Hide thumbs Also See for DWS-4000 Series:
Table of Contents

Quick Links

CLI Command Reference
Product Model:
Unified Wired & Wireless Access System
Release 1.0
December 2009
DWS-4000 Series
DWL-8600AP
©Copyright 2009. All rights reserved.
Table of Contents
loading

Summary of Contents for D-Link DWS-4000 Series

  • Page 1 CLI Command Reference DWS-4000 Series Product Model: DWL-8600AP Unified Wired & Wireless Access System Release 1.0 December 2009 ©Copyright 2009. All rights reserved.
  • Page 2 D-Link Unified Switch CLI Command Reference FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
  • Page 3: Table Of Contents

    ABLE OF ONTENTS Section 1: About This Document ..................1 Audience ............................... 1 About Unified Switch Software ........................1 Scope..............................1 Product Concept ............................. 1 Section 2: Using the Command-Line Interface ..............3 Command Syntax ............................3 Command Conventions ..........................4 Common Parameter Values ........................
  • Page 4 Unified Switch Commands ........................200 Unified Switch Channel and Power Commands ..................227 Peer Unified Switch Commands......................234 Local Access Point Database Commands .....................237 Wireless Network Commands .........................244 Access Point Profile Commands ......................261 Access Point Profile RF Commands.......................266 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 5 Access Point Profile QoS Commands....................282 Access Point Profile VAP Commands....................286 WS Managed Access Point Commands....................287 Access Point Failure Status Commands ....................305 RF Scan Access Point Status Commands..................... 307 Client Association Status and Statistics Commands ................311 Client Failure and Ad Hoc Status Commands ..................
  • Page 6 Configuration Scripting Commands .......................517 Pre-login Banner and System Prompt Commands ................519 Section 10: Unified Switch Log Messages..............521 Core................................521 Utilities...............................523 Management..............................525 Switching..............................527 QoS ................................532 Routing ..............................533 Technologies.............................534 O/S Support...............................536 Section 11: List of Commands..................539 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 7 IST OF ABLES Table 1: Parameter Conventions ........................4 Table 2: Parameter Descriptions ........................4 Table 3: Type of Slots............................5 Table 4: Type of Ports ............................. 5 Table 5: CLI Command Modes........................6 Table 6: CLI Mode Access and Exit......................... 7 Table 7: CLI Error Messages...........................
  • Page 8 Table 47: Routing Table Manager Log Messages ..................533 Table 48: VRRP Log Messages ........................533 Table 49: ARP Log Message .........................534 Table 50: RIP Log Message...........................534 Table 51: Driver Error Messages ........................534 Table 52: OSAPI VxWorks Log Messages ....................536 © 2009 D-Link Corporation. All Rights Reserved viii...
  • Page 9: Section 1: About This Document

    About This Document S e c t io n 1 : A b o ut Th i s D o c u m e n t This document describes command-line interface (CLI) commands you use to view and configure Unified Switch software. You can access the CLI by using a direct connection to the serial port or by using telnet or SSH over a remote network connection.
  • Page 10 Each of the Unified Switch management methods enables you to configure, manage, and control the software locally or remotely using in-band or out-of-band mechanisms. Management is standards-based, with configuration parameters and a private MIB providing control for functions not completely specified in the MIBs. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 11: Section 2: Using The Command-Line Interface

    [gateway] is an optional parameter, so you are not required to enter a value in place of the parameter. The D-Link Unified Switch CLI Command Reference lists each command by the command name and provides a brief description of the command. Each command reference also contains the following information: •...
  • Page 12: Command Conventions

    (LAG). You can use the logical slot/port to configure the port-channel. Character strings Use double quotation marks to identify character strings, for example, “System Name with Spaces”. An empty string (“”) is not valid. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 13: Slot/Port Naming Convention

    Slot/Port Naming Convention AMING ONVENTION Unified Switch software references physical entities such as cards and ports by using a slot/port naming convention. The Unified Switch software also uses this convention to identify certain logical entities, such as Port-Channel interfaces. The slot number has two uses. In the case of physical ports, it identifies the card containing the ports. In the case of logical and CPU ports it also identifies the type of interface or port.
  • Page 14: Unified Switch Modules

    DHCP Pool Config Contains the DHCP server IP address pool configuration DWS-4026 (Config dhcp-pool)# commands. Wireless Config Mode Contains global WLAN switch configuration commands and DWS-4026 (Config-wireless)# provides access to other WLAN command modes. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 15: Table 6: Cli Mode Access And Exit

    Command Modes Table 5: CLI Command Modes (Cont.) Command Mode Prompt Mode Description AP Config Mode Contains commands to configure entries in the local AP database, DWS-4026 (Config-ap)# which is used for AP validation. AP Profile Config Mode Contains commands to configure the default AP profile settings as DWS-4026 (Config-ap-profile)# well as settings for new AP profile.
  • Page 16: Command Completion And Abbreviation

    Command abbreviation allows you to execute a command when you have entered there are enough letters to uniquely identify the command. You must enter all of the required keywords and parameters before you enter the command. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 17: Cli Error Messages

    CLI Error Messages CLI E RROR ESSAGES If you enter a command and the system is unable to execute it, an error message appears. Table 7 describes the most common CLI error messages. Table 7: CLI Error Messages Message Text Description Indicates that you entered an incorrect or unavailable command.
  • Page 18: Using Cli Help

    You can also enter a question mark (?) after typing one or more characters of a word to list the available command or parameters that begin with the letters, as shown in the following example: (DWS-4026) #show m? mac-addr-table mac-address-table monitor © 2009 D-Link Corporation. All Rights Reserved...
  • Page 19: Accessing The Cli

    Accessing the CLI CCESSING THE You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote management host. For the initial connection, you must use a direct connection to the console port. You cannot access the system remotely until the system has an IP address, subnet mask, and default gateway.
  • Page 20 D-Link Unified Switch CLI Command Reference © 2009 D-Link Corporation. All Rights Reserved...
  • Page 21: Section 3: Switching Commands

    Switching Commands Se ction 3 : Switching Comm ands This section describes the switching commands available in the Unified Switch CLI. The Switching Commands section includes the following sections: • “Port Configuration Commands” on page 14 • “Spanning Tree Protocol Commands” on page 18 •...
  • Page 22: Port Configuration Commands

    This command enables automatic negotiation on all ports. Default enabled Format auto-negotiate all Mode Global Config no auto-negotiate all This command disables automatic negotiation on all ports. Format no auto-negotiate all Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 23 Port Configuration Commands description Use this command to create an alpha-numeric description of the port. Format description Mode Interface Config Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or egress the interface.
  • Page 24 This command sets the speed and duplex setting for all interfaces. Format speed all {<100 | 10> } Mode Global Config Acceptable Values Definition 100h 100BASE-T half duplex 100f 100BASE-T full duplex 10BASE-T half duplex 10BASE-T full duplex © 2009 D-Link Corporation. All Rights Reserved...
  • Page 25 Port Configuration Commands show port This command displays port information. Format show port { | all} Mode Privileged EXEC Term Definition Interface Valid slot and port number separated by a forward slash. Type If not blank, this field indicates that this port is a special type of port. The possible values are: •...
  • Page 26: Spanning Tree Protocol Commands

    Use this command to disable BPDU Filter on the interface. Default disabled Format no spanning-tree bpdufilter Mode Interface Config spanning-tree bpdufilter default Use this command to enable BPDU Filter on all the edge port interfaces. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 27 Spanning Tree Protocol Commands Default disabled Format spanning-tree bpdufilter Mode Global Config no spanning-tree bpdufilter default Use this command to disable BPDU Filter on all the edge port interfaces. Default disabled Format no spanning-tree bpdufilter default Mode Global Config spanning-tree bpduflood Use this command to enable BPDU Flood on the interface.
  • Page 28 This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value. Format no spanning-tree configuration revision Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 29 Spanning Tree Protocol Commands spanning-tree edgeport This command specifies that this port is an Edge Port within the common and internal spanning tree. This allows this port to transition to Forwarding State without delay. Format spanning-tree edgeport Mode Interface Config no spanning-tree edgeport This command specifies that this port is not an Edge Port within the common and internal spanning tree.
  • Page 30 6 to 40, with the value being less than or equal to 2 x (Bridge Forward Delay - 1) . Default Format spanning-tree max-age <6-40> Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 31 Spanning Tree Protocol Commands no spanning-tree max-age This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value. Format no spanning-tree max-age Mode Global Config spanning-tree max-hops This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. The max- hops value is a range from 1 to 127.
  • Page 32 If you specify 0 (defined as the default CIST ID) as the , this command sets the Bridge Priority parameter to a new value for the common and internal spanning tree. The bridge priority value is a number within a range of 0 to 61440. The © 2009 D-Link Corporation. All Rights Reserved...
  • Page 33 Spanning Tree Protocol Commands twelve least significant bits are masked according to the 802.1s specification. This causes the priority to be rounded down to the next lower valid priority. Default 32768 Format spanning-tree mst priority <0-61440> Mode Global Config no spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance to the default value.
  • Page 34 Value of the Root Path Cost parameter for the common and internal spanning tree. Root Port Identifier Identifier of the port to access the Designated Root for the CST Root Port Max Age Derived value. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 35 Spanning Tree Protocol Commands Term Definition Root Port Bridge Derived value. Forward Delay Hello Time Configured value of the parameter for the CST. Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs). Bridge Max Hops Bridge max-hops count for the device.
  • Page 36 Each enabled MST Bridge Port receives a Port Role for each spanning tree. The port role is one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master Port or Disabled Port © 2009 D-Link Corporation. All Rights Reserved...
  • Page 37 Spanning Tree Protocol Commands Term Definition Auto-Calculate Indicates whether auto calculation for port path cost is enabled. Port Path Cost Port Path Cost Configured value of the Internal Port Path Cost parameter. Designated Root The Identifier of the designated root for this port. Root Path Cost The path cost to get to the root bridge for this instance.
  • Page 38 The role of the specified port within the spanning tree. Desc Indicates whether the port is in loop inconsistent state or not. This field is blank if the loop guard feature is not available. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 39 Spanning Tree Protocol Commands show spanning-tree mst summary This command displays summary information about all multiple spanning tree instances in the switch. On execution, the following details are displayed. Format show spanning-tree mst summary Mode • Privileged EXEC • User EXEC Term Definition MST Instance ID...
  • Page 40: Vlan Commands

    This command configures the Management VLAN ID. Default Format network mgmt_vlan <1-3965> Mode Privileged EXEC no network mgmt_vlan This command sets the Management VLAN ID to the default. Format no network mgmt_vlan Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 41 VLAN Commands vlan This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-3965. Format vlan <2-3965> Mode VLAN Config no vlan This command deletes an existing VLAN.
  • Page 42 Options include The interface is always a member of this VLAN. This is equivalent to registration fixed. exclude The interface is never a member of this VLAN. This is equivalent to registration forbidden. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 43 VLAN Commands Participation Definition Options auto The interface is dynamically registered in this VLAN by GVRP. The interface will not participate in this VLAN unless a join request is received on this interface. This is equivalent to registration normal. vlan participation all This command configures the degree of participation for all interfaces in a VLAN.
  • Page 44 This command configures the tagging behavior for all interfaces in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Format vlan port tagging all <1-3965> Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 45 VLAN Commands no vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Format no vlan port tagging all Mode Global Config...
  • Page 46 Global Config no protocol vlan group all This command removes all interfaces from this protocol-based VLAN group that is identified by this . Format no protocol vlan group all Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 47 VLAN Commands vlan pvid This command changes the VLAN ID per interface. Default Format vlan pvid <1-3965> Mode Interface Config no vlan pvid This command sets the VLAN ID per interface to 1. Format no vlan pvid Mode Interface Config vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to enabled.
  • Page 48 • Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 49 VLAN Commands Term Definition Tagging The tagging behavior for this port in this VLAN. • Tagged - Transmit traffic for this VLAN as tagged frames. • Untagged - Transmit traffic for this VLAN as untagged frames. show vlan brief This command displays a list of all configured VLANs. Format show vlan brief Mode...
  • Page 50 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes. VLAN ID There is a VLAN Identifier (VID) associated with each VLAN. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 51: Double Vlan Commands

    Double VLAN Commands VLAN C OUBLE OMMANDS This section describes the commands you use to configure double VLAN (DVLAN). Double VLAN tagging is a way to pass VLAN traffic from one customer domain to another through a Metro Core in a simple and cost effective manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving the VLAN identification of the individual customers when they enter their own 802.1Q domain.
  • Page 52 0x88A8. If EtherType is not one of these two values, then it is a custom tunnel value, representing any value in the range of 0 to 65535. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 53: Voice Vlan Commands

    Voice VLAN Commands VLAN C OICE OMMANDS This section describes the commands you use for Voice VLAN. Voice VLAN enables switch ports to carry voice traffic with defined priority so as to enable separation of voice and data traffic coming onto the port. The benefits of using Voice VLAN is to ensure that the sound quality of an IP phone could be safeguarded from deteriorating when the data traffic on the port is high.
  • Page 54 The tagging option for the Voice VLAN traffic. Untagged Voice VLAN CoS The Override option for the voice traffic arriving on the port. Override Voice VLAN Status The operational status of Voice VLAN on the port. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 55: Provisioning (Ieee 802.1P) Commands

    Provisioning (IEEE 802.1p) Commands (IEEE 802.1 ROVISIONING OMMANDS This section describes the commands you use to configure provisioning (IEEE 802.1p,) which allows you to prioritize ports. vlan port priority all This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. The range for the priority is 0-7.
  • Page 56 List of ports, which are configured as protected for the group identified with . If no port is Ports configured as protected for this group, this field is blank. show interfaces switchport This command displays the status of the interface (protected/unprotected) under the groupid. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 57: Garp Commands

    GARP Commands Format show interfaces switchport Mode • Privileged EXEC • User EXEC Term Definition Name A string associated with this group as a convenience. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. This field is optional. Protected Indicates whether the interface is protected or not.
  • Page 58 • User EXEC Term Definition GMRP Admin Mode The administrative mode of GARP Multicast Registration Protocol (GMRP) for the system. GVRP Admin Mode The administrative mode of GARP VLAN Registration Protocol (GVRP) for the system. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 59: Gvrp Commands

    GVRP Commands GVRP C OMMANDS This section describes the commands you use to configure and view GARP VLAN Registration Protocol (GVRP) information. GVRP-enabled switches exchange VLAN configuration information, which allows GVRP to provide dynamic VLAN creation on trunk ports and automatic VLAN pruning. Note: If GVRP is disabled, the system does not forward GVRP messages.
  • Page 60: Gmrp Commands

    This command enables GARP Multicast Registration Protocol (GMRP) on the system. Default disabled Format set gmrp adminmode Mode Privileged EXEC no set gmrp adminmode This command disables GARP Multicast Registration Protocol (GMRP) on the system. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 61 GMRP Commands Format no set gmrp adminmode Mode Privileged EXEC set gmrp interfacemode This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode) or all interfaces (Global Config mode). If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port- channel (LAG), GARP functionality is disabled on that interface.
  • Page 62: Port-Based Network Access Control Commands

