link DWS-1008 User Manual...
To display status information for APs configured by the Auto-AP profile, type the following command: DWS-1008# show dap status auto Dap: 100 (auto), IP-addr: 10.8.255.6 (vlan ‘default’), AP model: DWL-8220AP, manufacturer: D-Link, name: DAP100 ==================================================== State: operational (not encrypted) CPU info: IBM:PPC speed=266666664 Hz...
Layer network, configure a Distributed AP on the switch. • Optionally, you also can change other parameters that affect the entire AP: • AP name. • Dual-home bias. • Load-balancing group. • Automatic firmware upgrade capability. • LED blink mode D-Link DWS-1008 User Manual...
Caution: When you set the port type for AP use, you must specify the PoE state (enable or disable) of the port. Use the DWS-1008 switch’s PoE to power D-Link DWL-8220AP access points only. If you enable PoE on a port connected to another device, physical damage to the device can result.
DNS server used to resolve the switch’s name. If you specify both the address of the switch, and the switch’s name and DNS server address, then the AP ignores the switch’s address and uses the name. D-Link DWS-1008 User Manual...
Note: The clear port type command does not place the cleared port in any VLAN, not even in the default VLAN (VLAN 1). To use the cleared port in a VLAN, you must add the port to the VLAN. To clear a Distributed AP, use the following command: clear dap dap-num D-Link DWS-1008 User Manual...
{ap port-list | dap dap-num} group name To configure a load-balancing group named loadbalance1 that contains directly-connected access points on ports 1, 4, and 6, type the following command: DWS-1008# set ap 1,4,6 group loadbalance1 success: change accepted. D-Link DWS-1008 User Manual...
AP image than the one in the AP’s local storage. If the switch is not running MSS Version 5.0 or later, or the switch has a newer version of the AP image than the version in the AP ’s local storage, the AP loads its image from the switch. D-Link DWS-1008 User Manual...
APs are configured with an encryption key pair at the factory. The fingerprint for the public key is displayed on a label on the back of the AP, in the following format: RSA aaaa:aaaa:aaaa:aaaa: aaaa:aaaa:aaaa:aaaa If the AP is already installed, you can display the fingerprint in MSS. D-Link DWS-1008 User Manual...
To verify an AP’s fingerprint, find the fingerprint and use the set dap fingerprint command to enter the fingerprint in MSS. Finding the Fingerprint An AP’s fingerprint is listed on a label on the back of the AP. D-Link DWS-1008 User Manual...
If the AP is already installed and operating, use the show dap status command to display the fingerprint. The following example shows information for Distributed AP 8, including its fingerprint: DWS-1008# show dap status 8 Dap: 8, IP-addr: 10.2.26.40 (vlan ‘default’), AP model: DWL-8220AP, manufacturer: D-Link, name: DAP08 fingerprint: b4:f9:2a:52:37:58:f4:d0:10:75:43:2f:45:c9:52:c3 ====================================================...
You can include blank spaces in the name, if you delimit the name with single or double quotation marks. You must use the same type of quotation mark (either single or double) on both ends of the string. D-Link DWS-1008 User Manual...
Do not use the clear service-profile command. Disabling or Reenabling Encryption for an SSID To specify whether the SSID is encrypted or unencrypted, use the following command: set service-profile name ssid-type [clear | crypto] The default is crypto. D-Link DWS-1008 User Manual...
The valid rates depend on the radio type: • 11b - 1, 2, 5.5, 11 • 11g - 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, 54 Use a comma to separate multiple rates; for example: 6.0,9.0,12.0 D-Link DWS-1008 User Manual...
Page 157
The following command sets 802.11a mandatory rates for service profile sp1 to 6Mbps and 9 Mbps, disables rates 48 Mbps and 54Mbps, and changes the beacon rate to 9 Mbps: DWS-1008# set service-profile sp1 transmit-rates 11a mandatory 6.0,9.0 disabled 48.0,54.0 beacon-rate 9.0 success: change accepted. D-Link DWS-1008 User Manual...
To change the user-idle timeout, use the following command: set service-profile name user-idle-timeout seconds The following command increases the user idle timeout to 360 seconds (6 minutes): DWS-1008# set service-profile sp1 user-idle-timeout 360 success: change accepted. D-Link DWS-1008 User Manual...
• Change radio parameters. • Map the radio profile to one or more service profiles. The channel number, transmit power, and external antenna type are unique to each radio and are not controlled by radio profiles. D-Link DWS-1008 User Manual...
The beacon interval does not change even when advertisement is enabled for multiple SSIDs. MSS still sends one beacon for each SSID during each beacon interval. To change the beacon interval for radio profile rp1 to 200 ms, type the following command: DWS-1008# set radio-profile rp1 beacon-interval 200 success: change accepted. D-Link DWS-1008 User Manual...
The threshold can be a value from 256 bytes through 3000 bytes. The default is 2346. To change the RTS threshold for radio profile rp1 to 1500 bytes, type the following command: DWS-1008# set radio-profile rp1 rts-threshold 1500 success: change accepted. D-Link DWS-1008 User Manual...
The time can be from 500 ms (0.5 second) through 250,000 ms (250 seconds). The default is 2000 ms (2 seconds). To change the maximum transmit threshold for radio profile rp1 to 4000 ms, type the following command: DWS-1008# set radio-profile rp1 max-tx-lifetime 4000 success: change accepted. D-Link DWS-1008 User Manual...
To reset a radio profile parameter to its default value, use the following command: clear radio-profile name parameter Caution: Make sure you specify the radio profile parameter you want to reset. If you do not specify a parameter, MSS deletes the entire profile from the configuration. D-Link DWS-1008 User Manual...
• For the 802.1 1a radio in a two-radio model, specify radio 2. Note: The maximum transmit power you can configure on any D-Link radio is the highest setting allowed for the country of operation or the highest setting supported on the hardware, whichever is lower.
Page 165
To configure the 802.11a radio on port 5 for channel 36 with a transmit power of 10 dBm, type the following command: DWS-1008# set ap 5 radio 2 channel 36 tx-power 10 success: change accepted. You also can change the channel and transmit power on an individual basis. D-Link DWS-1008 User Manual...
DWS-1008# set ap 2-4, 6 radio 2 radio-profile rp1 mode enable success: change accepted. To disable radio 1 on port 6 without disabling the other radios using radio profile rp1, type the following command: DWS-1008# set ap 6 radio 1 radio-profile rp1 mode disable D-Link DWS-1008 User Manual...
The following commands disable all radios that use radio profile rp1, change the beacon interval, then reenable the radios: DWS-1008# set radio-profile rp1 mode disable success: change accepted. DWS-1008# set radio-profile rp1 beacon-interval 200 success: change accepted. DWS-1008# set radio-profile rp1 mode enable success: change accepted. D-Link DWS-1008 User Manual...
• List of Distributed APs that are not configured on a DWS-1008 switch • Connection information for Distributed APs • Service profile information • Radio profile information • Status information • Information about static IP addresses on Distributed APs • Statistics counters D-Link DWS-1008 User Manual...
A hyphen ( -) in the DAP field indicates that the AP is configured on another switch in the same Mobility Domain. Displaying a List of Distributed APs that Are Not Configured To display a list on Distributed APs that are not configured, use the following command: show dap unconfigured D-Link DWS-1008 User Manual...
The terse option displays a brief line of essential status information for each directly connected AP or Distributed AP. The all option displays information for all directly attached access points and all Distributed AP access points configured on the switch. D-Link DWS-1008 User Manual...
The following command displays the status of a Distributed AP access point: DWS-1008# show dap status 1 Dap: 1, IP-addr: 10.2.30.5 (vlan ‘vlan-corp’), AP model: dwl-8220ap, manufacturer: D-Link, name: DAP01 fingerprint: b4:f9:2a:52:37:58:f4:d0:10:75:43:2f:45:c9:52:c3 =============================================================== State: operational (not encrypted) CPU info: IBM:PPC speed=266666664...
Note: MSS does not encrypt traffic in the wired part of the network. MSS does not encrypt wireless or wired traffic for users who associate with an unencrypted (clear) SSID. D-Link DWS-1008 User Manual...
You can configure access points to support one or more of these cipher suites. For all of these cipher suites, MSS dynamically generates unique session keys for each session. MSS periodically changes the keys to reduce the likelihood that a network intruder can intercept enough frames to decode a key. D-Link DWS-1008 User Manual...
The MIC used by CCMP, CBC-MAC, is even stronger than Michael and does not require or provide countermeasures. WEP does not use a MIC. Instead, WEP performs a cyclic redundancy check (CRC) on the frame and generates an integrity check value (ICV). D-Link DWS-1008 User Manual...
WPA information that is contained in the beacon frame. • Association request or reassociation (sent by a client - The WPA IE in an association request lists the authentication method and cipher suite the client wants to use. D-Link DWS-1008 User Manual...
To use WPA, at least one cipher suite must be enabled. You can enable one or more of the following cipher suites: • CCMP • TKIP • 40-bit WEP • 104-bit WEP By default, TKIP is enabled and the other cipher suites are disabled. D-Link DWS-1008 User Manual...
To change the countermeasures timer value, use the following command: set service-profile name tkip-mc-time wait-time To change the countermeasures wait time in service profile wpa to 30 seconds, type the following command: DWS-1008# set service-profile wpa tkip-mc-time 30000 success: change accepted. D-Link DWS-1008 User Manual...
ASCII form of each hexadecimal number. Examples: To configure service profile wpa to use a raw PSK with PSK clients, type a command such as the following: DWS-1008# set service-profile wpa psk-raw c25d3fe4483e867d1df96eaacdf8b02451fa0 836162e758100f5f6b87965e59d success: change accepted. D-Link DWS-1008 User Manual...
AUTO 11g mandatory rate: 1.0,2.0,5.5,11.0 standard rates: 6.0,9.0,12.0,18.0,24.0, 36.0,48.0,54.0 The WPA settings appear at the bottom of the output. Note: The WPA fields appear in the show service-profile output only when WPA is enabled. D-Link DWS-1008 User Manual...
To assign radio profile bldg1 to radio 2 on ports 1-3 and port 5 and enable the radios, type the following command: DWS-1008# set ap 1-3,5 radio 2 radio-profile bldg1 mode enable success: change accepted. D-Link DWS-1008 User Manual...
To enable RSN, you must enable the RSN information element (IE) in the service profile. To enable the RSN IE, use the following command: set service-profile name rsn-ie {enable | disable} To enable RSN in service profile wpa, type the following command: DWS-1008# set service-profile rsn rsn-ie enable success: change accepted. D-Link DWS-1008 User Manual...
To display the RSN settings in a service profile, use the following command: show service-profile {name | ?} The RSN settings appear at the bottom of the output. The RSN-related fields appear in the show service-profile output only when RSN is enabled. D-Link DWS-1008 User Manual...
Static WEP encryption is disabled by default. To enable static WEP encryption, configure the static WEP keys and assign them to unicast and multicast traffic. Make sure you configure the same static keys on the clients. D-Link DWS-1008 User Manual...
3. Set the SSID in the service profile to mycorp. Type the following command: DWS-1008# set service-profile wpa ssid-name wpa success: change accepted. 4. Enable WPA in service profile wpa. Type the following command: DWS-1008# set service-profile wpa wpa-ie enable success: change accepted. D-Link DWS-1008 User Manual...
