Download Print this page

D-Link DWS-1008 Cli Reference Manual

8 port 10/100 wireless switch with power over ethernet
Hide thumbs

Advertisement

Table of Contents

Advertisement

Table of Contents
loading

  Related Manuals for D-Link DWS-1008

  Summary of Contents for D-Link DWS-1008

  • Page 2: Table Of Contents

    Table of Contents Introducing the D-Link Mobility System ..................1 D-Link Mobility System .........................1 Using the Command-Line Interface ....................2 Text and Syntax: Conventions ......................2 CLI Conventions ...........................3 Command Prompts ........................3 Syntax: Notations ........................4 Text Entry Conventions and Allowed Characters ..............4 MAC Address Notation ......................5 IP Address and Mask Notation ....................5...
  • Page 3 IGMP Snooping Commands ......................450 Security ACL Commands......................469 Trace Commands ..........................490 Snoop Commands ........................496 System Log Commands .......................505 Boot Prompt Commands ......................513 D-Link DWS-1008 CLI Manual...
  • Page 4: Introducing The D-Link Mobility System

    Mobility Point access points, and connecting the WLAN to the wired network backbone. • Multiple DWL-8220AP access points—Wireless access points (APs) that transmit and receive radio frequency (RF) signals to and from wireless users and connect them to a DWS-1008 switch. • Mobility System Software —The operating system that runs all DWS switches and access...
  • Page 5: Using The Command-Line Interface

    Using the Command-Line Interface The Mobility System Software (MMS) has a command-line interface (CLI) on the DWS-1008 switch that you can use to configure and manage the switch and its attached access points. You configure the DWS switch and AP access points primarily with set, clear, and show commands.
  • Page 6: Cli Conventions

    MSS displays the following prompt: DWS-mmmm-nnnnnn# For ease of presentation, this manual shows the restricted and enabled prompts as follows: DWS-1008> DWS-1008# For information about changing the CLI prompt on an DWS switch, see set prompt on page 22. D-Link DWS-1008 CLI Manual...
  • Page 7: Syntax: Notations

    MAC addresses, virtual LAN (VLAN) names, and ports in a single command. D-Link recommends that you do not use the same name with different capitalizations for VLANs or access control lists (ACLs). For example, do not configure two separate VLANs with the names red and RED.
  • Page 8: Mac Address Notation

    The ACL mask must be a contiguous set of zeroes starting from the first bit. For example, 0.255.255.255, 0.0.255.255, and 0.0.0.255 are valid ACL masks. However, 0.255.0.255 is not a valid ACL mask. D-Link DWS-1008 CLI Manual...
  • Page 9: Globs

    All users with usernames that have no delimiters. All users in the Windows Domain EXAMPLE with usernames that EXAMPLE\* have no delimiters. All users in the Windows Domain EXAMPLE whose usernames EXAMPLE\*.* contain a period. All users D-Link DWS-1008 CLI Manual...
  • Page 10: Mac Address Globs

    VLAN Globs A VLAN glob is a method for matching one of a set of local rules on a DWS-1008 switch, known as the location policy, to one or more users. MSS compares the VLAN glob, which can optionally contain wildcard characters, against the VLAN-Name attribute returned by AAA, to determine whether to apply the rule.
  • Page 11: Port Lists

    Use one of the following formats for port-list: • A single port number. For example: DWS-1008# set port enable 4 • A comma-separated list of port numbers, with no spaces. For example: DWS-1008# show port poe 1,2,4,6 •...
  • Page 12: Command-Line Editing

    Up Arrow and Down Arrow keys to select a command that you want to repeat from the history buffer. Tabs The MSS CLI uses the Tab key for command completion. You can type the first few characters of a command and press the Tab key to display the command(s) that begin with those characters. D-Link DWS-1008 CLI Manual...
  • Page 13: Single-Asterisk (*) Wildcard Character

    Show, use ‘show help’ for more information telnet telnet IP address [server port] traceroute Print the route packets take to network host To see a subset of the online help, type the command for which you want more information. D-Link DWS-1008 CLI Manual...
  • Page 14: Understanding Command Descriptions

    Understanding Command Descriptions Each command description in the D-Link Command Reference contains the following elements: • A command name, which shows the keywords but not the variables. For example, the following command name appears at the top of a command description and in the index:...
  • Page 15: Access Commands

    Examples: The following command plus the enable password provides enabled access to the CLI for the current sessions: DWS-1008> enable Enter password: password DWS-1008# D-Link DWS-1008 CLI Manual...
  • Page 16: Set Enablepass

    Examples: The following example illustrates the prompts that the system displays when the enable password is changed. The passwords you enter are not displayed. DWS-1008# set enablepass Enter old password: old-password Enter new password: new-password Retype new password: new-password Password changed D-Link DWS-1008 CLI Manual...
  • Page 17: System Services Commands

    System Services Commands Use system services commands to configure and monitor system information for a DWS-1008 switch. This chapter presents system services commands alphabetically. Use the following table to located commands in this chapter based on their use. Configuration quickstart on page 18...
  • Page 18: Clear Banner Motd

    Defaults: None. Access: Enabled. Examples: To clear a banner, type the following command: DWS-1008> clear banner motd success: change accepted Note: As an alternative to clearing the banner, you can overwrite the existing banner with an empty banner by typing the following command:...
  • Page 19: Clear System

    Clears the system configuration of the specified information. Syntax: clear system [contact | countrycode | idle-timeout | ip-address | location | name] contact Resets the name of contact person for the DWS-1008 switch to null. countrycode Resets the country code for the DWS-1008 switch to null. idle-timeout Resets the number of seconds a CLI management session can remain idle to the default value (3600 seconds).
  • Page 20 Examples: Use this command to see a list of available commands. If you have restricted access, you see fewer commands than if you have enabled access. To display a list of CLI commands available at the enabled access level, type the following command at the enabled access level: D-Link DWS-1008 CLI Manual...
  • Page 21 If you run this command on a switch that already has a configuration, the configuration will be erased. In addition, error messages such as Critical AP Notice for directly connected APs can appear. D-Link DWS-1008 CLI Manual...
  • Page 22: Set Banner Motd

    Usage: Type a caret (^), then the message, then another caret. Do not use the following characters with commands in which you set text to be displayed on the DWS-1008 switch, such as message-of-the-day (MOTD) banners: • Ampersand (&) • Angle brackets (< >) •...
  • Page 23: Set Confirm

    MSS displays a message requiring confirmation when you enter certain commands that can have a potentially large impact on the network. For example: DWS-1008# clear vlan red This may disrupt user connectivity. Do you wish to continue? (y/n) [n] Examples: To turn off these confirmation messages, type the following command:...
  • Page 24: Set License

    Installs an upgrade license key on a DWS-1008 switch. The DWS-1008 can boot and manage up to 32 APs by default. You can increase the AP support to 64, 96, or 128 APs, by installing one or more activation keys. You can install a 32-AP upgrade, 64-AP upgrade, or 96-AP upgrade.
  • Page 25: Set Prompt

    Changes the CLI prompt for the DWS-1008 switch to a string you specify. Syntax: set prompt string string Alphanumeric string up to 32 characters long. To include spaces in the prompt, you must enclose the string in double quotation marks (“”).
  • Page 26: Set System Contact

    • set system name • show system set system country code Defines the country-specific IEEE 802.11 regulations to enforce on the DWS-1008 switch. Syntax: set system countrycode code code Two-letter code for the country of operation for the DWS switch. You can...
  • Page 27 D-Link DWS-1008 CLI Manual...
  • Page 28 Usage: You must set the system county code to a valid value before using any set ap commands to configure an access point. Examples: To set the country code to Canada, type the following command: DWS-1008# set system country code CA success: change accepted. See Also: •...
  • Page 29 See Also: • clear system • show system set system ip-address Sets the system IP address so that it can be used by various services in the DWS-1008 switch. Syntax: set system ip-address ip-addr ip-addr IP address, in dotted decimal notation.
  • Page 30: Set System Location

    Stores location information for the DWS-1008 switch. Syntax: set system location string string Alphanumeric string up to 256 characters long, with no blank spaces. Defaults: None. Access: Enabled. To view the system location string, type the show system command.
  • Page 31: Show Banner Motd

    To view the system name string, type the show system command. Examples: The following example sets the system name to a name that identifies the DWS switch: DWS-1008# set system name DWS-bldg3 success: change accepted. DWS-1008-bldg3# See Also: •...
  • Page 32 Displays information about the license key(s) currently installed on an DWS-1008 switch. Syntax: show licenses Defaults: None. Access: All Examples: To view license keys, type the following command: DWS-1008# show licenses Feature : 80 additional APs See Also: •...
  • Page 33: Show System

    Displays system information. Syntax: show system Defaults: None. Access: Enabled. Examples: To show system information, type the following command: DWS-1008# show system The table on the next page describes the fields of show system output. D-Link DWS-1008 CLI Manual...
  • Page 34 System Countrycode Country-specific 802.11 code required for AP operation. (configured with set system countrycode) Total Power Over Total power that the DWS-1008 is currently supplying to its directly connected Ethernet access points, in watts. System Location Record of the DWS switch’s physical location (optionally configured with set system location).
  • Page 35 Defaults: None. Access: Enabled. Usage: Enter this command before calling D-Link Technical Support. Examples: To store the location of the DWS-1008 switch in the switch’s configuration, type the following command: DWS-1008# set system location first-floor-bldg3 success: change accepted.
  • Page 36: Port Commands

    35 Port Mirroring set port mirror on page 46 clear port mirror on page 35 Statistics show port counters on page 58 monitor port counters on page 38 clear port counters on page 34 D-Link DWS-1008 CLI Manual...
  • Page 37: Clear Dap

    Number of the Distributed AP(s) you want to remove. Defaults: None. Access: Enabled. Examples: The following command clears Distributed AP 1: DWS-1008# clear dap 1 This will clear specified DAP devices. Would you like to continue? (y/n) [n]y See Also: •...
  • Page 38: Clear Port Mirror

    Syntax: clear port-group name name Name of the port group. name Defaults: None. Access: Enabled. Examples: The following command clears port group server1: DWS-1008# clear port-group name server1 success: change accepted. See Also: • set port-group clear port mirror Removes a port mirroring configuration.
  • Page 39: Clear Port Name

    Defaults: None. Access: Enabled. Examples: The following command clears the names of ports 1 through 4: DWS-1008# clear port 1-4 name See Also: • set port name clear port type Caution: When you clear a port, MSS ends user sessions that are using the port.
  • Page 40 Not applicable. parameters Maximum user sessions Not applicable. Examples: The following command clears port 5: DWS-1008# clear port type 5 This may disrupt currently authenticated users. Are you sure? (y/n) [n]y success: change accepted. See Also: • set port type ap •...
  • Page 41: Monitor Port Counters

    5 seconds. This interval cannot be configured. Statistics types are displayed in the following order by default: • Octets • Packets • Receive errors • Transmit errors • Collisions • Receive Ethernet statistics • Transmit Ethernet statistics Access: All. D-Link DWS-1008 CLI Manual...
  • Page 42 Port Status Rx Unicast Rx NonUnicast Tx Unicast Tx NonUnicast =========================================================== 54620 62144 58318 62556 The following table describes the port statistics displayed by each statistics option. The Port and Status fields are displayed for each option. D-Link DWS-1008 CLI Manual...
  • Page 43 Number of frames received by the port that were fewer than Rx Short 64 bytes long. Number of frames received by the port that were valid but were longer than 1518 bytes. Rx Overrun This statistic does not include jumbo packets with valid CRCs. D-Link DWS-1008 CLI Manual...
  • Page 44 Number of packets transmitted that were 128-255 bytes long. Tx 511 Number of packets transmitted that were 256-511 bytes long. transmit-etherstats Number of packets transmitted that were 512-1023 bytes Tx 1023 long. Number of packets transmitted that were 1024-1518 bytes Tx 1518 long. D-Link DWS-1008 CLI Manual...
  • Page 45: Reset Port

    DWS-1008 switch through an intermediate Layer 2 or Layer 3 network. Note. Before configuring a Distributed AP, you must use the set system countrycode command to set the IEEE 802.11 country-specific regulations on the DWS-1008 switch. See set system countrycode.
  • Page 46: Set Port

    Access: Enabled. Examples: The following command configures Distributed AP 1 for AP model MP-372 with serial-ID 0322199999: DWS-1008# set dap 1 serial-id 0322199999 model mp-372 success: change accepted. The following command removes Distributed AP 1: DWS-1008# clear dap 1 This will clear specified DAP devices. Would you like to continue? (y/n)
  • Page 47 Examples: The following command configures a port group named server1 containing ports 1 through 5, and enables the link: DWS-1008# port-group name server1 1-5 mode on success: change accepted. D-Link DWS-1008 CLI Manual...
  • Page 48 The following commands disable the link for port group server1, change the list of ports in the group, and reenable the link: DWS-1008# set port-group name server1 1-5 mode off success: change accepted. DWS-1008# set port-group name server1 1-4,7 mode on success: change accepted.
  • Page 49: Set Port Mirror

    Configures port mirroring. Port mirroring is a troubleshooting feature that copies (mirrors) traffic sent or received by a DWS-1008 port (the source port) to another port (the observer) on the same DWS-1008. You can attach a protocol analyzer to the observer port to examine the source port’s traffic.
  • Page 50: Set Port Negotiation

    The DWS-1008 Ethernet ports support half-duplex and full-duplex operation. D-Link recommends that you do not configure the mode of a DWS-1008 port so that one side of the link is set to autonegotiation while the other side is set to full-duplex. Although MSS allows this configuration, it can result in slow throughput on the link.
  • Page 51: Set Port Poe

    A stream of large packets sent to an DWS-1008 port in such a configuration can cause forwarding on the link to stop. Examples: The following command disables autonegotiation on ports 1, 2, and 4 through 6: DWS-1008# set port negotiation 1,2,4-6 disable...
  • Page 52: Set Port Speed

    Defaults: All ports are set to auto. Access: Enabled. Usage: D-Link recommends that you do not configure the mode of a switch port so that one side of the link is set to autonegotiation while the other side is set to full-duplex. Although MSS allows this configuration, it can result in slow throughput on the link.
  • Page 53: Set Port Trap

    Examples: The following command sets the port speed on ports 1, 3 through 5, and 8 to 10 Mbps and sets the operating mode to full-duplex: DWS-1008# set port speed 1,3-5,8 10 set port trap Enables or disables Simple Network Management Protocol (SNMP) linkup and linkdown traps on an individual port.
  • Page 54: Set Port Type Ap

    Caution! When you set the port type for AP use, you must specify the PoE state (enable or disable) of the port. Use the DWS-1008’s PoE to power D-Link access points or PoE enabled devices only. If you enable PoE on a port connected to another device, physical damage to the device can result.
  • Page 55 Examples: The following commands set port 2 for access point model DWL-8220AP, enables PoE on the port: DWS-1008# set port type ap 2 model DWL-8220AP poe enable This may affect the power applied on the configured ports. Would you like to continue? (y/n) [n]y success: change accepted.
  • Page 56 Denies authentication and prohibits the user from accessing the network over this port. web-portal Serves the user a web page from the DWS-1008’s nonvolatile storage for a secure login to the network. Defaults: The default tag-list is null (no tag values). The default number of sessions is 1. The default fallthru authentication type is none.
  • Page 57 Examples: The following command sets port 6 for a wired authentication user and specifies a maximum of three simultaneous user sessions: DWS-1008# set port type wired-auth 6 max-sessions 3 success: change accepted. See Also: • clear port type •...
  • Page 58: Show Port Counters

    Defaults: None. Access: All. Usage: You can specify one statistic type with the command. Examples: The following command shows octet statistics for port 3: DWS-1008> show port counters octets port 3 Port Status Rx Octets Tx Octets...
  • Page 59: Show Port Mirror

    Displays information for the specified port group. Defaults: None. Access: All. Examples: The following command displays the configuration of port group server2: DWS-1008# show port-group name server2 Port group: server2 is up Ports: 3, 5 The table below describes the fields in the show port-group output.
  • Page 60 List of physical ports. If you do not specify a port list, PoE information is displayed for all ports. Defaults: None. Access: All. Examples: The following command displays PoE information for all ports on a DWS-1008: DWS-1008# show port poe Link Port...
  • Page 61: Show Port Status

    List of physical ports. If you do not specify a port list, information is displayed for all ports. Defaults: None. Access: All. Examples: The following command displays information for all ports on a DWS-1008: DWS-1008# show port status Port Name...
  • Page 62: Vlan Commands

    64 show fdb on page 68 show fdb count on page 70 clear fdb on page 60 FDB Aging Timeout set fdb agingtime on page 65 show fdb agingtime on page 69 D-Link DWS-1008 CLI Manual...
  • Page 63: Clear Fdb

    Examples: The following command clears all static forwarding database entries that match VLAN blue: dws-1008# clear fdb static vlan blue success: change accepted. The following command clears all dynamic forwarding database entries that match all VLANs: dws-1008# clear fdb dynamic success: change accepted.
  • Page 64 Examples: The following command removes MAC address aa:bb:cc:dd:ee:ff from the list of addresses to which clients in VLAN abc_air are allowed to send traffic at Layer 2: DWS-1008# clear security l2-restrict vlan abc_air permit-mac aa:bb:cc:dd:ee:ff success: change accepted. See Also: •...
  • Page 65: Clear Vlan

    Usage: To clear MAC addresses from the list of addresses to which clients are allowed to send data, use the clear security l2-restrict command instead. Examples: The following command clears Layer 2 forwarding restriction statistics for VLAN abc_air: DWS-1008# clear security l2-restrict counters vlan abc_air success: change accepted. See Also: • clear security l2-restrict •...
  • Page 66 The following command removes port 4, which uses tag value 69, from VLAN red: DWS-1008# clear vlan red port 4 tag 69 This may disrupt user connectivity. Do you wish to continue? (y/n) [n]y success: change accepted.
  • Page 67: Set Fdb

    Examples: The following command adds a permanent entry for MAC address 00:11:22:aa:bb:cc on ports 3 and 5 in VLAN blue: DWS-1008# set fdb perm 00:11:22:aa:bb:cc port 3,5 vlan blue success: change accepted. The following command adds a static entry for MAC address 00:2b:3c:4d:5e:6f on port 1 in the...
  • Page 68: Set Fdb Agingtime

    Defaults: The aging timeout period is 300 seconds (5 minutes). Access: Enabled. Examples: The following command changes the aging timeout period to 600 seconds for entries that match VLAN orange: DWS-1008# set fdb agingtime orange age 600 success: change accepted. See Also: • show fdb agingtime set security l2-restrict Restricts Layer 2 forwarding between clients in the same VLAN.
  • Page 69: Set Vlan Name

    1. D-link also recommends that you do not rename the default VLAN. You cannot use a number as the first character in the VLAN name. D-Link recommends that you do not use the same name with different capitalizations for VLANs. For example, do not configure two separate VLANs with the names red and RED.
  • Page 70: Set Vlan Port

    VLAN. If you do specify a tag value, the switch sends tagged frames only for the VLAN. If you do specify a tag value, D-Link recommends that you use the same value as the VLAN number. MSS does not require the VLAN number and tag value to be the same but some other vendors’...
  • Page 71: Show Fdb

    To display only a portion of the database, use optional parameters to specify the types of entries you want to display. Examples: The following command displays all entries in the forwarding database: DWS-1008# show fdb all * = Static Entry. + = Permanent Entry. # = System Entry. VLAN TAG...
  • Page 72: Show Fdb Agingtime