    The value of local indicates that the user’s locally stored ID and password are used for authentication. The value of radius indicates that the user’s ID and password will be authenticated using the RADIUS server. The value of reject indicates the user is never authenticated. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 63 Port-Based Network Access Control Commands To authenticate a user, the first authentication method in the user’s login (authentication login list) is attempted. Unified Switch software does not utilize multiple entries in the user’s login. If the first entry returns a timeout, the user authentication attempt fails.
  • Page 64 Mode Interface Config no dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 65 Port-Based Network Access Control Commands Format no dot1x max-req Mode Interface Config dot1x max-users Use this command to set the maximum number of clients supported on the port when MAC-based dot1x authentication is enabled on the port. The maximum users supported per port is dependent on the product. The value is in the range 1 - 16.
  • Page 66 This command enables re-authentication of the supplicant for the specified port. Default disabled Format dot1x re-authentication Mode Interface Config no dot1x re-authentication This command disables re-authentication of the supplicant for the specified port. Format no dot1x re-authentication Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 67 Port-Based Network Access Control Commands dot1x system-auth-control Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x configuration is retained and can be changed, but is not activated. Default disabled Format dot1x system-auth-control Mode Global Config no dot1x system-auth-control This command is used to disable the dot1x authentication support on the switch.
  • Page 68 This command adds the specified user to the list of users with access to the specified port or all ports. The parameter must be a configured user. Format dot1x user { | all} Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 69 Port-Based Network Access Control Commands no dot1x user This command removes the user from the list of users with access to the specified port or all ports. Format no dot1x user { | all} Mode Global Config users defaultlogin This command assigns the authentication login list to use for non-configured users when attempting to log in to the system.
  • Page 70 Port Status Indicates whether the port is authorized or unauthorized. Possible values are authorized | unauthorized. If you use the optional parameter 'detail ', the detailed dot1x configuration for the specified port is displayed. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 71 Port-Based Network Access Control Commands Note: MAC-based dot1x authentication is supported on the BCM56224, BCM56514, BCM56624, and BCM56820 platforms. Term Definition Port The interface whose configuration is displayed. Protocol Version The protocol version associated with this port. The only possible value is 1, corresponding to the first version of the dot1x specification.
  • Page 72 Last EAPOL Frame The source MAC address carried in the most recently received EAPOL frame. Source EAP Response/Id The number of EAP response/identity frames that have been received by this authenticator. Frames Received © 2009 D-Link Corporation. All Rights Reserved...
  • Page 73 Port-Based Network Access Control Commands Term Definition EAP Response The number of valid EAP response frames (other than resp/id frames) that have been received by this Frames Received authenticator. EAP Request/Id The number of EAP request/identity frames that have been transmitted by this authenticator. Frames Transmitted EAP Request...
  • Page 74 If the authenticator authorizes the port, then it is placed in the Authorized state. force-authorized Sets the authorization state of the port to Authorized, bypassing the authentication process. force-unauthorized Sets the authorization state of the port to Unauthorized, bypassing the authentication process. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 75: 802.1X Supplicant Commands

    802.1x Supplicant Commands no dot1x supplicant port-control This command sets the port-control mode to the default, auto. Default auto Format no dot1x supplicant port-control Mode Interface Config dot1x supplicant max-start This command configures the number of attempts that the supplicant makes to find the authenticator before the supplicant assumes that there is no authenticator.
  • Page 76 • User EXEC Example: The following shows example CLI display output for the command. (DWS-4026) #show dot1x users 0/6 user name admin guest show dot1x summary This command displays the dot1x port status. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 77 802.1x Supplicant Commands Format how dot1x summary {all|} Mode • Privileged EXEC • User EXEC Example: The following shows example CLI display output for the command. (DWS-4026) #show dot1x summary 0/1 Operating Interface Control Mode Control Mode Port Status --------- ------------ ------------ ------------ auto...
  • Page 78: Storm-Control Commands

    L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold. Default disabled Format storm-control broadcast Mode Global Config Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 79 Storm-Control Commands no storm-control broadcast Use this command to disable broadcast storm recovery mode for a specific interface. Format no storm-control broadcast Mode Global Config Interface Config storm-control broadcast level Use this command to configure the broadcast storm recovery threshold for an interface as a percentage of link speed and enable broadcast storm recovery.
  • Page 80 L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the configured threshold. Default Format storm-control broadcast rate <0-33554431> Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 81 Storm-Control Commands no storm-control broadcast all rate This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery. Format no storm-control broadcast all rate Mode Global Config storm-control multicast This command enables multicast storm recovery mode for an interface. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
  • Page 82 Therefore, the rate of multicast traffic will be limited to the configured threshold. Default Format storm-control multicast all level <0-100> Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 83 Storm-Control Commands no storm-control multicast all level This command sets the multicast storm recovery threshold to the default value for all interfaces and disables multicast storm recovery. Format no storm-control multicast all level Mode Global Config storm-control multicast all rate Use this command to configure the multicast storm recovery threshold for all interfaces in packets per second.
  • Page 84 L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 85 Storm-Control Commands Default disabled Format storm-control unicast all Mode Global Config no storm-control unicast all This command disables unicast storm recovery mode for all interfaces. Format no storm-control unicast all Mode Global Config storm-control unicast all level This command configures the unicast storm recovery threshold for all interfaces as a percentage of link speed, and enables unicast storm recovery.
  • Page 86 The multicast storm control level. Ucast Mode Shows whether the Unknown Unicast or DLF (Destination Lookup Failure) storm control mode is enabled or disabled. Ucast Level The Unknown Unicast or DLF (Destination Lookup Failure) storm control level. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 87: Port-Channel/Lag (802.3Ad) Commands

    Port-Channel/LAG (802.3ad) Commands Example: The following shows example CLI display output for the command. (DWS-4026) #show storm-control 802.3x Flow Control Mode....... Disable Example: The following shows example CLI display output for the command. (DWS-4026) #show storm-control 0/1 Bcast Bcast Mcast Mcast Ucast Ucast...
  • Page 88 Use this command to configure the administrative value of the key for the port-channel. The value range of is 0 to 65535. Default 0x8000 Format lacp admin key Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 89 Port-Channel/LAG (802.3ad) Commands Note: This command is only applicable to port-channel interfaces. no lacp admin key Use this command to configure the default administrative value of the key for the port-channel. Format no lacp admin key Mode Interface Config lacp collector max-delay Use this command to configure the port-channel collector max delay.
  • Page 90 Note: This command is only applicable to physical interfaces. no lacp actor admin state individual Use this command to set the LACP actor admin state to aggregation. Format no lacp actor admin state individual Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 91 Port-Channel/LAG (802.3ad) Commands lacp actor admin state longtimeout Use this command to set LACP actor admin state to longtimeout. Format lacp actor admin state longtimeout Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp actor admin state longtimeout Use this command to set the LACP actor admin state to short timeout.
  • Page 92 Note: This command is only applicable to physical interfaces. no lacp partner admin key Use this command to configure the administrative value of the Key for the protocol partner. Format no lacp partner admin key Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 93 Port-Channel/LAG (802.3ad) Commands lacp partner admin state Use this command to configure the current administrative value of actor state for the protocol Partner. The valid value range is 0x00-0xFF. Default 0x07 Format lacp partner admin state {individual|longtimeout|passive} Mode Interface Config Note: This command is only applicable to physical interfaces.
  • Page 94 Note: This command is only applicable to physical interfaces. no lacp partner port id Use this command to set the LACP partner port id to the default. Format lacp partner port-id Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 95 Port-Channel/LAG (802.3ad) Commands lacp partner port priority Use this command to configure the LACP partner port priority. The valid range for is 0 to 255. Default Format lacp partner port priority Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp partner port priority Use this command to configure the default LACP partner port priority.
  • Page 96 This command enables Link Aggregation Control Protocol (LACP) on a port. Default enabled Format port lacpmode Mode Interface Config no port lacpmode This command disables Link Aggregation Control Protocol (LACP) on a port. Format no port lacpmode Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 97 Port-Channel/LAG (802.3ad) Commands port lacpmode all This command enables Link Aggregation Control Protocol (LACP) on all ports. Format port lacpmode all Mode Global Config no port lacpmode all This command disables Link Aggregation Control Protocol (LACP) on all ports. Format no port lacpmode all Mode Global Config...
  • Page 98 The link is selected by creating a binary pattern from selected fields in a packet, and associating that pattern with a particular link. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 99 Port-Channel/LAG (802.3ad) Commands Load-balancing is not supported on every device. The range of options for load-balancing may vary per device. Default Format port-channel load-balance {1 | 2 | 3 | 4 | 5 | 6} { |} Mode Interface Config Global Config Term Definition...
  • Page 100 The administrative value of the Key for protocol Partner. Port-ID The administrative value of the port number for the protocol Partner. Admin State The administrative values of the actor state for the protocol Partner. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 101 Port-Channel/LAG (802.3ad) Commands show port-channel brief This command displays the static capability of all port-channel (LAG) interfaces on the device as well as a summary of individual port-channel interfaces. Format show port-channel brief Mode • Privileged EXEC • User EXEC For each port-channel the following information is displayed: Term Definition...
  • Page 102: Port Mirroring

    This command removes all the source ports and a destination port for the and restores the default value for mirroring session mode for all the configured sessions. Note: This is a stand-alone “no” command. This command does not have a “normal” form. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 103: Static Mac Filtering

    Static MAC Filtering Default enabled Format no monitor Mode Global Config show monitor session This command displays the Port monitoring information for a particular mirroring session. Note: The parameter is an integer value used to identify the session. In the current version of the software, the ...
  • Page 104 . The parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The parameter must identify a valid VLAN. Format no macfilter adddest Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 105 Static MAC Filtering macfilter adddest all This command adds all interfaces to the destination filter set for the MAC filter with the given and VLAN of . The parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
  • Page 106 Description The text description of this multicast table entry. Interfaces The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). © 2009 D-Link Corporation. All Rights Reserved...
  • Page 107: L2 Dhcp Relay Agent Commands

    L2 DHCP Relay Agent Commands L2 DHCP R ELAY GENT OMMANDS You can enable the switch to operate as a Layer 2 DHCP relay agent to relay DHCP requests from clients to a Layer 3 relay agent or server. The Circuit ID and Remote ID can be added to DHCP requests relayed from clients to a DHCP server. This information is included in DHCP Option 82, as specified in sections 3.1 and 3.2 of RFC3046.
  • Page 108 Use this command to disable the L2 DHCP Relay agent for a set of VLANs. Format no dhcp l2relay vlan Mode Global Config show dhcp l2relay all This command displays the summary of DHCP L2 Relay configuration. Format show dhcp l2relay all Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 109 L2 DHCP Relay Agent Commands Example: The following shows example CLI display output for the command. (DWS-4026) #show dhcp l2relay all DHCP L2 Relay is Enabled. Interface L2RelayMode TrustMode ---------- ----------- -------------- Enabled untrusted Disabled trusted VLAN Id L2 Relay CircuitId RemoteId --------- ----------...
  • Page 110 DHCP L2 Relay is Enabled. VLAN Id L2 Relay CircuitId RemoteId --------- ---------- ----------- ------------ Enabled Enabled --NULL-- Enabled Enabled EnterpriseSwitch Enabled Disabled --NULL-- Enabled Disabled --NULL-- Enabled Disabled --NULL-- Enabled Disabled --NULL-- © 2009 D-Link Corporation. All Rights Reserved...
  • Page 111 L2 DHCP Relay Agent Commands show dhcp l2relay vlan This command shows whether DHCP L2 Relay is enabled globally and on a particular VLAN or range of VLANs. Format show dhcp l2relay vlan Mode Privileged EXEC Example: The following shows example CLI display output for the command. (DWS-4026) #show dhcp l2relay vlan 1-2 DHCP L2 Relay is Enabled.
  • Page 112: Dhcp Client Commands

    This command displays the configured administration mode of the vendor-id-option and the vendor-id string to be included in Option-43 in DHCP requests. Format show dhcp client vendor-id-option Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 113: Dhcp Snooping Configuration Commands

    DHCP Snooping Configuration Commands Example: The following shows example CLI display output for the command. (DWS-4026) #show dhcp client vendor-id-option DHCP Client Vendor Identifier Option is Enabled DHCP Client Vendor Identifier Option string is D-LinkClient. DHCP S NOOPING ONFIGURATION OMMANDS This section describes commands you use to configure DHCP Snooping.
  • Page 114 Mode Global Config ip dhcp snooping binding Use this command to configure static DHCP Snooping binding. Format ip dhcp snooping binding vlan interface Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 115 DHCP Snooping Configuration Commands no ip dhcp snooping binding Use this command to remove the DHCP static entry from the DHCP Snooping database. Format no ip dhcp snooping binding Mode Global Config ip verify binding Use this command to configure static IP source guard (IPSG) entries. Format ip verify binding ...
  • Page 116 Mode Interface Config show ip dhcp snooping Use this command to display the DHCP Snooping global configurations and per port configurations. Format show ip dhcp snooping Mode • Privileged EXEC • User EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 117 DHCP Snooping Configuration Commands Term Definition Interface The interface for which data is displayed. Trusted If it is enabled, DHCP snooping considers the port as trusted. The factory default is disabled. Log Invalid Pkts If it is enabled, DHCP snooping application logs invalid packets on the specified interface. Example: The following shows example CLI display output for the command.
  • Page 118 Represents the number of DHCP server messages received on Untrusted ports. Rec’d Example: The following shows example CLI display output for the command. (DWS-4026) #show ip dhcp snooping statistics Interface MAC Verify Client Ifc DHCP Server Failures Mismatch Msgs Rec'd © 2009 D-Link Corporation. All Rights Reserved...
  • Page 119 DHCP Snooping Configuration Commands ----------- ---------- ---------- ----------- 0/10 0/11 0/12 0/13 0/14 0/15 0/16 0/17 0/18 0/19 0/20 clear ip dhcp snooping binding Use this command to clear all DHCP Snooping bindings on all interfaces or on a specific interface. Format clear ip dhcp snooping binding [interface ] Mode...
  • Page 120: Dynamic Arp Inspection Commands

    Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of © 2009 D-Link Corporation. All Rights Reserved...
  • Page 121 Dynamic ARP Inspection Commands its unsuspecting neighbors. The miscreant sends ARP requests or responses mapping another station’s IP address to its own MAC address. DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a binding database of valid {MAC address, IP address, VLAN, and interface} tuples.
  • Page 122 Use this command to set the rate limit and burst interval values for an interface to the default values of 15 pps and 1 second, respectively. Format no ip arp inspection limit Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 123 Dynamic ARP Inspection Commands ip arp inspection filter Use this command to configure the ARP ACL used to filter invalid ARP packets on a list of comma-separated VLAN ranges. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings.
  • Page 124 DAI-enabled VLANs in that list. Give the single vlan argument and the command displays the statistics on that VLAN. If no argument is included, the command lists a summary of the forwarded and dropped ARP packets. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 125 Dynamic ARP Inspection Commands Format show ip arp inspection statistics [vlan vlan-list] Mode • Privileged EXEC • User EXEC Term Definition VLAN The VLAN ID for each displayed row. Forwarded The total number of valid ARP packets forwarded in this VLAN. Dropped The total number of not valid ARP packets dropped in this VLAN.
  • Page 126 ARP access list H2 permit ip host 1.1.1.1 mac host 00:01:02:03:04:05 permit ip host 1.1.1.2 mac host 00:03:04:05:06:07 ARP access list H3 ARP access list H4 permit ip host 2.1.1.2 mac host 00:03:04:05:06:08 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 127: Igmp Snooping Configuration Commands

    IGMP Snooping Configuration Commands IGMP S NOOPING ONFIGURATION OMMANDS This section describes the commands you use to configure IGMP snooping. Unified Switch software supports IGMP Versions 1, 2, and 3. The IGMP snooping feature can help conserve bandwidth because it allows the switch to forward IP multicast traffic only to connected hosts that request multicast traffic.
  • Page 128 This command sets the IGMP Group Membership Interval time on a VLAN, one interface or all interfaces. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a © 2009 D-Link Corporation. All Rights Reserved...
  • Page 129 IGMP Snooping Configuration Commands particular interface before deleting the interface from the entry. This value must be greater than the IGMPv3 Maximum Response time value. The range is 2 to 3600 seconds. Default 260 seconds Format set igmp groupmembership-interval <2-3600> Mode •...
  • Page 130 Format set igmp mrouter Mode Interface Config no set igmp mrouter This command disables multicast router mode for a particular VLAN ID (). Format no set igmp mrouter Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 131 IGMP Snooping Configuration Commands set igmp mrouter interface This command configures the interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs. Default disabled Format set igmp mrouter interface Mode Interface Config...
  • Page 132 Mode Privileged EXEC Term Definition Interface The port on which multicast router information is being displayed. VLAN ID The list of VLANs of which the interface is a member. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 133: Igmp Snooping Querier Commands