Type the following command: DWS-1008# set authentication dot1x ssid thiscorp EXAMPLE\* pass-through shorebirds 2. Create a service profile named wpa-wep for the SSID. Type the following command: DWS-1008# set service-profile wpa-wep success: change accepted. D-Link DWS-1008 User Manual...
Page 191
1, profile: rp2 auto-tune max-power: default Radio 2: type: 802.11a, mode: enabled, channel: 36 tx pwr: 1, profile: rp2 auto-tune max-power: default 9. Save the configuration. Type the following command: DWS-1008# save config success: configuration saved. D-Link DWS-1008 User Manual...
= blue mac-user aa:bb:cc:dd:ee:ff Group = wpa-for-mac mac-user a1:b1:c1:d1:e1:f1 Group = wpa-for-mac 5. Create a service profile named wpa-wep-for-mac for SSID voice. Type the following command: DWS-1008# set service-profile wpa-wep-for-mac success: change accepted. D-Link DWS-1008 User Manual...
(regulatory domain). In a deployment with few APs, the radio remains at maximum power. Otherwise, the radio reduces power until the power is just enough to reach the AP’s nearest neighbor that is on the same channel. D-Link DWS-1008 User Manual...
Ramp-up or ramp-down of the power occurs in 1dBm increments, at regular time intervals. The default interval is 60 seconds and is configurable. The power ramp amount (1dBm per interval) is not configurable. D-Link DWS-1008 User Manual...
By default, a radio cannot change its channel more often than every 900 seconds, regardless of the RF environment. This channel holddown avoids unnecessary changes due to very transient RF changes, such as activation of a microwave oven. D-Link DWS-1008 User Manual...
60 seconds until the power setting is reached. RF Auto-Tuning never sets a radio’s power to a level that is Maximum allowed for higher than the maximum allowed for the country of operation max-power country of operation (countrycode). D-Link DWS-1008 User Manual...
65535 seconds. If you set the interval to 0, RF Auto-Tuning does not reevaluate the channel at regular intervals. However, RF Auto-Tuning can still change the channel in response to RF anomalies. D-Link recommends that you use an interval of at least 300 seconds (5 minutes).
To change the power tuning interval, use the following command: set radio-profile name auto-tune power-interval seconds To set the power tuning interval for radios in radio profile rp2 to 240 seconds, type the following command: DWS-1008# set radio-profile rp2 auto-tune power-interval 240 success: change accepted. D-Link DWS-1008 User Manual...
To save the locked down settings, you must save the switch’s configuration. The following commands lock down the channel and power settings for radios in radio profile rp2: DWS-1008# set radio-profile rp2 auto-tune channel -lockdown success: change accepted. DWS-1008# set radio-profile rp2 auto-tune power-lockdown success: change accepted. D-Link DWS-1008 User Manual...
1, profile: default auto-tune max-power: default Displaying RF Neighbors To display the other radios that a specific D-Link radio can hear, use the following commands: show auto-tune neighbors [ap ap-num [radio {1 | 2| all}]] show auto-tune neighbors [dap dap-num [radio {1 | 2| all}]] The list of radios includes beaconed third-party SSIDs, and both beaconed and unbeaconed D-Link SSIDs.
To display RF attribute information for radio 1 on the directly connected access point on port 2, type the following command: DWS-1008# show auto-tune attributes ap 2 radio 1 Auto-tune attributes for port 2 radio 1: Noise: -92 Packet Retransmission Count: 0 Utilization: 0 Phy Errors Count: 0 CRC Errors count: 122 D-Link DWS-1008 User Manual...
Engine is configured to request the information from the AP, the AP also sends the information to the AeroScout Engine. The accuracy of the location information depends on the number of listeners (APs). D-Link recommends that you configure at least three listeners.
Page 206
DWS-1008# set dap 68 radio 1 channel 7 success: change accepted. DWS-1008# set dap 69 radio 1 channel 7 success: change accepted. DWS-1008# set dap 67 radio 1 radio-profile success: change accepted. DWS-1008# set dap 68 radio 1 radio-profile success: change accepted. D-Link DWS-1008 User Manual...
4. Add each AP configured as a listener to the map, and enter its IP address. 5. Enable RSSI location calculation. 6. Enable tag positioning. 7. Enable the map to use the APs. To check an AP’s status, right-click on the AP icon and select Status. D-Link DWS-1008 User Manual...
One or more of the following can be enabled: set service-profile proxy-arp • Proxy ARP set service-profile no-broadcast Broadcast control • No-Broadcast set service-profile dhcp-restrict • DHCP Restrict All three options are disabled by default. D-Link DWS-1008 User Manual...
The static CoS option enables you to easily set CoS for all traffic on an SSID by marking all the SSID’s traffic with the same CoS value. You can use ACLs to override CoS markings or set CoS for non-WMM traffic. The following sections describe each of these options. D-Link DWS-1008 User Manual...
802.1p determines CoS for packets with DSCP 0. CoS 0 of the CoS-to-DSCP map is also reserved. CoS 0 packets are marked with DSCP 0. The table below shows how WMM priority information is mapped across the network. When WMM is enabled, D-Link switches and APs perform these mappings automatically. Service IP IP ToS DSCP 802.1p...
The QoS mode affects forwarding of SVP traffic only. The random wait times for other types of traffic are the same as those used when the QoS mode is WMM. D-Link DWS-1008 User Manual...
Note: CAC is configured on a service profile basis and limits association to radios only for the service profile’s SSID. Association to the radios by clients on other SSIDs is not limited. To ensure voice quality, do not map other service profiles to the radio profile you plan to use for voice traffic. D-Link DWS-1008 User Manual...
ACE (ACL rule) that sets the CoS. Note: If static CoS is enabled, the static CoS value is always used. The CoS cannot be changed using an ACL. D-Link DWS-1008 User Manual...
U-APSD support is disabled by default. To enable it on a radio profile, use the following command: set radio-profile name wmm-powersave {enable | disable} For example, the following command enables U-APSD on radio profile rp1: DWS-1008# set radio-profile rp1 qos-mode svp success: change accepted. D-Link DWS-1008 User Manual...
To enable static CoS and set the CoS value, use the following commands: set service-profile name static-cos {enable | disable} set service-profile name cos level The level can be a value from 0 (lowest priority) to 7 (highest priority). The default is 0 D-Link DWS-1008 User Manual...
For example, to enable all these broadcast control features in service profile sp1, use the following commands: DWS-1008# set service-profile sp1 proxy-arp enabled success: change accepted. DWS-1008# set service-profile sp1 dhcp-restrict enable success: change accepted. DWS-1008# set service-profile sp1 no-broadcast enable success: change accepted. D-Link DWS-1008 User Manual...
Power ramp interval: 60 Channel Holddown: 300 Countermeasures: none Active-Scan: yes RFID enabled: no WMM Powersave: no QoS Mode: wmm Service profiles: sp1 In this example, the QoS mode is WMM and U-APSD support (WMM powersave) is disabled. D-Link DWS-1008 User Manual...
Note: Configuration information for some settings appears in other chapters. To configure transmit rates, or the long or short retry, see “Configuring a Service Profile”. To configure the user-idle timeout and idle-client probing, see “Displaying and Changing Network Session Timers”. D-Link DWS-1008 User Manual...
To display the DSCP value to which a specific CoS value is mapped during marking, use the following command: show qos cos-to-dscp-map cos-value The following command displays the DSCP value to which CoS value 6 is mapped: DWS-1008# show qos cos-to-dscp-map 6 cos 6 is marked with dscp 48 (tos 0xC0) D-Link DWS-1008 User Manual...
The following command shows statistics for the AP forwarding queues on a Distributed AP: DWS-1008# show dap qos-stats 4 Queue TxDrop ========================================== DAP: 4 radio: 1 Background BestEffort 15327 Video VoiceDAP: 4 radio: 2 1714881 Background BestEffort Video Voice D-Link DWS-1008 User Manual...
To enable STP on all VLANs configured on a switch, type the following command: DWS-1008# set spantree enable success: change accepted. To verify the STP state and display the STP parameter settings, enter the show spantree command. D-Link DWS-1008 User Manual...
DWS-1008# set spantree portcost 3,4 cost 20 success: change accepted. To change the cost for the same ports in VLAN mauve, type the following command: DWS-1008# set spantree portvlancost 3,4 cost 20 vlan mauve success: change accepted. D-Link DWS-1008 User Manual...
DWS-1008# set spantree portpri 3-4 priority 48 success: change accepted. To set the priority of ports 3 and 4 to 48 in VLAN mauve, type the following command: DWS-1008# set spantree portvlanpri 3-4 priority 48 vlan mauve success: change accepted. D-Link DWS-1008 User Manual...
The all option applies the change to all VLANs. Alternatively, specify an individual VLAN. To change the hello interval for all VLANs to 4 seconds, type the following command: DWS-1008# set spantree hello 4 all success: change accepted. D-Link DWS-1008 User Manual...
In some configurations, this delay is unnecessary. The switch provides the following fast convergence features to bypass the forwarding delay: • Port fast • Backbone fast • Uplink fast D-Link DWS-1008 User Manual...
To enable or disable port fast convergence, use the following command: set spantree portfast port port-list {enable | disable} To enable port fast convergence on ports 1, 3, and 5, type the following command: DWS-1008# set spantree portfast port 1,3,5 enable success: change accepted. D-Link DWS-1008 User Manual...
To display the state of the backbone fast convergence feature, use the following command: show spantree backbonefast Here is an example: DWS-1008# show spantree backbonefast Backbonefast is enabled In this example, backbone fast convergence is enabled. D-Link DWS-1008 User Manual...
• Bridge STP settings and individual port information • Blocked ports • Statistics • Port fast, backbone fast, and uplink fast convergence information Note: For information about the show commands for the fast convergence features, see “Configuring and Managing STP Fast Convergence Features”. D-Link DWS-1008 User Manual...
------------------------------------------------------------------------------------ Forwarding Disabled Blocking Disabled Blocking Disabled Forwarding Disabled Blocking Disabled Blocking Disabled In this example, VLAN mauve contains ports 1 through 6. Ports 1 and 4 are forwarding traffic. The other ports are blocking traffic. D-Link DWS-1008 User Manual...
To display information about blocked ports on a switch for the default VLAN (VLAN 1), type the following command: DWS-1008# show spantree blockedports vlan default Port Vlan Port-State Cost Prio Portfast ----------------------------------------------------------------------- Blocking Disabled Number of blocked ports (segments) in VLAN 1 : 1 D-Link DWS-1008 User Manual...
Actual Type Media =============================================================== auto 100/full network 10/100BaseTx down auto network 10/100BaseTx down auto network 10/100BaseTx down auto network 10/100BaseTx down auto network 10/100BaseTx down auto network 10/100BaseTx down down auto network down down auto network D-Link DWS-1008 User Manual...
Page 233
Forward Delay 15 sec Bridge ID MAC ADDR 00-0b-0e-00-04-0c Bridge ID Priority 32768 Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Port Vlan STP-State Cost Prio Portfast ------------------------------------------------------------------- Disabled Disabled Disabled Disabled D-Link DWS-1008 User Manual...
Page 234
Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Port Vlan STP-State Cost Prio Portfast ----------------------------------------------------------------------- Forwarding 4 Disabled Blocking Disabled 6. Save the configuration. Type the following command: DWS-1008# save config success: configuration saved. D-Link DWS-1008 User Manual...