    The top line of the display identifies the characters to distinguish among the entry types. The following command displays all entries that begin with the MAC address glob 00: DWS-1008# show fdb 00:* * = Static Entry. + = Permanent Entry. # = System Entry.
  • Page 73: Show Fdb Count

    VLAN name or number. Entries are listed for only the specified VLAN. Defaults: None. Access: All. Examples: The following command lists the number of dynamic entries that the forwarding database contains: DWS-1008# show fdb count dynamic Total Matching Entries = 2 See Also: • show fdb show security l2-restrict Displays configuration information and statistics for Layer 2 forwarding restriction.
  • Page 74: Show Vlan Config

    Examples: The following command shows Layer 2 forwarding restriction information for all VLANs: DWS-1008# show security l2-restrict VLAN Name Drops Permit MAC Hits ------------------------------------------------------------------------------------------------- default 00:0b:0e:02:53:3e 5947 00:30:b6:3e:5c:a8 vlan-2 04:04:04:04:04:04 The table describes the fields in the display. Field Discription VLAN VLAN number.
  • Page 75: See Also

    Examples: The following command displays information for VLAN burgundy: DWS-1008# show vlan config burgundy Admin VLAN Tunl Port VLAN Name Status State Affin Port State ------------------------------------------------------------------------------------------------------- burgundy none Up none Up none Up none Up none Up t:10.10.40.4 none Up The table below describes the fields in this display.
  • Page 76: Quality Of Service Commands

    The switch’s internal QoS map ensures that prioritized traffic remains prioritized while transiting through the DWS-1008 switch. A switch uses the QoS map to do the following: • Classify inbound packets by mapping their DSCP values to one of eight internal QoS values •...
  • Page 77 Access: Enabled. Examples: The following command maps internal CoS value 5 to DSCP value 50: DWS-1008# set qos cos-to-dscp-map 5 dscp 50 warning: cos 5 is marked with dscp 50 which will be classified as cos 6 If the change results in a change to CoS, MSS displays a warning message indicating the change.
  • Page 78: Show Qos

    Access: Enabled. Examples: The following command maps DSCP values 40-56 to internal CoS value 6: DWS-1008# set qos dscp-to-cos-map 40-56 cos 6 warning: cos 5 is marked with dscp 63 which will be classified as cos 7 warning: cos 7 is marked with dscp 56 which will be classified as cos 6 As shown in this example, if the change results in a change to CoS, MSS displays a warning message indicating the change.
  • Page 79 Examples: The following command displays the default QoS settings: DWS-1008# show qos default Ingress QoS Classification Map (dscp-to-cos) Ingress DSCP CoS Level =============================================================== 00-09 10-19 20-29 30-39 40-49 50-59 60-63 Egress QoS Marking Map (cos-to-dscp) CoS Level =============================================================== Egress DSCP...
  • Page 80: Ip Services Commands

    • Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP traps Examples: The following command removes the IP interface configured on VLAN mauve: DWS-1008# clear interface mauve ip success: cleared ip on vlan mauve See Also: •...
  • Page 81: Clear Ip Alias

    Syntax: clear ip alias name name Alias name. Defaults: None. Access: Enabled. Examples: The following command removes the alias server1: DWS-1008# clear ip alias server1 success: change accepted. See Also: • set ip alias • show ip alias clear ip dns domain Removes the default DNS domain name.
  • Page 82: Clear Ip Dns Server

    Removes a DNS server from a DWS-1008 switch configuration. Syntax: clear ip dns server ip-addr ip-addr IP address of a DNS server. Defaults: None. Access: Enabled. Examples: The following command removes DNS server 10.10.10.69 from a switch’s configuration: DWS-1008# clear ip dns server 10.10.10.69...
  • Page 83: Clear Ip Telnet

    • set ip route • show ip route clear ip telnet Resets the Telnet server’s TCP port number to its default value. A DWS-1008 switch listens for Telnet management traffic on the Telnet server port. Syntax: clear ip telnet Defaults: The default Telnet port number is 23.
  • Page 84: Clear Ntp Server

    Removes all NTP servers from the configuration. Defaults: None. Access: Enabled. Examples: The following command removes NTP server 192.168.40.240 from a switch configuration: DWS-1008# clear ntp server 192.168.40.240 success: change accepted. See Also: • clear ntp update-interval • set ntp •...
  • Page 85: Clear Snmp Community

    Name of the SNMP community you want to clear. Defaults: None. Access: Enabled. Examples: The following command clears community string setswitch2: DWS-1008# clear snmp community name setswitch2 success: change accepted. See Also: • set snmp community • show snmp community clear snmp notify profile Clears an SNMP notification profile.
  • Page 86: Clear Snmp Notify Target

    ID of the target. Defaults: None. Access: Enabled. Examples: The following command clears notification target 3: DWS-1008# clear snmp notify target 3 success: change accepted. See Also: • set snmp notify target • show snmp notify target clear snmp usm Clears an SNMPv3 user.
  • Page 87: Clear Summertime

    Clears the summertime setting from a DWS-1008 switch. Syntax: clear summertime Defaults: None. Access: Enabled. Examples: To clear the summertime setting from a switch, type the following command: DWS-1008# clear summertime success: change accepted. See Also: • clear timezone •...
  • Page 88: Clear Timezone

    Sends new ping packets as quickly as replies are received, or 100 times per second, whichever is greater. Note: Use the flood option sparingly. This option creates a lot of traffic and can affect other traffic on the network. D-Link DWS-1008 CLI Manual...
  • Page 89 • interval—100 (one tenth of a second) • size—56. Access: Enabled. Usage: To stop a ping command that is in progress, press Ctrl+C. A DWS-1008 switch cannot ping itself. MSS does not support this. Examples: The following command pings a device that has IP address 10.1.1.1: DWS-1008# ping 10.1.1.1...
  • Page 90: Set Arp

    Access: Enabled. Examples: The following command adds a static ARP entry that maps IP address 10.10.10.1 to MAC address 00:bb:cc:dd:ee:ff: DWS-1008# set arp static 10.10.10.1 00:bb:cc:dd:ee:ff success: added arp 10.10.10.1 at 00:bb:cc:dd:ee:ff on VLAN 1 See Also: • set arp agingtime •...
  • Page 91: Set Interface

    To reset the ARP aging timeout to its default value, use the set arp agingtime 1200 command. Examples: The following command changes the ARP aging timeout to 1800 seconds: DWS-1008# set arp agingtime 1800 success: set arp aging time to 1800 seconds...
  • Page 92 Enables the DHCP client on the VLAN. disable Disables the DHCP client on the VLAN. Defaults: The DHCP client is disabled by default on the DWS-1008. Access: Enabled. Usage: You can enable the DHCP client on one VLAN only. You can configure the DHCP client on more than one VLAN, but the client can be active on only one VLAN.
  • Page 93 IP address of the DHCP client’s default router. Defaults: The DHCP server is enabled by default on a new (unconfigured) DWS-1008 in order to provide an IP address to the host connected to the switch for access to the Web Quick Start.
  • Page 94: Set Interface Status

    DHCP client’s subnet. Otherwise, the MSS DHCP server does not specify a router address. Examples: The following command enables the DHCP server on VLAN red-vlan to serve addresses from the 192.168.1.5 to 192.168.1.25 range: DWS-1008# set interface red-vlan ip dhcp-server enable start 192.168.1.5 stop 192.168.1.25 success: change accepted. See Also: •...
  • Page 95: Set Ip Alias

    Enables DNS. disable Disables DNS. Defaults: DNS is disabled by default. Access: Enabled. Examples: The following command enables DNS on a DWS-1008 switch: DWS-1008# set ip dns enable Start DNS Client See Also: • clear ip dns domain • clear ip dns server •...
  • Page 96: Set Ip Dns Domain

    Aliases take precedence over DNS. When you enter a hostname, MSS checks for an alias with that name first, before using DNS to resolve the name. Examples: The following command configures the default domain name example.com: DWS-1008# set ip dns domain example.com Domain name changed See Also: •...
  • Page 97: Set Ip Https Server

    Defaults: None. Access: Enabled. Usage: You can configure a DWS-1008 switch to use one primary DNS server and up to five secondary DNS servers. Examples: The following commands configure a DWS-1008 switch to use a primary DNS server and two secondary DNS servers: DWS-1008# set ip dns server 10.10.10.50/24 primary...
  • Page 98: Set Ip Route

    Syntax: set ip route {default | ip-addr mask | ip-addr/mask-length} default-router metric default Default route. A DWS-1008 switch uses the default route if an explicit route is not available for the destination. Note: default is an alias for IP address 0.0.0.0/0.
  • Page 99: Set Ip Snmp Server

    DWS-1008# set ip route default 10.2.4.17 2 success: change accepted. The following command adds an explicit route from a DWS-1008 switch to any host on the 192.168.4.x subnet through the local router 10.5.4.2, and gives the route a cost of 1: DWS-1008# set ip route 192.168.4.0 255.255.255.0 10.5.4.2 1...
  • Page 100 • show snmp configuration set ip ssh Changes the TCP port number on which a DWS-1008 switch listens for Secure Shell (SSH) management traffic. Caution: If you change the SSH port number from an SSH session, MSS immediately ends the session.
  • Page 101: Set Ip Ssh Server

    Usage: SSH requires an SSH authentication key. You can generate one or allow MSS to generate one. The first time an SSH client attempts to access the SSH server on a DWS-1008 switch, the switch automatically generates a 1024-byte SSH key.
  • Page 102: Set Ip Telnet Server

    Defaults: The Telnet server is disabled by default. Access: Enabled. Usage: The maximum number of Telnet sessions supported on a DWS-1008 switch is eight. If SSH is also enabled, the switch can have up to eight Telnet or SSH sessions, in any combination, and one console session.
  • Page 103: Set Ntp

    Usage: If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes, convergence of the switch time can take many NTP update intervals. D-link recommends that you set the time manually to the NTP server time before enabling NTP to avoid a significant delay in convergence.
  • Page 104 Examples: The following command configures a switch to use NTP server 192.168.1.5: DWS-1008# set ntp server 192.168.1.5 See Also: • clear ntp server • clear ntp update-interval • set ntp • set ntp update-interval • show ntp set ntp update-interval Changes how often MSS sends queries to the NTP servers for updates.
  • Page 105: Set Snmp Community

    Defaults: None. Access: Enabled. Usage: SNMP community strings are passed as clear text in SNMPv1 and SNMPv2c. D-Link recommends that you use strings that cannot easily be guessed by unauthorized users. For example, do not use the well-known strings public and private.
  • Page 106: Set Snmp Notify Profile

    DWS-1008# set snmp community read-write good_community success: change accepted. The following command configures community string switchmgr1 with access level notify-read- write: DWS-1008# set snmp community name switchmgr1 notify-read-write success: change accepted. See Also: • clear snmp community • set ip snmp server •...
  • Page 107 • ClientDeAssociationTraps—Generated when a client is dissociated from a radio. • ClientDot1xFailureTraps—Generated when a client experiences an 802.1X failure. • ClientRoamingTraps—Generated when a client roams. • CounterMeasureStartTraps—Generated when MSS begins countermeasures against a rogue access point. D-Link DWS-1008 CLI Manual...
  • Page 108 • RFDetectSpoofedMacAPTraps—Generated when MSS detects a wireless packet with the source MAC address of a D-Link AP, but without the spoofed AP’s signature (fingerprint). • RFDetectSpoofedSsidAPTraps—Generated when MSS detects beacon frames for a valid SSID, but sent by a rogue AP.
  • Page 109 Examples: The following command changes the action in the default notification profile from drop to send for all notification types: DWS-1008# set snmp notify profile default send all success: change accepted. The following commands create notification profile snmpprof_rfdetect, and change the action to...
  • Page 110: Set Snmp Notify Target

    DWS-1008# set snmp notify profile snmpprof_rfdetect send RFDetectSpoofedSsidAPTraps success: change accepted. DWS-1008# set snmp notify profile snmpprof_rfdetect send RFDetectUnAuthorizedAPTraps success: change accepted. DWS-1008# set snmp notify profile snmpprof_rfdetect send RFDetectUnAuthorizedOuiTraps success: change accepted. DWS-1008# set snmp notify profile snmpprof_rfdetect send RFDetectUnAuthorizedSsidTraps success: change accepted.
  • Page 111 USM username. This option is applicable only when the SNMP version is usm. profile profile-name Notification profile this SNMP user will use to specify the notification types to send or drop. D-Link DWS-1008 CLI Manual...
  • Page 112 You can specify from 1 to 5 seconds. SNMPv2c with Traps To configure a notification target for traps from SNMPv2c, use the following command: Syntax: set snmp notify target target-num ip-addr[:udp-port-number] v2c community-string trap [profile profile-name] D-Link DWS-1008 CLI Manual...
  • Page 113 Use trap if you do not want acknowledgements. The inform option is applicable to SNMP version v2c or usm only. Examples: The following command configures a notification target for acknowledged notifications: DWS-1008# set snmp notify target 1 10.10.40.9 usm inform user securesnmpmgr1 snmp-engine-id ip success: change accepted. D-Link DWS-1008 CLI Manual...
  • Page 114: Set Snmp Protocol

    The MSS SNMP engine will send notifications based on the default profile, and will require the target to acknowledge receiving them. The following command configures a notification target for unacknowledged notifications: DWS-1008# set snmp notify target 2 10.10.40.10 v1 trap success: change accepted. See Also: •...
  • Page 115: Set Snmp Security

    SNMPv1 or SNMPv2c, leave the minimum level of SNMP security set to unsecured. Examples: The following command sets the minimum level of SNMP security allowed to authentication and encryption: DWS-1008# set snmp security encrypted success: change accepted. See Also: • set ip snmp server •...
  • Page 116: Set Snmp Usm

    • notify-read-write—An SNMP management application using the string can get and set object values on the switch. The switch can use the string to send notifications. D-Link DWS-1008 CLI Manual...
  • Page 117 The following command creates USM user securesnmpmgr1, which uses SHA authentication and 3DES encryption with passphrases. This user can send informs to the notification receiver that has engine ID 192.168.40.2. DWS-1008# set snmp usm securesnmpmgr1 snmp-engine-id ip 192.168.40.2 auth- type sha auth-pass-phrase myauthpword encrypt-type 3des encrypt-pass-phrase mycryptpword success: change accepted.
  • Page 118: Set Summertime

    Offsets the real-time clock of a DWS-1008 switch by +1 hour and returns it to standard time for daylight savings time or a similar summertime period that you set. Syntax: set summertime summer-name [start week weekday month hour min...
  • Page 119 Examples: The following commands configure an IP interface on VLAN taupe and configure the interface to be the system IP address: DWS-1008# set interface taupe ip 10.10.20.20/24 success: set ip address 10.10.20.20 netmask 255.255.255.0 on vlan taupe DWS-1008# set system ip-address 10.10.20.20 success: change accepted.
  • Page 120: Set Timedate

    Sets the time of day and date on the DWS-1008 switch. Syntax: set timedate {date mmm dd yyyy [time hh:mm:ss]} date mmm dd yyyy System date: • mmm—month. • dd—day. • yyyy—year. time hh:mm:ss System time, in hours, minutes, and seconds.
  • Page 121: Show Arp

    Defaults: If this command is not used, then the default time zone is UTC. Access: Enabled. Examples: To set the time zone for Pacific Standard Time (PST), type the following command: DWS-1008# set timezone PST -8 Timezone is set to ‘PST’, offset from UTC is -8:0 hours. See Also: •...
  • Page 122 DWS-1008# show dhcp-client Interface: corpvlan(4) Configuration Status: Enabled DHCP State: IF_UP Lease Allocation: 65535 seconds Lease Remaining: 65532 seconds IP Address: 10.3.1.110 Subnet Mask: 255.255.255.0 Default Gateway: 10.3.1.1 DHCP Server: 10.3.1.4 DNS Servers: 10.3.1.29 DNS Domain Name: mycorp.com D-Link DWS-1008 CLI Manual...
  • Page 123 Examples: The following command displays the addresses leased by the MSS DHCP server: DWS-1008# show dhcp-server VLAN Name Address Lease Remaining (sec) -------------------------------------------------------------------------------------------------------- default 10.10.20.2 00:01:02:03:04:05 12345 default 10.10.20.3 00:01:03:04:06:07 2103 red-vlan 192.168.1.5 00:01:03:04:06:08 102 red-vlan 192.168.1.7 00:01:03:04:06:09 16789 D-Link DWS-1008 CLI Manual...
  • Page 124 The following command displays configuration and status information for each VLAN on which the DHCP server is configured: DWS-1008# show dhcp-server verbose Interface: 0 (Direct AP) Status: Address Range: 10.0.0.1-10.0.0.253 Interface: default(1) Status: Address Range: 10.10.20.2-10.10.20.254 Hardware Address: 00:01:02:03:04:05 State:...
  • Page 125: Show Interface