    IGMP Snooping Querier Commands show mac-address-table igmpsnooping This command displays the IGMP Snooping entries in the MFDB table. Format show mac-address-table igmpsnooping Mode Privileged EXEC Term Definition MAC Address A multicast MAC address for which the switch has forwarding or filtering information. The format is two- digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB.
  • Page 134 Use this command to set the IGMP version of the query that the snooping switch is going to send periodically. Default Format set igmp querier version <1-2> Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 135 IGMP Snooping Querier Commands no set igmp querier version Use this command to set the IGMP Querier version to its default value. Format no set igmp querier version Mode Global Config set igmp querier election participate Use this command to enable the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN.
  • Page 136 Indicates the IGMP version of the most recent Querier from which a Query was received on this VLAN. Version When the optional argument detail is used, the command shows the global information and the information for all Querier- enabled VLANs. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 137: Port Security Commands

    Port Security Commands ECURITY OMMANDS This section describes the command you use to configure Port Security on the switch. Port security, which is also known as port MAC locking, allows you to secure the network by locking allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally, and all other packets are discarded.
  • Page 138 Use the optional parameters to display the settings on a specific interface or on all interfaces. Format show port-security [{ | all}] Mode Privileged EXEC Term Definition Admin Mode Port Locking mode for the entire system. This field displays if you do not supply any parameters. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 139 Port Security Commands For each interface, or for the interface you specify, the following information appears: Term Definition Admin Mode Port Locking mode for the Interface. Dynamic Limit Maximum dynamically allocated MAC Addresses. Static Limit Maximum statically allocated MAC Addresses. Violation Trap Whether violation traps are enabled.
  • Page 140: Lldp (802.1Ab) Commands

    Use this command to set the timing parameters for local data transmission on ports enabled for LLDP. The determines the number of seconds to wait between transmitting local data LLDPDUs. The range is 1-32768 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 141 LLDP (802.1AB) Commands seconds. The is the multiplier on the transmit interval that sets the TTL in local data LLDPDUs. The multiplier range is 2-10. The is the delay before re-initialization, and the range is 1-0 seconds. Default •...
  • Page 142 Use this command to return the notification interval to the default value. Format no lldp notification-interval Mode Global Config clear lldp statistics Use this command to reset all LLDP statistics, including MED-related information. Format clear lldp statistics Mode Privileged Exec © 2009 D-Link Corporation. All Rights Reserved...
  • Page 143 LLDP (802.1AB) Commands clear lldp remote-data Use this command to delete all information from the LLDP remote data table, including MED-related information. Format clear lldp remote-data Mode Global Config show lldp Use this command to display a summary of the current LLDP configuration. Format show lldp Mode...
  • Page 144 The port number that transmitted the LLDPDU. System Name The system name of the remote device. Example: The following shows example CLI display output for the command. (DWS-4026) #show lldp remote-device all LLDP Remote Device Summary Local © 2009 D-Link Corporation. All Rights Reserved...
  • Page 145 LLDP (802.1AB) Commands Interface RemID Chassis ID Port ID System Name ------- ------- -------------------- ------------------ ------------------ 00:FC:E3:90:01:0F 00:FC:E3:90:01:11 00:FC:E3:90:01:0F 00:FC:E3:90:01:12 00:FC:E3:90:01:0F 00:FC:E3:90:01:13 00:FC:E3:90:01:0F 00:FC:E3:90:01:14 00:FC:E3:90:01:0F 00:FC:E3:90:03:11 00:FC:E3:90:01:0F 00:FC:E3:90:04:11 0/10 0/11 0/12 --More-- or (q)uit show lldp remote-device detail Use this command to display detailed information about remote devices that transmit current LLDP data to an interface on the system.
  • Page 146 Use this command to display detailed information about the LLDP data a specific interface transmits. Format show lldp local-device detail Mode Privileged EXEC Term Definition Interface The interface that sends the LLDPDU. Chassis ID The type of identification used in the Chassis ID field. Subtype © 2009 D-Link Corporation. All Rights Reserved...
  • Page 147: Lldp-Med Commands

    LLDP-MED Commands Term Definition Chassis ID The chassis of the local device. Port ID Subtype The type of port on the local device. Port ID The port number that transmitted the LLDPDU. System Name The system name of the local device. System Describes the local system by identifying the system name and versions of hardware, operating Description...
  • Page 148 Format lldp med all Mode Global Config lldp med confignotification all Use this command to configure all the ports to send the topology change notification. Format lldp med confignotification all Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 149 LLDP-MED Commands lldp med faststartrepeatcount Use this command to set the value of the fast start repeat count. [count] is the number of LLDP PDUs that will be transmitted when the product is enabled. The range is 1 to 10. Default Format lldp med faststartrepeatcount [count]...
  • Page 150 1- Network Policy 2- Location, 3- Extended PSE 4- Extended Pd, 5- Inventory --More-- or (q)uit (DWS-4026) #show lldp med interface 0/2 Interface Link configMED operMED ConfigNotify TLVsTx --------- ------ --------- -------- ------------ ----------- © 2009 D-Link Corporation. All Rights Reserved...
  • Page 151 LLDP-MED Commands Disabled Disabled Disabled TLV Codes: 0- Capabilities, 1- Network Policy 2- Location, 3- Extended PSE 4- Extended Pd, 5- Inventory (DWS-4026) # show lldp med local-device detail Use this command to display detailed information about the LLDP MED data that a specific interface transmits. ...
  • Page 152 Use this command to display detailed information about remote devices that transmit current LLDP MED data to an interface on the system. Format show lldp med remote-device detail Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 153 LLDP-MED Commands Example: The following shows example CLI display output for the command. (DWS-4026) #show lldp med remote-device detail 0/8 LLDP MED Remote Device Detail Local Interface: 0/8 Remote Identifier: 18 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse MED Capabilities Enabled: capabilities, networkpolicy Device Class: Endpoint Class I Network Policies Media Policy Application Type : voice...
  • Page 154: Denial Of Service Commands

    Format dos-control sipdip Mode Global Config no dos-control sipdip This command disables Source IP address = Destination IP address (SIP = DIP) Denial of Service prevention. Format no dos-control sipdip Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 155 Denial of Service Commands dos-control firstfrag This command enables Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller then the configured value, the packets will be dropped if the mode is enabled.The default is disabled.
  • Page 156 Default disabled <512> Format dos-control icmp <0-1023> Mode Global Config no dos-control icmp This command disables Maximum ICMP Packet Size Denial of Service protections. Format no dos-control icmp Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 157 Denial of Service Commands dos-control smacdmac Note: This command is only supported on the BCM56224, BCM56514, BCM56624, and BCM56820platforms. This command enables Source MAC address = Destination MAC address (SMAC = DMAC) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with SMAC = DMAC, the packets will be dropped if the mode is enabled.
  • Page 158 This command sets disables TCP Flag and Sequence Denial of Service protection. Format no dos-control tcpflagseq Mode Global Config dos-control tcpoffset Note: This command is only supported on the BCM56224, BCM56514, BCM56624, and BCM56820platforms. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 159 Denial of Service Commands This command enables TCP Offset Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP Header Offset equal to one (1), the packets will be dropped if the mode is enabled.
  • Page 160 Default disabled <512> Format dos-control icmpv4 <0-16384> Mode Global Config no dos-control icmpv4 This command disables Maximum ICMP Packet Size Denial of Service protections. Format no dos-control icmpv4 Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 161 Denial of Service Commands dos-control icmpv6 Note: This command is only supported on the BCM56224, BCM56514, BCM56624, and BCM56820platforms. This command enables Maximum ICMPv6 Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If ICMPv6 Echo Request (PING) packets ingress having a size greater than the configured value, the packets will be dropped if the mode is enabled.
  • Page 162: Mac Database Commands

    TCP Offset Mode May be enabled or disabled. The factory default is disabled. MAC D ATABASE OMMANDS This section describes the commands you use to configure and view information about the MAC databases. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 163 MAC Database Commands bridge aging-time This command configures the forwarding database address aging timeout in seconds. The parameter must be within the range of 10 to 1,000,000 seconds. Default Format bridge aging-time <10-1,000,000> Mode Global Config no bridge aging-time This command sets the forwarding database address aging timeout to the default value.
  • Page 164: Isdp Commands

    This command enables ISDP on the switch. Default Enabled Format isdp run Mode Global Config no isdp run This command disables ISDP on the switch. Format no isdp run Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 165 ISDP Commands isdp holdtime This command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds. Default 180 seconds Format...
  • Page 166 • macAddress indicates that the value is in the form of a Layer 2 MAC address. • other indicates that the value is in the form of a platform specific ASCII string containing info that identifies the device. For example, ASCII string contains serialNumber appended/prepended with system name. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 167 ISDP Commands show isdp interface This command displays ISDP settings for the specified interface. Format show isdp interface {all | } Mode Privileged EXEC Term Definition Mode ISDP mode enabled/disabled status for the interface(s). show isdp entry This command displays ISDP entries. If the device id is specified, then only entries for that device are shown. Format show isdp entry {all | deviceid} Mode...
  • Page 168 This command displays ISDP statistics. Format show isdp traffic Mode Privileged EXEC Term Definition ISDP Packets Received Total number of ISDP packets received ISDP Packets Transmitted Total number of ISDP packets transmitted © 2009 D-Link Corporation. All Rights Reserved...
  • Page 169 ISDP Commands Term Definition ISDPv1 Packets Received Total number of ISDPv1 packets received ISDPv1 Packets Transmitted Total number of ISDPv1 packets transmitted ISDPv2 Packets Received Total number of ISDPv2 packets received ISDPv2 Packets Transmitted Total number of ISDPv2 packets transmitted ISDP Bad Header Number of packets received with a bad header ISDP Checksum Error...
  • Page 170 D-Link Unified Switch CLI Command Reference © 2009 D-Link Corporation. All Rights Reserved...
  • Page 171: Section 4: Routing Commands

    Routing Commands S e c t io n 4 : R ou t in g C o m m a n ds This section describes the routing commands available in the Unified Switch CLI. The Routing Commands section contains the following subsections: •...
  • Page 172 Format no arp cachesize Mode Global Config arp dynamicrenew This command enables the ARP component to automatically renew dynamic ARP entries when they age out. Default disabled Format arp dynamicrenew Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 173 Address Resolution Protocol Commands no arp dynamicrenew This command prevents dynamic ARP entries from renewing when they age out. Format no arp dynamicrenew Mode Privileged EXEC arp purge This command causes the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command.
  • Page 174 Issue the show arp switch command to see the ARP entries. Then issue the clear arp-switch command and check the show arp switch entries. There will be no more arp entries. Format clear arp-switch Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 175 Address Resolution Protocol Commands show arp This command displays the Address Resolution Protocol (ARP) cache. The displayed results are not the total ARP entries. To view the total ARP entries, the operator should view the show arp results in conjunction with the show arp switch results.
  • Page 176: Ip Routing Commands

    This command disables routing for an interface. You can view the current value for this function with the show ip brief command. The value is labeled as “Routing Mode.” Format no routing Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 177 IP Routing Commands ip routing This command enables the IP Router Admin Mode for the master switch. Format ip routing Mode Global Config no ip routing This command disables the IP Router Admin Mode for the master switch. Format no ip routing Mode Global Config ip address...
  • Page 178 Changing the default distance does not update the distance of existing static routes, even if they were assigned the original default distance. The new default distance will only be applied to static routes created after invoking the ip route distance command. Default Format ip route distance <1-255> Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 179 IP Routing Commands no ip route distance This command sets the default static route preference value in the router. Lower route preference values are preferred when determining the best route. Format no ip route distance Mode Global Config ip netdirbcast This command enables the forwarding of network-directed broadcasts.
  • Page 180 Shows whether ICMP Redirects are enabled or disabled. Example: The following shows example CLI display output for the command. (DWS-4026) #show ip brief Default Time to Live......64 Routing Mode........Disabled Maximum Next Hops......4 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 181 IP Routing Commands Maximum Routes......... 6000 ICMP Rate Limit Interval....... 1000 msec ICMP Rate Limit Burst Size..... 100 messages ICMP Echo Replies......Enabled ICMP Redirects......... Enabled show ip interface This command displays all pertinent information about the IP interface. Format show ip interface ...
  • Page 182 If you do not use the all parameter, the command only displays the best route. Note: If you use the connected keyword for , the all option is not available because there are no best or non-best connected routes. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 183 IP Routing Commands Format show ip route [{ [] | { [longer- prefixes] [] | } [all] | all}] Modes • Privileged EXEC • User EXEC Term Definition Route Codes The key for the routing protocol codes that might appear in the routing table output. The show ip route command displays the routing tables in the following format: Code IP-Address/Mask [Preference/Metric] via Next-Hop, Route-Timestamp, Interface...
  • Page 184 Static The static route preference value. The RIP route preference value. show ip stats This command displays IP statistical information. Refer to RFC 1213 for more information about the fields that are displayed. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 185: Router Discovery Protocol Commands

    Router Discovery Protocol Commands Format show ip stats Modes • Privileged EXEC • User EXEC OUTER ISCOVERY ROTOCOL OMMANDS This section describes the commands you use to view and configure Router Discovery Protocol settings on the switch. The Router Discovery Protocol enables a host to discover the IP address of routers on the subnet. ip irdp This command enables Router Discovery on an interface.
  • Page 186 0.75 * maxadvertinterval Format ip irdp minadvertinterval <3-maxadvertinterval> Mode Interface Config no ip irdp minadvertinterval This command sets the default minimum time to the default. Format no ip irdp minadvertinterval Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 187 Router Discovery Protocol Commands ip irdp preference This command configures the preferability of the address as a default router address, relative to other router addresses on the same subnet. Default Format ip irdp preference <-2147483648 to 2147483647> Mode Interface Config no ip irdp preference This command configures the default preferability of the address as a default router address, relative to other router addresses on the same subnet.
  • Page 188: Virtual Lan Routing Commands

    The identifier of the VLAN. Logical Interface The logical slot/port associated with the VLAN routing interface. IP Address The IP address associated with this VLAN. Subnet Mask The subnet mask that is associated with this VLAN. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 189: Virtual Router Redundancy Protocol Commands

    Virtual Router Redundancy Protocol Commands IRTUAL OUTER EDUNDANCY ROTOCOL OMMANDS This section describes the commands you use to view and configure Virtual Router Redundancy Protocol (VRRP) and to view VRRP status information. VRRP helps provide failover and load balancing when you configure two devices as a VRRP pair.
  • Page 190 Mode Interface Config no ip vrrp authentication This command sets the default authorization details value for the virtual router configured on a specified interface. Format no ip vrrp authentication Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 191 Virtual Router Redundancy Protocol Commands ip vrrp preempt This command sets the preemption mode value for the virtual router configured on a specified interface. The parameter is the virtual router ID, which is an integer from 1 to 255. Default enabled Format...
  • Page 192 The default priority decrement is 10. The default priority decrement is changed using the argument. Default priority: 10 Format ip vrrp track ip route [decrement ] Mode Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 193 Virtual Router Redundancy Protocol Commands no ip vrrp track ip route Use this command to remove the route from the tracked list or to restore the priority decrement to its default. When removing a tracked IP route from the tracked list, the priority should be incremented by the decrement value if the route is not reachable.
  • Page 194 Mode State The state (Master/backup) of the virtual router. Example: The following shows example CLI display output for the command. show ip vrrp interface Primary IP Address......1.1.1.5 VMAC Address........00:00:5e:00:01:01 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 195: Dhcp And Bootp Relay Commands

    DHCP and BOOTP Relay Commands Authentication Type......None Priority........80 Configured priority......100 Advertisement Interval (secs)....1 Pre-empt Mode........Enable Administrative Mode......Enable State.......... Initialized Track Interface State DecrementPriority --------------- ------ ------------------ <0/1> down TrackRoute (pfx/len) State DecrementPriority ------------------------ ------ ------------------ 10.10.10.1/255.255.255.0 down...
  • Page 196 BOOTREQUEST message, it MAY use the seconds-since-client-began-booting field of the request as a factor in deciding whether to relay the request or not. The parameter has a range of 0 to 100 seconds. Default Format bootpdhcprelay minwaittime <0-100> Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 197: Ip Helper Commands