One report is sufficient to cause the routers to continue sending data for the group. Proxy reporting is enabled by default. To disable or reenable proxy reporting, use the following command: set igmp proxy-report {enable | disable} [vlan vlan-id] D-Link DWS-1008 User Manual...
The IGMP pseudo-querier enables IGMP snooping to operate in a VLAN that does not have a multicast router to send IGMP general queries to clients. Note: D-Link recommends that you use the pseudo-querier only when the VLAN contains local multicast traffic sources and no multicast router is servicing the subnet.
To change the robustness value, use the following command: set igmp rv num [vlan vlan-id] You can specify a value from 2 through 255. The default is 2. D-Link DWS-1008 User Manual...
You can add network ports as static multicast router ports or multicast receiver ports. Ports you add do not age out. Note: You cannot add access ports or wired authentication ports as static multicast ports. However, MSS can dynamically add these port types to the list of multicast ports based on multicast traffic. D-Link DWS-1008 User Manual...
To display multicast configuration information and statistics, use the following command: show igmp [vlan vlan-id] The show igmp command displays the IGMP snooping state, the settings of all multicast parameters you can configure, and multicast statistics. D-Link DWS-1008 User Manual...
Page 240
GS-Queries Report V1 Report V2 Leave Mrouter-Adv Mrouter-Term Mrouter-Sol DVMRP PIM V1 PIM V2 Topology notifications: 0 Packets with unknown IGMP type: 0 Packets with bad length: 0 Packets with bad checksum: 0 Packets dropped: 4 D-Link DWS-1008 User Manual...
[vlan vlan-id] To display the multicast routers in VLAN orange, type the following command: DWS-1008# show igmp mrouter vlan orange Multicast routers for vlan orange Port Mrouter-IPaddr Mrouter-MAC Type ------------------------------------------------------------------------------------------------ 192.28.7.5 00:01:02:03:04:05 dvmrp D-Link DWS-1008 User Manual...
VLANs, type the following command: DWS-1008# show igmp receiver-table group 237.255.255.0/24 VLAN: red Session Port Receiver-IP Receiver-MAC ----------------------------------------------------------------------------------------------------------- 237.255.255.2 10.10.20.19 00:02:04:06:09:0d 237.255.255.119 10.10.30.31 00:02:04:06:01:0b VLAN: green Session Port Receiver-IP Receiver-MAC ----------------------------------------------------------------------------------------------------------- 237.255.255.17 10.10.40.41 00:02:06:08:02:0c 237.255.255.255 10.10.60.61 00:05:09:0c:0a:01 D-Link DWS-1008 User Manual...
D-Link provides a very powerful mapping application for security ACLs. In addition to being assigned to physical ports, VLANs, virtual ports in a VLAN, or Distributed APs, ACLs can be mapped dynamically to a user’s session, based on authorization information passed back from the AAA server during the...
ACLs. For example, if different ACLs are mapped to both a user and a VLAN, and a user’s traffic can match both ACLs, only the ACL mapped to the user is applied. D-Link DWS-1008 User Manual...
ACL to be saved to the permanent configuration. You must commit a security ACL before you can apply it to an authenticated user’s session or map it to a port, VLAN, virtual port, or Distributed AP. Every security ACL must have a name. D-Link DWS-1008 User Manual...
Optionally, for WMM or non-WMM traffic, you can use ACLs to change the priority of traffic sent to an AP or VLAN. (To change CoS for WMM or non-WMM traffic, see “Using ACLs to Change CoS”.) D-Link DWS-1008 User Manual...
None • Time to Live (TTL) Exceeded (0) Time Exceeded (11) • Fragment Reassembly Time Exceeded (1) Parameter Problem (12) None Timestamp (13) None Timestamp Reply (14) None Information Request (15) None Information Reply (16) None D-Link DWS-1008 User Manual...
192.168.1.8, with any UDP destination port less than 65,535. It puts this ACE first in the ACL, and counts the number of hits generated by the ACE. DWS-1008# set security acl ip acl-5 permit udp 192.168.1.7 0.0.0.0 192.168.1.8 0.0.0.0 lt 65535 precedence 7 tos 15 before 1 hits D-Link DWS-1008 User Manual...
ACLs. After you commit an ACL, MSS removes it from the edit buffer. To display ACLs, use the following commands: show security acl editbuffer show security acl info all editbuffer show security acl info show security acl D-Link DWS-1008 User Manual...
Viewing Committed Security ACLs To view a summary of the committed security ACLs in the configuration, type the following command: DWS-1008# show security acl ACL table Type Class Mapping ------------------------------------------------------------- acl-2 Static acl-3 Static acl-4 Static D-Link DWS-1008 User Manual...
Once you map an ACL, you can view the number of packets it has filtered, if you included the keyword hits. (For information on setting hits, see “Setting a Source IP ACL”.) Type the following command: DWS-1008# show security acl hits ACL hit-counters Index Counter ACL-name --------------------------------------------------- acl-2 acl-999 acl-123 D-Link DWS-1008 User Manual...
ACL. The switch maps the named ACL automatically to the user’s authenticated session. Security ACLs can also be mapped statically to ports, VLANs, virtual ports, or Distributed APs. User- based ACLs are processed before these ACLs, because they are more specific and closer to the network edge. D-Link DWS-1008 User Manual...
For instructions, see the documentation for your RADIUS server. Note: If the Filter-Id value returned through the authentication and authorization process does not match the name of a committed security ACL in the switch, the user fails authorization and cannot be authenticated. D-Link DWS-1008 User Manual...
Plan your security ACL maps to ports, VLANs, virtual ports, and Distributed APs so that only one security ACL filters a flow of packets. If more than one security ACL filters the same traffic, you cannot guarantee the order in which the ACE rules are applied. D-Link DWS-1008 User Manual...
Clearing a security ACL mapping does not stop the current filtering function if the ACL has other mappings. If the security ACL is mapped to another port, a VLAN, a virtual port, or a Distributed AP, you must enter a clear security acl map command to clear each map. D-Link DWS-1008 User Manual...
• Use the clear security acl map command to stop the filtering action of an ACL on a port, VLAN, or virtual port. (See “Clearing a Security ACL Map”.) • Use clear security acl plus commit security acl to completely delete the ACL from the switch’s configuration. (See “Clearing Security ACLs”.) D-Link DWS-1008 User Manual...
DWS-1008# show security acl info ACL information for all set security acl ip acl-violet (hits #2 0) ---------------------------------------------------- 1. permit IP source IP 192.168.253.1 0.0.0.255 destination IP any enable-hits 2. permit IP source IP 192.168.123.11 0.0.0.255 destination IP any enable-hits D-Link DWS-1008 User Manual...
2. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any set security acl ip acl-2 (hits #1 0) ---------------------------------------------------- 1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP 192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits D-Link DWS-1008 User Manual...
2. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any set security acl ip acl-2 (hits #1 0) ---------------------------------------------------- 1. permit L4 Protocol 115 source IP 192.168.1.11 0.0.0.0 destination IP 192.168.1.15 0.0.0.0 precedence 0 tos 0 enable-hits D-Link DWS-1008 User Manual...
2. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any 3. deny SRC source IP 192.168.253.1 0.0.0.255 set security acl ip acl-a (ACEs 1, add 1, del 0, modified 0) ---------------------------------------------------- 1. permit SRC source IP 192.168.1.1 0.0.0.0 D-Link DWS-1008 User Manual...
ACE on that interface and traffic direction. The permit any ACE ensures that traffic that does not match the first ACE is permitted. Without this additional ACE at the end, traffic that does not match the other ACE is dropped. D-Link DWS-1008 User Manual...
Note: You cannot use the dscp option along with the precedence and tos options in the same ACE. The CLI rejects an ACE that has this combination of options. D-Link DWS-1008 User Manual...
CoS”. General Guidelines D-Link recommends that you follow these guidelines for any wireless VoIP implementation: • Ensure end-to-end priority forwarding by making sure none of the devices that will forward voice traffic resets IP ToS or Diffserv values to 0. Some devices, such as some types of Layer 2 switches with basic Layer 3 awareness, reset the IP ToS or Diffserv value of untrusted packets to 0.
Note: If you are upgrading a switch running MSS Version 3.x to MSS Version 4.x, and the switch uses ACLs to map VoIP traffic to CoS 4 or 5, and you plan to leave WMM enabled, D-Link recommends that you change the ACLs to map the traffic to CoS 6 or 7.
SpectraLink’s Voice Interoperability for Enterprise Wireless (VIEW) Certification Program is designed to ensure interoperability and high performance between SVP phones and WLAN infrastructure products. D-Link DWS-1008 switches and APs are VIEW certified. This section describes how to configure switches and APs for SVP phones.
The following commands configure a service profile called vowlan-wpa2 for RSN: DWS-1008# set service-profile vowlan-wpa ssid-name phones DWS-1008# set service-profile vowlan-wpa wpa-ie enable DWS-1008# set service-profile vowlan-wpa auth-dot1x disable DWS-1008# set service-profile vowlan-wpa auth-psk enable DWS-1008# set service-profile vowlan-wpa psk-raw c25d3fe4483e867d1df96eaacdf8b02451fa0836162e758100f5f6b87965e59d D-Link DWS-1008 User Manual...
Note: Some radio settings that are beneficial for voice traffic might not be beneficial for other wireless clients. If you plan to support other wireless clients in addition to voice clients, D-Link recommends that you create a new radio profile specifically for voice clients, or use the default radio profile only for voice clients and create a new profile for other clients.
10.2.4.69 to any IP address, to or from any UDP port other than 0. The second ACE sets CoS to 7 for all SVP traffic. The third ACE matches on all traffic that does not match on either of the previous ACEs. D-Link DWS-1008 User Manual...
802.11b mode only. This type of phone expects the AP to operate at 802.11b rates only, not at 802.11g rates. To change a radio to support 802.11b mode only, use the radiotype 11b option with the set port type ap or set dap command. D-Link DWS-1008 User Manual...
Disabling RF Auto-Tuning Before Upgrading a SpectraLink Phone If you plan to upgrade a SpectraLink phone using TFTP over an AP, D-Link recommends that you disable RF Auto-Tuning before you begin the upgrade. This feature can increase the length of time required for the upgrade.
You must then map the security ACL to Natasha’s session in RADIUS. For instructions, see the documentation for your RADIUS server. 7. To save your configuration, type the following command: DWS-1008# save config success: configuration saved. D-Link DWS-1008 User Manual...
TLS allows the client to authenticate the switch (and optionally allows the switch to authenticate the client) through the use of digital signatures. Digital signatures require a public-private key pair. The signature is created with a private key and verified with a public key. TLS enables secure key exchange. D-Link DWS-1008 User Manual...
• If the switch has a self-signed certificate in its certificate and key store, the switch responds to the request from MSS. If the certificate is not self-signed, the switch looks for a CA’s certificate with which to validate the server certificate. D-Link DWS-1008 User Manual...
Public and Private Keys D-Link’s identity-based networking uses public key cryptography to enforce the privacy of data transmitted over the network. Using public-private key pairs, users and devices can send encrypted messages that only the intended receiver can decrypt.
PKCS #7, PKCS #10, and PKCS #12 Object Files Public-Key Cryptography Standards (PKCS) are encryption interface standards created by RSA Data Security, Inc., that provide a file format for transferring data and cryptographic information. D-Link supports the PKCS object files listed in the table on the next page.
Page 278
CA. (This password secures the file so that the keys and certificate cannot be installed by an unauthorized party. You must know the password in order to install them.) Use the crypto pkcs12 command to unpack the file. D-Link DWS-1008 User Manual...