    10.10.10.10 netmask 255.255.255.0 on vlan default The following command configures IP interface 10.10.20.10 255.255.255.0 on VLAN mauve: DWS-1008# set interface mauve ip 10.10.20.10 255.255.255.0 success: set ip address 10.10.20.10 netmask 255.255.255.0 on vlan mauve See Also: •...
  • Page 126 VLAN, but only the client or the server can be enabled. The DHCP client and DHCP server cannot both be enabled on the same VLAN at the same time. Examples: The following command enables the DHCP client on VLAN corpvlan: DWS-1008# set interface corpvlan ip dhcp-client enable success: change accepted. See Also: •...
  • Page 127 Note: Use of the MSS DHCP server to allocate client addresses is intended for temporary, demonstration deployments and not for production networks. D-Link recommends that you do not use the MSS DHCP server to allocate client addresses in a production network.
  • Page 128 DHCP client’s subnet. Otherwise, the MSS DHCP server does not specify a router address. Examples: The following command enables the DHCP server on VLAN red-vlan to serve addresses from the 192.168.1.5 to 192.168.1.25 range: DWS-1008# set interface red-vlan ip dhcp-server enable start 192.168.1.5 stop 192.168.1.25 success: change accepted. See Also: •...
  • Page 129 Enables DNS. disable Disables DNS. Defaults: DNS is disabled by default. Access: Enabled. Examples: The following command enables DNS on a DWS-1008 switch: DWS-1008# set ip dns enable Start DNS Client See Also: • clear ip dns domain • clear ip dns server •...
  • Page 130 Aliases take precedence over DNS. When you enter a hostname, MSS checks for an alias with that name first, before using DNS to resolve the name. Examples: The following command configures the default domain name example.com: DWS-1008# set ip dns domain example.com Domain name changed See Also: •...
  • Page 131 • show ip dns set ip https server Enables the HTTPS server on a DWS-1008 switch. The HTTPS server is required for Web View access to the switch. Caution: If you disable the HTTPS server, Web View access to the switch is disabled.
  • Page 132 Syntax: set ip route {default | ip-addr mask | ip-addr/mask-length} default-router metric default Default route. A DWS-1008 switch uses the default route if an explicit route is not available for the destination. Note: default is an alias for IP address 0.0.0.0/0.
  • Page 133 Disables the SNMP service. Defaults: The SNMP service is disabled by default. Access: Enabled. Examples: The following command enables the SNMP server on a DWS-1008 switch: DWS-1008# set ip snmp server enable success: change accepted. D-Link DWS-1008 CLI Manual...
  • Page 134 Usage: SSH requires an SSH authentication key. You can generate one or allow MSS to generate one. The first time an SSH client attempts to access the SSH server on a DWS-1008 switch, the switch automatically generates a 1024-byte SSH key.
  • Page 135 Changes the TCP port number on which a DWS-1008 switch listens for Telnet management traffic. Caution: If you change the Telnet port number from a Telnet session, MSS immediately ends the session. To open a new management session, you must Telnet to the switch with the new Telnet port number.
  • Page 136 Usage: If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes, convergence of the switch time can take many NTP update intervals. D-Link recommends that you set the time manually to the NTP server time before enabling NTP to avoid a significant delay in convergence.
  • Page 137 Configures a DWS-1008 switch to use an NTP server. Syntax: set ntp server ip-addr ip-addr IP address of the NTP server, in dotted decimal notation. Defaults: None. Access: Enabled. Usage: You can configure up to three NTP servers. MSS queries all the servers and selects the best response based on the method described in RFC 1305, Network Time Protocol (Version 3) Specification, Implementation and Analysis.
  • Page 138 Defaults: None. Access: Enabled. Usage: SNMP community strings are passed as clear text in SNMPv1 and SNMPv2c. D-Link recommends that you use strings that cannot easily be guessed by unauthorized users. For example, do not use the well-known strings public and private.
  • Page 139 The following command configures community string switchmgr1 with access level notify-read- write: DWS-1008# set snmp community name switchmgr1 notify-read-write success: change accepted. See Also: • clear snmp community • set ip snmp server • set snmp notify target • set snmp notify profile •...
  • Page 140 • RFDetectDoSTraps—Generated when MSS detects a DoS attack other than an associate request flood, reassociate request flood, or disassociate request flood. • RFDetectInterferingRogueAPTraps—Generated when interfering device detected. • RFDetectInterferingRogueDisappearTraps—Generated when an interfering device is no longer detected. D-Link DWS-1008 CLI Manual...
  • Page 141 • RFDetectSpoofedMacAPTraps—Generated when MSS detects a wireless packet with the source MAC address of a D-Link AP, but without the spoofed MP’s signature (fingerprint). • RFDetectSpoofedSsidAPTraps—Generated when MSS detects beacon frames for a valid SSID, but sent by a rogue AP.
  • Page 142 DWS-1008# set snmp notify profile snmpprof_rfdetect send RFDetectInterferingRogueDisappearTraps success: change accepted. DWS-1008# set snmp notify profile snmpprof_rfdetect send RFDetectRogueAPTraps success: change accepted. DWS-1008# set snmp notify profile snmpprof_rfdetect send RFDetectRogueDisappearTraps success: change accepted. DWS-1008# set snmp notify profile snmpprof_rfdetect send RFDetectSpoofedMacAPTraps success: change accepted.
  • Page 143 | encrypted} SNMP version is usm: • unsecured—Message exchanges are not authenticated, nor are they encrypted. This is the default. • authenticated—Message exchanges are authenticated, but are not encrypted. • encrypted—Message exchanges are authenticated and encrypted. D-Link DWS-1008 CLI Manual...
  • Page 144 | encrypted} SNMP version is usm: • unsecured—Message exchanges are not authenticated, nor are they encrypted. This is the default. • authenticated—Message exchanges are authenticated, but are not encrypted. • encrypted—Message exchanges are authenticated and encrypted. D-Link DWS-1008 CLI Manual...
  • Page 145 IP address of the server. You also can specify the UDP port number to send notifications to. community-string Community string. profile profile-name Notification profile this SNMP user will use to specify the notification types to send or drop. D-Link DWS-1008 CLI Manual...
  • Page 146 Examples: The following command configures a notification target for acknowledged notifications: DWS-1008# set snmp notify target 1 10.10.40.9 usm inform user securesnmpmgr1 snmp-engine-id ip success: change accepted. This command configures target 1 at IP address 10.10.40.9. The target’s SNMP engine ID is based on its address.
  • Page 147 IP address. You also must enable the SNMP service using the set ip snmp server command. Examples: The following command enables all SNMP versions: DWS-1008# set snmp protocol all enable success: change accepted. See Also: • set ip snmp server •...
  • Page 148 SNMPv1 or SNMPv2c, leave the minimum level of SNMP security set to unsecured. Examples: The following command sets the minimum level of SNMP security allowed to authentication and encryption: DWS-1008# set snmp security encrypted success: change accepted. See Also: • set ip snmp server •...
  • Page 149 • notify-read-write—An SNMP management application using the string can get and set object values on the switch. The switch can use the string to send notifications. D-Link DWS-1008 CLI Manual...
  • Page 150 • To specify a passphrase, use the encrypt-pass-phrase string option. The string can be from 8 to 32 alphanumeric characters long, with no spaces. • To specify a key, use the encrypt-key hex-string option. D-Link DWS-1008 CLI Manual...
  • Page 151 The following command creates USM user securesnmpmgr1, which uses SHA authentication and 3DES encryption with passphrases. This user can send informs to the notification receiver that has engine ID 192.168.40.2. DWS-1008# set snmp usm securesnmpmgr1 snmp-engine-id ip 192.168.40.2 auth-type sha auth-pass-phrase myauthpword encrypt-type 3des encrypt-pass-phrase mycryptpword success: change accepted.
  • Page 152 Otherwise, summertime’s adjustment of the time will make the time incorrect, if the date is within the summertime period. Examples: To enable summertime and set the summertime time zone to PDT (Pacific Daylight Time), type the following command: DWS-1008# set summertime PDT success: change accepted See Also: • clear summertime •...
  • Page 153 Syntax: set system ip-address ip-addr ip-addr IP address, in dotted decimal notation. The address must be configured on one of the DWS-1008 switch’s VLANs. Defaults: None. Access: Enabled. Usage: You must use an address that is configured on one of the switch’s VLANs.
  • Page 154 Examples: The following command sets the date to March 13, 2003 and time to 11:11:12: DWS-1008# set timedate date feb 29 2004 time 23:58:00 Time now is: Sun Feb 29 2004, 23:58:02 PST See Also: •...
  • Page 155 Defaults: If this command is not used, then the default time zone is UTC. Access: Enabled. Examples: To set the time zone for Pacific Standard Time (PST), type the following command: DWS-1008# set timezone PST -8 Timezone is set to ‘PST’, offset from UTC is -8:0 hours. See Also: •...
  • Page 156 DWS-1008# show dhcp-client Interface: corpvlan(4) Configuration Status: Enabled DHCP State: IF_UP Lease Allocation: 65535 seconds Lease Remaining: 65532 seconds IP Address: 10.3.1.110 Subnet Mask: 255.255.255.0 Default Gateway: 10.3.1.1 DHCP Server: 10.3.1.4 DNS Servers: 10.3.1.29 DNS Domain Name: mycorp.com D-Link DWS-1008 CLI Manual...
  • Page 157 Examples: The following command displays the addresses leased by the MSS DHCP server: DWS-1008# show dhcp-server VLAN Name Address Lease Remaining (sec) -------------------------------------------------------------------------------------------------------- default 10.10.20.2 00:01:02:03:04:05 12345 default 10.10.20.3 00:01:03:04:06:07 2103 red-vlan 192.168.1.5 00:01:03:04:06:08 red-vlan 192.168.1.7 00:01:03:04:06:09 16789 D-Link DWS-1008 CLI Manual...
  • Page 158 The following command displays configuration and status information for each VLAN on which the DHCP server is configured: DWS-1008# show dhcp-server verbose Interface: 0 (Direct AP) Status: Address Range: 10.0.0.1-10.0.0.253 Interface: default(1) Status: Address Range: 10.10.20.2-10.10.20.254 Hardware Address: 00:01:02:03:04:05 State:...
  • Page 159 The table below describes the fields in this display. Field Description VLAN VLAN number. Name VLAN name. Address IP address. Mask Subnet mask. Administrative state: Enabled • YES (enabled) • NO (disabled) Link state: State • Up (operational) • Down (unavailable) Routing Information Base D-Link DWS-1008 CLI Manual...
  • Page 160: Show Ip Alias

    Displays the IP aliases configured on the DWS-1008 switch. Syntax: show ip alias [name] name Alias string. Defaults: If you do not specify an alias name, all aliases are displayed. Access: Enabled. Examples: The following command displays all the aliases configured on a switch:...
  • Page 161: Show Ip Dns

    Displays the DNS servers the switch is configured to use. Syntax: show ip dns Defaults: None. Access: All. Examples: The following command displays the DNS information: DWS-1008# show ip dns Domain Name: example.com DNS Status: enabled IP Address Type ------------------------------------- 10.1.1.1...
  • Page 162: Show Ip Https

    Defaults: None. Access: All. Examples: The following command shows the status and port number for the HTTPS management interface to the switch: DWS-1008> show ip https HTTPS is enabled HTTPS is set to use port 443 Last 10 Connections: IP Address...
  • Page 163: Show Ip Route

    If the switch has such an interface but the static route is still down, use the show vlan config command to check the state of the VLAN’s ports. Examples: The following command shows all routes in a switch’s IP route table: DWS-1008# show ip route Router table for IPv4 Destination/Mask...
  • Page 164: Show Ip Telnet

    Syntax: show ip telnet Defaults: None. Access: All. Examples: The following command shows the status and port number for the Telnet management interface to the switch: DWS-1008> show ip telnet Server Status Port ---------------------------------- Enabled The table below describes the fields in this display.
  • Page 165: Show Ntp

    Displays NTP client information. Syntax: show ntp Defaults: None. Access: All. Examples: To display NTP information for a DWS-1008 switch, type the following command: DWS-1008> show ntp NTP client: enabled Current update-interval: 20(secs) Current time: Fri Feb 06 2004, 12:02:57 Timezone is set to ‘PST’, offset from UTC is -8:0 hours.
  • Page 166: Show Snmp Community

    • clear snmp notify profile • set snmp notify profile show snmp notify target Displays SNMP notification targets. Syntax: show snmp notify target Defaults: None. Access: Enabled. See Also: • clear snmp notify target • set snmp notify target D-Link DWS-1008 CLI Manual...
  • Page 167: Show Snmp Status

    • show snmp notify profile • show snmp notify target • show snmp usm show snmp usm Displays information about SNMPv3 users. Defaults: None. Access: Enabled. See Also: • clear snmp usm • show snmp usm D-Link DWS-1008 CLI Manual...
  • Page 168: Show Summertime

    • set timezone • show timedate • show timezone show timedate Shows the date and time of day currently set on a DWS-1008 switch’s real-time clock. Syntax: show timedate Defaults: None. Access: All. Examples: To display the time and date set on a switch’s real-time clock, type the following...
  • Page 169: Show Timezone

    To end a client session from the local device, use the clear sessions telnet client command. If the configuration of the switch from which you enter the telnet command has an ACL that denies Telnet client traffic, the ACL also denies access by the telnet command. D-Link DWS-1008 CLI Manual...
  • Page 170 Up none Up When the administrator presses Ctrl+t to end the Telnet connection, the management session returns to the local DWS prompt: DWS-1008-remote> Session 0 pty tty2.d terminated tt name tty2.d DWS-1008# See Also: • clear sessions • show sessions...
  • Page 171 (192.168.22.7), 30 hops max, 38 byte packets 1 engineering-1.example.com (192.168.192.206) 2 ms 1 ms 1 ms 2 engineering-2.example.com (192.168.196.204) 2 ms 3 ms 2 ms 3 gateway_a.example.com (192.168.1.201) 6 ms 3 ms 3 ms 4 server1.example.com (192.168.22.7) 3 ms * 2 ms D-Link DWS-1008 CLI Manual...
  • Page 172 No route to host. The host is unreachable. Connection refused. The protocol is unreachable. Fragmentation needed but Do Not Fragment (DNF) bit was set. Source route failed. Communication administratively prohibited. Unknown error occurred. See Also: • ping D-Link DWS-1008 CLI Manual...
  • Page 173: Aaa Commands

    212 clear accounting on page 171 AAA information show aaa on page 210 Location Policy set location policy on page 197 show location policy on page 213 clear location policy on page 175 D-Link DWS-1008 CLI Manual...
  • Page 174: Clear Accounting

    (@) or a period (.). Defaults: None. Access: Enabled. Examples: The following command removes accounting services for authorized network user Nin: DWS-1008# clear accounting dot1x Nin success: change accepted. See Also: • set accounting {admin | console} • set accounting system •...
  • Page 175: Clear Authentication Admin

    However, the options and behavior for the clear authentication admin command are the same as in previous releases. Examples: The following command clears authentication for administrator Jose: DWS-1008# clear authentication admin Jose success: change accepted. See Also: • clear authentication console •...
  • Page 176: Clear Authentication Dot1X

    Access: Enabled. Examples: The following command removes 802.1X authentication for network users with usernames ending in @thiscorp.com who try to access SSID finance: DWS-1008# clear authentication dot1x ssid finance *@thiscorp.com See Also: • clear authentication admin • clear authentication console •...
  • Page 177: Clear Authentication Mac

    MAC address glob associated with the rule you are removing. Access: Enabled. Examples: The following command removes a MAC authentication rule for access to SSID thatcorp by MAC addresses beginning with aa:bb:cc: DWS-1008# clear authentication mac ssid thatcorp aa:bb:cc:* See Also: • clear authentication admin • clear authentication console •...
  • Page 178: Clear Authentication Web

    User-glob associated with the rule you are removing. Defaults: None. Access: Enabled. Examples: The following command removes WebAAA for SSID research and userglob temp*@ thiscorp.com: DWS-1008# clear authentication web ssid research temp*@thiscorp.com See Also: • clear authentication admin • clear authentication console • clear authentication dot1x •...
  • Page 179 Usage: Deleting a MAC user’s profile from the database deletes the assignment of any attributes in the profile to the user. Examples: The following command removes the user profile for a user at MAC address 01:02:03:04:05:06: DWS-1008# clear mac-user 01:02:03:04:05:06 success: change accepted. See Also: • set mac-usergroup attr •...
  • Page 180 Defaults: None. Access: Enabled. Examples: The following command removes an access control list (ACL) from the profile of a user at MAC address 01:02:03:04:05:06: DWS-1008# clear mac-user 01:02:03:04:05:06 attr filter-id success: change accepted. See Also: • set mac-user attr • show aaa...
  • Page 181 Removes a user group from the local database on the DWS-1008 switch, for a group of users who are authenticated by a MAC address. (To delete a MAC user group in RADIUS, see the documentation for your RADIUS server.)
  • Page 182: Clear User

    Examples: The following command removes the members of the MAC user group eastcoasters from a VLAN assignment by deleting the VLAN-Name attribute from the group: DWS-1008# clear mac-usergroup eastcoasters attr vlan-name success: change accepted. See Also: • clear mac-usergroup • set mac-usergroup attr •...
  • Page 183: Clear User Attr

    Name of an attribute used to authorize the user for a particular service or session characteristic. Defaults: None. Access: Enabled. Examples: The following command removes the Session-Timeout attribute from Hosni’s user profile: DWS-1008# clear user Hosni attr session-timeout success: change accepted. See Also: • set user attr • show aaa clear user group Removes a user with a password from membership in a user group in the local database on the switch.
  • Page 184: Clear Usergroup

    Examples: The following command removes the user Nin from the user group Nin is in: DWS-1008# clear user Nin group success: change accepted. See Also: • clear usergroup • set user group • show aaa clear usergroup Removes a user group and its attributes from the local database on the switch, for users with passwords.
  • Page 185: Clear Usergroup Attr

    Access: Enabled. Examples: The following command removes the members of the user group cardiology from a network access time restriction by deleting the Time-Of-Day attribute from the group: DWS-1008# clear usergroup cardiology attr time-of-day success: change accepted. See Also: • clear usergroup •...
  • Page 186 MSS sends interim updates to the RADIUS server when the user roams. Examples: The following command issues start-and-stop accounting records at the local database for administrator Natasha, when she accesses the switch using Telnet or Web View: DWS-1008# set accounting admin Natasha start-stop local success: change accepted. See Also: •...
  • Page 187 When the local accounting storage space is full, MSS overwrites older records with new ones. • server-group-name—Stores accounting records on one or more Remote Authentication Dial-In User Service (RADIUS) servers. You can also enter the names of existing RADIUS server groups as methods. D-Link DWS-1008 CLI Manual...
  • Page 188: Set Accounting System

    MSS sends interim updates to the RADIUS server when the user roams. Examples: The following command issues stop-only records to the RADIUS server group sg2 for network user Nin, who is authenticated by 802.1X: DWS-1008# set accounting dot1x Nin stop-only sg2 success: change accepted. See Also: •...
  • Page 189: Set Authentication Admin

    The fallthru authentication type none denies access to a network user. For more information, see “Usage.” Defaults: By default, authentication is deactivated for all admin users. The default authentication method in an admin authentication rule is local. MSS checks the local database for authentication. Access: Enabled. D-Link DWS-1008 CLI Manual...
  • Page 190: Set Authentication Console

    Examples: The following command configures administrator Jose, who connects via Telnet, for authentication on RADIUS server group sg3: DWS-1008# set authentication admin Jose sg3 success: change accepted. See Also: •...
  • Page 191 MSS requires no username or password, by default. These users can press Enter at the prompts for administrative access. Note: D-Link recommends that you change the default setting unless the switch is in a secure physical location.
  • Page 192: Set Authentication Dot1X

    RADIUS server group. Examples: To set the console port so that it does not enforce username-password authentication for administrators, type the following command: DWS-1008# set authentication console * none success: change accepted. See Also: • clear authentication console •...
  • Page 193 • Only the server side of the connection needs a certificate. The wireless client authenticates using TLS to set up an encrypted session. Then MS-CHAP-V2 performs mutual authentication using the specified AAA method. • pass-through—MSS sends all the EAP protocol processing to a RADIUS server. D-Link DWS-1008 CLI Manual...
  • Page 194 In this case, if the switch’s configuration contains a set authentication mac command that matches the SSID the user is attempting to access and the user’s MAC address, MSS uses the method specified by the command. Otherwise, MSS uses local MAC authentication by default. D-Link DWS-1008 CLI Manual...
  • Page 195: Set Authentication Mac

    Examples: The following command configures EAP-TLS authentication in the local database for SSID mycorp and 802.1X client Geetha: DWS-1008# set authentication dot1x ssid mycorp Geetha eap-tls local success: change accepted. The following command configures PEAP-MS-CHAP-V2 authentication at RADIUS server groups sg1 through sg3 for all 802.1X clients at example.com who want to access SSID examplecorp:...
  • Page 196 (for WebAAA), or none. Examples: To use the local database to authenticate all users who access the mycorp2 SSID by their MAC address, type the following command: DWS-1008# set authentication ssid mycorp2 mac ** local success: change accepted. See Also: •...
  • Page 197: Set Authentication Proxy

    Examples: The following command configures a proxy authentication rule that matches on all usernames associated with SSID mycorp. MSS uses RADIUS server group srvrgrp1 to proxy RADIUS requests and hence to authenticate and authorize the users. DWS-1008# set authentication proxy ssid mycorp ** srvrgrp1 See Also: • clear authentication proxy •...
  • Page 198: Set Authentication Web

    EAP-TLS protocol. For more information, see “Usage.” Defaults: By default, authentication is unconfigured for all clients with network access through AP ports or wired authentication ports on the switch. Connection, authorization, and accounting are also disabled for these users. Access Enabled. D-Link DWS-1008 CLI Manual...
  • Page 199 For a wired authentication rule, the type is specified by the auth-fall-thru option of the set port type wired-auth command.) Examples: The following command configures a WebAAA rule in the local database for SSID ourcorp and userglob rnd*: DWS-1008# set authentication web ssid ourcorp rnd* local success: change accepted. See Also: • clear authentication web •...
  • Page 200: Set Location Policy