    IP Helper Commands no bootpdhcprelay minwaittime This command configures the default minimum wait time in seconds for BootP/DHCP Relay on the system. Format no bootpdhcprelay minwaittime Mode Global Config show bootpdhcprelay This command displays the BootP/DHCP Relay information. Format show bootpdhcprelay Modes •...
  • Page 198: Routing Information Protocol Commands

    Use this command to enter Router RIP mode. Format router rip Mode Global Config enable (RIP) This command resets the default administrative mode of RIP in the router (active). Default enabled Format enable Mode Router RIP Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 199 Routing Information Protocol Commands no enable (RIP) This command sets the administrative mode of RIP in the router to inactive. Format no enable Mode Router RIP Config ip rip This command enables RIP on a router interface. Default disabled Format ip rip Mode Interface Config...
  • Page 200 Router RIP Config distribute-list out (RIP) This command is used to specify the access list to filter routes received from the source protocol. Default Format distribute-list <1-199> out {static | connected} Mode Router RIP Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 201 Routing Information Protocol Commands no distribute-list out This command is used to specify the access list to filter routes received from the source protocol. Format no distribute-list <1-199> out {static | connected} Mode Router RIP Config ip rip authentication This command sets the RIP Version 2 Authentication Type and Key for the specified interface. The value of is either none, simple, or encrypt.
  • Page 202 Default simple Format split-horizon {none | simple | poison} Mode Router RIP Config no split-horizon This command sets the default RIP split horizon mode. Format no split-horizon Mode Router RIP Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 203 Routing Information Protocol Commands redistribute (RIP) This command configures RIP protocol to redistribute routes from the specified source protocol/routers. There are five possible match options. Internal routes are redistributed by default. Default • metric—not-configured • match—internal Format for redistribute {static | connected} [metric <0-15>] source protocol Mode...
  • Page 204 A number which represents the metric used for default routes in RIP updates originated on the specified interface. This is a configured value. The following information will be invalid if the link state is down. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 205: Icmp Throttling Commands

    ICMP Throttling Commands Term Definition Bad Packets The number of RIP response packets received by the RIP process which were subsequently discarded Received for any reason. Bad Routes The number of routes contained in valid RIP packets that were ignored for any reason. Received Updates Sent The number of triggered RIP updates actually sent on this interface.
  • Page 206 < burst-interval> [] Format Mode Global Config no ip icmp error-interval Use the no form of the command to return burst-interval and burst-size to their default values. Format no ip icmp error-interval Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 207: Section 5: Wireless Commands

    Wireless Commands Sec t io n 5 : Wi re le ss Co mm an ds This section describes the CLI commands you use to manage the wireless features on the switch as well as the wireless access points that a switch manages. This section contains the following subsections: •...
  • Page 208: Unified Switch Commands

    This parameter must identify a valid country code. Example: The following shows an example of the command. (DWS-4026) (Config wireless)# country-code au Are you sure you want to change the country code? (y/n) © 2009 D-Link Corporation. All Rights Reserved...
  • Page 209 Unified Switch Commands no country-code The no version of this command returns the configured country code to the default. Format no country-code Mode Wireless Config OUI database This command adds a new entry to the OUI database, if not already present. Each entry consists of an OUI Value, which is composed of the higher three octets of the Ethernet MAC address of the AP/Client and the organization name for the OUI, which is a 32-byte string.
  • Page 210 A valid IP address. no discovery ip-list The no version of this command deletes the specified IP address from the polling list. If an argument is not specified, all entries are deleted from the polling list. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 211 Unified Switch Commands Format no discovery ip-list [] Mode Wireless Config discovery vlan-list This command adds VLAN IDs on which to send L2 discovery multicast frames. Up to 16 VLAN IDs can be configured. By default, there is one entry in the list, 1 - Default VLAN. Default 1 –...
  • Page 212 Mode Global Config no snmp-server enable traps wireless The no version of this command globally disables all Unified Switch SNMP traps. Format no snmp-server enable traps wireless Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 213 Unified Switch Commands trapflags (Wireless Config Mode) This command enables Unified Switch SNMP trap groups for wireless system events. If no parameters are specified, then all traps are enabled. Default All - Disable Format trapflags [{ap-failure | ap-state | client-state | peer-ws | rf-scan | rogue- ap | ws-status}] Mode Wireless Config...
  • Page 214 Enable/Disable RADIUS client configuration push to peer switches. no peer-switch configuration The no version of this command disables peer switch configuration for the wireless system. If no parameters are specified, then all peer switch configurations are disabled. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 215 Unified Switch Commands Format no peer-switch configuration [{ap-database|ap-profile|captive-portal| channel- power|discovery|global|known-client|radius-client}] Mode Wireless Config wireless peer-switch configure This command allows the administrator to initiate a configuration push to one or all peer switches. If no parameters are given, all peer switches are configured. If the optional IP address parameter is specified, only that peer switch is configured. Format wireless peer-switch configure [] Mode...
  • Page 216 Wireless Config no radius server-name The no version of this command sets the global RADIUS authentication /accounting server name to the default value. Format no radius server-name {auth | acct} Mode Wireless Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 217 Unified Switch Commands Example: The following shows examples of the command. (DWS-4026) #radius server-name auth “Wireless_Auth-Server 1” ? Press Enter to execute the command. (DWS-4026) #no radius server-name auth ? Press Enter to execute the command. (DWS-4026) #radius server-name acct “Wireless_Acct_Server 1”...
  • Page 218 Shows whether to use the local or RADIUS server database for AP validation. Method Client Roam Shows how long to wait before a client that disassociates from this AP or a neighbor AP must re- Timeout (secs) authenticate when it associates again. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 219 Unified Switch Commands Field Description Country Code Shows the country in which the WLAN is operating. Peer Group ID Shows the Peer group ID. Cluster Priority Priority of this switch for the Cluster election. Cluster Controller Indicates whether or not this switch is the Cluster controller. Cluster Controller The IP address of the switch that acts as the Cluster controller.
  • Page 220 Status Shows the L3 discovery status. Possible values are Not Polled , Unreachable , or Discovered . Example: The following shows example CLI display output for the command. (DWS-4026) #show wireless discovery ip-list © 2009 D-Link Corporation. All Rights Reserved...
  • Page 221 Unified Switch Commands IP Address Status ---------------- ------------ 1.1.1.1 Not Polled show wireless discovery vlan-list This show command displays the configured VLAN ID list for L2 discovery. Format show wireless discovery vlan-list Mode Privileged EXEC Field Description VLAN Shows the ID and name of each VLAN in the L2 Discovery list. Example: The following shows example CLI display output for the command.
  • Page 222 Maximum Associated Clients..... 8000 Detected Clients....... 0 Maximum Detected Clients....... 16000 Peer Switches........1 Unknown Access Points......0 Rogue Access Points......0 Standalone Access Points....... 0 Distributed Tunnel Clients..... 0 WLAN Utilization....... 0 % © 2009 D-Link Corporation. All Rights Reserved...
  • Page 223 Unified Switch Commands Maximum Pre-authentication History Entries..500 Total Pre-authentication History Entries..0 Maximum Roam History Entries....500 Total Roam History Entries..... 0 show wireless statistics This show command displays the current global Unified Switch statistics. The counters are aggregated for the peer group the switch acts as the Cluster Controller for the group.
  • Page 224 Switch IP Address......10.27.65.8 Cluster Priority....... 1 Total Access Points......0 Managed Access Points......0 Connection Failed Access Points....0 Discovered Access Points....... 0 Maximum Managed Access Points....64 Total Clients........0 Authenticated Clients......0 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 225 Unified Switch Commands Distributed Tunnel Clients..... 0 WLAN Utilization....... 0 % On the switch that is not acting as a Cluster Controller the summary command displays entries in the following format: (DWS-4026) #show wireless switch 192.168.37.60 status Error! Only Cluster Controller can display the peer switch status parameters. (DWS-4026) #show wireless switch 192.168.37.61 status Switch IP Address ......
  • Page 226 Traps Client Failure Shows whether Client Failure Traps are enabled. Traps Client State Shows whether Client State Change Traps are enabled. Change Traps Peer Switch Traps Shows whether Peer Switch Traps are enabled. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 227 Unified Switch Commands Field Description RF Scan Traps Shows whether RF Scan Traps are enabled. Rogue AP Traps Shows whether Rogue AP Traps are enabled. WIDS Status Traps Shows whether WIDS Status Traps are enabled. Wireless Status Shows whether Wireless Status Traps are enabled. Traps Example: The following shows example CLI display output for the command.
  • Page 228 RADIUS Client........Enable QoS ACL........Enable QoS DiffServ........Enable show wireless configuration request status This show command displays the global peer switch configuration push status and configuration push status for all peer switches. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 229 Unified Switch Commands Format show wireless configuration request status Mode Privileged EXEC Field Description Status The global status for the configuration push request. Total Count The total number of peer switches configuration being pushed in the current configuration push request. This may be to one peer switch or to the total number of peer switches at the time the configuration push request is started.
  • Page 230 Flag indicating whether this radio supports 802.11n configuration parameters. (DWS-4026) #show wireless ap capability Hardware Hardware Radio VAP Count Image Type ID Type Description Count Per Radio Type -------- --------------------------------------- ----- --------- -------- hw_dw18600 DWL-8600AP Dual Radio a/b/g/n img_dwl8600 (DWS-4026) # © 2009 D-Link Corporation. All Rights Reserved...
  • Page 231 (DWS-4026) #show wireless ap capability hw_dwl8600 radio 2 Hardware Type........DWL-8600AP Dual Radio a/b/g/n Radio Count........2 Image Type........DWL-8600AP Image Radio.......... 2 Radio Type Description......D-Link Enterprise b/g/n VAP Count........16 802.11a Support........ Disable 802.11bg Support....... Enable 802.11n Support........ Enable show wireless ap capability image-table This command displays the access point image capability table.
  • Page 232 Indicates whether to grant, deny, or use global action for MAC authentication of the client. Example: The following shows example CLI display output for the command. (DWS-4026) #show wireless known-client MAC Address Nickname Action --------------------------------------------------- 10:10:10:10:10:10 client1 grant © 2009 D-Link Corporation. All Rights Reserved...
  • Page 233 Unified Switch Commands clear wireless statistics This clear command resets the global Unified Switch statistics. Format clear wireless statistics Mode Privileged EXEC Example: The following shows an example of the command. (DWS-4026) #clear wireless statistics Are you sure you want to clear the wireless switch statistics? (y/n)y Sent clear statistics request to the wireless switch.
  • Page 234 Use this command to globally configure the maximum number of clients that can be tunneled using L2 distributed tunnels. The parameter max clients value is a numeric value. Default Format dist-tunnel max-clients <1-8000> Mode Wireless Config Parameter Description max-clients The identifier for maximum clients. The range is 1 to 8000. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 235: Unified Switch Channel And Power Commands

    Unified Switch Channel and Power Commands NIFIED WITCH HANNEL AND OWER OMMANDS The commands in this section provide status and configuration for automatic channel planning and power adjustment. channel-plan mode This command configures the channel plan mode for each 802.11a/n and 802.11b/g/n frequency band. If it is , a channel plan is computed and applied at every defined interval.
  • Page 236 Configure channel plan mode for 802.11a/n. Configure channel plan mode for 802.11b/g/n. 0-10 Channel plan history depth. no channel-plan history-depth The no version of this command returns the history depth for the channel plan to the default. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 237 Unified Switch Channel and Power Commands Format no channel-plan {an | bgn} history-depth Mode Wireless Config power-plan mode This command configures the power plan mode for managed APs. If it is , power adjustments are computed and applied at every defined interval. If it is , you must start and apply proposed power adjustments manually. Default manual Format...
  • Page 238 This indicates the number of iterations of the channel plan that are maintained in the channel plan History Depth history. The channel on a managed AP radio will not be changed more than once within the channel plan history. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 239 Unified Switch Channel and Power Commands show wireless channel-plan history This command displays a history for the automatic channel algorithm. The channel plan type argument must be specified. A channel history is maintained separately for each radio frequency. The channel algorithm maintains a configured number of iterations of applied channel changes to avoid frequent channel changes to the same managed AP radio.
  • Page 240 ---------------- --------------------------- ----- ------- ------- 00:00:85:00:50:00 Third floor show wireless power-plan This command displays status and configuration for automatic power adjustment. The command does not accept any arguments. Format show wireless power-plan Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 241 Unified Switch Channel and Power Commands Field Description Power Plan Mode The mode for automatic power adjustment, manual or interval. If the mode is manual, the power algorithm will not run unless you request it. Power Plan Interval If the power adjustment mode is interval, this indicates the frequency in minutes that power adjustments are computed and applied.
  • Page 242: Peer Unified Switch Commands

    This command displays config push status information for peer Unified Switches. If no parameters are entered, the command will display summary status for all peer switches. If a peer switch IP address is entered, detailed status for that peer switch is displayed. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 243 Peer Unified Switch Commands Format show wireless peer-switch [] configure status Mode Privileged EXEC Field Description ipaddr The is a valid IP address. IP Address The IP address of the peer switch. Configuration The peer switch IP address last config received. Switch IP Address Configuration Config push status from the Unified Switch to this peer switch.
  • Page 244 (DWS-4026) #show wireless peer-switch ap 00:01:01:02:02:01 status MAC Address........00:01:01:02:01:01 Peer Switch IP Address......192.168.0.100 IP Address........192.168.0.1 Location........Conf Room Bldg 200 Profile........2 – L3 Roaming Profile D-Link Hardware Type........© 2009 D-Link Corporation. All Rights Reserved...
  • Page 245: Local Access Point Database Commands

    Local Access Point Database Commands OCAL CCESS OINT ATABASE OMMANDS The commands in this section provide configuration of the local valid AP database. These configurations may also be performed on an external RADIUS server. ap database This command adds an AP to the local valid AP database (if not already present) and enters the AP configuration mode identified by the AP MAC address.
  • Page 246 This command configures the password that this AP must use to authenticate to the Unified Switch. The password is only verified if global AP authentication is enabled. The command accepts the AP password in an encrypted format. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 247 Local Access Point Database Commands Default The default password is blank. Format password encrypted Mode AP Config Parameter Description password The password in encrypted format, 128 hexadecimal characters. profile This command configures the AP profile to be used to configure this AP. The profile configuration is used only if the AP mode is Unified Switch-managed.
  • Page 248 The no version of this command configures the expected security mode for an AP in stand-alone mode to the default – any security mode is allowed. Format no standalone security Mode AP Config standalone ssid (Stand-alone AP expected SSID) This command configures the expected SSID for an AP in stand-alone mode. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 249 Local Access Point Database Commands Default “ “ (empty string – any SSID is allowed). Format standalone ssid Mode AP Config Parameter Description name The service set ID must be between 1 and 32 characters. Use the no form of the command to configure the AP to operate on any SSID.
  • Page 250 Example: The following shows example CLI display output for the command when an AP MAC address is specified.. (DWS-4026) #show wireless ap database 11:33:44:55:66:77 AP MAC Address......... 11:33:44:55:66:77 Location........AP Mode........ws-managed Password Configured......No Profile........1 - Default © 2009 D-Link Corporation. All Rights Reserved...
  • Page 251 Local Access Point Database Commands Radio 1 Channel....... Auto Radio 1 Power......... Auto Radio 2 Channel....... Auto Radio 2 Power......... Auto Stand-alone Expected Channel....0 Stand-alone Expected Security Mode..... Any Stand-alone Expected SSID...... Stand-alone Expected WDS Mode....Any (DWS-4026) #show wireless ap-database MAC Address Location AP Mode...
  • Page 252: Wireless Network Commands