Management access to the CLI through Secure Shell (SSH) also requires a key pair, but does not use a certificate. DWS-1008 security also requires a key pair and certificate. However, the certificate is generated automatically when you enable DWS-1008 security. D-Link DWS-1008 User Manual...
Certificate Signing Request signed certificate (a PEM-encoded (CSR) certificate PKCS #7 object file). 4. Paste the PEM-encoded file into the CLI to store the certificate on the switch. 5. Obtain and install the CA’s own certificate. D-Link DWS-1008 User Manual...
You must include a common name (string) when you generate a self-signed certificate. The other information is optional. Use a fully qualified name if such names are supported on your network. The certificate appears after you enter this information. D-Link DWS-1008 User Manual...
{admin | eap | web} filename The filename is the location of the file on the switch. Note: MSS erases the OTP password entered with the crypto otp command when you enter the crypto pkcs12 command. D-Link DWS-1008 User Manual...
3. Use a text editor to open the PKCS #7 file, and copy and paste the entire text block, including the beginning and ending delimiters, into the CLI. Note: You must paste the entire block, from the beginning -----BEGIN CERTIFICATE----- to the end -----END CERTIFICATE-----. D-Link DWS-1008 User Manual...
The last two rows of the display indicate the period for which the certificate is valid. Make sure the date and time set on the switch are within the date and time range of the certificate. D-Link DWS-1008 User Manual...
State Name: CA Locality Name: San Francisco Organizational Name: example Organizational Unit: IT Common Name: DL 6 Email Address: admin@example.com Unstructured Name: wiring closet 4 Self-signed cert for eap is success: self-signed cert for eap generated D-Link DWS-1008 User Manual...
Page 286
Subject: C=US, ST=CA, L=PLEAS, O=DLINK, OU=SQA, CN=BOBADMIN/ emailAddress=BOBADMIN, unstructuredName=BOB Signature Algorithm: md5WithRSAEncryption Issuer: C=US, ST=CA, L=PLEAS, O=DLINK, OU=SQA, CN=BOBADMIN/ emailAddress=BOBADMIN, unstructuredName=BOB Validity: Not Before: Oct 19 02:02:02 2004 GMT Not After : Oct 19 02:02:02 2005 GMT D-Link DWS-1008 User Manual...
PKCS #12 file. To enter a one-time password, use the following command: crypto otp {admin | eap | web} one-time-password For example: DWS-1008# crypto otp admin SeC%#6@o%c OTP set DWS-1008# crypto otp eap SeC%#6@o%d OTP set DWS-1008# crypto otp web SeC%#6@o%e OTP set D-Link DWS-1008 User Manual...
1. Set time and date parameters, if not already set. (See “Configuring and Managing Time Parameters”.) 2. Generate public-private key pairs: DWS-1008# crypto generate key admin 1024 key pair generated DWS-1008# crypto generate key eap 1024 key pair generated DWS-1008# crypto generate key web 1024 key pair generated D-Link DWS-1008 User Manual...
Page 289
DWS-1008# crypto certificate admin Enter PEM-encoded certificate 8. Paste the signed certificate text block into the switch’s CLI, below the prompt. 9. Display information about the certificate, to verify it: DWS-1008# show crypto certificate admin D-Link DWS-1008 User Manual...
Page 290
13. Paste the CA’s signed certificate under the prompt. 14. Display information about the CA’s certificate, to verify it: DWS-1008# show crypto ca-certificate admin 15. Repeat step 12 through step 14 to install the CA’s certificate for EAP (802.1X) and WebAAA. D-Link DWS-1008 User Manual...
About AAA for Network Users Network users include the following types of users: • Wireless users—Users who access the network by associating with an SSID on a D-Link radio. Wired authentication users—Users who access the network over an Ethernet connection •...
(no 802.1X or MAC access rules have the wired option set), MSS checks for user last- resort-wired. If this user is configured, the authorization attributes set for the user are applied to the user who is on the wired authentication port and the user is allowed onto the network. D-Link DWS-1008 User Manual...
If no 802.1X or MAC access rules are configured for wired, and the wired authentication port’s fallthru type is last-resort, MSS allows users onto the port without prompting for a username or password. The authorization attributes set on user last-resort-wired are applied to the user. D-Link DWS-1008 User Manual...
(ACLs) to the user’s traffic, and so on. To assign attributes on the RADIUS server, use the standard RADIUS attributes supported on the server. To assign attributes in the switch’s local database, use the MSS vendor-specific attributes (VSAs). D-Link DWS-1008 User Manual...
Page 295
These authorization attributes are applied to users accessing the SSID managed by the service profile (in addition to any attributes supplied by a RADIUS server or the switch’s local database). D-Link DWS-1008 User Manual...
IT group into the group infotech-people. AAA Methods for IEEE 802.1X and Web Network Access The following AAA methods are supported by D-Link for 802.1X and Web network access mode: • Client certificates issued by a certificate authority (CA) for authentication.
1. To configure server-1 and server-2 at IP addresses 192.168.253.1 and 192.168.253.2 with the password chey3nn3, the administrator enters the following commands: DWS-1008# set radius server server-1 address 192.168.253.1 key chey3nn3 DWS-1008# set radius server server-2 address 192.168.253.2 key chey3nn3 D-Link DWS-1008 User Manual...
• The MS-CHAP-V2 portion an encrypted session. Mutual Authentication is processed on the RADIUS The client needs only a authentication is performed by Protocol version 2) server or locally, username and password. MS-CHAP-V2. depending on the configuration. D-Link DWS-1008 User Manual...
Wired users are not eligible for the encryption performed on the traffic of wireless users, but they can be authenticated by an EAP method, a MAC address, or a Web login page served by the switch. D-Link DWS-1008 User Manual...
DWS-1008# set authentication dot1x ssid marshes *@example.com peap-mschapv2 shorebirds To offload both PEAP and MS-CHAP-V2 processing onto the switch, use the following command: DWS-1008# set authentication dot1x ssid marshes *@example.com peap-mschapv2 local D-Link DWS-1008 User Manual...
You can use Bonded Auth with Microsoft Windows clients that support separate 802.1X authentication ® for the machine itself and for a user who uses the machine to log on to the network. D-Link DWS-1008 User Manual...
(Generally, in a Bonded Auth configuration, the RADIUS servers will use a user database stored on an Active Directory server.) D-Link recommends that you make the rules as general as possible. For example, if the Active Directory domain is mycorp.com, the following userglobs match on all machine names and users in the domain: •...
By default, the Bonded Auth period is 0 seconds. MSS does not wait for a Bonded Auth user to reauthenticate. You can set the Bonded Auth period to a value up to 300 seconds. D-Link recommends that you try 60 seconds, and change the period to a longer value only if clients are unable to authenticate within 60 seconds.
The following command sets the Bonded Auth period to 60 seconds, to allow time for WEP users to reauthenticate: DWS-1008# set dot1x bonded-period 60 success: change accepted. Displaying Bonded Auth Configuration Information To display Bonded Auth configuration information, use the following command: show dot1x config D-Link DWS-1008 User Manual...
Users authorized by MAC address require a MAC authorization password if RADIUS authentication is desired. The default well-known password is dlink. Caution: Use this method with care. IEEE 802.11 frames can be forged and can result in unauthorized network access if MAC authentication is employed. D-Link DWS-1008 User Manual...
For example, the following command removes MAC user 01:0f:03:04:05:06 from the group the user is DWS-1008# clear mac-user 01:0f:03:04:05:06 group success: change accepted. The clear mac-usergroup command removes the group. To remove a MAC user profile from the local database on the switch, type the following command: clear mac-user mac-address D-Link DWS-1008 User Manual...
MAC user profile in the local database, use the following command: clear mac-user mac-addr attr attribute-name For example, the following command clears the VLAN assignment from MAC user 01:0f:02:03:04:05: DWS-1008# clear mac-user 01:0f:03:04:05:06 attr vlan-name success: change accepted. D-Link DWS-1008 User Manual...
If the MAC address is in the database, MSS uses the VLAN attribute and other attributes associated with it for user authorization. Otherwise, MSS tries the fallthru authentication type, which can be last-resort, Web, or none. D-Link DWS-1008 User Manual...
SSID, you can use static WEP or WPA with PSK as the encryption type. MSS provides a D-Link login page, which is used by default. You can add custom login pages to the switch’s nonvolatile storage, and configure MSS to serve those pages instead.
SSID the Web-Portal user associates with. Previous MSS Versions required this special user for Web- Portal configurations. Any web-portal-ssid users are removed from the configuration during upgrade to MSS Version 5.0. However, the web-portal-wired user is still required for Web Portal on wired authentication ports. D-Link DWS-1008 User Manual...
To set the fallthru authentication type for an SSID, set it in the service profile for the SSID, using the set service-profile auth-fallthru command. To set it on a wired authentication port, use the auth-fall-thru web-portal parameter of the set port type wired-auth command. D-Link DWS-1008 User Manual...
Page 313
To configure authentication rules, use the set authentication web command. • Web Portal WebAAA must be enabled, using the set web-portal command. The feature is enabled by default. D-Link DWS-1008 User Manual...
ACL and map that ACL instead to the service profile or the web-portal-wired user. Make sure to use the capture option for traffic you do not want to allow. D-Link recommends that you do not change the portalacl ACL. Leave the ACL as a backup in case you need to refer to it or you need to use it again.
Note: The VLAN does not need to be configured on the switch where you configure Web Portal but the VLAN does need to be configured on a switch somewhere in the network. The user’s traffic will be tunneled to the switch where the VLAN is configured. D-Link DWS-1008 User Manual...
DWS-1008# show sessions network ssid mycorp User Sess IP or MAC VLAN Port/ Name Address Name Radio ------------------------------------------------------------------------------------------------ alice 192.168.12.101 corpvlan 192.168.12.102 corpvlan 2 sessions total D-Link DWS-1008 User Manual...
By default, MSS serves the D-Link login page for Web login. To serve a custom page instead, do the following: 1. Copy and modify the D-Link page, or create a new page. 2. Create a subdirectory in the user files area of the switch’s nonvolatile storage, and copy the custom page into the subdirectory.
Copying and Modifying the Web Login Page To copy and modify the D-Link Web login page: 1. Configure an unencrypted SSID on a switch. The SSID is temporary and does not need to be one you intend to use in your network. To configure the SSID, use the following...
4. Delete the temporary SSID, along with the temporary service profile and radio profile you created for it. DWS-1008# set ap 2 radio 1 radio-profile temprad mode disable success: change accepted. DWS-1008# clear radio-profile temprad success: change accepted. DWS-1008# clear service-profile tempsrvc success: change accepted. D-Link DWS-1008 User Manual...
Page 322
1202 bytes in 0.402 seconds [ 2112 bytes/sec] DWS-1008# dir mycorp-webaaa ========================================================== file: Filename Size Created file:mycorp-login.html 637 bytes Aug 12 2004, 15:42:26 file:mylogo.gif 1202 bytes Aug 12 2004, 15:57:11 Total: 1839 bytes used, 206577 Kbytes free D-Link DWS-1008 User Manual...
When user djoser is successfully authenticated and authorized, MSS redirects the user to the following URL: https://saqqara.org/login.php?user=djoser To verify configuration of a redirect URL and other user attributes, type the show aaa command. D-Link DWS-1008 User Manual...