    SSID. Asterisks (wildcards) are not supported in SSID names. You must specify the complete SSID name. vlan operator vlan-glob VLAN-Name attribute assigned by AAA and condition by which to determine if the location policy rule applies. D-Link DWS-1008 CLI Manual...
  • Page 201 Access: Enabled. Usage: Only a single location policy is allowed per DWS-1008 switch. The location policy can contain up to 150 rules. Once configured, the location policy becomes effective immediately. To disable location policy operation, use the clear location policy command.
  • Page 202 ACLs svcs_2 to the traffic they send and svcs_3 to the traffic they receive: DWS-1008# set location policy permit inacl svcs_2 outacl svcs_3 if vlan eq bldg4.* The following command authorizes users entering the network on ports 2 through 4 and port 6 to...
  • Page 203 MSS does not support passwords for MAC users. Examples: The following command creates a user profile for a user at MAC address 01:02:03:04:05:06 and assigns the user to the eastcoasters user group: DWS-1008# set mac-user 01:02:03:04:05:06 group eastcoasters success: change accepted. See Also: •...
  • Page 204 Equivalent Privacy protocol using 104 bits encryption-type of key strength) Note: Encryption-Type is a D-Link vendor- • 16—WEP_40 (Wired-Equivalent Privacy specific attribute (VSA). The vendor ID is 14525, protocol using 40 bits of key strength) and the vendor type is 3.
  • Page 205 SSID the user is allowed to access after profile, and the service profile must be used by mode only) authentication. a radio profile assigned to D-Link radios in the network. Date and time, in the following format: Date and time at which the user becomes YY/MM/DD-HH:MM eligible to access the network.
  • Page 206 URL to which the user is redirected after (network access mode • $v—VLAN successful WebAAA. only) • $s—SSID • $p—Service profile name To use the literal character $ or ?, use the following: • $$ • $q D-Link DWS-1008 CLI Manual...
  • Page 207 Examples: The following command assigns input access control list (ACL) acl-03 to filter the packets from a user at MAC address 01:02:03:04:05:06: DWS-1008# set mac-user 01:02:03:04:05:06 attr filter-id acl-03.in success: change accepted. The following command restricts a user at MAC address 06:05:04:03:02:01 to network access between 7 p.m.
  • Page 208 MAC user group’s start date. Examples: The following command creates the MAC user group eastcoasters and assigns the group members to VLAN orange: DWS-1008# set mac-usergroup eastcoasters attr vlan-name orange success: change accepted. See Also: •...
  • Page 209: Set User

    Examples: The following command creates a user profile for user Nin in the local database, and assigns the password goody: DWS-1008# set user Nin password goody success: User Nin created The following command assigns the password chey3nne to the admin user:...
  • Page 210: Set User Attr

    The user does not need to wait for the user group’s start date. Examples: The following command assigns user Tamara to VLAN orange: DWS-1008# set user Tamara attr vlan-name orange success: change accepted. The following command limits the days and times when user Student1 can access the network, to 5 p.m.
  • Page 211: Set Usergroup

    Usage: MSS does not require users to belong to user groups. To create a user group, user the command set usergroup. Examples: The following command adds user Hosni to the cardiology user group: DWS-1008# set user Hosni group cardiology success: change accepted. See Also: •...
  • Page 212 See Also: • clear usergroup • clear usergroup attr • show aaa set web-portal Globally enables or disables WebAAA on a DWS-1008 switch. Syntax: set web-portal {enable | disable} enable Enables WebAAA on the switch. disable Disables WebAAA on the switch.
  • Page 213: Show Aaa

    ** peap-mschapv2 sg1 sg2 sg3 set accounting dot1x Nin ssid mycorp stop-only sg2 set accounting admin Natasha start-stop local user Nin Password = 082c6c64060b (encrypted) Filter-Id = acl-999.in Filter-Id = acl-999.out mac-user 01:02:03:04:05:06 usergroup eastcoasters session-timeout = 99 D-Link DWS-1008 CLI Manual...
  • Page 214 List of user and user group profiles stored in the local database on the switch. See Also: • set accounting {admin | console} • set authentication admin • set authentication console • set authentication dot1x • set authentication mac • set authentication web D-Link DWS-1008 CLI Manual...
  • Page 215 (To display RADIUS accounting records, see the documentation for your RADIUS server.) Syntax: show accounting statistics Defaults: None. Access: Enabled. Examples: To display the locally stored accounting records, type the following command: DWS-1008# show accounting statistics Dec 14 00:39:48 Acct-Status-Type=STOP Acct-Authentic=0 Acct-Multi-Session-Id=SESS-3-01f82f-520236-24bb1223...
  • Page 216 • clear accounting • set accounting {admin | console} • show aaa show location policy Displays the list of location policy rules that make up the location policy on a DWS-1008 switch. Syntax: show location policy Defaults: None. Access: Enabled.
  • Page 217: Cryptography Commands

    224 crypto certificate on page 216 show crypto certificate on page 225 PKCS#12 Certificate crypto otp on page 222 crypto pkcs12 on page 223 Self-Signed Certificate crypto generate self-signed on page 220 D-Link DWS-1008 CLI Manual...
  • Page 218 Open the PKCS#7 object file with an ASCII text editor such as Notepad orvi. Enter the crypto ca-certificate command on the CLI command line. When MSS prompts you for the PEM-formatted certificate, paste the PKCS#7 object file onto the command line. D-Link DWS-1008 CLI Manual...
  • Page 219: Crypto Certificate

    Examples The following command adds the certificate authority’s certificate to switch certificate and key storage: DWS-1008# crypto ca-certificate admin Enter PEM-encoded certificate -----BEGIN CERTIFICATE----- MIIDwDCCA2qgAwIBAgIQL2jvuu4PO5FAQCyewU3ojANBgkqhkiG9wOBAQUFADCB mzerMClaweVQQTTooewi\wpoer0QWNFNkj90044mbdrl1277SWQ8G7Diw YUtrqoQplKJvxz ..Lm8wmVYxP56M;CUAm908C2foYgOY40= -----END CERTIFICATE----- See Also: • show crypto ca-certificate crypto certificate Installs one of the switch’s PKCS#7 certificates into the certificate and key storage area on the switch.
  • Page 220: Crypto Generate Key

    The switch verifies the validity of the public key associated with this certificate before installing it, to prevent a mismatch between the switch’s private key and the public key in the installed certificate. Examples: The following command installs a certificate: DWS-1008# crypto certificate admin Enter PEM-encoded certificate -----BEGIN CERTIFICATE----- MIIBdTCP3wIBADA2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQOEx GjAYBgNVBAMU EXR1Y2hwdWJzQHRycHouY29tMIGfMAOGCSqGSIb3DQ EBAQAA4GNADCBiQKBgQC4 ..
  • Page 221: Crypto Generate Request

    1024-byte SSH key. If you want to use a 2048-byte key instead, use the crypto generate key ssh 2048 command to generate one. Examples: To generate an administrative key, type the following command: DWS-1008# crypto generate key admin 1024 key pair generated. See Also: •...
  • Page 222 PKCS#7 object file. Examples: To request an administrative certificate from a certificate authority, type the following command: DWS-1008# crypto generate request admin Country Name: US State Name: CA Locality Name: Pleasanton...
  • Page 223 (Optional) Specify the name of the organization, in up to 80 string alphanumeric characters with no spaces. Organizational Unit (Optional) Specify the name of the organizational unit, in up to 80 string alphanumeric characters with no spaces. D-Link DWS-1008 CLI Manual...
  • Page 224 Usage: To use this command, you must already have generated a public-private encryption key pair with the crypto generate key command. Examples: To request an administrative certificate from a certificate authority, type the following command: DWS-1008# crypto generate self-signed admin Country Name: State Name: Locality Name:...
  • Page 225: Crypto Otp

    PKCS#12 object file. MSS erases the one-time password after processing the cryptopkcs12 command or when you reboot the switch. D-Link recommends that you create a password that is memorable to you but is not subject to easy guesses or a dictionary attack. For best results, create a password of alphanumeric uppercase and lowercase characters.
  • Page 226: Crypto Pkcs

    PKCS#12 file: DWS-1008# copy tftp://192.168.253.1/2048full.p12 2048full.p12 success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec] DWS-1008# crypto otp eap hap9iN#ss OTP set DWS-1008# crypto pkcs12 eap 2048full.p12...
  • Page 227 WebAAA clients. Defaults: None. Access: Enabled. Examples: To display information about the certificate of a certificate authority, type the following command: DWS-1008# show crypto ca-certificate The table below describes the fields in the display. Fields Description Version Version of the X.509 certificate.
  • Page 228: Show Crypto Certificate

    Usage: You must have generated a self-signed certificate or obtained a certificate from a certificate authority before displaying information about the certificate. Examples: To display information about a cryptographic certificate, type the following command: DWS-1008# show crypto certificate eap The table below describes the fields in the display. Crypto Certificate Output Fields...
  • Page 229: Show Crypto Key Domain

    Syntax: show crypto key domain Defaults: None. Access: Enabled. Examples: To display the fingerprint for switch-switch security, type the following command: DWS-1008# show crypto key domain Domain public key: e6:43:91:e2:b3:53:ed:46:76:5f:f0:96:3a:3b:86:d3 See Also: • crypto generate key show crypto key ssh Displays SSH authentication key information.
  • Page 230: Radius And Server Groups Commands

    235 clear radius proxy client on page 230 clear radius proxy port on page 230 (For information about RADIUS attributes, see the RADIUS appendix in the D-Link Mobility System Software Configuration Guide.) D-Link DWS-1008 CLI Manual...
  • Page 231: Clear Radius

    Usage: To override the globally set values on a particular RADIUS server, use the set radius server command. Examples: To reset all global RADIUS parameters to their factory defaults, type the following commands: DWS-1008# clear radius deadtime success: change accepted. DWS-1008# clear radius key success: change accepted.
  • Page 232 RADIUS packets leaving the switch. Examples: To clear the system IP address as the permanent source address for RADIUS client requests, type the following command: DWS-1008# clear radius client system-ip success: change accepted. See Also: • set radius client system-ip •...
  • Page 233: Clear Radius Proxy Client

    Syntax: clear radius proxy client all Defaults: None Access: Enabled. Examples: The following command clears all RADIUS proxy client entries from the switch: DWS-1008# clear radius proxy client all success: change accepted. See Also: • set radius proxy client clear radius proxy port Removes RADIUS proxy ports configured for third-party APs.
  • Page 234: Clear Radius Server

    Defaults: None Access: Enabled. Examples: The following command removes the RADIUS server rs42 from a list of remote AAA servers: DWS-1008# clear radius server rs42 success: change accepted. See Also: • set radius server • show aaa clear server group Removes a RADIUS server group from the configuration, or disables load balancing for the group.
  • Page 235: Set Radius

    To disable load balancing in a server group shorebirds, type the following command: DWS-1008# set server group shorebirds load-balance disable success: change accepted. See Also: • set server group set radius Configures global defaults for RADIUS servers that do not explicitly set these values themselves.
  • Page 236 Examples: The following commands sets the dead time to 5 minutes, the RADIUS key to goody, the number of retransmissions to 1, and the timeout to 21 seconds on all RADIUS servers connected to the switch: DWS-1008# set radius deadtime 5 success: change accepted. DWS-1008# set radius key goody success: change accepted.
  • Page 237: Set Radius Proxy Client

    Usage: The switch system IP address must be set before you use this command. Examples: The following command sets the switch system IP address as the address of the RADIUS client: DWS-1008# set radius client system-ip success: change accepted. See Also: •...
  • Page 238: Set Radius Proxy Port

    Enter a separate command for each SSID, and its tag value, you want the switch to support. Examples: The following command maps SSID mycorp to packets received on port 3 or 4, using 802.1Q tag value 104: DWS-1008# set radius proxy port 3-4 tag 104 ssid mycorp success: change accepted. See Also: •...
  • Page 239: Set Radius Server

    Number of minutes the switch waits after declaring an unresponsive password RADIUS server unavailable before retrying that RADIUS server. Specify between 0 (zero) and 1440 minutes (24 hours). A zero value causes the switch to identify unresponsive servers as available. D-Link DWS-1008 CLI Manual...
  • Page 240 30 seconds, two transmit attempts, 5 minutes of dead time, a key string of keys4u, and the default authorization password of dlink, type the following command: DWS-1008# set radius server RS42 address 198.162.1.1 timeout 30 retransmit 2 deadtime 5 key keys4U See Also: •...
  • Page 241: Set Server Group

    Do not use the same name for a RADIUS server and a RADIUS server group. Examples: To set server group shorebirds with members heron, egret, and sandpiper, type the following command: DWS-1008# set server group shorebirds members heron egret sandpiper success: change accepted. See Also: •...
  • Page 242 AAA method. Examples: To enable load balancing between the members of server group shorebirds, type the following command: DWS-1008# set server group shorebirds load-balance enable success: change accepted. To disable load balancing between shorebirds server group members, type the following...
  • Page 243: 802.1X Management Commands

    802.1X Management Commands Use 802. IEEE X management commands to modify the default settings for IEEE 802.1X sessions on a DWS-1008 switch. For best results, change the settings only if you are aware of a problem with the switch’s 802.1X performance.
  • Page 244 Syntax: clear dot1x max-req Defaults: The default bonded authentication period is 0 seconds. Access: Enabled. Examples: To reset the Bonded period to its default, type the following command: DWS-1008# clear dot1x bonded-period success: change accepted See Also: • set dot1x bonded-period •...
  • Page 245 This command applies only to wired authentication ports. Examples: Type the following command to reset the wired authentication port control: DWS-1008# clear dot1x port-control success: change accepted See Also: • set dot1x port-control •...
  • Page 246 Defaults: The default is 2 attempts. Access: Enabled. Examples: Type the following command to reset the maximum number of reauthorization attempts to the default: DWS-1008# clear dot1x reauth-max success: change accepted See Also: • set dot1x reauth-max • show dot1x...
  • Page 247: Clear Dot1X Timeout Supplicant

    Defaults: The default is 30 seconds. Access: Enabled. Examples: To reset the default timeout for requests to an authentication server, type the following command: DWS-1008# clear dot1x timeout auth-server success: change accepted See Also: • set dot1x timeout auth-server • show dot1x...
  • Page 248: Set Dot1X Authcontrol

    Defaults: By default, authentication control for individual wired authentication is enabled. Access: Enabled. Usage: This command applies only to wired authentication ports. Examples: To enable per-port 802.1X authentication on wired authentication ports, type the following command: DWS-1008# set dot1x authcontrol enable success: dot1x authcontrol enabled. D-Link DWS-1008 CLI Manual...
  • Page 249 802.1X reauthentication parameter or the RADIUS Session-Timeout parameter. D-Link recommends that you try 60 seconds, and change the period to a longer value only if clients are unable to authenticate within 60 seconds. The bonded authentication period applies only to 802.1X authentication rules that contain the bonded option.
  • Page 250 Disables transmission of encryption key information to clients. Defaults: Key transmission is enabled by default. Access: Enabled. Examples: Type the following command to enable key transmission: DWS-1008# set dot1x key-tx enable success: dot1x key transmission enabled. See Also: • show dot1x...
  • Page 251 Usage: This command affects only wired authentication ports. Examples: The following command forces port 6 to unconditionally accept all 802.1X authentication attempts: DWS-1008# set dot1x port-control forceauth 6 success: authcontrol for 19 is set to FORCE-AUTH. See Also: • show port status •...
  • Page 252 Specify a value between 0 and 65,535. Defaults: The default is 60 seconds. Access: Enabled. Examples: Type the following command to set the quiet period to 90 seconds: DWS-1008# set dot1x reauth enable success: dot1x reauthentication enabled. See Also: • set dot1x reauth-max •...
  • Page 253 Specify a value between 1 and 65,535. Defaults: The default is 30 seconds. Access: Enabled. Examples: Type the following command to set the authentication server timeout to 60 seconds: DWS-1008# set dot1x timeout auth-server 60 success: dot1x auth-server timeout set to 60. D-Link DWS-1008 CLI Manual...
  • Page 254: Set Dot1X Timeout Supplicant

    Defaults: The default is 30 seconds. Access: Enabled. Examples: Type the following command to set the number of seconds for authentication session timeout to 300: DWS-1008# set dot1x timeout supplicant 300 success: dot1x supplicant timeout set to 300. See Also: • clear dot1x timeout auth-server •...
  • Page 255 VLAN, or encryption type receive the new keys at the same time. Examples: Type the following command to disable WEP key rotation: DWS-1008# set dot1x wep-rekey disable success: wep rekeying disabled See Also: •...
  • Page 256: Show Dot1X

    Displays global 802.1X statistics associated with connecting and authenticating. config Displays a summary of the current configuration. Defaults: None. Access: Enabled. Examples: Type the following command to display the 802.1X clients: DWS-1008# show dot1x clients MAC Address State Vlan Identity ------------------------------------------------------------------------------------------------------------- 00:20:a6:48:01:1f...
  • Page 257 Type the following command to display the 802.1X clients: DWS-1008# show dot1x config 802.1X user policy ---------------------- ‘host/bob-laptop.mycorp.com’ on ssid ‘mycorp’ doing PASSTHRU ’bob.mycorp.com’ on ssid ‘mycorp’ doing PASSTHRU (bonded) 802.1X parameter setting ---------------------- ---------------------- supplicant timeout auth-server timeout quiet period...
  • Page 258 Type the following command to display 802.1X statistics: DWS-1008# show dot1x stats 802.1X statistic value ---------------------- ---------------------- Enters Connecting: Logoffs While Connecting: Enters Authenticating: Success While Authenticating: Timeouts While Authenticating: Failures While Authenticating: Reauths While Authenticating: Starts While Authenticating: Logoffs While Authenticating:...
  • Page 259: Session Management Commands

    Access: Enabled. Examples: To clear all administrator sessions type the following command: DWS-1008# clear sessions admin This will terminate manager sessions, do you wish to continue? (y|n) [n]y To clear all administrative sessions through the console, type the following command:...
  • Page 260: Clear Sessions Network

    DWS-1008# clear sessions telnet This will terminate manager sessions, do you wish to continue? (y|n) [n]y To clear Telnet client session 0, type the following command: DWS-1008# clear sessions telnet client 0 See Also: • show sessions clear sessions network Clears all network sessions for a specified username or set of usernames, MAC address or set of MAC addresses, virtual LAN (VLAN) or set of VLANs, or session ID.
  • Page 261: Show Sessions

    Examples: To clear all sessions for MAC address 00:01:02:03:04:05, type the following command: DWS-1008# clear sessions network mac-addr 00:01:02:03:04:05 This will terminate manager sessions, do you wish to continue? (y|n) [n]y To clear session 9, type the following command: DWS-1008# clear sessions network session-id 9...
  • Page 262 DWS-1008# show sessions telnet TTty Username Time (s) ------- -------------------- -------- tty2 7395 To view information about Telnet client sessions, type the following command: DWS-1008# show sessions telnet client Session Server Address Server Port Client Port -------- -------------- ------------ ----------- 192.168.1.81 48000 10.10.1.22...
  • Page 263: Show Sessions Network