    This command configures the default VLAN ID for the network. If there is no RADIUS server configured or a client is not associated with a VLAN via RADIUS, this is the VLAN assigned. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 253 Wireless Network Commands Default 1 – Default VLAN Format vlan <1-4094> Mode Network Config Parameter Description 1-4094 A valid VLAN ID. no vlan The no version of this command sets the default VLAN ID for the network to its default value. Format no vlan Mode...
  • Page 254 Differentiated services (via policy). Note: This command takes effect in an AP without requiring that the AP profile be reapplied. Default disable Format client-qos enable Mode Network Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 255 Wireless Network Commands no client-qos enable The no version of this command disables AP client QoS operation for the network. Client traffic is not subject to QoS processing for any clients attached to this wireless network. Format no client-qos enable Mode Network Config deny-broadcast...
  • Page 256 Mode Network Config wep authentication This command configures the static WEP authentication mode for the network. This value is applicable only when the security mode is configured for static WEP authentication and encryption. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 257 Wireless Network Commands Default Open System Format wep authentication {open-system [shared-key] | shared-key} Mode Network Config Parameter Description open system No authentication required. shared-key Clients are required to authenticate to the network using a shared key. no wep authentication The no version of this command sets WEP authentication mode to the default value, which is open system. Format no wep authentication Mode...
  • Page 258 WEP shared key. The WEP key length affects the number of characters required for a valid WEP key, and therefore changing the WEP key length will reset all keys. Default Format wep key length {64 | 128} Mode Network Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 259 Wireless Network Commands no wep key length The no version of this command returns the WEP key length to its default value. Format no wep key length Mode Network Config mac authentication This command enables and configures the mode for client MAC authentication on the network. Default Disable Format...
  • Page 260 The no version of this command configures the system to use the network RADIUS configuration for authentication of wireless clients on this network. Format no radius use–network–configuration Mode Network Config Example: The following shows an example of the command. (DWS-4026) # radius use-network-configuration ? © 2009 D-Link Corporation. All Rights Reserved...
  • Page 261 Wireless Network Commands Press Enter to execute the command. (DWS-4026) # no radius use-network-configuration ? Press Enter to execute the command. radius accounting (Network Config) This command enables RADIUS accounting mode for authentication on this network. Default Disable Format radius accounting Mode Network Config no radius accounting...
  • Page 262 Mode Network Config tunnel subnet This command configures the tunnel subnet IP address for the network. This must match a configured routing interface in order for the tunnel to be operational. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 263 Wireless Network Commands Default Subnet IP - None Subnet mask - 255.255.255.0 Format tunnel subnet [mask ] Mode Network Config Parameter Description ipaddr A valid IP address. mask A valid subnet mask. no tunnel subnet The no version of this command deletes the configured tunnel subnet parameters. Format no tunnel subnet Mode...
  • Page 264 This command configures the length of time a PMK will be cached by an AP for either client roaming or key forwarding. Default Format wpa2 key-caching holdtime <0-1440> Mode Network Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 265 Wireless Network Commands Parameter Description 0-1440 WPA2 key caching hold time in minutes. no wpa2 key-caching holdtime The no version of this command sets the WPA2 key caching hold time to its default value. Format no wpa2 key-caching holdtime Mode Network Config dot1x bcast-key-refresh-rate This command specifies the interval after which the broadcast keys are changed.
  • Page 266 Status the RADIUS Client configuration. RADIUS Accounting Server Name RADIUS server name for accounting. RADIUS Accounting Server Indicates whether the specified named RADIUS Accounting server is configured in the Status RADIUS Client configuration. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 267 Wireless Network Commands Field Description WPA Versions Indicates the WPA versions allowed when the WPA encryption mode is enabled. WPA Ciphers Indicates the encryption solutions to use when the WPA encryption mode is enabled. WPA Key Type Specifies the type of the WPA key configured (ASCII only). Passphrase The WPA passphrase WPA2 Pre-Authentication...
  • Page 268 Client QoS Bandwidth Limit Up....0 Client QoS Access Control Down....----- Client QoS Access Control Up....----- Client QoS Diffserv Policy Down....----- --More-- or (q)uit Client QoS Diffserv Policy Up....----- © 2009 D-Link Corporation. All Rights Reserved...
  • Page 269: Access Point Profile Commands

    Access Point Profile Commands CCESS OINT ROFILE OMMANDS The commands in this section provide configuration of access point profiles. Access point profiles can be applied to multiple physical APs. ap profile This command adds an AP profile (if not already present) and enters the AP profile configuration mode. In this mode, you can modify the profile configuration parameters.
  • Page 270 This command allows you to configure the VLAN ID used to send tracer packets by wired network detection algorithm. If VLAN is “0”, the tracer packets will be sent untagged. Default Format vlan <0-4094> Mode AP Profile Config Parameter Description 0-4094 Wired network detection VLAN ID. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 271 Access Point Profile Commands Example: The following shows an example of the command. DWS-4026 (Config-ap-profile)# vlan 10 ? Press Enter to execute the command. no vlan (AP Profile Config Mode) This command allows you to set the wired network detection VLAN ID to the default value. “1”. Format no vlan Mode...
  • Page 272 Associated status. Example: The following shows example CLI display output for the command. (DWS-4026) #show wireless ap profile 1 AP Profile ID........1 Profile Name........Default © 2009 D-Link Corporation. All Rights Reserved...
  • Page 273 Access Point Profile Commands Hardware Type......... 0 – Any Wired Network Detection Vlan ID....0 - Any Profile Status......... Configured Valid APs Configured......0 Managed APs Configured......2...
  • Page 274: Access Point Profile Rf Commands

    AP Profile Radio Config Parameter Description Indicates 802.11a as physical mode. Only applicable for radio 1. Indicates 802.11bg as physical mode. Only applicable for radio 2. Indicates 802.11a/n as physical mode. Only applicable for radio 1. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 275 Access Point Profile RF Commands Parameter Description Indicates 802.11b/g/n as physical mode. Only applicable for radio 2. n-only-a Indicates 802.11n in 5GHz band as physical mode. Only applicable for radio 1. n-only-g Indicates 802.11n in 2.4GHz band as physical mode. Only applicable for radio 2. If the user attempts to change the radio mode to one that is not applicable to that radio, then the following error displays: (DWS-4026) (Config-ap-profile)#radio 1 (DWS-4026) (Config-ap-radio)#mode bg...
  • Page 276 This command enables the Station Isolation mode on the radio. When Station Isolation is enabled, the access point blocks communication between wireless clients. The access point still allows data traffic between its wireless clients and wired devices on the network, but not among wireless clients. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 277 Access Point Profile RF Commands Default Disabled Format station-isolation Mode AP Profile Radio Config no station-isolation The no version of this command disables the station isolation mode on the radio. Format no station-isolation Mode AP Profile Radio Config rate-limit This command is used to enable broadcast and multicast traffic rate limiting on the radio. If no optional parameters are entered, the command enables rate limiting on the radio with the default values.
  • Page 278 <256-2346> Mode AP Profile Radio Config Parameter Description 256-2346 Fragmentation threshold for the radio, even values. no fragmentation-threshold The no version of this command configures the fragmentation threshold to the default value. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 279 Access Point Profile RF Commands Format no fragmentation-threshold Mode AP Profile Radio Config rts-threshold This command configures the RTS threshold for the radio. This indicates the number of octets in an MPDU, below which an RTS/CTS handshake shall not be performed. Default 2347 Format...
  • Page 280 This command enables auto power adjustment for the radio. This indicates the AP power assignment can be automatically adjusted by the switch. Default Disabled Format power auto Mode AP Profile Radio Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 281 Access Point Profile RF Commands no power auto The no version of this command disables auto power adjustment for the radio. Format no power auto Mode AP Profile Radio Config power default This command configures a power setting for the radio. When auto power adjustment is enabled, this indicates an initial default power setting;...
  • Page 282 The no version of this command disables load balancing or resets the utilization to its default value. If no parameters are entered, load balancing is disabled. Format no load-balance [utilization] Mode AP Profile Radio Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 283 Access Point Profile RF Commands dot11n channel-bandwidth This command selects the bandwidth used in the channel when operating in 802.11n mode. Default 40 MHz Format dot11n channel-bandwidth {20 | 40} Mode AP Profile Radio Config Parameter Description The Radio operates in 20 MHz bandwidth. The Radio operates in 40 MHz bandwidth.
  • Page 284 Mode AP Profile Radio Config multicast tx-rate This command selects the rate at which the radio transmits the multicast frames. Default auto Format multicast tx-rate Mode AP Profile Radio Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 285 Access Point Profile RF Commands Parameter Description rate A valid rate based on the radio mode. When the radio is operating in the 5 GHz band, values are 6, 11, 12, 18, 24, 36, 48, and 54 Mbps. When the radio is operating in the 2.4 GHz band, the values are 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54 Mbps.
  • Page 286 Indicates the elapsed time after the initial reception of a fragmented MMPDU or MSDU, after which Lifetime further attempts to reassemble the MMPDU or MSDU shall be terminated. This is a read-only value and cannot be configured. Maximum Clients Maximum number of simultaneous associations allowed on the interface. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 287 Access Point Profile RF Commands Parameter Description Automatic Channel Indicates if automatic channel adjustment is enabled. If enabled, the initial AP channel assignment can Adjustment be automatically adjusted by the switch due to changes in the network. Automatic Power Indicates if automatic power adjustment is enabled. If enabled, the switch may modify the power on Adjustment the radio due to changes in performance.
  • Page 288 Indicates data rates valid for the physical mode. Example: The following shows example CLI display output for the command. (DWS-4026) #show wireless rates a Mode........... IEEE 802.11a Valid Rates ----------- 6 Mbps 9 Mbps 12 Mbps 18 Mbps 24 Mbps © 2009 D-Link Corporation. All Rights Reserved...
  • Page 289 Access Point Profile RF Commands 36 Mbps 48 Mbps 54 Mbps show wireless multicast tx-rates This command displays the multicast transmit rates valid for a specified physical mode. This is intended to help you determine valid values for the radio configuration command. Format show wireless multicast tx-rates {a | bg} Mode...
  • Page 290: Access Point Profile Qos Commands

    Maximum Contention Window, and Maximum Burst Length to its default value. Format no qos ap-edca {background | best-effort | video | voice} {aifs | cwmin | cwmax | max-burst} Mode AP Profile Radio Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 291 Access Point Profile QoS Commands qos station-edca This command configures the upstream traffic flowing from the client station to the access point EDCA queues for voice (0), video (1), best-effort (2), and background (3) queues. The commands allow you to configure AIFS (Arbitration Inter-Frame Spacing), Minimum Contention Window, Maximum Contention Window, and Transmission Opportunity Limit for each of these queues.
  • Page 292 Queues Contention Window Contention Window Burst -------------- ----- ----------------- ----------------- -------- Voice (0) 1500 Video (1) 3000 Best-Effort (2) 3 Background (3) 1023 Switch# show wireless ap profile 1 radio 1 qos station-edca © 2009 D-Link Corporation. All Rights Reserved...
  • Page 293 Access Point Profile QoS Commands AP Profile ID........1 Profile Name........profile1 Radio Index........1 Mode........... IEEE 802.11g WMM Mode........Disable AIFS Minimum Maximum Tx Op Queues Contention Window Contention Window Limit -------------- ----- ----------------- ----------------- -------- Voice (0) Video (1) Best-Effort (2) 3 Background (3) 1023...
  • Page 294: Access Point Profile Vap Commands

    This command configures the network to apply to the VAP. A VAP must be configured with a network; therefore the network cannot be deleted. Default The default networks 1-16 are applied to VAP0 – VAP15 in order. Format network <1-64> Mode AP Profile VAP Config Parameter Description 1-64 A configured network ID. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 295: Ws Managed Access Point Commands

    WS Managed Access Point Commands WS M ANAGED CCESS OINT OMMANDS The commands in this section provide views and management of all status and statistics for an access point managed by the Unified Switch. This includes views of neighbors within the RF area for each managed AP radio interface. This section also lists commands available via Privileged EXEC mode to control the WS Managed APs.
  • Page 296 This command sets a TFTP path and file name for the specified AP system type. The download request can be initiated for all the image types or for a specific image type. Currently the D-Link UWS supports only one image type: for DWL-8600AP.
  • Page 297 WS Managed Access Point Commands Format wireless ap download start [image-type img_dwl8600] [] Mode Privileged EXEC Parameter Description img_dwl8600 The image type. macaddr Managed AP MAC Address. Example: The following shows an example of the command. (DWS-4026) #wireless ap download start image-type img_dwl8600 (DWS-4026) #wireless ap download start (DWS-4026) #wireless ap download start 00:00:84:00:50 The following text displays after you enter the command:...
  • Page 298 When acting as a Cluster Controller, the peer managed APs are displayed with an “*” (asterisk symbol) before the AP MAC Address in the summary command. Format show wireless ap [] status Mode Privileged EXEC Field Description macaddr WS managed AP MAC address. MAC Address The Ethernet address of the WS managed AP. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 299 WS Managed Access Point Commands Field Description Location A location description for the AP, this is the value configured in the valid AP database (either locally or on the RADIUS server). IP Address The network IP address of the managed AP. IP Subnet Mask The network mask of the managed AP.
  • Page 300 • Switch IP DHCP - The managed AP learned the correct Unified Switch IP address through DHCP option 43. • L2 Poll Received - The AP was discovered through the D-Link Wireless Device Discovery Protocol. Authenticated Total number of clients currently authenticated to the AP. This is the sum of all authenticated clients for Clients all the VAPs enabled on the AP.
  • Page 301 WS Managed Access Point Commands Profile........1 - Default Vendor ID........D-Link Protocol Version....... 2 Software Version....... D.05.22.1 Hardware Type........9hw_dwl8600 - DWL-8600AP Dual Radio a/b/ Serial Number........H05167353 Part Number........dwl8600ap Discovery Reason....... L2 Poll Received Authenticated Clients......0 System Up Time.........
  • Page 302 Indicates the current state of a manual request to change the channel on this radio. Adjustment Status Example: The following shows example CLI display output for the command. (DWS-4026) #show wireless ap 00:01:01:02:01:01 radio 2 channel status Manual Channel Adjustment Status....In Progress Channel........6 (DWS-4026) # © 2009 D-Link Corporation. All Rights Reserved...
  • Page 303 WS Managed Access Point Commands show wireless ap radio power status This command displays the manual power adjustment status for a radio on a WS managed AP. This indicates the individual AP status for a wireless power plan apply request or a wireless AP power set request. Format show wireless ap ...
  • Page 304 Neighbor AP MAC The Ethernet MAC address of the neighbor AP network, this could be a physical radio interface or VAP MAC address. For D-Link APs, this is always a VAP MAC address. The neighbor AP MAC address may be cross-referenced in the RF Scan status.
  • Page 305 WS Managed Access Point Commands Field Description RSSI Received Signal Strength Indication, this is an indicator of the signal strength relative to the neighbor and may give an idea of the neighbor’s distance from the managed AP. Status Indicates the managed status of the AP, whether this is a valid AP known to the switch or a Rogue on the network.
  • Page 306 A location description for the AP, this is the value configured in the valid AP database (either locally or on the RADIUS server.) WLAN Packets The total packets received by the AP on the wireless network. Received WLAN Bytes Total bytes received by the AP on the wireless network. Received © 2009 D-Link Corporation. All Rights Reserved...
  • Page 307 WS Managed Access Point Commands Field Description WLAN Packets Total packets transmitted by the AP on the wireless network. Transmitted WLAN Bytes Total bytes transmitted by the AP on the wireless network. Transmitted WLAN Packets Total receive packets discarded by the AP on the wireless network. Receive Dropped WLAN Bytes Total receive bytes discarded by the AP on the wireless network.
  • Page 308 Count of acknowledged MPDU with an individual address or an MPDU with a multicast address of type Fragment Count Data or Management. Multicast Count of successfully transmitted MSDU frames where the multicast bit is set in the destination MAC Transmitted Frame address. Count © 2009 D-Link Corporation. All Rights Reserved...
  • Page 309 WS Managed Access Point Commands Field Description Failed Count Number of times an MSDU is not transmitted successfully due to transmit attempts exceeding either the short retry limit or the long retry limit. Retry Count Number of time an MSDU is successfully transmitted after one or more retries. Multiple Retry Number of times an MSDU is successfully transmitted after more than one retry.
  • Page 310 Example: The following shows example CLI display output for the command. (DWS-4026) #show wireless ap 00:01:01:02:01:01 radio 1 vap 1 statistics AP MAC Address......... 00:01:01:02:01:01 Location........FirstFloor Radio.......... 1 VAP ID......... 1 WLAN Packets Received......0 WLAN Packets Transmitted....... 0 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 311 WS Managed Access Point Commands WLAN Bytes Received......0 WLAN Bytes Transmitted......0 WLAN Packets Receive Dropped....0 WLAN Packets Transmit Dropped....0 WLAN Bytes Receive Dropped..... 0 WLAN Bytes Transmit Dropped....0 Client Association Failures....0 Client Authentication Failures....0 show wireless ap download This command displays global configuration and status for an AP code download request.
  • Page 312 (DWS-4026) #show wireless ap 00:22:B0:3A:C1:80 radio 1 radar status Radar Detection Radar Detected Last Radar Channel Required Status Detected Time ------- ------------------- ---------------- ---------------- 0d:00:00:00 0d:00:00:00 0d:00:00:00 0d:00:00:00 0d:00:00:00 0d:00:00:00 0d:00:00:00 0d:00:00:00 0d:00:00:00 0d:00:00:00 0d:00:00:00 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 313: Access Point Failure Status Commands