6. Change the Web-Portal ACL name set on the service profile, using the following command: set service-profile name web-portal-acl aclname 7. Verify the change by displaying the service profile. 8. Save the configuration changes. D-Link DWS-1008 User Manual...
Web Portal WebAAA sessions already authenticated with a username and password. For all other Web Portal WebAAA sessions, the default Web Portal WebAAA session timeout period of 5 seconds is used. D-Link DWS-1008 User Manual...
The following commands configure wired authentication port 5 for last-resort access and add the special user: DWS-1008# set port type wired-auth 5 auth-fall-thru last-resort success: change accepted. DWS-1008# set user last-resort-wired attr vlan-name guest-vlan2 success: change accepted. D-Link DWS-1008 User Manual...
MSS assigns authorization attributes to the user from the RADIUS server’s access- accept response. 6. When the user’s session ends, the third-party AP sends a RADIUS stop-accounting record to the switch. The switch then removes the session. D-Link DWS-1008 User Manual...
AP but remains a RADIUS client to the real RADIUS servers. • An authentication proxy rule must be configured for the AP’s users. The rule matches based on SSID and username, and selects the authentication method (a RADIUS server group) for proxying. D-Link DWS-1008 User Manual...
AP. Use the following command: set radius proxy client address ip-address [port udp-port-number] [acct-port acct-udp-port-number] key string • Configure a proxy authentication rule for the AP’s users. Use the following command: set authentication proxy ssid ssid-name user-glob radius-server-group D-Link DWS-1008 User Manual...
Page 331
SSID mycorp. MSS uses RADIUS server group srvrgrp1 to proxy RADIUS requests and hence to authenticate and authorize the users. DWS-1008# set authentication proxy ssid mycorp ** srvrgrp1 To verify the changes, use the show config area aaa command. D-Link DWS-1008 User Manual...
The user does not need to wait for the user group’s start date. The VLAN attribute is required. MSS can authorize a user to access the network only if the VLAN to place the user on is specified. D-Link DWS-1008 User Manual...
Page 333
Mobility Profile attribute for the user. Note: If the Mobility Profile feature is enabled, and a mode only) user is assigned the name of a Mobility Profile that does not exist on the switch, the user is denied access. D-Link DWS-1008 User Manual...
Page 334
SSID the user is allowed to be configured in a service profile, and the service profile (network access mode access after authentication. must be used by a radio profile assigned to D-Link radios in only) the network. Date and time at which the...
Page 335
URL string: (network access mode is redirected after • $u—Username only) successful WebAAA. • $v—VLAN • $s—SSID • $p—Service profile name To use the literal character $ or ?, use the following: • $$ • $q D-Link DWS-1008 User Manual...
To change the value of an authorization attribute, reenter the command with the new value. To assign an authorization attribute to a user’s configuration on a RADIUS server, see the documentation for your RADIUS server. D-Link DWS-1008 User Manual...
RADIUS server. Note: If the Filter-Id value returned through the authentication and authorization process does not match the name of a committed security ACL in the switch, the user fails authorization and cannot be connected. D-Link DWS-1008 User Manual...
DWS-1008# set user Jose attr filter-id acl-101.in success: change accepted. The following command applies the incoming filters of acl-101 to the users who belong to the group eastcoasters: DWS-1008# set usergroup eastcoasters attr filter-id acl-101.in success: change accepted. D-Link DWS-1008 User Manual...
When you assign the Encryption-Type attribute to a user or group, the encryption type or types are entered as an authorization attribute into the user or group record in the local database or on the RADIUS server. Encryption-Type is a D-Link vendor-specific attribute (VSA).
To clear an encryption type from the profile of a use or group of users in the local database, use one of the following commands: clear user username attr encryption-type clear usergroup groupname attr encryption-type clear mac-user username attr encryption-type clear mac-usergroup groupname attr encryption-type D-Link DWS-1008 User Manual...
SSID the user is associated with.) • As shown in the table above, even when keep-initial-vlan is set, a user’s VLAN can be reassigned by AAA or a location policy. D-Link DWS-1008 User Manual...
150 rules. The action can be one of the following: • Deny access to the network • Permit access, but set or change the user’s VLAN assignment, inbound ACL, outbound ACL, or any combination of these attributes D-Link DWS-1008 User Manual...
{ssid operator ssid-name | vlan operator vlan-glob | user operator user-glob | port port-list | dap dap-num} [before rule-number | modify rule-number] Note: Asterisks (wildcards) are not supported in SSID names. You must specify the complete SSID name. D-Link DWS-1008 User Manual...
DWS-1008# set location policy permit inacl svcs_2 outacl svcs_3 if vlan eq bldg4.* You can optionally add the suffixes .in and .out to inacl-name and outacl-name for consistency with their usage in entries stored in the local database. D-Link DWS-1008 User Manual...
To delete a location policy rule, use the following command: clear location policy rule-number Type show location policy to display the numbers of configured location policy rules. To disable the location policy on a DWS-1008 switch, delete all the location policy rules. D-Link DWS-1008 User Manual...
AP port number and radio number Access point’s MAC address Access point’s MAC address Number of octets received by theswitch Number of octets sent by the switch Number of packets received by the switch Number of packets sent by the switch D-Link DWS-1008 User Manual...
When you enter this command, an Accounting-Off message is generated and sent to the server or server group specified with the set accounting system command. No further Accounting-On or Accounting-Off messages are generated. D-Link DWS-1008 User Manual...
* local set authentication dot1x ssid mycorp Geetha eap-tls set authentication dot1x ssid mycorp * peap-mschapv2 sg1 sg2 sg3 set accounting dot1x Nin ssid mycorp stop-only sg2 set accounting admin Natasha start-stop local user Nin D-Link DWS-1008 User Manual...
Here is an example of a AAA configuration where the most-specific rules for 802.1X are first and the rules with any are last: DWS-1008# show aaa set authentication dot1x ssid mycorp Geetha eap-tls set authentication dot1x ssid mycorp * peap-mschapv2 sg1 sg2 sg3 set authentication dot1x ssid any ** peap-mschapv2 sg1 sg2 sg3 D-Link DWS-1008 User Manual...
802.1X users in the local database and ignores the command for EXAMPLE/ users. DWS-1008# show aaa set accounting dot1x ssid mycorp * start-stop group1 set authentication dot1x ssid mycorp * peap-mschapv2 local set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2 group1 D-Link DWS-1008 User Manual...
The configuration order now shows that all 802.1X users are processed as you intended: DWS-1008# show aaa set accounting dot1x ssid mycorp EXAMPLE/* start-stop group1 set authentication dot1x ssid mycorp EXAMPLE/* peap-mschapv2 group1 set accounting dot1x ssid mycorp * start-stop group1 set authentication dot1x ssid mycorp * peap-mschapv2 local D-Link DWS-1008 User Manual...
5. Create a Mobility Profile called tulip by typing the following commands: DWS-1008# set mobility-profile name tulip port 2,4-6 success: change accepted. DWS-1008# set mobility-profile mode enable success: change accepted. DWS-1008# show mobility-profile Mobility Profiles Name Ports ========================= tulip D-Link DWS-1008 User Manual...
Page 354
EXAMPLE\* pass-through shorebirds user tech Password = 1315021018 (encrypted) user EXAMPLE/nin filter-id = acl.101.in mobility-profile = tulip user EXAMPLE/tamara filter-id = acl.101.in mobility-profile = tulip 8. Save the configuration: DWS-1008 save config success: configuration saved. D-Link DWS-1008 User Manual...
DWS-1008# set user Natasha attr vlan-name red 4. To assign Natasha a session timeout value of 1200 seconds, type the following command: DWS-1008# set user Natasha attr session-timeout 1200 5. Save the configuration: DWS-1008 save config success: configuration saved. D-Link DWS-1008 User Manual...
3. To authenticate all 802.1X users of SSID bobblehead in the group mktg using PEAP on the switch and MS-CHAP-V2 on server sg1, type the following command: DWS-1008# set authentication dot1x ssid bobblehead mktg\* peap-mschapv2 sg1 D-Link DWS-1008 User Manual...
3. Display the configuration: DWS-1008# show location policy Id Clauses ----------------------------------------------------- 1) permit vlan bldgb-teach if vlan eq bldga-prof-* 2) permit vlan bldgb-eng if vlan eq *-techcomm 4. Save the configuration: DWS-1008 save config success: configuration saved. D-Link DWS-1008 User Manual...
For RADIUS servers that do not explicitly set their own dead time and timeout timers and transmission attempts, MSS sets the following values by default: • Dead time—0 (zero) minutes (The switch does not designate unresponsive RADIUS servers as unavailable.) • Transmission attempts—3 • Timeout (wait for a server response)—5 seconds D-Link DWS-1008 User Manual...
For failover authentication or authorization to work promptly, D-Link recommends that you change the dead time to a value other than 0. With the default setting, the dead time is never invoked and MSS does not hold down requests to unresponsive RADIUS servers.
You can configure multiple RADIUS servers. When you define server names and keys, case is significant. For example: DWS-1008# set radius server rs1 address 10.6.7.8 key seCret success: change accepted. DWS-1008# set radius server rs2 address 10.6.7.9 key BigSecret success: change accepted. D-Link DWS-1008 User Manual...
Note: You must provide RADIUS servers with names that are unique. To prevent confusion, D-Link recommends that RADIUS server names differ in ways other than case. For example, avoid naming two servers RS1 and rs1. You must configure RADIUS servers into server groups before you can access them.
For example, to configure RADIUS servers pelican and seagull as the server group swampbirds with load balancing: 1. Configure the members of a server group by typing the following command: DWS-1008# set server group swampbirds members pelican seagull success: change accepted. D-Link DWS-1008 User Manual...
The RADIUS server coot is configured but not part of the server group shorebirds. 2. To add RADIUS server coot as the last server in the server group shorebirds, type the following command: DWS-1008# set server group shorebirds members sandpiper heron egret coot success: change accepted. D-Link DWS-1008 User Manual...
DWS-1008# set radius server egret address 192.168.243.15 key pine DWS-1008# set radius server sandpiper address 192.168.253.17 key oak 2. Place two of the RADIUS servers into a server group called swampbirds. Type the following command: DWS-1008# set server group swampbirds members pelican seagull D-Link DWS-1008 User Manual...
Page 365
Radius Servers Server Addr Ports Tries Dead State -------------------------------------------------------------------------------------------------- sandpiper 192.168.253.17 1812 1813 seagull 192.168.243.12 1812 1813 egret 192.168.243.15 1812 1813 pelican 192.168.253.11 1812 1813 Server groups swampbirds (load-balanced): pelican seagull shorebirds (load-balanced): egret pelican sandpiper D-Link DWS-1008 User Manual...
Setting 802.1X Port Control The following command specifies the way a wired authentication port or group of ports handles user 802.1X authentication attempts: set dot1x port-control {forceauth | forceunauth | auto} port-list D-Link DWS-1008 User Manual...
The secret Wired-Equivalent Privacy protocol (WEP) keys used by MSS on access points for broadcast communication on a VLAN are automatically rotated (rekeyed) every 30 minutes to maintain secure packet transmission. You can disable WEP key rotation for debugging purposes, or change the rotation interval. D-Link DWS-1008 User Manual...
The rekeying process can be performed automatically on a periodic basis. By setting the Session- Timeout RADIUS attribute, you make the reauthentication transparent to the client, who is unaware that reauthentication is occurring. A good value for Session-Timeout is 30 minutes. D-Link DWS-1008 User Manual...