    Displays all network sessions for a MAC address. Specify a MAC address in mac-addr-glob hexadecimal numbers separated by colons (:). Or use the wildcard character (*) to specify a set of MAC addresses. (For details, see “MAC Address Globs” on page 7.) D-Link DWS-1008 CLI Manual...
  • Page 264 Authorization attribute values can be changed during authorization. If the values are changed, show sessions output shows the values that are actually in effect following any changes. Examples: To display summary information for all network sessions, type show sessions network. For example: DWS-1008# show sessions network User Sess IP or MAC...
  • Page 265 The following command displays summary information about the sessions for MAC address 00:05:5d:7e:98:1a: DWS-1008# show sessions network mac-addr 00:05:5d:7e:98:1a User Sess IP or MAC VLAN Port/ Name Address Name Radio ------------------------------ ---- ----------------- --------------- ----- EXAMPLE\Havel 10.10.10.40 vlan-eng The following command displays summary information about all the sessions of users whose...
  • Page 266 The following command displays information about network session 88: DWS-1008# show sessions network session-id 88 Local Id: Global Id: SESS-88-00040f-876766-623fd6 State: ACTIVE SSID: Rack-39-PM Port/Radio: 10/1 MAC Address: 00:0f:66:f4:71:6d User Name: last-resort-Rack-39-PM IP Address: 10.2.39.217 Vlan Name: default Tag: Session Start:...
  • Page 267 • location policy—Attribute value was assigned by a Location Policy. • service-profile—Attribute value is configured on the SSID, and was not overridden by other attribute sources (such as AAA or location policy). • Web Portal—Session is for a Web Portal client. D-Link DWS-1008 CLI Manual...
  • Page 268 Total number of unicast packets received from the user by the switch (64-bit counter). Unicast bytes in Total number of unicast bytes received from the user by the switch (64-bit counter). Unicast packets out Total number of unicast packets sent by the switch to the user (64-bit counter). D-Link DWS-1008 CLI Manual...
  • Page 269 Last packet data Signal-to-noise ratio of the last packet received by the access point. S/N ratio Protocol Wireless protocol used. Session CAC State of session-based Call Admission Control (CAC) on the SSID’s service profile. D-Link DWS-1008 CLI Manual...
  • Page 270: Rf Detection Commands

    A rogue access point is a BSSID (MAC address associated with an SSID) that does not belong to a D-Link device and is not a member of the ignore list configured on the seed switch. MSS can issue countermeasures against rogue devices to prevent clients from being able to use them.
  • Page 271: Clear Rfdetect Ignore

    MAC address you want to remove from the attack list. Defaults: None. Access: Enabled. Examples: The following command clears MAC address 11:22:33:44:55:66 from the attack list: DWS-1008# clear rfdetect attack-list 11:22:33:44:55:66 success: 11:22:33:44:55:66 is no longer in attacklist. See Also: • set rfdetect attack-list •...
  • Page 272 Defaults: None. Access: Enabled. Examples: The following command removes client OUI aa:bb:cc:00:00:00 from the permitted vendor list: DWS-1008# clear rfdetect vendor-list client aa:bb:cc:00:00:00 success: aa:bb:cc:00:00:00 is no longer in client vendor-list. See Also: • set rfdetect vendor-list • show rfdetect vendor-list...
  • Page 273 Examples: The following command adds MAC address aa:bb:cc:44:55:66 to the attack list: DWS-1008# set rfdetect attack-list 11:22:33:44:55:66 success: MAC 11:22:33:44:55:66 is now in attacklist. See Also: •...
  • Page 274: Set Rfdetect Ignore

    Syntax: set rfdetect ignore mac-addr mac-addr BSSID (MAC address) of the device to ignore. Defaults: MSS reports all non-D-Link BSSIDs detected during an RF scan. Access: Enabled. Usage: Use this command to identify third-party APs and other devices you are already aware of and do not want MSS to report following RF scans.
  • Page 275: Set Rfdetect Log

    Enables AP signatures. An AP signature is a set of bits in a management frame sent by an AP that identifies that AP to MSS. If someone attempts to spoof management packets from a D-Link AP, MSS can detect the spoof attempt.
  • Page 276 To enable signatures on all APs, enter the command on each switch. Note: You must use the same AP signature setting (enabled or disabled) on all switches. Examples: The following command enables AP signatures on an switch: DWS-1008# set rfdetect signature enable success: signature is now enabled. set rfdetect ssid-list Adds an SSID to the permitted SSID list.
  • Page 277 MAC address to the ignore list. Examples: The following command adds an entry for clients whose MAC addresses start with aa:bb:cc: DWS-1008# set rfdetect vendor-list client aa:bb:cc:00:00:00 success: MAC aa:bb:cc:00:00:00 is now in client vendor-list. The trailing 00:00:00 value is required.
  • Page 278: Show Rfdetect Clients

    Examples: The following example shows the attack list on switch: DWS-1008# show rfdetect attack-list Total number of entries: 1 Attacklist MAC Port/Radio/Chan RSSI SSID ----------------- ----------------- ------ ------------ 11:22:33:44:55:66 dap 2/1/11 rogue-ssid See Also: • clear rfdetect attack-list • set rfdetect attack-list show rfdetect black-list Displays information abut the clients in the client black list.
  • Page 279 Client Mac Address: 00:0c:41:63:fd:6d, Vendor: Linksys Port: dap 1, Radio: 1, Channel: 11, RSSI: -82, Rate: 2, Last Seen (secs ago): 84 Bssid: 00:0b:0e:01:02:00, Vendor: D-Link, Type: intfr, Dst: ff:ff:ff:ff:ff:ff Last Rogue Status Check (secs ago): 3 The first line lists information for the client. The other lines list information about the most recent 802.11 packet detected from the client.
  • Page 280: Show Rfdetect Countermeasures

    MAC address. show rfdetect countermeasures Displays the current status of countermeasures against rogues. Syntax: show rfdetect countermeasures Defaults: None. Access: Enabled. D-Link DWS-1008 CLI Manual...
  • Page 281: Show Rfdetect Counters

    • known—Device that is a legitimate member of the network. Countermeasures Radio MAC address of the D-Link radio sending countermeasures against the rogue. System IP address of the switch that is managing the AP that is sending or will IPaddr send countermeasures.
  • Page 282 Examples: The following command shows counters for rogue activity detected by a switch: DWS-1008# show rfdetect countermeasures Type Current Total ------------------------------------------------------------------------------------------------------------ Rogue access points Interfering access points 1116 Rogue 802.11 clients Interfering 802.11 clients 802.11 adhoc clients Unknown 802.11 clients Interfering 802.11 clients seen on wired network...
  • Page 283 To display all devices that a specific D-Link radio has detected, even if the radio is managed by another switch, use the show rfdetect visible command. Only one MAC address is listed for each D-Link radio, even if the radio is beaconing multiple SSIDs.
  • Page 284: Show Rfdetect Ignore

    Syntax: show rfdetect ignore Defaults: None. Access: Enabled. Examples: The following example displays the list of ignored devices: DWS-1008# show rfdetect ignore Total number of entries: 2 Ignore MAC ----------------- aa:bb:cc:11:22:33...
  • Page 285 Displays the entries in the permitted SSID list. Syntax: show rfdetect ssid-list Defaults: None. Access: Enabled. Examples: The following example shows the permitted SSID list on switch: DWS-1008# show rfdetect ssid-list Total number of entries: 3 SSID ----------------- mycorp corporate...
  • Page 286: Show Rfdetect Visible

    Defaults: None. Access: Enabled. Usage: If a D-Link radio is supporting more than one SSID, each of the corresponding BSSIDs is listed separately. Examples: To following command displays information about the rogues detected by radio 1 on...
  • Page 287 Usage: Use this command to send test packets to a specified client. The output of the command indicates the number of test packets received and acknowledged by the client, as well as the client’s signal strength and signal-to-noise ratio. D-Link DWS-1008 CLI Manual...
  • Page 288 Examples: The following command tests the RF link between the switch and the client with MAC address 00:0e:9b:bf:ad:13: DWS-1008# test rflink mac 00:0e:9b:bf:ad:13 RF-Link Test to 00:0e:9b:bf:ad:13 : Session-Id: 2 Packets Sent Packets Rcvd RSSI RTT (micro-secs) ------------ ------------ -------...
  • Page 289: File Management Commands

    303 System Backup and Restore backup on page 287 restore on page 298 Sygate On-Demand Agent install soda agent on page 294 (SODA) file installation uninstall soda agent on page 306 and removal D-Link DWS-1008 CLI Manual...
  • Page 290 To make sure the archive contains the configuration that is currently running on the switch, use the save config command to save the running configuration to the boot configuration file, before using the backup command. D-Link DWS-1008 CLI Manual...
  • Page 291: Clear Boot Config

    TFTP server. The filename in this example includes a TFTP server IP address, so the archive is not stored locally on the switch. DWS-1008# backup system tftp:/10.10.20.9/sysa_bak critical success: sent 28263 bytes in 0.324 seconds [ 87231 bytes/sec] See Also: •...
  • Page 292 Examples: The following commands back up the configuration file on a switch, reset the switch to its factory default configuration, and reboot the switch: DWS-1008# copy configuration tftp://10.1.1.1/backupcfg success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] DWS-1008# clear boot config success: Reset boot config to factory defaults.
  • Page 293 Examples: The following command copies a file called floormx from nonvolatile storage to a TFTP server: DWS-1008# copy floormx tftp://10.1.1.1/floormx success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] The following command copies a file called closetmx from a TFTP server to nonvolatile storage: DWS-1008# copy tftp://10.1.1.1/closetmx closetmx...
  • Page 294 Usage: You might want to copy the file to a TFTP server as a backup before deleting the file. Examples: The following commands copy file testconfig to a TFTP server and delete the file from nonvolatile storage: DWS-1008# copy testconfig tftp://10.1.1.1/testconfig success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] DWS-1008# delete testconfig success: file deleted.
  • Page 295 9780 KB Aug 23 2005, 15:54:08 *boot1:mx040100.020 9796 KB Aug 28 2005, 21:09:56 Boot0: Total: 9780 Kbytes used, 2460 Kbytes free Boot1: Total: 9796 Kbytes used, 2464 Kbytes free =========================================================== temporary files: Filename Size Created D-Link DWS-1008 CLI Manual...
  • Page 296 37 bytes used, 91707 Kbytes free The following command limits the output to the contents of the boot0 partition: DWS-1008# dir boot0: =========================================================== file: Filename Size Created boot0:mx040100.020 9780 KB Aug 23 2005, 15:54:08 Total: 9780 Kbytes used, 207663 Kbytes free D-Link DWS-1008 CLI Manual...
  • Page 297 SSID. Examples: The following command installs the contents of the file soda.ZIP into a directory called sp1. DWS-1008# install soda agent soda.ZIP agent-directory sp1 This command may take up to 20 seconds... See Also: • uninstall soda agent •...
  • Page 298: Load Config

    Caution: This command completely removes the running configuration and replaces it with the configuration contained in the file. D-Link recommends that you save a copy of the current running configuration to a backup configuration file before loading a new configuration.
  • Page 299 Subdirectory name. Specify between 1 and 32 alphanumeric characters, with no spaces. Defaults: None. Access: Enabled. Examples: The following commands create a subdirectory called corp2 and display the root directory to verify the result: DWS-1008# mkdir corp2 success: change accepted. D-Link DWS-1008 CLI Manual...
  • Page 300: Reset System

    If the running configuration and configuration file do not match, MSS does not restart the switch but instead displays a message advising you to either save the configuration changes or use the force option. D-Link DWS-1008 CLI Manual...
  • Page 301 CAUTION: Do not use this option unless advised to do so by D-Link tech support. If you restore one switch’s system files onto another switch, you must generate new key pairs and certificates on the switch.
  • Page 302 Instead, files in the archive are added to the user files area. A file in the user area is replaced only if the archive contains a file with the same name. Note: If the archive’s files cannot fit on the switch, the restore operation fails. D-Link recommends deleting unneeded image files before creating or restoring an archive.
  • Page 303: Save Config

    In this example, the filename used during the most recent reboot is configuration. DWS-1008# save config Configuration saved to configuration. The following command saves the running configuration to a file named testconfig1: DWS-1008# save config testconfig1 Configuration saved to testconfig1. See Also: • load config • show boot •...
  • Page 304 Defaults: By default, there is no backup configuration file. Access: Enabled. Examples: The following command specifies a file called backup.cfg as the backup configuration file on the switch: DWS-1008# set boot backup-configuration backup.cfg success: backup boot config filename set. See Also: • clear boot backup-configuration •...
  • Page 305: Set Boot Partition

    Usage: To determine the boot partition that was used to load the currently running software image, use the dir command. Examples: The following command sets the boot partition for the next software reload to partition 1: DWS-1008# set boot partition boot1 success: Boot partition set to boot1. show boot Displays the system image and configuration filenames used after the last reboot and configured for use after the next reboot.
  • Page 306: Show Config

    • • acls • • • eapol • httpd • • ip-config • l2acl • • mobility-domain • network-domain • • portconfig • port-group • • radio-profile • rfdetect • service-profile • • snmp • snoop D-Link DWS-1008 CLI Manual...
  • Page 307: Show Version

    If you use the all option, the display also includes commands for configuration items that are set to their default values. Examples: The following command shows configuration information for VLANs: DWS-1008# show config area vlan # Configuration nvgen’d at 2004-5-21 19:36:48 # Image 3.0.0...
  • Page 308 Examples: The following command displays version information for a switch: DWS-1008# show version Mobility System Software, Version: 4.1.0 QA 67 Copyright (c) 2002, 2003, 2004, 2005 D-Link, Inc. All rights reserved. Build Information: (build#67) TOP 2005-07-21 04:41:00 Model: DWS-1008 Hardware Mainboard: version 24 ;...
  • Page 309: Uninstall Soda Agent

    SODA agent files. Examples: The following command removes the directory sp1 and all of its contents: DWS-1008# uninstall soda agent agent-directory sp1 This will delete all files in agent-directory, do you wish to continue? (y|n) [n]y See Also: •...
  • Page 310: Access Point Commands

    Use DWL-8220AP access point commands to configure and manage DWL-8220AP access points. Be sure to do the following before using the commands: • Define the country-specific IEEE 802.11 regulations on the DWS-1008 switch. • Install the DWL-8220AP access point and connect it to a port on the switch.
  • Page 311 Examples The following command disables and resets radio 2 on the DWL-8220AP access point connected to port 3: DWS-1008# clear ap 3 radio 2 clear dap boot-configuration Removes the static IP address configuration for a Distributed AP. Syntax: clear dap boot-configuration dap-num...
  • Page 312 Examples: The following commands disable the radios that are using radio profile rp1 and reset the beaconed-interval parameter to its default value: DWS-1008# set radio-profile rp1 mode disable DWS-1008# clear radio-profile rp1 beacon-interval success: change accepted.
  • Page 313 Usage: If the service profile is mapped to a radio profile, you must remove it from the radio profile first. (After disabling all radios that use the radio profile, use the clear radio-profile name service-profile name command.) D-Link DWS-1008 CLI Manual...
  • Page 314 Examples: The following commands disable the radios that are using radio profile rp6, remove service-profile svcprof6 from rp6, then clear svcprof6 from the configuration. DWS-1008# set radio-profile rp6 mode disable DWS-1008# clear radio-profile rp6 service-profile svcprof6 success: change accepted. DWS-1008# clear service-profile svcprof6 success: change accepted.
  • Page 315: Set Dap Auto

    (YES) (boot-download-enable) Radio Parameters radio num auto-tune max-power default radio num mode enabled radio num radio-profile default 11g (or 11b for country codes radiotype where 802.11g is not allowed) D-Link DWS-1008 CLI Manual...
  • Page 316: Set Dap Auto Mode

    • set {ap | dap} radio radio-profile • set {ap | dap} upgrade-firmware set dap auto mode Enables an DWS-1008’s profile for automatic Distributed AP configuration. Syntax: set dap auto mode {enable | disable} enable Enables the AP configuration profile.
  • Page 317: Set Dap Auto Radiotype

    Usage: To display the Distributed AP numbers assigned to Auto-APs, use the show dap status auto command. Examples: The following command converts the configuration of Auto-AP 10 into a permanent configuration: DWS-1008# set dap auto persistent 10 success: change accepted See Also: • set dap auto •...
  • Page 318 AP through an intermediate Layer 2 or Layer 3 network. An AP always attempts to boot on AP port 1 first, and if a DWS-1008 is directly attached on AP port 1, the AP always boots from it.
  • Page 319 APs. For example, if an AP is dual homed to two DWS-1008 switches, and one of the switches has 50 active APs while the other switch has 60 active APs, the new AP selects the switch that has only 50 active APs.
  • Page 320 Examples: The following command enables LED blink mode on the access points connected to ports 3 and 4: DWS-1008# set ap 3-4 blink enable success: change accepted. set dap boot-ip Specifies static IP address information for a Distributed AP. Syntax: set dap dap-num boot-ip ip ip-addr netmask mask-addr gateway...
  • Page 321 • set dap boot-vlan • show dap boot-configuration set dap boot-switch Specifies the DWS-1008 a Distributed AP contacts and attempts to use as its boot device. Syntax: set dap dap-num boot-switch [switch-ip ip-addr] [name name dns ip-addr] [mode {enable | disable}]...
  • Page 322 When a static IP address is specified for a Distributed AP, there is no preconfigured DNS information or DNS name for the DWS-1008 the Distributed AP attempts to use as its boot device. If you configure a static IP address for a Distributed AP, but do not specify a boot device, then the DWS-1008 switch must be reachable via subnet broadcast.
  • Page 323 802.1Q tag with a specified VLAN number. Frames sent to the Distributed AP that are not tagged with this value are ignored. Examples: The following command configures Distributed AP 1 to use VLAN tag 100: DWS-1008# set dap 1 boot-vlan vlan-tag 100 mode enable success: change accepted. See Also: •...
  • Page 324: Set Dap Fingerprint

    Verifies an AP’s fingerprint on an DWS-1008. If AP-DWS security is required by an DWS-1008, an AP can establish a management session with the switch only if you have verified the AP’s identity by verifying its fingerprint on the switch.
  • Page 325 {ap | dap} force-image-download Configures an AP to download its software image from the DWS-1008 instead of loading the image that is locally stored on the AP. Syntax: set {ap port-list | dap {dap-num | auto}} force-image-download {enable | disable} ap port-list List of AP access ports.
  • Page 326 Defaults: AP access points are not grouped by default. Access: Enabled Usage: You can assign any subset or all of the access points connected to a DWS-1008 to a group on that switch. All access points in a group must be connected to the same DWS-1008.
  • Page 327 Usage: Use this command to specify information about the location of the AP. Examples: The following command specifies the location of AP 7 as The conference room. DWS-1008# set ap 7 location ‘The conference room’ success: change accepted. See Also: •...
  • Page 328 For example, the default name for Distributed AP 1 is DAP01. Access: Enabled Examples: The following command changes the name of the AP on port 1 to techpubs: DWS-1008# set ap 1 name techpubs success: change accepted. See Also: •...
  • Page 329 Defaults: The default antenna location is indoors. Access: Enabled Examples: The following command sets the antenna location for radio 1 on Distributed AP 22 to outdoors: DWS-1008# set dap 22 radio 1 antenna-location outdoors success: change accepted. See Also: • set {ap | dap} radio antennatype set {ap | dap} radio antennatype Sets the model number for an external antenna.
  • Page 330 Defaults: All radios use the internal antenna by default. Access: Enabled Examples: The following command configures the 802.11b/g radio on Distributed AP 1 to use antenna model ANT1060: DWS-1008# set dap 1 radio 1 antennatype ANT1060 success: change accepted. See Also: • show {ap | dap} config set {ap | dap} radio auto-tune max-power Sets the maximum power that RF Auto-Tuning can set on a radio.
  • Page 331 Example: The following command sets the maximum power that RF Auto-Tuning can set on radio 1 on the DWL-8220AP access point on port 5 to 12 dBm. DWS-1008# set ap 5 radio 1 auto-tune max-power 12 success: change accepted. See Also: •...
  • Page 332 The following command configures the channel and transmit power on the 802.11b/g radio on the DWL-8220AP access point connected to port 2: DWS-1008# set ap 2 radio 1 channel 1 tx-power 10 success: change accepted. See Also: •...
  • Page 333 Examples: The following command enables radio 1 on the DWL-8220AP access points connected to ports 1 through 5: DWS-1008# set ap 1-5 radio 1 mode enable success: change accepted. The following command enables radio 2 on ports 1 through 3: DWS-1008# set ap 1-3 radio 2 mode enable success: change accepted.
  • Page 334 Note: The maximum transmit power you can configure on any D-Link radio is the maximum allowed for the country in which you plan to operate the radio or one of the following values if that value is less than the country maximum: on an 802.11a radio, 11 dBm for channel numbers less than...
  • Page 335: Set Dap Security