    Access Point Failure Status Commands CCESS OINT AILURE TATUS OMMANDS The commands in this section provide views and management of data maintained for access point association and authentication failures. clear wireless ap failure list This command deletes all entries from the AP failure list, entries normally age out according to the configured age time. The AP failure list includes entries for all APs that have failed to validate or authenticate to the Unified Switch.
  • Page 314 Last Failure Type......No Database Entry Validation Failure Count....6 Authentication Failure Count....0 Vendor ID......... D-Link Protocol Version......2 Software Version......D.06.04.1 Hardware Type......hw_dwl8600 - DWL-8600AP Dual Radio a/b/g/n Age........0d:00:00:29 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 315: Rf Scan Access Point Status Commands

    MAC Address The Ethernet MAC address of the detected AP, this could be a physical radio interface or VAP MAC. For D-Link APs, this is always a VAP MAC address. BSSID Basic Service Set Identifier advertised by the AP in the beacon frames.
  • Page 316 802.11g Managed 3h:28m:14s 00:33:01:02:01:83 Lobby 802.11g Unknown 3h:28m:8s (DWS-4026) #show wireless ap 00:11:95:A3:7A:C8 rf-scan status MAC Address........00:11:95:A3:7A:C8 SSID........... Guest Network OUI..........Unknown Physical Mode........802.11g Channel........1 Status......... Rogue Initial Status......... Rogue © 2009 D-Link Corporation. All Rights Reserved...
  • Page 317 RF Scan Access Point Status Commands Transmit Rate (Mpbs)......1 Mbps Beacon Period (msecs)......100 Discovered Age......... 0d:00:03:01 Age..........0d:00:02:57 Security Mode........Open Highest Supported Rate (per 100Kbps)... 10 802.11n Mode........Supported Ad hoc Network......... Not Ad hoc Rogue Mitigation....... Not Required (DWS-4026) # show wireless ap rf-scan triangulation This command displays the signal triangulation status for the specified RF scan entry.
  • Page 318 WIDSAPROGUE07......Invalid SSID from a managed AP WIDSAPROGUE08......AP is operating on an illegal channel WIDSAPROGUE09......Standalone AP with unexpected configuration WIDSAPROGUE10......Unexpected WDS device detected on network WIDSAPROGUE11......Unmanaged AP detected on wired network © 2009 D-Link Corporation. All Rights Reserved...
  • Page 319: Client Association Status And Statistics Commands

    Client Association Status and Statistics Commands LIENT SSOCIATION TATUS AND TATISTICS OMMANDS The commands in this section provide views and management of all status and statistics for wireless clients. In addition to commands to display data from the associated client perspective, this section includes commands to display a view of all clients associated to a specific VAP, and to display a view of all clients associated to a specific SSID.
  • Page 320 Example: The following shows CLI display output for a particular MAC address: (DWS-4026) #show wireless client 00:14:6c:59:d1:99 status MAC address........00:14:6C:59:D1:99 Detected IP Address......----- Detected IP Address......----- VAP MAC Address........ 00:02:BC:00:17:D0 AP MAC Address......... 00:02:BC:00:17:D0 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 321 Client Association Status and Statistics Commands Location........Radio.......... 2 - 802.11b/g/n Associating Switch......Local Switch Switch MAC Address......00:FC:E3:90:01:07 Switch IP Address......10.27.64.121 Tunnel IP Address......----- SSID........... ALT-VLAN-8 NetBIOS Name........PCRDU-ATSIGLER Status......... Authenticated Channel........1 User Name........VLAN........... 8 Transmit Data Rate......
  • Page 322 (DWS-4026) #show wireless client 00:0F:B5:86:93:95 client-qos status MAC Address........00:0F:B5:86:93:95 SSID........... l7network Client QoS Operational Status....Disabled Bandwidth Limit Down......0 Bandwidth Limit Up......0 Access Control Down...... Access Control Up...... Diffserv Policy Down...... © 2009 D-Link Corporation. All Rights Reserved...
  • Page 323 Client Association Status and Statistics Commands Diffserv Policy Up...... show wireless client client-qos radius status This command displays detailed client QoS data for clients associated to a managed AP. These are the configured values successfully obtained from a RADIUS server for the specified client. Format show wireless client ...
  • Page 324 Packets Receive Dropped......0 Packets Transmit Dropped....... 0 Bytes Receive Dropped......0 Bytes Transmit Dropped......0 Duplicate Packets Received..... 0 Packet Fragments Received...... 0 Packet Fragments Transmitted....0 Transmit Retry Count......0 Failed Retry Count......0 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 325 Client Association Status and Statistics Commands (DWS-4026) # show wireless client neighbor ap status This command displays all the APs an associated client can see in its RF area; for associated clients this provides a reverse view of the managed AP client neighbor list. It allows you to view where a client may roam based on its neighbor APs. Format show wireless client ...
  • Page 326 Example: The following shows example CLI display output for the command. If a network consists of two switches 192.168.37.60 and 192.168.37.61 respectively and former is the Cluster Controller, this command works differently at Cluster Controller and non-Cluster Controller as follows. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 327 Client Association Status and Statistics Commands On the Cluster Controller, it displays entries in the following format: (DWS-4026) #show wireless switch client status Client Switch IP Address MAC Address Channel Status -------------------------------- ----------------- ------- -------------------- 192.168.37.60 00.0F.B5.86.93.95 Authenticated 00:14:C2:0C:47:6D Authenticated 192.168.37.61 00.0F.B5.86.93.85 Authenticated...
  • Page 328: Client Failure And Ad Hoc Status Commands

    Last Failure Type Indicates the last type of failure that occurred. Authentication Count of authentication failures for this client. Failure Count Association Failure Count of association failures for this client. Count Time since failure occurred. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 329 Client Failure and Ad Hoc Status Commands Example: The following shows example CLI display output for the command. (DWS-4026) #show wireless client failure status Failure MAC Address VAP MAC Address SSID Type ----------------- ----------------- ----------------------- ------- ----------- 00:01:21:18:01:01 00:01:01:02:02:02 Network2 Auth 0h:1m:38s 00:01:32:18:01:01 00:01:01:02:01:03 Network3...
  • Page 330: Wids Access Point Rf Security Commands

    (AP de-authentication attack.) Use this command to enable the AP de-authentication attack. Default Disable Format wids-security ap-de-auth-attack Mode Wireless Config no wids-security ap-de-auth-attack Use this command to disable the AP de-authentication attack. Format no wids-security ap-de-auth-attack Mode Wireless Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 331 WIDS Access Point RF Security Commands wids-security fakeman-ap-managed-ssid Use this command to enable Rogue reporting for fake managed AP’s detected with a managed SSID. Default Enable Format wids-security fakeman-ap-managed-ssid Mode Wireless Config no wids-security fakeman-ap-managed-ssid Use this command to disable Rogue reporting for fake managed AP’s detected with a managed SSID. Format no wids-security fakeman-ap-managed-ssid Mode...
  • Page 332 The interval in seconds between transmissions of the trap telling you that rogues are present in the RF Scan database. The trap interval range is 60-3600 seconds. A configured value of 0 disables the trap from being set. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 333 WIDS Access Point RF Security Commands no wids-security rogue-det-trap-interval Use this command to restore the rogue detected trap interval to its default value. Format no wids-security rogue-det-trap-interval Mode Wireless Config wids-security standalone-cfg-invalid (Standalone AP is operating with unexpected channel, SSID, security, or WIDS mode Rogue Detection.) Use this command to enable rogue reporting for standalone APs operating with unexpected channel, SSID, security, or WIDS mode.
  • Page 334 Minimum number of seconds that the AP waits before starting a new wired network detection cycle. The range is 1-3600 seconds. A value of zero (0) disables wired detection. no wids-security wired-detection-interval This command restores the minimum wired detection interval to its default value. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 335 WIDS Access Point RF Security Commands Format no wids-security wired-detection-interval Mode Wireless Config show wireless wids-security This command displays the configured wireless WIDS security settings. Format show wireless wids-security Mode Privileged EXEC Field Description Rogue - admin If the local database indicates that the AP is rogue, then reports the AP as rogue in the RF Scan. configured Rogue Rogue - APs on an Enable or disable rogue reporting for APs operating on an illegal channel.
  • Page 336 WIDSAPROGUE07 False 00:00:00:00:00:17(1) Enable 0d:00:01:51 0d:00:03:42 WIDSAPROGUE08 False 00:00:00:00:00:18(2) Enable 0d:00:05:33 0d:00:07:24 WIDSAPROGUE09 False 00:00:00:00:00:19(2) Enable 0d:00:09:15 0d:00:11:06 WIDSAPROGUE10 False 00:00:00:00:00:1A(0) Enable 0d:00:12:57 0d:00:14:48 To see test descriptions use show wireless wids-security rogue-test-descriptions. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 337 WIDS Access Point RF Security Commands show wireless wids-security rogue-test-descriptions This command displays the WIDS AP rogue classification test identifier descriptions. Format show wireless wids-security rogue-test-descriptions Mode Privileged EXEC Example: The following shows example CLI display output for the command. (DWS-4026) # show wireless wids-security rogue-test-descriptions WIDSAPROGUE01......
  • Page 338 D-Link Unified Switch CLI Command Reference 00:02:BB:00:64:0A 0d:00:18:30 0d:00:14:40 00:02:BB:00:6E:0B 0d:00:20:21 0d:00:16:08 00:02:BB:00:78:0C 0d:00:22:12 0d:00:17:36 00:02:BB:00:82:0D 0d:00:24:03 0d:00:19:04 00:02:BB:00:8C:0E 0d:00:25:54 0d:00:20:32 00:02:BB:00:96:0F 0d:00:27:45 0d:00:22:00 00:02:BB:00:A0:10 0d:00:29:36 0d:00:23:28 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 339: Detected Clients Database Commands

    Detected Clients Database Commands ETECTED LIENTS ATABASE OMMANDS This section provides status and configuration commands for the detected client database. wids-security client rogue-det-trap-interval Use this command to set the interval in seconds between transmissions of the trap telling you that rogue clients are present in the Detected Clients Database.
  • Page 340 Format wids-security client configured-deauth-rate Mode Wireless Config no wids-security client configured-deauth-rate Use this command to disable the test for checking if the client exceeds the configured rate for transmitting 802.11 de- authentication requests. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 341 Detected Clients Database Commands Format no wids-security client configured-deauth-rate Mode Wireless Config wids-security client max-auth-failure Use this command to enable the test which marks the client as rogue if it exceeds the maximum number of authentication failures. Default Enable Format wids-security client max-auth-failure Mode Wireless Config...
  • Page 342 1-3600 Range of the threshold value. no wids-security client threshold-interval-deauth Use this command to set the threshold value for the de-authentication interval to its default. Format no wids-security client threshold-interval-deauth Mode Wireless Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 343 Detected Clients Database Commands wids-security client threshold-value-auth Use this command to configure the maximum number of authentication messages a switch can receive during the threshold interval. Default Format wids-security client threshold-value-auth <1-99999> Mode Wireless Config Parameter Description 1-99999 The range of the threshold value. no wids-security client threshold-value-auth Use this command to set the threshold value for authentication messages to its default.
  • Page 344 1-99999 The range of the threshold value. no wids-security client threshold-auth-failure Use this command to set the threshold value for authentication failures to its default. Format no wids-security client threshold-auth-failure Mode Wireless Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 345 Detected Clients Database Commands wids-security client known-db-location Use this command to configure the location of the Known-Client database for detected clients. Default Local Format wids-security client known-db-location Mode Wireless Config Parameter Description local Database defined locally. radius-server Database defined on a radius-server.
  • Page 346 A roaming history of up to ten Access Points is displayed, as only the maximum of ten records are maintained for each client. Clients that never authenticated with the managed network do not display in the list. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 347 Detected Clients Database Commands Format show wireless client detected-client roam-history Mode Privileged EXEC Field Description Mac Address The Ethernet address of the client. AP Mac Address The Ethernet address of the Access Point with which the client is pre-authenticated. (Radio) Radio The radio interface on the AP.
  • Page 348 Num Auth Failures The number of 802.1X authentication failures detected for this client. Total Probe The number of probes detected in the last RF Scan. Messages Broadcast BSSID The number of probes to broadcast BSSID in the last RF Scan. Probes © 2009 D-Link Corporation. All Rights Reserved...
  • Page 349 00:02:BB:00:14:02 TestClient2 Rogue 0d:00:14:40 0d:00:14:30 (DWS-4026) # show wireless client 00:13:46:C1:78:67 detected-client status MAC address........00:13:46:C1:78:67 OUI..........D-Link Corporation Client Status........Authenticated Auth Status........Authenticated Time Since Last Updated......0d:00:00:02 Threat Detection....... Detected Threat Mitigation......Not Done Client Name........Time Since Created......0d:02:17:19 Channel........
  • Page 350 The number of seconds for counting the de-authentication messages. Interval De-auth Threshold The maximum number of de-authentication messages the client can send without being reported as Value rogue. Auth Threshold The number of seconds for counting the authentication messages. Interval © 2009 D-Link Corporation. All Rights Reserved...
  • Page 351 Detected Clients Database Commands Field Description Auth Threshold The maximum number of authentication messages the client can send without being reported as Value rogue. Probe Threshold The number of seconds for counting the probe messages. Interval Probe Threshold The maximum number of probe messages the client can send without being reported as rogue. Value Auth Failure The maximum number of authentication failures that triggers the client to be reported as rogue.
  • Page 352 D-Link Unified Switch CLI Command Reference WIDSCLIENTROGUE04..Client exceeds configured rate for transmitting de- authentication requests WIDSCLIENTROGUE05..Client exceeds max num of failing authentications WIDSCLIENTROGUE06..Known Client is authenticated with an Unknown AP © 2009 D-Link Corporation. All Rights Reserved...
  • Page 353: Section 6: Captive Portal Commands

    Captive Portal Commands S e c ti o n 6 : C a pt i v e P o r ta l C om m a n d s This section describes the CLI commands you use to manage the Captive Portal features on the switch. This section contains the following subsections: •...
  • Page 354 Use this command to configure the interval at which statistics are reported in the Cluster Controller. The reporting interval is in the range of 0, 15-3600 seconds where 0 disables statistical reporting. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 355 Captive Portal Global Commands Default Format statistics interval Mode Captive Portal Config no statistics interval Use this command to set the reporting interval to the default. Format no statistics interval Mode Captive Portal Config snmp-server enable traps captive-portal This command globally enables the captive portal traps. The specific captive portal traps are configured using the trapflags command in Captive Portal Config Mode.
  • Page 356 Address, or Routing Enabled, but no IPv4 routing interface. Captive Portal IP Shows the IP address that the captive portal feature uses. Address show captive-portal status This command reports status of all captive portal instances in the system. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 357 Captive Portal Global Commands Format show captive-portal status Mode Privileged EXEC Field Description Additional HTTP Displays the port number of the additional HTTP port configured for traffic. A value of 0 indicates that Port only port 80 is configured for HTTP traffic. Additional HTTP Displays the port number of the additional HTTPS secure port.
  • Page 358 Shows whether the SNMP agent sends a trap each time an entry cannot be added to the client Full Traps database because it is full. Client Shows whether the SNMP agent sends a trap when a client disconnects from a captive portal. Disconnection Traps © 2009 D-Link Corporation. All Rights Reserved...
  • Page 359: Captive Portal Configuration Commands