The default is 1800 seconds (30 minutes). You can set the interval from 30 to 1,641,600 seconds (19 days). For example, type the following command to set the WEP-rekey period to 900 seconds: DWS-1008# set dot1x wep-rekey-period 900 success: dot1x wep-rekey-period set to 900 D-Link DWS-1008 User Manual...
In this case, MSS uses the timeout that has the lower value. If the session-timeout is set to fewer seconds than the global reauthentication timeout, MSS uses the session-timeout for the client. However, if the global reauthentication timeout is shorter than the session-timeout, MSS uses the global timeout instead. D-Link DWS-1008 User Manual...
Note: If the number of reauthentications for a wired authentication client is greater than the maximum number of reauthentications allowed, MSS sends an EAP failure packet to the client and removes the client from the network. However, MSS does not remove a wireless client from the network under these circumstances. D-Link DWS-1008 User Manual...
The Bonded Auth period applies only to 802.1X authentication rules that contain the bonded option. To reset the Bonded Auth period to its default value, use the following command: clear dot1x max-req D-Link DWS-1008 User Manual...
For example, type the following command to set the authorization server timeout to 60 seconds: DWS-1008# set dot1x timeout auth-server 60 success: dot1x auth-server timeout set to 60. To reset the authorization server timeout to the default, type the following command: DWS-1008# clear dot1x timeout auth-server success: change accepted. D-Link DWS-1008 User Manual...
----------------------------------------------------- Enters Connecting: Logoffs While Connecting: Enters Authenticating: Success While Authenticating: Timeouts While Authenticating: Failures While Authenticating: Reauths While Authenticating: Starts While Authenticating: Logoffs While Authenticating: Starts While Authenticated: Logoffs While Authenticated: Bad Packets Received: D-Link DWS-1008 User Manual...
• Cache Cleaner – Ensures that Web browser information, such as cookies, history, auto- completion data, stored passwords, and temporary files are erased or removed upon termination of the user’s session, inactivity timeout, or closing of the browser. D-Link DWS-1008 User Manual...
SSID where the SODA functionality is enabled. Note that in the current release, the SODA functionality works only in conjunction with the Web Portal WebAAA feature. D-Link DWS-1008 User Manual...
Page 378
If the user’s computer fails one of the SODA agent checks, then a customizable failure page is loaded in the browser window. The user is then disconnected from the network, or can optionally be granted limited network access, based on a specified security ACL. D-Link DWS-1008 User Manual...
11. Specify an alternate name for the directory where the SODA agent files for a service profile are located (optional). See “Specifying an Alternate SODA Agent Directory for a Service Profile”. 12. Remove the SODA agent files from the switch (optional). See “Uninstalling the SODA Agent Files from the Switch”. D-Link DWS-1008 User Manual...
/soda/ and success.html or failure.html. The /soda/ keyword must immediately follow the hostname. The hostname must match the Common Name specified in the WebAAA certificate. • The logout page is required to have /logout.html in the URL. D-Link DWS-1008 User Manual...
This command may take up to 20 seconds... DWS-1008# If SODA functionality is enabled for the service profile that manages SSID sp1, then SODA agent files in this directory are downloaded to clients attempting to connect to SSID sp1. D-Link DWS-1008 User Manual...
Note that if you disable the enforcement of the SODA security checks, you cannot apply the success and failure URLs to client devices. In addition, you should not configure the SODA agent to refer to the success and failure pages on the switch if you have disabled enforcement of SODA agent checks. D-Link DWS-1008 User Manual...
To specify a page that is loaded when a client fails the security checks performed by the SODA agent, use the following command: set service-profile name soda failure-page page To reset the failure page to the default value, use the following command: clear service-profile name soda failure-page D-Link DWS-1008 User Manual...
SODA agent checks. For example, the following command configures the switch to apply acl-1 to a client when it loads the failure page: DWS-1008# set service-profile sp1 soda remediation-acl acl-1 success: change accepted. D-Link DWS-1008 User Manual...
SSID configured for the service profile. You can optionally specify a different directory for the SODA agent files used for a service profile. To do this, use the following command: set service-profile name soda agent-directory directory D-Link DWS-1008 User Manual...
DWS-1008# uninstall soda agent agent-directory sp1 This will delete all files in agent-directory, do you wish to continue? (y|n) [n]y Displaying SODA Configuration Information To view information about the SODA configuration for a service profile, use the show service profile command. D-Link DWS-1008 User Manual...
Page 387
11a mandatory rate: 6.0,12.0,24.0 standard rates: 9.0,18.0,36.0,48.0,54.0 11b beacon rate: 2.0 multicast rate: AUTO 11b mandatory rate: 1.0,2.0 standard rates: 5.5,11.0 11g beacon rate: 2.0 multicast rate: AUTO 11g mandatory rate: 1.0,2.0,5.5,11.0 standard rates: 6.0,9.0,12.0,18.0,24.0, 36.0,48.0,54.0 D-Link DWS-1008 User Manual...
Telnet tty3 sshadmin 3 admin sessions To clear the sessions of all administrative users, type the following command: DWS-1008# clear sessions admin This will terminate manager sessions, do you wish to continue? (y|n) [n]y D-Link DWS-1008 User Manual...
To view administrative sessions of Telnet clients, type the following command: DWS-1008# show sessions telnet client Session Server Address Server Port Client Port ---------------------------------------------------------------------------------- 192.168.1.81 48000 10.10.1.22 48001 To clear the administrative sessions of Telnet clients, use the following command: clear sessions telnet [client [session-id]] D-Link DWS-1008 User Manual...
• By the local session ID. (See “Displaying and Clearing Network Sessions by Session ID”.) Note: Authorization attribute values can be changed during authorization. If the values are changed, show sessions output shows the values that are actually in effect following any changes. D-Link DWS-1008 User Manual...
You can view sessions by a username or user glob. (For a definition of user globs and their format, see “User Globs” on page 10.) To see all sessions for a specific user or for a group of users, type the following command: show sessions network user user-glob D-Link DWS-1008 User Manual...
Page 392
To clear all the network sessions of a user or group of users, use the following command: clear sessions network user user-glob For example, the following command clears the sessions of users named Bob: DWS-1008# clear sessions network user Bob* D-Link DWS-1008 User Manual...
------------------------------------------------------------------------------------------------------- EXAMPLE\tamara 192.168.12.174 west host/laptop.example.com 192.168.12.164 west EXAMPLE\havel 192.168.12.195 west EXAMPLE\jose 192.168.12.171 west EXAMPLE\geetha 192.168.12.169 west To clear the sessions on a VLAN or set of VLANs, use the following command: clear sessions network vlan vlan-glob D-Link DWS-1008 User Manual...
Number of bytes with encryption errors: 0 Last packet data rate: 48 Last packet signal strength: -60 dBm Last packet data S/N ratio: 35 Protocol: 802.11 Session CAC: disabled The verbose option is not available with the show sessions network session-id command. D-Link DWS-1008 User Manual...
For example, to change the user idle timeout for service profile sp1 to 6 minutes (360 seconds), use the following command: DWS-1008# set service-profile sp1 user-idle-timeout 360 success: change accepted. To disable the user idle timeout, use the following command: DWS-1008# set service-profile sp1 user-idle-timeout 0 success: change accepted. D-Link DWS-1008 User Manual...
• Rogue—The device is in the D-Link network but does not belong there. • Interfering device—The device is not part of the D-Link network but also is not a rogue. No client connected to the device has been detected communicating with any network entity listed in the forwarding database (FDB) of any switch in the network.
MSS also can place a client in the black list due to an association, reassociation or disassociation flood from the client. The rogue classification algorithm examines each of these lists when determining whether a device is a rogue. D-Link DWS-1008 User Manual...
When an AP radio detects radar on a channel, the radio switches to another channel and does not attempt to use the channel where the radar was detected for 30 minutes. MSS also generates a message. Note: The RF Auto-tuning feature must be enabled. Otherwise MSS cannot change the channel. D-Link DWS-1008 User Manual...
MSS does not classify devices on this list as rogues or Ignore list interfering devices, and does not issue countermeasures against them. Packets sent by D-Link APs to interfere with the operation Countermeasures of a rogue or interfering device. Countermeasures are configurable on a radio-profile basis.
To remove an entry from the permitted vendor list, use the following command: clear rfdetect vendor-list {client | ap} {mac-addr | all} The following command removes client OUI aa:bb:cc:00:00:00 from the permitted vendor list: DWS-1008# clear rfdetect vendor-list client aa:bb:cc:00:00:00 success: aa:bb:cc:00:00:00 is no longer in client vendor-list. D-Link DWS-1008 User Manual...
To remove an SSID from the permitted SSID list, use the following command: clear rfdetect ssid-list ssid-name The following command clears SSID mycorp from the permitted SSID list: DWS-1008# clear rfdetect ssid-list mycorp success: mycorp is no longer in ssid-list. D-Link DWS-1008 User Manual...
To remove a MAC address from the client black list, use the following command: clear rfdetect black-list mac-addr The following command removes MAC address 11:22:33:44:55:66 from the black list: DWS-1008# clear rfdetect black-list 11:22:33:44:55:66 success: 11:22:33:44:55:66 is no longer blacklisted. D-Link DWS-1008 User Manual...
To remove a MAC address from the attack list, use the following command: clear rfdetect attack-list mac-addr The following command clears MAC address 11:22:33:44:55:66 from the attack list: DWS-1008# clear rfdetect attack-list 11:22:33:44:55:66 success: 11:22:33:44:55:66 is no longer in attacklist. D-Link DWS-1008 User Manual...
Configuring an Ignore List By default, when countermeasures are enabled, MSS considers any non-D-Link transmitter to be a rogue device and can send countermeasures to prevent clients from using that device. To prevent MSS from sending countermeasures against a friendly device, add the device to the known devices list: If you add a device that MSS has classified as a rogue to the permitted vendor list or permitted SSID list, but not to the ignore list, MSS can still classify the device as a rogue.
DWS-1008# set radio-profile radprof3 countermeasures configured success: change accepted. To disable countermeasures on a radio profile, use the following command: clear radio-profile name countermeasures The following command disables countermeasures in radio profile radprof3: DWS-1008# clear radio-profile radprof3 countermeasures success: change accepted. D-Link DWS-1008 User Manual...
Enabling AP Signatures An AP signature is a set of bits in a management frame sent by an AP that identifies that AP to MSS. If someone attempts to spoof management packets from a D-Link AP, MSS can detect the spoof attempt.
The source MAC address is spoofed so that clients think the packet is coming from a legitimate AP. If an AP detects a packet with its own source MAC address, the AP knows that the packet was spoofed. D-Link DWS-1008 User Manual...
• Spoofed AP—A rogue device pretends to be a D-Link AP by sending packets with the source MAC address of the D-Link AP. Data from clients that associate with the rogue device can be accessed by the hacker controlling the rogue device.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53. Client aa:bb:cc:dd:ee:ff is sending authentication message Authentication message flood flood. Seen by AP on port 2, radio 1 on channel 11 with RSSI -53. D-Link DWS-1008 User Manual...
Page 410
Fake AP SSID (when source MAC address is not known) 1 on channel 11 with RSSI -53 SSID myssid. AP Mac aa:bb:cc:dd:ee:ff(ssid myssid) is masquerading our Spoofed SSID ssid used by aa:bb:cc:dd:ee:fd. Detected by listener aa:bb: cc:dd:ee:fc(port 2, radio 1), channel 11 with RSSI -53. D-Link DWS-1008 User Manual...