    Sets security requirements for management sessions between a DWS-1008 switch and its Distributed APs. This feature applies to Distributed APs only, not to directly connected DWL-8220APs configured on DWL-8220AP access ports. In addition, DWL-8220AP models DWL-8220AP-101 and DWL-8220AP-122 do not have encryption keys and do not support this feature regardless of how they are connected to the switch.
  • Page 336 AP can establish a management session with the DWS-1008 switch only if its fingerprint has been confirmed by you in MSS. A change to DWL-8220AP security support does not affect management sessions that are already established. To apply the new setting to an DWL-8220AP, restart the DWL-8220AP.
  • Page 337 Defaults: Active scanning is enabled by default. Access: Enabled. Usage: You can enter this command on any DWS-1008 switch. The command takes effect only on that switch. Examples: The following command disables active scan in radio profile radprof3: DWS-1008# set radio-profile radprof3 active-scan disable success: change accepted.
  • Page 338 If RF Auto-Tuning for channels is enabled, MSS does not allow you to manually change channels. Examples: The following command disables dynamic channel tuning for radios in the rp2 radio profile: DWS-1008# set radio-profile rp2 auto-tune channel-config disable success: change accepted. See Also: • set {ap | dap} radio channel •...
  • Page 339 Defaults: The default channel interval is 3600 seconds (one hour). Access: Enabled. Usage: D-Link recommends that you use an interval of at least 300 seconds (5 minutes). RF Auto-Tuning can change a radio’s channel before the channel interval expires in response to RF anomalies.
  • Page 340 However, RF Auto-Tuning can still change the channel in response to RF anomalies. Examples: The following command sets the channel interval for radios in radio profile rp2 to 2700 seconds (45 minutes): DWS-1008# set radio-profile rp2 auto-tune channel-interval 2700 success: change accepted. set radio-profile auto-tune channel-lockdown Locks down the current channel settings on all radios in a radio profile.
  • Page 341 When RF Auto-Tuning for power is enabled, MSS does not allow you to manually change the power level. Examples: The following command enables dynamic power tuning for radios in the rp2 radio profile: DWS-1008# set radio-profile rp2 auto-tune power-config enable success: change accepted. See Also: • set {ap | dap} radio auto-tune max-power •...
  • Page 342 Examples: The following command sets the power interval for radios in radio profile rp2 to 240 seconds: DWS-1008# set radio-profile rp2 auto-tune power-interval 240 success: change accepted. See Also: • set {ap | dap} radio auto-tune max-power •...
  • Page 343 Examples: The following command locks down the power settings for radios in radio profile rp2: DWS-1008# set radio-profile rp2 auto-tune power-lockdown success: change accepted. See Also: • set {ap | dap} radio auto-tune max-power •...
  • Page 344 Access: Enabled. Examples: The following command changes the power ramp interval for radios in radio profile rp2 to 120 seconds: DWS-1008# set radio-profile rp2 auto-tune power-ramp-interval 120 success: change accepted. See Also: • set {ap | dap} radio auto-tune max-power •...
  • Page 345 DWL-8220AP radios can also issue countermeasures against interfering devices. An interfering device is not part of the D-Link network but also is not a rogue. No client connected to the device has been detected communicating with any network entity listed in the forwarding database (FDD) of any DWS-1008 switch in the MobileLAN.
  • Page 346 DWS-1008# radio-profile radprof3 countermeasures configured success: change accepted. Note that when you issue this command, countermeasures are then issued only against devices in the DWS-1008’s attack list, not against other devices that were classified as rogues by other means. See Also: •...
  • Page 347 RTS/CTS method to send the frame. To change the RTS threshold, use the set radio-profile rts-threshold command instead. Examples: The following command changes the fragmentation threshold for radio profile rp1 to 1500 bytes: DWS-1008# set radio-profile rp1 frag-threshold 1500 success: change accepted. See Also: • set radio-profile mode •...
  • Page 348 Use the set radio-profile mode command. Examples: The following command changes the maximum receive threshold for radio profile rp1 to 4000 ms: DWS-1008# set radio-profile rp1 max-rx-lifetime 4000 success: change accepted. See Also: • set radio-profile mode •...
  • Page 349 Use the set radio-profile mode command. Examples: The following command changes the maximum transmit threshold for radio profile rp1 to 4000 ms: DWS-1008# set radio-profile rp1 max-tx-lifetime 4000 success: change accepted. See Also: • set radio-profile mode •...
  • Page 350 You must configure a service profile. The service profile sets the service-profile No service profiles defined SSID name and other parameters. Requires clients to send a seperate PSpoll to retrieve each wmm-powersave disable unicast packet buffered by the AP. D-Link DWS-1008 CLI Manual...
  • Page 351 DWS-1008# set radio-profile rp1 success: change accepted. The following command enables the radios that use radio profile rp1: DWS-1008# set radio-profile rp1 mode enable success: change accepted. The following commands disable the radios that use radio profile rp1, change the...
  • Page 352 Use the set radio-profile mode command. Examples: The following command configures 802.11b/g radios that use the radio profile rp_ long to advertise support for long preambles instead of short preambles: DWS-1008# set radio-profile rp_long preamble-length long success: change accepted. See Also: •...
  • Page 353 Access: Enabled. Usage: When SVP is enabled, AP forwarding prioritization is optimized for SpectraLink Voice Priority (SVP) instead of WMM, and the AP does not tag packets it sends to the DWS-1008. Otherwise, classification and tagging remain in effect. If you plan to use SVP or another non-WMM type of prioritization, you must configure ACLs to tag the packets.
  • Page 354 Defaults: The default is disable. Access: Enabled. Examples: The following command enables radios managed by radio profile rp1 to act as asset location receivers: DWS-1008# set radio-profile rfid-mode enable success: change accepted. See Also: • set radio-profile mode • show radio-profile set radio-profile rts-threshold Changes the RTS threshold for the AP radios in a radio profile.
  • Page 355 Examples: The following command changes the RTS threshold for radio profile rp1 to 1500 bytes: DWS-1008# set radio-profile rp1 rts-threshold 1500 success: change accepted. See Also: • set radio-profile mode • show radio-profile set radio-profile service-profile Maps a service profile to a radio profile. All radios that use the radio profile also use the parameter settings, including SSID and encryption settings, in the service profile.
  • Page 356 ARP requests and DHCP Offers and Acks instead of no-broadcast disable forwarding them as multicasts. Does not reply on behalf of wireless clients to ARP requests for client IP addresses. Instead, the radio forwards the ARP Requests proxy-arp disable as wireless broadcasts. D-Link DWS-1008 CLI Manual...
  • Page 357 Accepts frames from clients at all valid data rates. (No rates are • mandantory: 1.0, 2.0 disabled by default.) • beacon rate: 2.0 transmit-rates • multicast-rate: auto • disabled: none 802.11g: • mandantory: 1.0, 2.0, 5.5, 11.0 • beacon rate: 2.0 • multicast-rate: auto • disabled: none D-Link DWS-1008 CLI Manual...
  • Page 358 Otherwise, the value is unconfigured. For WebAAA users, serves the D-Link login page. web-portal-form Not configured Allows a Web Portal WebAAA session to remain in the Deassociated web-portal- state 5 seconds before being terminated automatically.
  • Page 359 You must disable all radios that use a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples: The following command maps service-profile wpa_clients to radio profile rp2: DWS-1008# set radio-profile rp2 service-profile wpa_clients success: change accepted. set radio-profile wmm-powersave Enables Unscheduled Automatic Powersave Delivery (U-APSD) on AP radios managed by the radio profile.
  • Page 360 Usage: U-APSD is supported only for QoS mode WMM. If WMM is not enabled on the radio profile, use the set radio-profile qos-mode command to enable it. Examples: The following command enables U-APSD on radio profile rp1: DWS-1008# set radio-profile rp1 wmm-powersave enable success: change accepted. See Also: •...
  • Page 361 Examples: The following command assigns users accessing the SSID managed by service profile sp2 to VLAN blue: DWS-1008# set service-prof sp2 attr vlan-name blue success: change accepted. The following command limits the days and times when users accessing the SSID managed by service profile sp2 can access the network, to 5 p.m.
  • Page 362 (PSK) authentication. To use this, you must enable PSK support and configure a passphrase or key. Examples: The following command disables 802.1X authentication for WPA clients that use service profile wpa_clients: DWS-1008# set service-profile wpa_clients auth-dot1x disable success: change accepted. See Also: • set service-profile auth-psk •...
  • Page 363 If a username does not match a userglob in an authentication rule for the SSID requested by the user, the DWS-1008 that is managing the radio the user is connected to redirects the user to a web page located on the DWS-1008. The user must type a valid username and password on the web page to access the SSID.
  • Page 364 DWS-1008# set service-profile rnd_lab auth-fallthru web-portal success: change accepted. See Also: • set web-portal • set service-profile web-portal-form • show service-profile set service-profile auth-psk Enables preshared key (PSK) authentication of Wi-Fi Protected Access (WPA) clients by AP radios in a radio profile, when the WPA information element (IE) is enabled in the service profile.
  • Page 365 Defaults: Beaconing is enabled by default. Access: Enabled. Examples: The following command disables beaconing of the SSID managed by service profile sp2: DWS-1008# set service-profile sp2 beacon disable success: change accepted. See Also: • set radio-profile beacon-interval • set service-profile ssid-name •...
  • Page 366 CAC is based on the number of active sessions. Defaults: The default CAC mode is none. Access: Enabled. Examples: The following command enables session-based CAC on service profile sp1: DWS-1008# set service-profile sp1 cac-mode session success: change accepted. See Also: • set service-profile cac-session •...
  • Page 367 Examples: The following command changes the maximum number of sessions for radios used by service profile sp1 to 10: DWS-1008# set service-profile sp1 cac-session 10 success: change accepted. See Also: • set service-profile cac-mode • show service-profile set service-profile cipher-ccmp Enables Counter with Cipher Block Chaining Message Authentication Code Protocol (CCMP) encryption with WPA clients, for a service profile.
  • Page 368 Defaults: When the WPA IE is enabled, TKIP encryption is enabled by default. Access: Enabled. Usage: To use TKIP, you must also enable the WPA IE. Examples: The following command disables TKIP encryption in service profile sp2: DWS-1008# set service-profile sp2 cipher-tkip disable success: change accepted. See Also: • set service-profile cipher-ccmp •...
  • Page 369 To support non-WPA clients that use static WEP, you must configure static WEP keys. Use the set service-profile wep key-index command. Examples: The following command configures service profile sp2 to use 104-bit WEP encryption: DWS-1008# set service-profile sp2 cipher-wep104 enable success: change accepted. See Also: • set service-profile cipher-ccmp • set service-profile cipher-tkip •...
  • Page 370 To support non-WPA clients that use static WEP, you must configure static WEP keys. Use the set service-profile wep key-index command. Examples: The following command configures service profile sp2 to use 40-bit WEP encryption: DWS-1008# set service-profile sp2 cipher-wep40 enable success: change accepted. See Also: • set service-profile cipher-ccmp •...
  • Page 371 Enables or disables DHCP Restrict on a service profile. DHCP Restrict filters a newly associated client’s traffic to allow DHCP traffic only, until the client has been authenticated and authorized. All other traffic is captured by the DWS-1008 and is not forwarded. After the client is successfully authorized, the traffic restriction is removed.
  • Page 372 Configures DWL-8220APs managed by the radio profile to leave a roamed user on the VLAN assigned by the switch where the user logged on. When this option is disabled, a user’s VLAN is reassigned by each DWS-1008 to which a user roams. Syntax: set service-profile name keep-initial-vlan {enable | disable}...
  • Page 373 Defaults: This option is disabled by default. Access: Enabled. Usage: Even when this option is enabled, the DWS-1008 to which a user roams (the roamed-to switch) can reassign the VLAN in any of the following cases: • A location policy on the local switch reassigns the VLAN.
  • Page 374 SSID. Instead, an AP radio handles this traffic as follows: • ARP requests—If the SSID has clients whose IP addresses the DWL-1008 does not already know, the DWS-1008 allows the DWS-8220AP to send the ARP request as a unicast to only those stations whose addresses the DWS-1008 does not know.
  • Page 375 SSID by eliminating ARP broadcasts from APs to the SSID’s clients. If the ARP request is for a client whose IP address the DWS-1008 does not already know, the DWS-1008 allows DWL-8220Aps to send the ARP request to clients. If the no-broadcast mode is also enabled, the APs send the ARP request as a unicast to only the clients whose addresses the DWS-1008 does not know.
  • Page 376 Access: Enabled. Usage: MSS converts the passphrase into a 256-bit binary number for system use and a raw hexadecimal key to store in the DWS-1008’s configuration. Neither the binary number nor the passphrase itself is ever displayed in the configuration.
  • Page 377 Access: Enabled. Usage: MSS converts the hexadecimal number into a 256-bit binary number for system use. MSS also stores the hexadecimal key in the DWS-1008’s configuration. The binary number is never displayed in the configuration. To use PSK authentication, you must enable it and you also must enable the WPA IE.
  • Page 378 Usage: When the RSN IE is enabled, the default authentication method is 802.1X. There is no default cipher suite. You must enable the cipher suites you want the radios to support. Examples: The following command enables the RSN IE in service profile sprsn: DWS-1008# set service-profile sprsn rsn-ie enable success: change accepted. See Also: •...
  • Page 379 Enables shared-key authentication, in a service profile. Note. Use this command only if advised to do so by D-Link. This command does not enable preshared key (PSK) authentication for Wi-Fi Protected Access (WPA). To enable PSK encryption for WPA, use the set service-profile auth-psk command.
  • Page 380 Usage: If the same SODA agent is used for multiple service profiles, you can use this command to specify a single directory for SODA agent files on the DWS-1008, rather than placing the same SODA agent files in a separate directory for each service profile.
  • Page 381 In order for the client to load the success page, you must make sure the SODA agent is configured (through SODA Manager) with the correct URL of the success page, so that the DWS-1008 can serve the page to the client.
  • Page 382 Specifies a page on the DWS-1008 that is loaded when a client fails the security checks performed by the SODA agent. Syntax: set service-profile name soda failure-page page Service profile name. name page Page that is loaded if the client fails the security checks performed by the SODA agent.
  • Page 383 Specifies a page on the DWS-1008 that is loaded when a client logs out of the network by closing the SODA virtual desktop. Syntax: set service-profile name soda logout-page page Service profile name. name Page that is loaded when the client closes the SODA virtual desktop.
  • Page 384 SODA functionality requires that Web Portal WebAAA also be enabled for the service profile. Examples: The following command enables SODA functionality for service profile sp1: DWS-1008# set service-profile sp1 soda mode enable success: change accepted. See Also: •...
  • Page 385 This functionality occurs only when the enforce checks option is enabled for the service profile. The enforce checks option is enabled by default. Examples: The following command configures the DWS-1008 to apply acl-1 to a client when it loads the failure page: DWS-1008# set service-profile sp1 soda remediation-acl acl-1 success: change accepted.
  • Page 386 The page is assumed to reside in the root directory on the DWS-1008. optionally specify a different directory where the page resides. This functionality occurs only when the enforce checks option is enabled for the service profile. The enforce checks option is enabled by default.
  • Page 387 DWS-1008# set service-profile clear_wlan ssid-name guest success: change accepted. The following command applies the name corporate users to the SSID managed by service profile mycorp_srvcprf: DWS-1008# set service-profile mycorp_srvcprf ssid-name “corporate users” success: change accepted. See Also: • set service-profile ssid-type •...
  • Page 388 • For traffic from clients to the network, the AP marks the DSCP value in the IP headers of the tunnel packets used to carry the user data from the AP to the DWS-1008. Syntax: set service-profile name static-cos {enable | disable} name Service profile name.
  • Page 389 The TKIP cipher suite must be enabled. The WPA IE also must be enabled. Examples: The following command changes the countermeasures wait time for service profile sp3 to 30,000 ms (30 seconds): DWS-1008# set service-profile sp3 tkip-mc-time 30000 success: change accepted. See Also: •...
  • Page 390 However, you cannot set the multicast rate to a disabled rate. • auto - Sets the multicast rate to the highest rate that can reach all clients connected to the AP. D-Link DWS-1008 CLI Manual...
  • Page 391 Examples: The following command sets 802.11a mandatory rates for service profile sp1 to 6 Mbps and 9 Mbps, disables rates 48 Mbps and 54 Mbps, and changes the beacon rate to 9 Mbps: DWS-1008# set service-profile sp1 transmit-rates 11a mandatory 6.0,9.0 disabled 48.0,54.0 beacon-rate 9.0 success: change accepted.
  • Page 392 Defaults: The default user idle timeout is 180 seconds (3 minutes). Access: Enabled. Examples: The following command increases the user idle timeout to 360 seconds (6 minutes): DWS-1008# set service-profile sp1 user-idle-timeout 360 success: change accepted. See Also: • set service-profile idle-client-probing •...
  • Page 393 Defaults: The D-Link Web login page is served by default. Access: Enabled. Usage: D-link recommends that you create a subdirectory for the custom page and place all the page’s files in that subdirectory. Do not place the custom page in the root directory of the switch’s user file area.
  • Page 394 637 bytes Aug 12 2004, 15:42:26 file:corpa-logo.jpg 1202 bytes Aug 12 2004, 15:57:11 Total: 1839 bytes used, 206577 Kbytes free DWS-1008# set service-profile corpa-service web-portal-form corpa/corpa-login html success: change accepted. See Also: • copy • dir • mkdir • set port type wired-auth •...
  • Page 395 Web Portal WebAAA session timeout period of 5 seconds is used. Examples: The following command allows Web Portal WebAAA sessions to remain in the Deassociated state 180 seconds before being terminated automatically. DWS-1008# set service-profile sp1 web-portal-session-timeout 180 success: change accepted. See Also: •...
  • Page 396 Use the set service-profile wep key-index command. Examples: The following command configures service profile sp2 to use WEP key 2 for encrypting multicast traffic: DWS-1008# set service-profile sp2 wep active-multicast-index 2 success: change accepted. See Also: • set service-profile wep active-unicast-index •...
  • Page 397 Use the set service-profile wep key-index command. Examples: The following command configures service profile sp2 to use WEP key 4 for encrypting unicast traffic: DWS-1008# set service-profile sp2 wep active-unicast-index 4 success: change accepted. See Also: • set service-profile wep active-multicast-index •...
  • Page 398 Examples: The following command configures a 5-byte WEP key for key index 1 on service profile sp2 to aabbccddee: DWS-1008# set service-profile sp2 wep key-index 1 key aabbccddee success: change accepted. See Also: • set service-profile wep active-multicast-index • set service-profile wep active-unicast-index •...
  • Page 399 Usage: MSS lists information separately for each DWL-8220AP access point. Examples: The following example shows configuration information for a DWL-8220AP access point on port 2: DWS-1008# show ap config 2 Port 2: AP model: DWL-8220AP, POE: enable, bias: high, name: DWL-8220AP02 boot-download-enable: YES force-image-download: NO load balancing group: none location: The conference room contact: Bob the IT guy Radio 1: type: 802.11g, mode: disabled, channel: 6 tx pwr: 1, profile: default auto-tune...
  • Page 400 DWS-1008 and the DWS-1008’s port is configured as an AP access port. Connection ID for the Distributed AP. This field is applicable only if the AP is configured on the DWS-1008 as a Distributed Serial ID of the DWL-8220AP access point.
  • Page 401 Usage: To display statistics counters and other information for individual user sessions, use the show sessions network command. Examples: The following command shows statistics counters for Distributed AP 7: DWS-1008# show dap counters 7 DAP: 7 r adio: 1 =================================...
  • Page 402 The following table describes the fields in this display: Field Description Distributed AP number. DWS-1008 port number (if the AP is directly connected to the DWS-1008 and Port the DWS-1008 port is configured as an AP access port). Radio number.
  • Page 403 AP. This counter increments if there is too much multicast traffic or there is a MultiPktDrop problem with the multicast packets. Normally, this counter should be 0. Number of multicast bytes dropped by the radio due to a buffer overflow on the MultiBytDrop AP. (See the description for MultiPktDrop.) D-Link DWS-1008 CLI Manual...
  • Page 404 Normally, the value of this counter should always be 0. If the value is not 0, check the system log for MIC error messages and contact D-Link Technical Support. Number of times a decryption error occurred with a packet encrypted with TKIP.
  • Page 405 • Interference caused by an 802.11b/g phone or other source. It is normal for this counter to be about 10 percent of the total RxByte count. It is also normal for higher data rates to have higher Phy error counts than lower data rates. D-Link DWS-1008 CLI Manual...
  • Page 406 Usage: Repeating this command with the clear option at regular intervals allows you to monitor transmission and drop rates. Examples: The following command shows statistics for the AP forwarding queues on a Distributed DWS-1008# set service-profile sp2 wpa-ie enable Queue TxDrop...
  • Page 407 {ap | dap} etherstats Displays Ethernet statistics for an DWL-8220AP’s Ethernet ports. Syntax: show {ap | dap} etherstats [port-list | dap-num] List of DWS-1008 ports directly connected to the DWL-8220AP access point(s) port-list for which to display counters. Number of a Distributed AP for which to display counters.
  • Page 408 Examples: The following command displays Ethernet statistics for the Ethernet ports on Distributed AP 1: DWS-1008# show dap etherstats 1 DAP: 1 ether: 1 ================================= RxUnicast: 75432 TxGoodFrames: 55210 RxMulticast: 18789 TxSingleColl: RxBroadcast: TxLateColl: RxGoodFrames: 94229 TxMaxColl: RxAlignErrs: TxMultiColl: RxShortFrames:...
  • Page 409 {ap | dap} group Displays configuration information and load-balancing status for DWL-8220AP access point groups. Syntax: show {ap | dap} group [name] name Name of an AP group or Distributed AP group. Defaults: None. Access: Enabled. D-Link DWS-1008 CLI Manual...
  • Page 410 • Refusing—The access point is refusing new associations. Number of association requests refused by the DWL-8220AP access point due to load balancing. MSS resets this counter to 0 when the DWS-1008 is restarted, Refused MSS is reloaded, or the access point is removed from the group.
  • Page 411 Shows status information for radio 2. (This option does not apply to single-radio models.) Defaults: None. Access: Enabled. Examples: The following command displays the status of a Distributed AP access point: DWS-1008# show dap status 1 Dap: 1, IP-addr: 10.2.30.5 (vlan ‘vlan-corp’), AP model: DWL-8220AP, manufacturer: D-Link, name: DAP01 fingerprint: b4:f9:2a:52:37:58:f4:d0:10:75:43:2f:45:c9:52:c3 ====================================================...
  • Page 412 The following command displays the status of a Distributed AP access point: DWS-1008# show ap status 1 Port: 1, AP model: DWL-8220AP, manufacturer D-Link, name: AP01 ==================================================== State: operational CPU info: IBM:PPC speed=266666664 Hz version=405GPr id=0x28b08a1e047f1d0f ram=33554432 s/n=0333000288 hw_rev=A3 Uptime: 3 hours, 44 minutes, 28 seconds Radio 1 type: 802.11g, state: configure succeed [Enabled] (802.11b protect)
  • Page 413 Field Description Connection ID for the Distributed AP. Note: This field is applicable only if the AP is configured on the DWS-1008 as a Distributed AP. DWS-1008 port number. Port Note: This field is applicable only if the AP is directly connected to the DWS- 1008 and the DWS-1008’s port is configured as an AP access port.
  • Page 414 • Inactive—The AeroScout Engine has not enabled, or has disabled, the tag RFID Reports report mode on the AP. Note: This field is displayed only if the rfid-mode option is enabled on the radio profile that manages the radio. D-Link DWS-1008 CLI Manual...
  • Page 415 For flag definitions, see the key in the command output. IP address of the AP. The address is assigned to the AP by a DHCP server. Note: This field is applicable only if the AP is configured on the DWS-1008 as IP Address a Distributed AP.
  • Page 416 Examples: The following command displays RF attribute information for radio 1 on the directly connected DWL-8220AP access point on port 2: DWS-1008# show auto-tune attributes ap 2 radio 1 Auto-tune attributes for port 2 radio 1: Noise: Packet Retransmission Count:...
  • Page 417 Defaults: None. Access: Enabled. Usage: For simplicity, this command displays a single entry for each D-Link radio, even if the radio is supporting multiple BSSIDs. However, BSSIDs for third-party 802.11 radios are listed separately, even if a radio is supporting more than one BSSID.
  • Page 418 Displays information about the static IP address configuration (if any) on a Distributed AP. Syntax: show dap boot-configuration dap-num Number of a Distributed AP for which to display static IP configuration dap-num information. Defaults: None. Access: Enabled. D-Link DWS-1008 CLI Manual...
  • Page 419 The IP address of the DWS-1008 that this Distributed AP is configured to use Switch IP as its boot device (if any). The name of the DWS-1008 that this Distributed AP is configured to use as its Switch Name boot device (if any).
  • Page 420 Usage: The serial-id parameter displays the active connection for the specified Distributed AP even if that AP is not configured on this DWS-1008. If you instead use the command with the dap-num parameter or without a parameter, connection information is displayed only for Distributed APs that are configured on this DWS-1008.
  • Page 421 IP address assigned by DHCP to the Distributed AP. DAP IP Address System IP address of the DWS-1008 on which the AP has an active connection. DWS-1008 IP Address This is the switch that the AP used for booting and configuration and is using for data transfer.
  • Page 422 The following table describes the fields in the display: Field Description Connection ID you assigned to the Distributed AP. Note: DAP numbers are listed only for Distributed APs configured on this DWS-1008. If the field contains a hyphen ( - ), the Distributed configuration displayed output another DWS-1008.
  • Page 423 Defaults: None. Access: Enabled. Usage: This command also displays an AP that is directly connected to an DWS-1008, if the switch port to which the AP is connected is configured as a network port instead of an AP access port, and if the network port is a member of a VLAN.
  • Page 424 Defaults: None. Access: Enabled. Usage: MSS contains a default radio profile. D-Link recommends that you do not change this profile but instead keep the profile for reference. Examples: The following command shows radio profile information for the default radio profile:...
  • Page 425 • wmm—AP forwarding queues provide standard priority handling for WMM devices. QoS Mode • svp—AP forwarding queues are optimized for SpectraLink Voice Priority (SVP). Service profiles mapped to this radio profile. Each service profile contains an Service profiles SSID and encryption information for that SSID. D-Link DWS-1008 CLI Manual...
  • Page 426 • set radio-profile max-rx-lifetime • set radio-profile max-tx-lifetime • set radio-profile mode • set radio-profile preamble-length • set radio-profile qos-mode • set radio-profile rfid-mode • set radio-profile rts-threshold • set radio-profile service-profile • set radio-profile wmm-powersave D-Link DWS-1008 CLI Manual...
  • Page 427 Syntax show service-profile {name | ?} Displays information about the named service profile. name Displays a list of service profiles. Defaults None. Access Enabled. Examples The following command displays information for service profile sp1: DWS-1008# show service-profile sp1 ssid-name: corp2 ssid-type: crypto Beacon: Proxy ARP:...
  • Page 428 SODA agent security checks. When SODA functionality is enabled, Enforce SODA checks and the DWS-1008 is configured to enforce SODA checks, then a connecting client must download the SODA agent files and pass the checks in order to gain access to the network.
  • Page 429 If no page is specified, then the client is disconnected without loading a logout page. The name of the directory for SODA agent files on the DWS-1008, if different from the default. By default, SODA agent files are stored in a directory with the Custom agent-directory same name as the service profile.
  • Page 430 These rates are supported for data transmission from the AP radios. • disabled rates—Data transmission rates that AP radios will not use to transmit data. (The radios will still accept frames from clients at disabled data rates.) D-Link DWS-1008 CLI Manual...
  • Page 431: Stp Commands