    Captive Portal Configuration Commands APTIVE ORTAL ONFIGURATION OMMANDS The commands in this section are related to captive portal configurations. configuration (Captive Portal) Use this command to enter the Captive Portal Instance Mode. The captive portal configuration, identified by CP ID 1, is the default CP configuration. You can create up to nine additional captive portal configurations.
  • Page 360 Captive Portal Instance no radius-auth-server This command disables accounting for a captive portal configuration. Format no radius accounting Mode Captive Portal Instance radius-auth-server Use this command to configure a captive portal configuration RADIUS authentication server. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 361 Captive Portal Configuration Commands Default Disable Format radius-auth-server Mode Captive Portal Instance no radius-auth-server This command disables a captive portal configuration RADIUS authentication server. Format no radius-auth-server Mode Captive Portal Instance redirect-url mode This command enables the redirect mode for a captive portal configuration. Default Disable Format...
  • Page 362 If the value is set to 0 then the limit is not enforced. Default Format max-input-octets Mode Captive Portal Instance Parameter Description bytes Input octets in bytes. 0 indicates limit not enforced. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 363 Captive Portal Configuration Commands no max-input-octets This command sets to the default the maximum number of octets the user is allowed to transmit. Format no max-input-octets Mode Captive Portal Instance max-output-octets This command configures the maximum number of octets the user is allowed to receive. After this limit has been reached the user will be disconnected.
  • Page 364 Format locale Mode Captive Portal Instance interface This command associates an interface to a captive portal configuration or removes the interface captive portal association. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 365 Captive Portal Configuration Commands Format interface Mode Captive Portal Instance no interface This command removes the association between an interface and a captive portal configuration. Format no interface Mode Captive Portal Instance block This command blocks all traffic for a captive portal configuration. Format block Mode...
  • Page 366 Use this command to customize the separator bar color of the Captive Portal authentication page using a well-known color name or RGB value. For example, red or RGB hex-code; i.e. #FF0000.The range of is 1-32 characters. Default #BFBFBF Format separator-color Mode Captive Portal Instance © 2009 D-Link Corporation. All Rights Reserved...
  • Page 367: Captive Portal Status Commands

    Captive Portal Status Commands APTIVE ORTAL TATUS OMMANDS Use the commands in this section to view information about the status of one or more captive portal instances. show captive-portal configuration This command displays the operational status of each captive portal configuration. The variable is the captive portal ID, which ranges from 1-10.
  • Page 368 A value of 0 means that the user will not be logged out automatically. show captive-portal configuration locales This command displays locales associated with a specific captive portal configuration. Format show captive-portal configuration locales Mode Privileged EXEC Field Description Locale Code Two-letter abbreviation for languages. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 369 Captive Portal Status Commands Field Description Locale Link The names of the languages.
  • Page 370: Captive Portal Client Connection Commands

    Shows the current switch type, which is local or peer. or peer) show captive-portal client statistics This command displays the statistics for a specific captive portal client. Format show captive-portal client statistics Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 371 Captive Portal Client Connection Commands Field Description Client MAC Identifies the MAC address of the wireless client (if applicable). Address Bytes Received Total bytes the client has received. Bytes Transmitted Total bytes the client has transmitted. Packets Total packets the client has transmitted. Transmitted Packets Received Total packets the client has received.
  • Page 372 You can use the variable to specify the MAC address of the client to deauthenticate. If no value is specified, then all clients are deauthenticated from the specified captive portal configuration (or all configurations). Format captive-portal client deauthenticate <1-10> Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 373: Captive Portal Interface Commands

    Captive Portal Interface Commands APTIVE ORTAL NTERFACE OMMANDS Use the commands in this section to view information about the interfaces on the switch that are associated with captive portals or that are capable of supporting a captive portal. show captive-portal interface configuration status This command displays the interface to configuration assignments for all captive portal configurations or a specific configuration.
  • Page 374 Description Packets Indicates whether or not this field is supported by the specified captive portal interface. Transmitted Counter Roaming Indicates whether or not this field is supported by the specified captive portal interface. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 375: Captive Portal Local User Commands

    Captive Portal Local User Commands APTIVE ORTAL OCAL OMMANDS Use these commands to view and configure captive portal users in the local database. user (Captive Portal Config Mode) This command is used to create a local user. The variable is the user ID, which can be a number between 1 and 128.
  • Page 376 1 to 128. The variable is a number that represents the session timeout in seconds. Use 0 to indicate that the timeout is not enforced. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 377 Captive Portal Local User Commands Default Format user session-timeout Mode Captive Portal Config Example: The following shows an example of the command. (DWS-4026)(Config-CP) #user 1 session-timeout 86400 no user session-timeout This command sets the session timeout value for the associated captive portal user to the default value. The variable is a user configured in the local database.
  • Page 378 This command is used to limit the number of octets in bytes that the user is allowed to transmit. After this limit has been reached, the user will be disconnected. 0 octets denote unlimited transmission. Default Format user max-input-octets Mode Captive Portal Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 379 Captive Portal Local User Commands Parameter Description user-id User ID from 1 to 128 characters. octets Number of bytes. no user max-input-octets Use this command to set to the default the number of octets in bytes that the user is allowed to transmit. Format no user ...
  • Page 380 The maximum number of octets the user is allowed to receive. Output Octets (bytes) Max Bandwidth The maximum number of octets the user is allowed to transfer, i.e., the sum of octets transmitted and Total Octets received. (bytes) © 2009 D-Link Corporation. All Rights Reserved...
  • Page 381 Captive Portal Local User Commands clear captive-portal users This command deletes all captive portal user entries. Format clear captive-portal users Mode Privileged EXEC...
  • Page 382: Captive Portal User Group Commands

    This command replaces a group's associations with the default group or a specified group. The and variables are each a number in the range of 1-10. Format user group rename Mode Captive Portal Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 383: Section 7: Quality Of Service Commands

    Quality of Service Commands Se ction 7: Quality of Serv ic e Comma nds This section describes the Quality of Service (QoS) commands available in the Unified Switch CLI. The QoS Commands section contains the following subsections: • “Class of Service Commands” on page 375 •...
  • Page 384 {dot1p | ip-dscp | untrusted} Modes • Global Config • Interface Config no classofservice trust This command sets the interface mode to the default value. Format no classofservice trust Modes • Global Config • Interface Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 385 Class of Service Commands cos-queue min-bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue. The total number of queues supported per interface is 8. A value from 0-100 (percentage of link rate) must be specified for each supported queue, with 0 indicating no guaranteed minimum bandwidth.
  • Page 386 The following information is repeated for each user priority. Term Definition IP Precedence The IP Precedence value. Traffic Class The traffic class internal queue identifier to which the IP Precedence value is mapped. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 387 Class of Service Commands show classofservice ip-dscp-mapping This command displays the current IP DSCP mapping to internal traffic classes for the global configuration settings. Format show classofservice ip-dscp-mapping Mode Privileged EXEC The following information is repeated for each user priority. Term Definition IP DSCP...
  • Page 388 This is a configured value. Example: The following shows example CLI display output for the command. (DWS-4026) #show interfaces cos-queue 0/1 Interface........0/1 Interface Shaping Rate......64 Queue Id Min. Bandwidth Scheduler Type Queue Management Type © 2009 D-Link Corporation. All Rights Reserved...
  • Page 389: Differentiated Services Commands

    Differentiated Services Commands -------- -------------- -------------- --------------------- Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop IFFERENTIATED ERVICES OMMANDS This section describes the commands you use to configure QOS Differentiated Services (DiffServ). You configure DiffServ in several stages by specifying three DiffServ components: 1.
  • Page 390: Diffserv Class Commands

    Class-Map Config mode for an existing DiffServ class. Note: The CLI mode is changed to Class-Map Config or when this command is successfully executed. Format class-map match-all Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 391 DiffServ Class Commands no class-map This command eliminates an existing DiffServ class. The is the name of an existing DiffServ class. (The class name default is reserved and is not allowed here.) This command may be issued at any time; if the class is currently referenced by one or more policies or by any other class, the delete action fails.
  • Page 392 Each of these translates into its equivalent port number. To specify the match condition using a numeric notation, one layer 4 port number is required. The port number is an integer from 0 to 65535. Default none Format match dstl4port { | <0-65535>} Mode Class-Map Config Ipv6-Class-Map Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 393 DiffServ Class Commands match ip dscp This command adds to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet, which is defined as the high-order six bits of the Service Type octet in the IP header (the low-order two bits are not checked).
  • Page 394 (listed below). The currently supported values are: domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these translates into its equivalent port number, which is used as both the start and end of a port range. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 395: Diffserv Policy Commands

    DiffServ Policy Commands To specify the match condition as a numeric value, one layer 4 port number is required. The port number is an integer from 0 to 65535. Default none Format match srcl4port { | <0-65535>} Mode Class-Map Config Ipv6-Class-Map Config OLICY OMMANDS...
  • Page 396 This command deletes the instance of a particular class and its defined treatment from the specified policy. is the names of an existing DiffServ class. Note: This command removes the reference to the class definition for the specified policy. Format no class Mode Policy-Map Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 397 DiffServ Policy Commands mark cos This command marks all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header (the only tag in a single tagged packet or the first or outer 802.1Q tag of a double VLAN tagged packet). If the packet does not already contain this header, one is inserted.
  • Page 398: Diffserv Service Commands

    The service commands attach a defined policy to a directional interface. You can assign only one policy at any one time to an interface in the inbound direction. DiffServ is not used in the outbound direction. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 399: Diffserv Show Commands

    DiffServ Show Commands This set of commands consists of service addition/removal. The CLI command root is service-policy. service-policy This command attaches a policy to an interface in the inbound direction. The parameter is the name of an existing DiffServ policy. This command causes a service to create a reference to the policy. Note: This command effectively enables DiffServ on an interface in the inbound direction.
  • Page 400 Example: The following shows example CLI display output for the command. (DWS-4026) #show class-map test Class Name........test Class Type........All Class Layer3 Protocol......ipv4 Match Criteria Values ---------------------------- ------------------------------------------- Protocol © 2009 D-Link Corporation. All Rights Reserved...
  • Page 401 DiffServ Show Commands show diffserv This command displays the DiffServ General Status Group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. This command takes no options.
  • Page 402 List of all class names associated with this policy. Example: The following shows example CLI display output for the command. (DWS-4026) #show policy-map p1 Policy Name........p1 Policy Type........In Class Name........test This traffic will be dropped. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 403 DiffServ Show Commands show diffserv service This command displays policy service information for the specified interface and direction. The parameter specifies a valid slot/port number for the system. Format show diffserv service in Mode Privileged EXEC Term Definition DiffServ Admin The current setting of the DiffServ administrative mode.
  • Page 404 No in-bound policy is attached to this interface. show service-policy This command displays a summary of policy-oriented statistics information for all interfaces in the specified direction. Format show service-policy in Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 405: Mac Access Control List Commands

    MAC Access Control List Commands The following information is repeated for each interface and direction (only those interfaces configured with an attached policy are shown): Term Definition Interface Valid slot and port number separated by a forward slash. Operational Status The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface.
  • Page 406: Table 9: Ethertype Keyword And 4-Digit Hexadecimal Value

    The vlan and cos parameters refer to the VLAN identifier and 802.1p user priority fields, respectively, of the VLAN tag. For packets containing a double VLAN tag, this is the first (or outer) tag. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 407 MAC Access Control List Commands The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule. The allowed value is 0–7, and the number of user-configurable queues available for the switch is 8. The assign-queue parameter is valid only for a permit rule.
  • Page 408: Ip Access Control List Commands

    This command creates an IP Access Control List (ACL) that is identified by the access list number, which is 1-99 for standard ACLs or 100-199 for extended ACLs. Table 10 describes the parameters for the access-list command. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 409: Table 10: Acl Command Parameters

    IP Access Control List Commands IP Standard ACL: Format access-list <1-99> {deny | permit} {every | } [log] [assign- queue ] [mirror ] Mode Global Config IP Extended ACL: Format access-list <100-199> {deny | permit} {every | {{icmp | igmp | ip | tcp | udp | } ...
  • Page 410 A rule may either deny or permit traffic according to the specified classification fields. At a minimum, either the every keyword or the protocol, source address, and destination address values must be specified. The source and destination IP address © 2009 D-Link Corporation. All Rights Reserved...
  • Page 411 IP Access Control List Commands fields may be specified using the keyword to indicate a match on any value in that field. The remaining command parameters are all optional, but the most frequently used parameters appear in the same relative order as shown in the command format.
  • Page 412 The slot/port to which packets matching this rule are copied. Example: The following shows example CLI display output for the command. (DWS-4026) #show ip access-lists 2 ACL ID: 2 Rule Number: 1 Action......... permit © 2009 D-Link Corporation. All Rights Reserved...
  • Page 413 IP Access Control List Commands Match All........TRUE Mirror Interface....... 0/3 show access-lists This command displays IP ACLs, IPv6 ACLs, and MAC access control lists information for a designated interface and direction. Format show access-lists interface in Mode Privileged EXEC Term Definition ACL Type...
  • Page 414: Auto-Voice Over Ip Commands

    Use this command to disable VoIP Profile on the interface. Format no auto-voip all Mode Interface Config show auto-voip Use this command to display the VoIP Profile settings on the interface or interfaces of the switch. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 415 Auto-Voice over IP Commands Format show auto-voip interface {|all} Mode Privileged EXEC Field Description AutoVoIP Mode The Auto VoIP mode on the interface. Traffic Class The CoS Queue or Traffic Class to which all VoIP traffic is mapped to. This is not configurable and defaults to the highest CoS queue available in the system for data traffic.
  • Page 416 D-Link Unified Switch CLI Command Reference © 2009 D-Link Corporation. All Rights Reserved...
  • Page 417: Section 8: Utility Commands

    Utility Commands S ec t io n 8 : Ut i l it y C omm an ds This section describes the utility commands available in the Unified Switch CLI. The Utility Commands section includes the following subsections: • “Dual Image Commands” on page 409 •...
  • Page 418: System Information And Statistics Commands