This command is valid on any switch in the Mobility Domain. show rfdetect visible mac-addr Displays the BSSIDs detected by a specific D-Link radio. show rfdetect visible ap AP-num [radio {1 | 2}] show rfdetect visible dap dap-num [radio {1 | 2}]...
Client Mac Address: 00:0c:41:63:fd:6d, Vendor: D-Link Port: dap 1, Radio: 1, Channel: 11, RSSI: -82, Rate: 2, Last Seen (secs ago): 84 Bssid: 00:0b:0e:01:02:00, Vendor: D-Link, Type: intfr, Dst: ff:ff:ff:ff:ff:ff Last Rogue Status Check (secs ago): 3 The first line lists information for the client. The other lines list information about the most recent 802.11 packet detected from the client.
Access points present in attack-list Access points not present in ssid-list Access points not present in vendor-list Clients not present in vendor-list Clients added to automatic black-list Note: MSS generates log messages for most of these statistics. D-Link DWS-1008 User Manual...
This command is valid only on the network’s seed switch. DWS-1008# show rfdetect countermeasures Total number of entries: 190 Rogue MAC Type Countermeasures IPaddr Port/Radio Radio Mac /Channel -------------------------------------------------------------------------------------------------------------- 00:0b:0e:00:71:c0 intfr 00:0b:0e:44:55:66 10.1.1.23 dap 4/1/6 00:0b:0e:03:00:80 rogue 00:0b:0e:11:22:33 10.1.1.23 dap 2/1/11 D-Link DWS-1008 User Manual...
To display version information for a DWS-1008 switch, type the following command: DWS-1008# show version Mobility System Software, Version: 4.1.0 QA 67 Copyright (c) 2002, 2003, 2004, 2005 D-Link, Inc. All rights reserved. Build Information: (build#67) TOP 2005-07-21 04:41:00 Model: DWS-1008 Hardware Mainboard: version 24 ;...
To also display access point information, type the following command: DWS-1008# show version details Mobility System Software, Version: 4.1.0 QA 67 Copyright (c) 2002, 2003, 2004, 2005 D-Link, Inc. All rights reserved. Build Information: (build#67) TOP 2005-07-21 04:41:00 Label: 4.1.0.67_072105_MX20...
The boot area is divided into two partitions, boot0 and boot1. Each partition can contain one system image file. The file area can contain subdirectories. Subdirectory names are indicated by a forward slash at the end of the name. In the following example, dangdir and old are subdirectories. D-Link DWS-1008 User Manual...
Page 419
The following command displays the files in the old subdirectory: DWS-1008# dir old ================================================================== file: Filename Size Created file:configuration.txt 3541 bytes Sep 22 2003, 22:55:44 file:configuration.xml 24 KB Sep 22 2003, 22:55:44 Total: 27 Kbytes used, 207824 Kbytes free D-Link DWS-1008 User Manual...
Page 420
Total: 37 bytes used, 91707 Kbytes free The following command limits the output to the contents of the boot0 partition: DWS-1008# dir boot0: ================================================================== file: Filename Size Created boot0:mx040100.020 9780 KB Aug 23 2005, 15:54:08 Total: 9780 Kbytes used, 207663 Kbytes free D-Link DWS-1008 User Manual...
Note: You can copy a file from a switch to a TFTP server or from a TFTP server to a switch, but you cannot use MSS to copy a file directly from one TFTP server to another. D-Link DWS-1008 User Manual...
Page 422
To copy file corpa-login.html from a TFTP server into subdirectory corpa in a DWS-1008 switch’s nonvolatile storage, type the following command: DWS-1008# copy tftp://10.1.1.1/corpa-login.html corpa/corpa-login.html success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec] D-Link DWS-1008 User Manual...
Using an Image File’s MD5 Checksum To Verify Its Integrity If you download an image file from the D-link support site and install it in a switch’s boot partition, you can verify that the file has not been corrupted while being copied.
Caution: MSS does not prompt you to verify whether you want to delete a file. When you press Enter after typing a delete command, MSS immediately deletes the specified file. D-Link recommends that you copy a file to a TFTP server before deleting the file.
The all parameter includes all commands that are set at their default values. Without the all parameter, the show config command lists only those configuration commands that set a parameter to a value other than the default. D-Link DWS-1008 User Manual...
Page 426
10 name backbone tunnel-affinity 5 set vlan 10 port 21 set vlan 10 port 22 set vlan 3 name red tunnel-affinity 5 set igmp mrsol mrsi 60 vlan 1 set igmp mrsol mrsi 60 vlan 10 D-Link DWS-1008 User Manual...
To configure a switch to load the configuration file floor2mx from nonvolatile storage following the next software reboot, type the following command: DWS-1008# set boot configuration-file floor2mx success: boot config set. D-Link DWS-1008 User Manual...
Caution: This command completely removes the running configuration and replaces it with the configuration contained in the file. D-Link recommends that you save a copy of the current running configuration to a backup configuration file before loading a new configuration.
If you do not use the force option, the command first compares the running configuration to the configuration file. If the files do not match, MSS does not restart the switch but instead displays a message advising you to either save the configuration changes or use the force option. D-Link DWS-1008 User Manual...
This is the default for the backup command. Note: If the archive’s files cannot fit on the switch, the restore operation fails. D-link recommends deleting unneeded image files before creating or restoring an archive.
28263 bytes in 0.324 seconds [ 87231 bytes/sec] The following command restores system-critical files on a switch, from archive sysa_bak: DWS-1008# restore system tftp:/10.10.20.9/sysa_bak success: received 11908 bytes in 0.150 seconds [ 79386 bytes/sec] success: restore complete. D-Link DWS-1008 User Manual...
Caution: Save the configuration, then create a backup of your switch files before you upgrade the switch. D-Link recommends that you make a backup of the switch files before you install the upgrade. If an error occurs during the upgrade, you can restore your switch to its previous state.
Page 433
AP. If the boot image is newer, the AP completes installation of its new boot image by copying the boot image into the AP’s flash memory, which takes about 30 seconds, then restarts again. The upgrade of the AP is complete after the second restart. D-Link DWS-1008 User Manual...
Some show commands are particularly useful in troubleshooting. The show tech-support command combines a number of show commands into one, and provides an extensive snapshot of your switch configuration settings for D-Link Technical Support. Fixing Common Setup Problems The table below contains remedies for some common problems that can occur during basic installation and setup of a DWS-1008 switch.
Console”. Caution: Use an enable password that you will remember. If you lose the password, the only way to restore it causes the system to return to its default settings and wipes out the configuration. D-Link DWS-1008 User Manual...
Debug output is logged to the trace buffer by default. The table on the next page summarizes the destinations and defaults for system log messages. D-Link DWS-1008 User Manual...
Page 437
Output from debugging. Note: The debug level produces a lot of messages, many of which can appear to be somewhat debug cryptic. Debug messages are used primarily by D-Link for troubleshooting and are not intended for administrator use. D-Link DWS-1008 User Manual...
To modify settings to another severity level, use the following command: set log buffer severity severity-level For example, to set logging to the buffer for events at the warning level and higher, type the following command: DWS-1008# set log buffer severity warning success: change accepted. D-Link DWS-1008 User Manual...
Page 439
RAPDA, WEBVIEW, EAP, FP, STAT, SSHD, SUP, DNSD, CONFIG, BACKUP. To clear the buffer, type the following command: DWS-1008# clear log buffer To disable logging to the system buffer, type the following command: DWS-1008# set log buffer disable D-Link DWS-1008 User Manual...
If you do not specify a local facility, MSS sends the messages with their default MSS facilities. For example, AAA messages are sent with facility 4 and boot messages are sent with facility 20 by default. D-Link DWS-1008 User Manual...
To enable current session logging, type the following command: DWS-1008# set log current enable success: change accepted To disable current session logging, type the following command: DWS-1008# set log current disable success: change accepted D-Link DWS-1008 User Manual...
You can configure MSS to generate mark messages at regular intervals. The mark messages indicate the current system time and date. D-Link can use the mark messages to determine the approximate time when a system restart or other event causing a system outage occurred.
Caution: Using the set trace command can have adverse effects on system performance. D-Link recommends that you use the lowest levels possible for initial trace commands, and slowly increase the levels to get the data you need.
Tracing 802.1X sessions can help diagnose problems with wireless clients. For example, to trace 802.1X activity for user tamara@example.com at level 4, type the following command: DWS-1008# set trace dot1x user tamara@example.com level 4 success: change accepted. D-Link DWS-1008 User Manual...
Because traces use the logging facility, any other logging target can be used to capture trace messages if its severity is set to debug. However, since tracing can be voluminous, D-Link discourages this in practice. To enable trace output to the console, enter the command set log console severity debug.
To find the name of the trace buffer file, use the dir command. For example, the following command copies the log messages in trace buffer 0000000001 to a TFTP server at IP address 192.168.253.11, in a file called log-file: DWS-1008# copy 0000000001 tftp://192.168.253.11/log-file D-Link DWS-1008 User Manual...
To view interface information for VLANs, type the following command: DWS-1008# show interface * = From DHCP VLAN Name Address Mask Enabled State RIB ------------------------------------------------------------------------------------------------------------------- default 0.0.0.0 0.0.0.0 Down ipv4 vlan-eng 192.168.12.7 255.255.255.0 ipv4 vlan-wep 192.168.19.7 255.255.255.0 ipv4 D-Link DWS-1008 User Manual...
(the source port) to another switch port (the observer). You can attach a protocol analyzer to the observer port to examine the source port’s traffic. Both traffic directions (send and receive) are mirrored. Note: Port mirroring enables you to snoop traffic on wired ports. To snoop wireless traffic, see “Remotely Monitoring Traffic”. D-Link DWS-1008 User Manual...
Remote traffic monitoring enables you to snoop wireless traffic, by using a Distributed AP as a sniffing device. The AP copies the sniffed 802.11 packets and sends the copies to an observer, which is typically a protocol analyzer such as Ethereal or Tethereal. D-Link DWS-1008 User Manual...
All Snooped Traffic Is Sent in the Clear Traffic that matches a snoop filter is copied after it is decrypted. The decrypted (clear) version is sent to the observer. D-Link DWS-1008 User Manual...
AP Mar 25 13:15:21.681369 ERROR DAP 3 ap_network: Observer 10.10.101.2 is not accepting TZSP packets To prevent ICMP error messages from the observer, D-Link recommends using the Netcat application on the observer to listen to UDP packets on the TZSP port.
Page 453
The snap-length num option specifies the maximum number of bytes to capture. If you do not specify a length, the entire packet is copied and sent to the observer. D-Link recommends specifying a snap length of 100 bytes or less. The following command configures a snoop filter named snoop1 that matches on all traffic, and copies the traffic to the device that has IP address 10.10.30.2:...
If the filter does not have an observer, the AP still maintains a counter of the number of packets that match the filter. The following command maps snoop filter snoop1 to radio 2 on Distributed AP 3: DWS-1008# set snoop map snoop1 dap 3 radio 2 success: change accepted. D-Link DWS-1008 User Manual...
The following command removes snoop filter snoop2 from radio 2 on Distributed AP 3: DWS-1008# clear snoop map snoop2 dap 3 radio 2 success: change accepted. To remove all snoop filter mappings from all radios, use the following command: clear snoop map all D-Link DWS-1008 User Manual...