    493 show spantree backbonefast on page 506 set spantree uplinkfast on page 502 show spantree uplinkfast on page 516 Statistics show spantree statistics on page 509 clear spantree statistics on page 492 D-Link DWS-1008 CLI Manual...
  • Page 432: Clear Spantree Portcost

    Resets to the default value the priority of a network port or ports for selection as part of the path to the STP root bridge in all VLANs on a DWS-1008 switch. Syntax: clear spantree portpri port-list port-list List of ports.
  • Page 433: Clear Spantree Portvlancost

    Resets to the default value the cost of a network port or ports on paths to the STP root bridge for a specific VLAN on a DWS-1008 switch, or for all VLANs. Syntax: clear spantree portvlancost port-list {all | vlan vlan-id} port-list List of ports.
  • Page 434: Clear Spantree Statistics

    Usage: MSS does not change a port’s priority for VLANs other than the one(s) you specify. Examples: The following command resets the STP priority for port 5 in VLAN avocado: DWS-1008# clear spantree portvlanpri 5 vlan avocado success: change accepted.
  • Page 435: Set Spantree

    Enables or disables STP on one VLAN or all VLANs configured on a DWS-1008 switch. Syntax: set spantree {enable | disable} [{all | vlan vlan-id | port port-list vlan-id}] enable Enables STP. disable Disables STP. Enables or disables STP on all VLANs.
  • Page 436: Set Spantree Fwddelay

    VLAN. Defaults: The default forwarding delay is 15 seconds. Access: Enabled. Examples: The following command changes the forwarding delay on VLAN pink to 20 seconds: DWS-1008# set spantree fwddelay 20 vlan pink success: change accepted. See Also: • show spantree...
  • Page 437: Set Spantree Hello

    VLAN name or number. MSS changes the interval on only the specified VLAN. Defaults: The default hello timer interval is 2 seconds. Access: Enabled. Examples: The following command changes the hello interval for all VLANs to 4 seconds: DWS-1008# set spantree hello 4 all success: change accepted. See Also: • show spantree...
  • Page 438: Set Spantree Portcost

    Usage: This command applies only to the default VLAN (VLAN 1). To change the cost of a port in another VLAN, use the set spantree portvlancost command. Examples: The following command changes the cost on ports 3 and 4 to 20: DWS-1008# set spantree portcost 3,4 cost 20 success: change accepted. See Also: •...
  • Page 439: Set Spantree Portfast

    Changes the STP priority of a network port or ports for selection as part of the path to the STP root bridge in the default VLAN on a DWS-1008 switch. Syntax: set spantree portpri port-list priority value port-list List of ports.
  • Page 440: Set Spantree Portvlancost

    Defaults: The default port cost depends on the port speed and link type. Access: Enabled. Examples: The following command changes the cost on ports 3 and 4 to 20 in VLAN mauve: DWS-1008# set spantree portvlancost 3,4 cost 20 vlan mauve success: change accepted. See Also: •...
  • Page 441: Set Spantree Priority

    • set spantree portpri • show spantree set spantree priority Changes the STP root bridge priority of a DWS-1008 switch on one or all of its VLANs. Syntax: set spantree priority value {all | vlan vlan-id} priority value Priority value. You can specify a value from 0 through 65,535. The bridge with the lowest priority value is elected to be the root bridge for the spanning tree.
  • Page 442: Set Spantree Uplinkfast

    Usage: The uplink fast convergence feature is applicable to bridges that are acting as access switches to the network core (distribution layer) but are not in the core themselves. Do not enable the feature on DWS-1008 switches that are in the network core. Examples: The following command enables uplink fast convergence: DWS-1008# set spantree uplinkfast enable success: change accepted.
  • Page 443 Defaults: None. Access: All. Examples: The following command displays STP information for VLAN default: DWS-1008# show spantree vlan default VLAN 1 Spanning Tree Mode PVST+ Spanning Tree Type IEEE Spanning Tree Enabled Designated Root 00-02-4a-70-49-f7 Designated Root Priority 32768 Designated Root Path Cost...
  • Page 444 • STP Off—STP is disabled on the port. Cost STP cost of the port. Prio STP priority of the port. State of the uplink fast convergence feature: Portfast • Enabled • Disabled See Also: • show spantree blockedports D-Link DWS-1008 CLI Manual...
  • Page 445: Show Spantree Blockedports

    Access: All. Usage: The command lists information separately for each VLAN. Examples: The following command shows information about blocked ports on a switch for the default VLAN (VLAN 1): DWS-1008# show spantree blockedports vlan default Port Vlan Port-State Cost Prio...
  • Page 446: Show Spantree Portfast

    List of ports. If you do not specify any ports, MSS displays uplink fast convergence information for all ports. Defaults: None. Access: All. Examples: The following command shows uplink fast convergence information for all ports: DWS-1008# show spantree portfast Port Vlan Portfast ---------------------------------------...
  • Page 447: Show Spantree Portvlancost

    List of ports. Defaults: None. Access: All. Examples: The following command shows the STP port cost of port 1: DWS-1008# show spantree portvlancost 1 port 1 VLAN 1 have path cost 19 See Also: • clear spantree portcost • clear spantree portvlancost •...
  • Page 448 Examples: The following command shows STP statistics for port 1: DWS-1008# show spantree statistics 1 BPDU related parameters Port 1 VLAN 1 spanning tree enabled for VLAN = 1 port spanning tree enabled state Forwarding port_id 0x8015 port_number 0x15 path cost...
  • Page 449 STP port ID. port_number STP port number. Cost to use this port to reach the root bridge. This is part of the total path cost path cost (designated cost). D-Link DWS-1008 CLI Manual...
  • Page 450 STP priority of this switch. bridge MAC address MAC address of this switch. Value of the hello timer interval, in seconds, when this switch is the root or is bridge hello time attempting to become the root. D-Link DWS-1008 CLI Manual...
  • Page 451: Show Spantree Uplinkfast

    Displays uplink fast convergence information for one VLAN or all VLANs. Syntax: show spantree uplinkfast [vlan vlan-id] vlan vlan-id VLAN name or number. If you do not specify a VLAN, MSS displays STP statistics for all VLANs. Defaults: None. Access: All. D-Link DWS-1008 CLI Manual...
  • Page 452 Examples: The following command shows uplink fast convergence information for all VLANs: DWS-1008# show spantree uplinkfast VLAN port list ----------------------------------------- 1(fwd),2,3 The table below describes the fields in this display. Field Description VLAN VLAN number. Ports in the uplink group. The port that is forwarding traffic is indicated by fwd. The other ports port list are blocking traffic.
  • Page 453: Igmp Snooping Commands

    452 show igmp mrouter on page 462 Multicast Receivers set igmp receiver on page 458 show igmp receiver-table on page 465 Statistics show igmp statistics on page 466 clear igmp statistics on page 451 D-Link DWS-1008 CLI Manual...
  • Page 454: Clear Igmp Statistics

    VLANs. Defaults: IGMP snooping is enabled on all VLANs by default. Access: Enabled. Examples: The following command disables IGMP snooping on VLAN orange: DWS-1008# set igmp disable vlan orange success: change accepted. See Also: • show igmp...
  • Page 455: Set Igmp Lmqi

    Defaults: The default last member query interval is 10 tenths of a second (1 second). Access: Enabled. Examples: The following command changes the last member query interval on VLAN orange to 5 tenths of a second: DWS-1008# set igmp lmqi 5 vlan orange success: change accepted. See Also: • set igmp oqi •...
  • Page 456: Set Igmp Mrsol

    However, MSS can dynamically add these port types to the list of multicast ports based on multicast traffic. Examples: The following command adds port 5 as a static multicast router port: DWS-1008# set igmp mrouter port 5 enable success: change accepted. The following command removes port 5 from the static multicast router port list: DWS-1008# set igmp mrouter port 5 disable success: change accepted.
  • Page 457: Set Igmp Mrsol Mrsi

    Defaults: The interval between multicast router solicitations is 30 seconds by default. Access: Enabled. Examples: The following example changes the multicast router solicitation interval to 60 seconds: DWS-1008# set igmp mrsol mrsi 60 success: change accepted. See Also: • set igmp mrsol set igmp oqi Changes the IGMP other-querier-present interval timer on one VLAN or all VLANs on a switch.
  • Page 458 Examples: The following command changes the other-querier-present interval on VLAN orange to 200 seconds: DWS-1008# set igmp oqi 200 vlan orange success: change accepted. See Also: • set igmp lmqi • set igmp qi • set igmp qri • set igmp querier •...
  • Page 459 Examples: The following command changes the query interval on VLAN orange to 100 seconds: DWS-1008# set igmp qi 100 vlan orange success: change accepted. See Also: • set igmp lmqi •...
  • Page 460: Set Igmp Qri

    To enable the pseudo-querier feature, use set igmp querier. Examples: The following command changes the query response interval on VLAN orange to 50 tenths of a second (5 seconds): DWS-1008# set igmp qri 50 vlan orange success: change accepted. See Also: •...
  • Page 461: Set Igmp Querier

    Enables or disables the IGMP pseudo-querier on a DWS-1008 switch, on one VLAN or all VLANs. Syntax: set igmp querier {enable | disable} [vlan vlan-id] enable Enables the pseudo-querier. disable Disables the pseudo-querier. vlan vlan-id VLAN name or number. If you do not specify a VLAN, the pseudo-querier is enabled or disabled on all VLANs.
  • Page 462 • show igmp receiver-table set igmp rv Changes the robustness value for one VLAN or all VLANs on a DWS-1008 switch. Robustness adjusts the IGMP timers to the amount of traffic loss that occurs on the network. Syntax: set igmp rv num [vlan vlan-id] Robustness value.
  • Page 463: Show Igmp

    VLAN name or number. If you do not specify a VLAN, MSS displays IGMP information for all VLANs. Defaults: None. Access: All. Examples: The following command displays IGMP information for VLAN orange: DWS-1008# show igmp vlan orange VLAN: orange IGMP is enabled Proxy reporting is on Mrouter solicitation is on...
  • Page 464 How the switch learned that the port is a multicast router port: • conf — Static multicast port configured by an administrator • madv—Multicast advertisement • quer—IGMP query Type • dvmrp—Distance Vector Multicast Routing Protocol (DVMRP) • pimv1—Protocol Independent Multicast (PIM) version 1 • pimv2—PIM version 2 D-Link DWS-1008 CLI Manual...
  • Page 465: Show Igmp Mrouter

    Displays the multicast routers in a switch’s subnet, on one VLAN or all VLANs. Routers are listed separately for each VLAN, according to the port number through which the switch can reach the router. Syntax: show igmp mrouter [vlan vlan-id] D-Link DWS-1008 CLI Manual...
  • Page 466 VLAN name or number. If you do not specify a VLAN, MSS displays the multicast routers in all VLANs. Defaults: None. Access: All. Examples: The following command displays the multicast routers in VLAN orange: DWS-1008# show igmp mrouter vlan orange Multicast routers for vlan orange Port Mrouter-IPaddr Mrouter-MAC...
  • Page 467: Show Igmp Querier

    VLAN name or number. If you do not specify a VLAN, MSS displays querier information for all VLANs. Defaults: None. Access: Enabled. Examples: The following command displays querier information for VLAN orange: DWS-1008# show igmp querier vlan orange Querier for vlan orange Port Querier-IP Querier-MAC --------------------------------------------------------------------- 193.122.135.178...
  • Page 468 (for example, 239.20.20.10/24). If you do not specify a group address, MSS displays the multicast receivers for all groups. Defaults: None. Access: All. Examples: The following command displays all multicast receivers in VLAN orange: DWS-1008# show igmp receiver-table vlan orange VLAN: orange Session Port Receiver-IP Receiver-MAC ---------------------------------------------------------------------------------------- 224.0.0.2...
  • Page 469: Show Igmp Statistics

    The following command lists all receivers for multicast groups 237.255.255.1 through 237.255.255.255, in all VLANs: DWS-1008# show igmp receiver-table group 237.255.255.0/24 VLAN: red Session Port Receiver-IP Receiver-MAC --------------------------------------------------------------------------------------- 237.255.255.2 10.10.20.19 00:02:04:06:09:0d 112 237.255.255.119 10.10.30.31 00:02:04:06:01:0b 112 VLAN: green Session Port...
  • Page 470 Examples: The following command displays IGMP statistics for VLAN orange: DWS-1008# show igmp statistics vlan orange IGMP statistics for vlan orange: IGMP message type Received Transmitted Dropped ------------------------------------------------------------------------------------------------- General-Queries GS-Queries Report V1 Report V2 Leave Mrouter-Adv Mrouter-Term Mrouter-Sol DVMRP PIM V1...
  • Page 471 Number of packets with an invalid length. Packets with bad IGMP checksum Number of packets with an invalid IGMP checksum value. Packets dropped Number of multicast packets dropped by the switch. See Also: • clear igmp statistics D-Link DWS-1008 CLI Manual...
  • Page 472: Security Acl Commands

    (CoS) to define the priority of treatment for packet filtering. (Security ACLs are different from the location policy on a DWS-1008 switch, which helps you locally control user access. This chapter presents security ACL commands alphabetically. Use the following table to locate commands in this chapter based on their use.
  • Page 473: Clear Security Acl

    133 in the edit buffer, commit the deletion to the running configuration, and redisplay the ACL configuration to show that it no longer contains acl_133: DWS-1008# show security acl info all ACL information for all set security acl ip acl_133 (hits #1 0) --------------------------------------------------------- 1.
  • Page 474: Clear Security Acl Map

    DWS-1008# show security acl info all ACL information for all set security acl ip acl_134 (hits #3 0) --------------------------------------------------------- 1. permit IP source IP 192.168.0.1 0.0.0.0 destination IP any enable-hits set security acl ip acl_135 (hits #2 0) --------------------------------------------------------- 1. deny IP source IP 192.168.1.1 0.0.0.0 destination IP any enable-hits See Also: •...
  • Page 475: Commit Security Acl

    Examples: To clear the mapping of security ACL acljoe from port 4 for incoming packets, type the following command: DWS-1008# clear security acl map acljoe port 4 in clear mapping accepted To clear all physical ports, virtual ports, and VLANs on a switch of the ACLs mapped for incoming...
  • Page 476 ACL table Type Class Mapping ------------------------------------------------- acl_123 Static acl_124 Static DWS-1008# show security acl info all editbuffer acl editbuffer information for all See Also: • clear security acl • rollback security acl • set security acl • show security acl •...
  • Page 477: Rollback Security Acl

    Examples: The following commands show the edit buffer before a rollback, clear any changes in the edit buffer to security acl_122, and show the edit buffer after the rollback: DWS-1008# show security acl info all editbuffer ACL edit-buffer information for all...
  • Page 478: Set Security Acl

    {permit [cos cos] | deny} udp {source-ip-addr mask | any [operator port [port2]]} {destination-ip-addr mask | any [operator port [port2]]} [[precedence precedence] [tos tos] | [dscp codepoint]] [before editbuffer-index | modify editbuffer-index] [hits] D-Link DWS-1008 CLI Manual...
  • Page 479 • Numbers 0 through 9 • Hyphen (-), underscore (_), and period (.) D-Link recommends that you do not use the same name with different capitalizations for ACLs. For example, do not configure two separate ACLs with the names acl_123 and ACL_123.
  • Page 480 15. For example, a tos value of 9 filters packets with the TOS levels minimum delay (8) and minimum monetary cost (1). • 8—minimum delay • 4—maximum throughput • 2—maximum reliability • 1—minimum monetary cost • 0—normal D-Link DWS-1008 CLI Manual...
  • Page 481 Examples: The following command adds an ACE to security acl_123 that permits packets from IP address 192.168.1.11/24 and counts the hits: DWS-1008# set security acl ip acl_123 permit 192.168.1.11 0.0.0.255 hits The following command adds an ACE to acl_123 that denies packets from IP address 192.168.2.11:...
  • Page 482: Set Security Acl Map

    IP address 192.168.0.1 to destination IP address 192.168.0.2 for established sessions only, and counts the hits: DWS-1008# set security acl ip acl_125 deny tcp 192.168.0.1 0.0.0.0 192.168.0.2 0.0.0.0 established hits The following command adds an ACE to acl_125 that denies TCP packets from source IP address 192.168.1.1 to destination IP address 192.168.1.2, on destination port 80 only, and counts the...
  • Page 483 MSS applies only the first ACL match and ignores any other matches. Examples: The following command maps security ACL acl_133 to port 4 for incoming packets: DWS-1008 set security acl map acl_133 port 4 in success: change accepted.
  • Page 484 Examples: The first command sets MSS to sample ACL hits every 15 seconds. The second and third commands display the results. The results show that 916 packets matching security acl_153 were sent since the ACL was mapped. DWS-1008# set security acl hit-sample-rate 15 DWS-1008# show security acl info acl_153 ACL information for acl_153...
  • Page 485 To list all committed ACLs, use the show security acl info command. To list ACLs that have not yet been committed, use the show security acl editbuffer command. Examples: To display a summary of the mapped security ACLs on a DWS-1008 switch, type the following command:...
  • Page 486 IP Not committed To view details about these uncommitted ACLs, type the following command. DWS-1008# show security acl info all editbuffer ACL edit-buffer information for all set security acl ip acl-111 (ACEs 3, add 3, del 0, modified 2) ---------------------------------------------------- 1.
  • Page 487 Usage: For MSS to count hits for a security ACL, you must specify hits in the set security acl commands that define ACE rules for the ACL. Examples: To display the security ACL hits on a switch, type the following command: DWS-1008# show security acl hits ACL hit-counters Index Counter...
  • Page 488 The following command displays the contents of acl_123 in the edit buffer, including the committed ACE rules 1 and 2 and the uncommitted rule 3: DWS-1008# show security acl info acl_123 editbuffer ACL edit-buffer information for acl_123 set security acl ip acl_123 (ACEs 3, add 3, del 0, modified 0) --------------------------------------------------------- 1.
  • Page 489 Displays statistics about the resources used by security ACL filtering on the switch. Syntax: show security acl resource-usage Defaults: None. Access: Enabled. Usage: Use this command with the help of D-Link Technical Support to diagnose an ACL resource problem. D-Link DWS-1008 CLI Manual...
  • Page 490 Examples To display security ACL resource usage, type the following command: DWS-1008# show security acl resource-usage ACL resources Classifier tree counters ------------------------------- Number of rules: Number of leaf nodes: Stored rule count: Leaf chain count: Longest leaf chain: Number of non-leaf nodes:...
  • Page 491 Leaf buffer allocation: • True - Enough primary leaf buffers are allocated in nonvolatile memory to accommodate Root in first all leaves. • False - Insufficient primary leaf buffers are allocated in nonvolatile memory to accommodate all leaves. D-Link DWS-1008 CLI Manual...
  • Page 492 • True—No security ACLs are mapped to virtual ports. • False—Security ACLs are mapped to virtual ports. Packets with bad IGMP checksum Number of packets with an invalid IGMP checksum value. Packets dropped Number of multicast packets dropped by the switch. D-Link DWS-1008 CLI Manual...
  • Page 493: Trace Commands

    MSS allows, type the set trace ? command. Caution: Using the set trace command can have adverse effects on system performance. D-Link recommends that you use the lowest levels possible for initial trace commands, and slowly increase the levels to get the data you need.
  • Page 494: Clear Trace

    • sm—Ends a session manager trace all Ends all trace processes. Defaults: None. Access: Enabled. Examples: To clear all trace processes, type the following command: DWS-1008# clear trace all success: clear trace all To clear the session manager trace, type the following command: DWS-1008# clear trace sm...
  • Page 495: Save Trace

    If you do not specify a level, level 5 is the default. Defaults: The default trace level is 5. Access: Enabled. Examples: The following command starts a trace for information about user jose’s authentication: DWS-1008# set trace authentication user jose success: change accepted. D-Link DWS-1008 CLI Manual...
  • Page 496: Set Trace Authorization

    Defaults: The default trace level is 5. Access: Enabled. Examples: The following command starts a trace for information for authorization for MAC address 00:01:02:03:04:05: DWS-1008# set trace authorization mac-addr 00:01:02:03:04:05 success: change accepted. See Also: • clear trace • show trace set trace dot1x Traces 802.1X sessions.
  • Page 497: Set Trace Sm

    Defaults: The default trace level is 5. Access: Enabled. Examples: The following command starts a trace for the 802.1X sessions for MAC address 00:01:02:03:04:05: DWS-1008# set trace dot1x mac-addr 00:01:02:03:04:05: success: change accepted. See Also: • clear trace • show trace set trace sm Traces session manager activity.
  • Page 498: Show Trace

    Defaults: The default trace level is 5. Access: Enabled. Examples: Type the following command to trace session manager activity for MAC address 00:01:02:03:04:05: DWS-1008# set trace sm mac-addr 00:01:02:03:04:05: success: change accepted. See Also: • clear trace • show trace...
  • Page 499: Snoop Commands

    Deletes a snoop filter. Syntax: clear snoop filter-name filter-name Name of the snoop filter. Defaults: None. Access: Enabled. Examples: The following command deletes snoop filter snoop1: DWS-1008# clear snoop snoop1 See Also: • set snoop • show snoop info D-Link DWS-1008 CLI Manual...
  • Page 500: Clear Snoop Map

    Access: Enabled. Examples: The following command removes snoop filter snoop2 from radio 2 on Distributed AP 3: DWS-1008# clear snoop map snoop2 dap 3 radio 2 success: change accepted. The following command removes all snoop filter mappings from all radios: DWS-1008# clear snoop map all success: change accepted.
  • Page 501 Specifies the maximum number of bytes to capture. If you do not specify a length, the entire packet is copied and sent to the observer. D-Link recommends specifying a snap length of 100 bytes or less. Defaults: No snoop filters are configured by default.
  • Page 502 MAC address aa:bb:cc:dd:ee:ff and the device with MAC address 11:22:33:44:55:66, and copies the traffic to the device that has IP address 10.10.30.3: DWS-1008# set snoop snoop2 frame-type eq data mac-pair aa:bb:cc:dd:ee:ff 11:22:33:44:55:66 observer 10.10.30.3 snap-length 100 See Also: •...
  • Page 503: Set Snoop Map

    If the filter does not have an observer, the AP still maintains a counter of the number of packets that match the filter. Examples: The following command maps snoop filter snoop1 to radio 2 on Distributed AP 3: DWS-1008# set snoop map snoop1 dap 3 radio 2 success: change accepted. See Also: •...
  • Page 504: Set Snoop Mode

    AP or the switch is restarted. You must reenable the filter to place it back into effect. Examples: The following command enables snoop filter snoop1, and configures the filter to stop after 5000 packets match the filter: DWS-1008# set snoop snoop1 mode enable stop-after 5000 success: filter ‘snoop1’ enabled See Also: • show snoop •...
  • Page 505 Usage: To display the mappings for a specific AP radio, use the show snoop map command. Examples: The following command shows the AP radio mappings for all snoop filters configured on a DWS-1008 switch: DWS-1008# show snoop Dap: 3 Radio: 2...
  • Page 506 Access: Enabled. Usage: To display the mappings for all snoop filters, use the show snoop command. Examples: The following command shows the mapping for snoop filter snoop1: DWS-1008# show snoop map snoop1 filter ‘snoop1’ mapping Dap: 3 Radio: 2 See Also: •...
  • Page 507 Stop-After • stopped—disabled • number-of-packets—If the filter is running and the stop-after option was used to stop the filter, this field displays the number of packets that still need to match before the filter is stopped. D-Link DWS-1008 CLI Manual...
  • Page 508: System Log Commands

    Access: Enabled. Examples: To stop sending system logging messages to a server at 192.168.253.11, type the following command: DWS-1008# clear log server 192.168.253.11 success: change accepted. Type the following command to clear all messages from the log buffer: DWS-1008# clear log buffer success: change accepted.
  • Page 509: Set Log

    Enables or disables logging of DWS-1008 and AP events to the log buffer or other logging destination and sets the level of the events logged. For logging to a syslog server only, you can also set the facility logged.
  • Page 510 Examples: To log only emergency, alert, and critical system events to the console, type the following command: DWS-1008# set log console severity critical enable success: change accepted. See Also: • show log config •...
  • Page 511: Set Log Mark

    Configures MSS to generate mark messages at regular intervals. The mark messages indicate the current system time and date. D-Link can use the mark messages to determine the approximate time when a system restart or other event causing a system outage occurred.
  • Page 512 • warning—A possible problem exists. • notice—Events that potentially can cause system problems have occurred. These are logged for diagnostic purposes. No action is required. • info—Informational messages only. No problem exists. • debug—Output from debugging. Defaults: None. Access: Enabled. D-Link DWS-1008 CLI Manual...
  • Page 513: Show Log Config

    Usage: The debug level produces a lot of messages, many of which can appear to be somewhat cryptic. Debug messages are used primarily by D-Link for troubleshooting and are not intended for administrator use. Examples: Type the following command to see the facilities for which you can view event...
  • Page 514 • warning—A possible problem exists. • notice—Events that potentially can cause system problems have occurred. These are logged for diagnostic purposes. No action is required. • info—Informational messages only. No problem exists. • debug—Output from debugging. Defaults: None. Access: Enabled. D-Link DWS-1008 CLI Manual...
  • Page 515 TUNNEL, VLAN, X509, XML, AP, RAPDA, WEBVIEW, EAP, PORTCONFIG, FP. The following command displays the newest five trace log entries for the ROGUE facility: DWS-1008# show log trace +5 facility ROGUE ROGUE Oct 28 16:30:19.695141 ERROR ROGUE_AP_ALERT: Xmtr Mac 01:0b:0e:ff:00:3b Po...
  • Page 516: Boot Prompt Commands

    Caution: Generally, boot prompt commands are used only for troubleshooting. D-Link recommends that you use these commands only when working with D-Link to diagnose a system issue. In particular, commands that change boot parameters can interfere with a switch’s ability to boot successfully.
  • Page 517 Displays or changes the state of the autoboot option. The autoboot option controls whether a DWS-1008 switch automatically boots a system image after initializing the hardware, following a system reset or power cycle. Syntax: autoboot [ON | on | OFF | off] Enables the autoboot option.
  • Page 518 FL=num Number representing the bit settings of boot flags to pass to the booted system image. Use this parameter only if advised to do so by D-Link. OPT=option String up to 128 bytes of boot options to pass to the booted system image instead of the boot option(s) in the currently active boot profile.
  • Page 519 Are you sure that you want to proceed? (y/n)y BOOT TYPE: [c]> n DEVICE: [boot0:]> emac1 FILENAME: [default]> bootfile HOST IP: [0.0.0.0]> 172.16.0.1 LOCAL IP: [0.0.0.0]> 172.16.0.21 GATEWAY IP: [0.0.0.0]> 172.16.0.20 IP MASK: [0.0.0.0]> 255.255.255.0 FLAGS: [0x00000000]> OPTIONS: [run=nos;boot=0]> D-Link DWS-1008 CLI Manual...
  • Page 520 Access: Boot prompt. Usage: A DWS-1008 switch can have up to four boot profiles. The boot profiles are stored in slots, numbered 0 through 3. When you create a new profile, the system uses the next available slot for the profile. If all four slots already contain profiles and you try to create a fifth profile, the switch displays a message advising you to change one of the existing profiles instead.
  • Page 521 DCHP to obtain its IP address when it is booted using a TFTP server. Syntax: dhcp [ON | on | OFF | off] Enables the DHCP option. Same effect as ON. Disables the DHCP option. Same effect as OFF. D-Link DWS-1008 CLI Manual...
  • Page 522 Usage: Access to the diagnostic mode requires a password, which is not user configurable. Use this mode only if advised to do so by D-Link. Displays the boot code and system image files on a DWS-1008 switch. Syntax: dir [c: | d: | e: | f: | boot0 | boot1] Nonvolatile storage area containing boot partition 0 (primary).
  • Page 523 • fver • version fver Displays the version of a system image file installed in a specific location on a DWS-1008 switch. Syntax: fver {c: | d: | e: | f: | boot0: | boot1:} [filename] Nonvolatile storage area containing boot partition 0 (primary).
  • Page 524 Examples: The following command displays detailed information for the fver command: boot> help fver fver Display the version of the specified device:filename. USAGE: fver [c:file|d:file|e:file|f:file|boot0:file|boot1:file|boot2:file|boot3:file] Command to display the version of the compressed image file associated with the given device:filename. See Also: • ls D-Link DWS-1008 CLI Manual...
  • Page 525 Display the version of the loadable image specified by device:filename. version Display HW and Bootstrap/Bootloader version information. reset Reset the system. test Display the state of, enable, or disable the tests option. diag Access the diagnostic command CLI. See Also: • help D-Link DWS-1008 CLI Manual...
  • Page 526 Defaults: None. Access: Boot prompt. Usage: A DWS-1008 switch contains 4 boot profile slots, numbered 0 through 3. This command activates the boot profile in the next slot, in ascending numerical order. If the currently active slot is 3, the command activates the boot profile in slot 0.
  • Page 527 Resets a DWS-1008 switch’s hardware. Syntax: reset Defaults: None. Access: Boot prompt. Usage: After resetting the hardware, the reset command attempts to load a system image file only if other boot settings are configured to do so. Examples: To immediately reset the system, type the following command at the boot prompt: boot>...
  • Page 528 • Options—String up to 128 bytes of boot options to pass to the booted system image A DWS-1008 switch can have up to four boot profiles, numbered 0 through 3. Only one boot profile can be active at a time. You can create, change, and delete boot profiles. You also can activate another boot profile in place of the currently active one.
  • Page 529 Number representing the bit settings of boot flags to pass to the booted system FLAGS image. OPTIONS String up to 128 bytes of boot options to pass to the booted system image. See Also: • change • create • delete • dhcp • next D-Link DWS-1008 CLI Manual...
  • Page 530 Displays version information for a switch’s hardware and boot code. Syntax: version Defaults: None. Access: Boot prompt. Usage: This command does not list the system image file versions installed in the boot partitions. To display system image file versions, use the dir or fver command. D-Link DWS-1008 CLI Manual...
  • Page 531 Version 1.6.5 Release Bootstrap 0 version: 1.17 Active Bootloader 0 version: 1.6.5 Active Bootstrap 1 version: 1.17 Bootloader 1 version: 1.6.3 Board Revision: Controller Revision: POE Board Revision: POE Controller Revision: See Also: • dir • fver D-Link DWS-1008 CLI Manual...