To display statistics for packets matching a snoop filter, use the following command: show snoop stats [filter-name [dap-num [radio {1 | 2}]]] The following command shows statistics for snoop filter snoop1: DWS-1008# show snoop stats snoop1 Filter Radio Rx Match Tx Match Dropped Stop-After ===================================================== snoop 1 stopped D-Link DWS-1008 User Manual...
(To display the Distributed AP’s IP address, use the show dap status command.) 4. Start the capture application: • For Ethereal capture, use ethereal filter port 37008. • For Tethereal capture, use tethereal -V port 37008. D-Link DWS-1008 User Manual...
Capturing System Information and Sending it to Technical Support If you need help from D-link Technical Support to diagnose a system problem, you can make troubleshooting the problem easier by providing the following: • show tech-support output •...
In addition to generating a core file, the switch also sends debug messages to the serial console during a system crash. To capture the messages, attach a PC to the port (if one is not already attached) and use the terminal emulation application on the PC to capture a log of the messages. D-Link DWS-1008 User Manual...
Note: If you are configuring a new DWS-1008, you can access Web View without any preconfiguration. Attach your PC directly to the switch’s Ethernet management port. Then enter http://192.168.100.1 in the web browser’s Location or Address field. D-Link DWS-1008 User Manual...
Web View to be highlighted in yellow. If you want to turn off the yellow highlighting, disable the Automatically highlight fields that Autofill can fill option, which is one of the toolbar’s options. D-Link DWS-1008 User Manual...
Supported RADIUS Attributes D-Link Mobility System Software (MSS) supports the standard and extended RADIUS authentication and accounting attributes. An attribute is sent to RADIUS accounting only if the table listing it shows Yes or Optional in the column marked Sent in Accounting-Request for the attribute and the attribute is applied to the client’s session configuration.
Page 464
Class packets sent to the RADIUS server for that client session. Vendor-Specific String. Allows MSS to support D-Link VSAs. Maximum number of seconds of service allowed the user before reauthentication of the session. Note. If the global reauthentication Session-Timeout...
Page 465
(for example, 00-10-A4-23-19-C0). Name of the RADIUS client originating an NAS-Identifier Access-Request. The value in the current release is D-Link and cannot be changed. Valid values: • Acct-Start Acct-Status-Type • Acct-Interim-Update • Acct-Stop...
Page 466
2869.) Time that the user session started, stopped, Event-Timestamp or was updated, in seconds since January 1, 1970. Tunnel-Private- Same as VLAN-Name. Group-ID Physical port that authenticates the user, in NAS-Port-Id the form AP port number/radio. D-Link DWS-1008 User Manual...
Traffic Ports Used by MSS When deploying a D-Link wireless network, you might attach D-Link equipment to subnets that have firewalls or access controls between them. Trapeze equipment uses various protocol ports to exchange information. To ensure full operation of your network, make sure the equipment can exchange information on the ports listed in the table below.
Note: Use of the MSS DHCP server to allocate client addresses is intended for temporary, demonstration deployments and not for production networks. D-Link recommends that you do not use the MSS DHCP server to allocate client addresses in a production network.
• Option 6—Domain Name Servers. If these options are not set with the set interface dhcp- server command’s primary-dns and secondary-dns options, the MSS DHCP server uses the values set by the set ip dns server command. D-Link DWS-1008 User Manual...
To remove all IP information from a VLAN, including the DHCP client and user-configured DHCP server, use the following command: clear interface vlan-id ip Note: This command clears all IP configuration information from the interface. D-Link DWS-1008 User Manual...
In addition to information for addresses leased from the VLANs where you configured the server, information for the Direct AP interface is also displayed. The Direct AP interface is an internal VLAN interface for directly connected APs. D-Link DWS-1008 User Manual...
802.11b A supplement to the IEEE 802.11 wireless LAN (WLAN) specification, describing transmission through the Physical layer (PHY) based on direct-sequence spread-spectrum (DSSS), at a frequency of 2.4 GHz and data rates of up to 11 Mbps. D-Link DWS-1008 User Manual...
Page 473
In a D-Link Mobility System, the DWS-1008 switch can use a RADIUS server or its own local database for AAA services.
Page 474
- An entity that provides an authentication service to an authenticator. From the credentials provided by a client (or supplicant), the authentication service determines whether the supplicant is authorized to access the services of the authenticator. In a D-Link Mobility System, one or more RADIUS servers can act as authentication servers.
Page 475
Detection (CSMA-CD) network. A collision occurs when two or more Layer 2 devices in the network transmit at the same time. Ethernet segments separated by a Layer 2 switch are within different collision domains. comma-separated values file - See CSV file. communications plenum cable - See plenum-rated cable. D-Link DWS-1008 User Manual...
Page 476
DHCP is the successor to the Bootstrap Protocol (BOOTP). dictionary attack - An attempt to gain illegal access to a computer or network by logging in repeatedly with passwords that are based on a list of terms in a dictionary. D-Link DWS-1008 User Manual...
Page 477
(BSS) is in power-save mode. A DTIM indicates that any buffered broadcast or multicast frames are immediately transmitted by an access point (AP). DXF format - A tagged data representation, in ASCII format, of the information contained in an AutoCAD drawing file. D-Link DWS-1008 User Manual...
Page 478
(or supplicant) and the authenticator must support the same EAP type for successful authentication to occur. EAP types supported in a D-Link Mobility System wireless LAN (WLAN) include EAP-MD5, EAP-TLS, PEAP-TLS, PEAP-MS-CHAP, and Tunneled Transport Layer Security (TTLS).
Page 479
ESS - Extended service set. A logical connection of multiple basic service sets (BSSs) connected to the same network. Roaming within an ESS is guaranteed by the D-link Mobility System. Ethernet II - The original Ethernet specification produced by Digital, Intel, and Xerox (DIX) that served as the basis of the IEEE 802.3 standard.
Page 480
HMAC - Hashed message authentication code. A function, defined in RFC 2104, for keyed hashing for message authentication. HMAC is used with MD5 and the secure hash algorithm (SHA). hashed message authentication code - See HMAC. Hewlett-Packard Open View - See HPOV. D-Link DWS-1008 User Manual...
Page 481
Like most corporate wireless LANs (WLANs), which must access a wired LAN for file servers and printers, a D-Link Mobility System is an infrastructure network. Compare ad hoc network.
Page 482
VLAN or security ACL to users without these assignments. Defining location policy rules creates a location policy for local access within a DWS-1008 switch. Each switch can have only one location policy. See also location policy rule. D-Link DWS-1008 User Manual...
Page 483
MAC address glob - A D-Link convention for matching media access control (MAC) addresses or sets of MAC addresses by means of known characters plus a “wildcard” asterisk (*) character that stands for from 1 byte to 5 bytes of the address.
Page 484
RF Auto-Tuning is enabled. Mobility System Software™ (MSS™) - The Trapeze operating system, accessible through a command-line interface (CLI), that enables D-link Mobility System products to operate as a single system. Mobility System Software (MSS) performs authentication, authorization, and accounting (AAA) functions;...
Page 485
The certificates are stored (and, when necessary, revoked) by directory services and managed by a certificate management system. See also certificate authority (CA); registration authority (RA). D-Link DWS-1008 User Manual...
Page 486
Protected Extensible Authentication Protocol - See PEAP. Protocol Independent Multicast protocol - See PIM. pseudorandom function - See PRF. pseudorandom number generator - See PRNG. D-Link DWS-1008 User Manual...
Page 487
The RADIUS server stores user profiles, which include passwords and authorization attributes. RC4 - A common encryption algorithm, designed by RSA Data Security, Inc., used by the Wired- Equivalent Privacy (WEP) protocol and Temporal Key Integrity Protocol (TKIP). received signal strength indication - See RSSI. D-Link DWS-1008 User Manual...
Page 488
1 milliwatt (dBm). scalability - The ability to adapt easily to increased or decreased requirements without impairing performance. secure hashing algorithm - See SHA. Secure Shell protocol - See SSH. Secure Sockets Layer protocol - See SSL. D-Link DWS-1008 User Manual...
Page 489
SSL uses the public-and-private key encryption system from RSA Data Security, Inc., which also includes the use of a digital certificate. See also HTTPS; TLS. D-Link DWS-1008 User Manual...
Page 490
IEEE 802 networks. Wireless clients and DWL-8220AP access points are stations in a D-Link Mobility System. STP - Spanning Tree Protocol. A link management protocol, defined in the IEEE 802.1D standard, that provides path redundancy while preventing undesirable loops in a network.
Page 491
Unlicensed National Information Infrastructure - See U-NII. user - A person who uses a client. In a D-link Mobility System, users are indexed by username and associated with authorization attributes such as user group membership. user glob - A D-Link convention for matching fully qualified structured usernames or sets of usernames during authentication by means of known characters plus two special “wildcard”...
Page 492
Wired-Equivalent Privacy protocol (WEP), WPA is not as secure as IEEE 802.11i, which includes both the RC4 encryption used in WEP and Advanced Encryption Standard (AES) encryption, but is not yet ratified by IEEE. See also AES; RC4; TKIP. D-Link DWS-1008 User Manual...
Page 493
World Wide Web Consortium (W3C), the XML specification provides a flexible way to create common information formats and share both the format and the data on the Internet, intranets, and elsewhere. Designers can create their own customized tags to define, transmit, validate, and interpret data between applications and between organizations. D-Link DWS-1008 User Manual...
PoE on 10/100 Mbps RJ-45 ports using pins 4, 5 (node) and 7, 8 (return) on standard Category 5 UTP or STP Regulatory Safety • UL 60950 • TUV/GS EN 60950 • CSA 22.2 NO. 60950 D-Link DWS-1008 User Manual...
• Version 0 (Implementation in Windows XP SP1; Win2K SP3) • draft-kamath-pppext-eap-mschapv2 - Microsoft EAP CHAP extensions v2 Cryptography • WEP and TKIP: RC4 40-bit and 104-bit • SSL and TLS: RC4 128-bit and RSA 1024-bit and 2048-bit • CCMP: AES 128-bit (FIPS-197) D-Link DWS-1008 User Manual...
D-Link at an Authorized D-Link Service Office. The replacement Hardware need not be new or have an identical make, model or part. D-Link may in its sole discretion replace the defective Hardware (or any part thereof) with any reconditioned product that D-Link reasonably determines is substantially equivalent (or superior) in all material respects to the defective Hardware.
Page 498
Except as otherwise agreed by D-Link in writing, the replacement Software is provided only to the original licensee, and is subject to the terms and conditions of the license granted by D-Link for the Software. Software will be warranted for the remainder of the original Warranty Period from the date or original retail purchase.
Page 499
D-Link may reject or return any product that is not packaged and shipped in strict compliance with the foregoing requirements, or for which an RMA number is not visible from the outside of the package. The product owner agrees to pay D-Link’s reasonable handling and return shipping charges for any product that is not packaged and shipped in accordance with the foregoing requirements, or that is determined by D-Link not to be defective or non-conforming.
Trademarks: D-Link is a registered trademark of D-Link Systems, Inc. Other trademarks or registered trademarks are the property of their respective manufacturers or owners.
The antenna(s) used for this equipment must be installed to provide a separation distance of at least eight inches (20 cm) from all persons. This equipment must not be operated in conjunction with any other antenna. D-Link DWS-1008 User Manual...
Registration Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights. Version 2.0 December 8, 2006 D-Link DWS-1008 User Manual...