    Format show arp switch Mode Privileged EXEC Term Definition IP Address IP address of the management interface or another device on the management network. MAC Address Hardware MAC address of that device. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 419 System Information and Statistics Commands Term Definition Interface For a service port the output is Management. For a network port, the output is the slot/port of the physical interface. show eventlog This command displays the event log, which contains error messages from the system. The event log is not cleared on a system reset.
  • Page 420 The total number of packets transmitted out of the interface. Transmitted Without Error Broadcast Packets The total number of packets that higher-level protocols requested to be transmitted to the Broadcast Transmitted address, including those that were discarded or not sent. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 421 System Information and Statistics Commands Term Definition Transmit Packet The number of outbound packets that could not be transmitted because of errors. Errors Address Entries The total number of Forwarding Database Address Table entries now active on the switch, including Currently In Use learned and static entries.
  • Page 422 • Packets RX and TX 4096–9216 Octets - The total number of packets received that were between 4096 and 9216 octets in length inclusive (excluding framing bits, but including FCS octets) and were otherwise well formed. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 423 System Information and Statistics Commands Term Definition Packets Received • Total Packets Received Without Error - The total number of packets received that were without Successfully errors. • Unicast Packets Received - The number of subnetwork-unicast packets delivered to a higher-layer protocol.
  • Page 424 815 counts per sec. at 10 Mb/s. • Underrun Errors - The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 425 System Information and Statistics Commands Term Definition Transmit Discards • Total Discards - The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. • Total Output Packets Dropped - The total number of Aged packets. •...
  • Page 426 Enter all or no parameter to display the entire table. Enter a MAC Address and VLAN ID to display the table entry for the requested MAC address on the specified VLAN. Enter the count parameter to view summary information about the © 2009 D-Link Corporation. All Rights Reserved...
  • Page 427 System Information and Statistics Commands forwarding database table. Use the interface parameter to view MAC addresses on a specific interface. Use the vlan parameter to display information about MAC addresses on a specified VLAN. Format show mac-addr-table [{ | all | count | interface | vlan }] Mode Privileged EXEC...
  • Page 428 This command provides the percentage utilization of the CPU by different tasks. Note: It is not necessarily the traffic to the CPU, but different tasks that keep the CPU busy. Format show process cpu Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 429 System Information and Statistics Commands The following shows example CLI display output for the command for VxWorks. (DWS-4026) #show process cpu Memory Utilization Report status bytes ------ ---------- free 101133744 alloc 134315888 CPU Utilization: Name 5 Sec 1 Min 5 Min --------------------------------------------------------- 1f9e520 tNetTask 0.00%...
  • Page 430 0 idle-timeout 0 max-bandwidth-up 0 max-bandwidth-down 0 --More-- or (q)uit max-input-octets 0 max-output-octets 0 max-total-octets 0 interface 8/1 separator-color "#B70024" background-color "#BFBFBF" foreground-color "#999999" locale 1 code "en" account-image "login_key.jpg" account-label 0045006E00740065007200200079006F0075007200200055007300650072006E0061006D0065002E © 2009 D-Link Corporation. All Rights Reserved...
  • Page 431 System Information and Statistics Commands accept-msg 004500720072006F0072003A00200059006F00750020006D007500730074002000610063006B006E006F007 7006C0065006400670065002000740068006500200041006300630065007000740061006E00630065002000 550073006500200050006F006C0069006300790020006200650066006F0072006500200063006F006E006E0 065006300740069006E00670021 accept-text 0043006800650063006B0020006800650072006500200074006F00200069006E00640069006300610074006 50020007400680061007400200079006F007500200068006100760065002000720065006100640020006100 6E0064002000610063006300650070007400650064002000740068006500200041006300630065007000740 061006E00630065002000550073006500200050006F006C006900630079002E no aup-text aup-text 0041006300630065007000740061006E00630065002000550073006500200050006F006C006900630079 button-label 0043006F006E006E006500630074 branding-image "BRCM_logo.gif" browser-title 004300610070007400690076006500200050006F007200740061006C denied-msg 004500720072006F0072003A00200049006E00760061006C00690064002000430072006500640065006E007 400690061006C0073002C00200070006C006500610073006500200074007200790020006100670061006900 6E0021 font-list "arial, sans-serif" no instructional-text instructional-text 0054006F0020007300740061007200740020007500730069006E00670020007400680069007300200073006 500720076006900630065002C00200065006E00740065007200200079006F00750072002000630072006500 640065006E007400690061006C007300200061006E006400200063006C00690063006B00200074006800650 0200043006F006E006E00650063007400200062007500740074006F006E002E link 00280045006E0067006C0069007300680029 password-label 00500061007300730077006F00720064 --More-- or (q)uit resource-msg...
  • Page 432 5 to 48. After the user-configured number of lines is displayed in one page, the system prompts the user for --More-- or (q)uit. Press q or Q to quit, or press any key to display the next set of <5-48> lines. The © 2009 D-Link Corporation. All Rights Reserved...
  • Page 433 System Information and Statistics Commands command terminal length 0 disables pagination and, as a result, the output of the show running-config command is displayed immediately. Default 24 lines per page Format terminal length <0|5-48> Mode Privileged EXEC no terminal length Use this command to set the terminal length to the default value.
  • Page 434: Logging Commands

    This command enables the CLI command logging feature, which enables the Unified Switch software to log all CLI commands issued on the system. Default enabled Format logging cli-command Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 435 Logging Commands no logging cli-command This command disables the CLI command Logging feature. Format no logging cli-command Mode Global Config logging console This command enables logging to the console. You can specify the value as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7).
  • Page 436 Shows whether console logging is enabled. Console Logging The minimum severity to log to the console log. Messages with an equal or lower numerical severity Severity Filter are logged. Buffered Logging Shows whether buffered logging is enabled. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 437 Logging Commands Term Definition Syslog Logging Shows whether syslog logging is enabled. Log Messages Number of messages received by the log process. This includes messages that are dropped or Received ignored. Log Messages Number of messages that could not be processed due to error or lack of resources. Dropped Log Messages Number of messages sent to the collector/relay.
  • Page 438: System Utility And Clear Commands

    Use maxFail to terminate the traceroute after failing to receive a response for this number of consecutive probes. Range is 0 to 255. interval Use interval to specify the time between probes, in seconds. Range is 1 to 60 seconds. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 439 System Utility and Clear Commands Parameter Description count Use the optional count parameter to specify the number of probes to send for each TTL value. Range is 1 to 10 probes. port Use the optional port parameter to specify destination UDP port of the probe. This should be an unused port on the remote destination system.
  • Page 440 Privileged EXEC enable passwd This command prompts you to change the Privileged EXEC password. Passwords are a maximum of 64 alphanumeric characters. The password is case sensitive. Format enable passwd Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 441 System Utility and Clear Commands enable passwd encrypted This command allows the administrator to transfer the enable password between devices without having to know the password. The parameter must be exactly 128 hexadecimal characters. Format enable passwd encrypted Mode Privileged EXEC logout...
  • Page 442 The copy command uploads and downloads files to and from the switch. You can also use the copy command to manage the dual images (image1 and image2) on the file system. Upload and download files from a server by using TFTP or © 2009 D-Link Corporation. All Rights Reserved...
  • Page 443: Table 11: Copy Parameters

    System Utility and Clear Commands Xmodem. SFTP and SCP are available as additional transfer methods if the software package supports secure management. Format copy Mode Privileged EXEC Replace the and parameters with the options in Table 11.
  • Page 444: Sntp And Clock Commands

    This command enables Simple Network Time Protocol (SNTP) client mode and may set the mode to either broadcast or unicast. Default disabled Format sntp client mode [broadcast | unicast] Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 445 SNTP and Clock Commands no sntp client mode This command disables Simple Network Time Protocol (SNTP) client mode. Format no sntp client mode Mode Global Config sntp client port This command sets the SNTP client port id to a value from 1-65535. Default Format sntp client port ...
  • Page 446 This command configures an SNTP server (a maximum of three). The optional priority can be a value of 1-3, the version a value of 1-4, and the port id a value of 1-65535. Format sntp server [ [ []]] Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 447 SNTP and Clock Commands no sntp server This command deletes an server from the configured SNTP servers. Format no sntp server remove Mode Global Config show sntp This command is used to display SNTP settings and status. Format show sntp Mode Privileged EXEC Term...
  • Page 448: Time Zone And Daylight Savings Time Commands

    Replace with the number of hours your time zone differs from the UTC time, in the range –12 to 13. A negative value indicates that the time zone later than the UTC, and a positive value indicates a time zone that is earlier than the UTC. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 449 SNTP and Clock Commands Term Definition minutes Replace with the number of minutes your time zone differs from the UTC, in addition to the offset, in the range -59 to +59. zone Replace with an acronym for the time zone. Example: The following example configures the time zone to 5 hours and 30 minutes earlier than UTC, and names it IST .
  • Page 450: Dhcp Server Commands

    Mode DHCP Pool Config client-name This command specifies the name for a DHCP client. Name is a string consisting of standard ASCII characters. Default none Format client-name Mode DHCP Pool Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 451 DHCP Server Commands no client-name This command removes the client name. Format no client-name Mode DHCP Pool Config default-router This command specifies the default router list for a DHCP client. {address1, address2… address8} are valid IP addresses, each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Default none Format...
  • Page 452 Format lease [{ [] [] | infinite}] Mode DHCP Pool Config no lease This command restores the default value of the lease time for DHCP Server. Format no lease Mode DHCP Pool Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 453 DHCP Server Commands network (DHCP Pool Config) Use this command to configure the subnet number and mask for a DHCP address pool on the server. Network-number is a valid IP address, made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Mask is the IP subnet mask for the specified address pool.
  • Page 454 This command configures the next server in the boot process of a DHCP client.The
    parameter is the IP address of the next server in the boot process, which is typically a TFTP server. Default inbound interface helper addresses Format next-server
    Mode DHCP Pool Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 455 DHCP Server Commands no next-server This command removes the boot server list. Format no next-server Mode DHCP Pool Config option The option command configures DHCP Server options. The parameter specifies the DHCP option code and ranges from 1-254. The parameter specifies an NVT ASCII character string. ASCII character strings that contain white space must be delimited by quotation marks.
  • Page 456 This command disables the allocation of the addresses to the bootp client. The address are from the automatic address pool. Format no ip dhcp bootp automatic Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 457 DHCP Server Commands ip dhcp conflict logging This command enables conflict logging on DHCP server. Default enabled Format ip dhcp conflict logging Mode Global Config no ip dhcp conflict logging This command disables conflict logging on DHCP server. Format no ip dhcp conflict logging Mode Global Config clear ip dhcp binding...
  • Page 458 The list of the default routers available to the DHCP client The following additional field is displayed for Dynamic pool type: Field Definition Network The network number and the mask for the DHCP address pool. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 459 DHCP Server Commands The following additional fields are displayed for Manual pool type: Field Definition Client Name The name of a DHCP client. Client Identifier The unique identifier of a DHCP client. Hardware Address The hardware address of a DHCP client. Hardware Address The protocol of the hardware platform.
  • Page 460: Dns Client Commands

    255 characters and should not include an initial period. This should be used only when the default domain name list, configured using the ip domain list command, is empty. Default none Format ip domain name Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 461 DNS Client Commands Example: The CLI command ip domain name yahoo.com will configure yahoo.com as a default domain name. For an unqualified hostname xxx, a DNS query is made to find the IP address corresponding to xxx.yahoo.com. no ip domain name Use this command to remove the default domain name configured using the ip domain name command.
  • Page 462 DNS query. ranges from 0 to 3600. Default Format ip domain timeout Mode Global Config no ip domain timeout Use this command to return to the default setting. Format no ip domain timeout Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 463 DNS Client Commands clear host Use this command to delete entries from the host name-to-address cache. This command clears the entries from the DNS cache maintained by the software. This command clears both IPv4 and IPv6 entries. Format clear host { | all} Mode Privileged EXEC Field...
  • Page 464: Serviceability Packet Tracing Commands

    Use this command to enable Auto VOIP debug messages. Use the optional parameters to trace H323, SCCP, or SIP packets respectively. Default disabled Format debug auto-voip [H323|SCCP|SIP] Mode Privileged EXEC no debug auto-voip Use this command to disable Auto VOIP debug messages. Format no debug auto-voip Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 465 Serviceability Packet Tracing Commands debug clear This command disables all previously enabled “debug” traces. Default disabled Format debug clear Mode Privileged EXEC debug console This command enables the display of “debug” trace output on the login session in which it is executed. Debug console display must be enabled in order to view any trace output.
  • Page 466 • V2_Leave_Group – IGMP Version 2 Leave Group Group Multicast group address in the IGMP header. no debug igmpsnooping transmit This command disables tracing of transmitted IGMP snooping packets. Format no debug igmpsnooping transmit Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 467 Serviceability Packet Tracing Commands debug igmpsnooping packet receive This command enables tracing of IGMP Snooping packets received by the switch. Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface. Default disabled Format debug igmpsnooping packet receive...
  • Page 468 MLD snooping packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 469 Serviceability Packet Tracing Commands Default disabled Format debug mldsnooping packet [receive|transmit] Mode Privileged EXEC no debug mldsnooping packet Use this command to disable debug tracing of MLD snooping packet reception and transmission. debug ping packet This command enables tracing of ICMP echo requests and responses. The command traces pings on the network port/ serviceport for switching packages.
  • Page 470 This command disables tracing of RIP requests and responses. Format no debug rip packet Mode Privileged EXEC debug sflow packet Use this command to enable sFlow debug packet trace. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 471 Serviceability Packet Tracing Commands Default disabled Format debug sflow packet Mode Privileged EXEC no debug sflow packet Use this command to disable sFlow debug packet trace. Format no debug sflow packet Mode Privileged EXEC debug spanning-tree bpdu This command enables tracing of spanning tree BPDUs received and transmitted by the switch. Default disabled Format...
  • Page 472 MAC address of the CIST root bridge. Root_Priority Priority of the CIST root bridge. The value is between 0 and 61440. It is displayed in hex in multiples of 4096. Path_Cost External root path cost component of the BPDU. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 473 Serviceability Packet Tracing Commands no debug spanning-tree bpdu transmit This command disables tracing of transmitted spanning tree BPDUs. Format no debug spanning-tree bpdu transmit Mode Privileged EXEC logging persistent Use this command to configure the Persistent logging for the switch. The severity level of logging messages is specified at severity level.
  • Page 474: Cable Test Command

    10/100 Ethernet adapter, then the cable status may display as Open or Short because some Ethernet adapters leave unused wire pairs unterminated or grounded. Unknown is displayed if the cable length could not be determined. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 475: Sflow Commands

    sFlow Commands OMMANDS ® sFlow is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. sflow receiver Use this command to configure the sFlow collector parameters (owner string, receiver timeout, max datagram size, IP address, and port).
  • Page 476 The sFlow agent collects time-based sampling of network interface statistics and flow-based samples. These are sent to the configured sFlow receivers. Use this command to display the sFlow agent information. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 477 MIB Version; Organization; Software Revision where: • MIB Version: 1.3, the version of this MIB. • Organization: D-Link Corporation. • Revision: D-Link UWS Software version IP Address The IP address associated with this agent. Example: The following shows example CLI display output for the command.
  • Page 478 Packet Sampling The statistical sampling rate for packet sampling from this source. Rate Max Header Size The maximum number of bytes that should be copied from a sampled packet to form a flow sample. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 479: Autoinstall Commands

    AutoInstall Commands NSTALL OMMANDS The AutoInstall feature enables the automatic configuration of a switch when the device is initialized and no configuration file is found on the switch. When no configuration file is found, it is downloaded from a TFTP server and saved to non-volatile memory.
  • Page 480 Mode Privileged EXEC Example: The following shows example CLI display output for the command. (DWS-4026) #show autoinstall AutoInstall Mode....... Started AutoSave Mode........Enabled AutoInstall Retry Count......3 AutoInstall State......Waiting for boot options © 2009 D-Link Corporation. All Rights Reserved...
  • Page 481: Section 9: Management Commands

    Management Commands Secti o n 9: Man ag eme nt Co mma nd s This section describes the management commands available in the Unified Switch CLI. The Management Commands section contains the following subsections: • “Network Interface Commands” on page 473 •...
  • Page 482 This command specifies whether the switch uses the burned in MAC address or the locally-administered MAC address. Default burnedin Format network mac-type {local | burnedin} Mode Privileged EXEC no network mac-type This command resets the value of MAC address to its default. Format no network mac-type Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 483 Network Interface Commands network javamode This command specifies whether or not the switch should allow access to the Java applet in the header frame of the Web interface and to the WLAN Visualization applet. When access is enabled, the Java applets can be viewed from the Web interface.
  • Page 484: Console Port Access Commands

    This command specifies the communication rate of the terminal interface. The supported rates are 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200. Default 9600 Format serial baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200} Mode Line Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 485 Console Port Access Commands no serial baudrate This command sets the communication rate of the terminal interface. Format no serial baudrate Mode Line Config serial timeout This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected indefinitely.
  • Page 486: Telnet Commands

    Note: If the Telnet Server Admin Mode is disabled, Telnet sessions cannot be established. Use the ip telnet server enable command to enable Telnet Server Admin Mode. Default enabled Format transport input telnet Mode Line Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 487 Telnet Commands no transport input telnet Use this command to prevent new Telnet sessions from being established. Format no transport input telnet Mode Line Config transport output telnet This command regulates new outbound Telnet connections. If enabled, new outbound Telnet sessions can be established until the system reaches the maximum number of simultaneous outbound Telnet sessions allowed.
  • Page 488 This command sets the Telnet connection session timeout value to the default. Note: Changing the timeout value for active sessions does not become effective until the session is reaccessed. Also, any keystroke activates the new timeout duration. Format no telnetcon timeout Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 489: Secure Shell Commands

    Secure Shell Commands show telnet This command displays the current outbound Telnet settings. In other words, these settings apply to Telnet connections initiated from the switch to a remote system. Format show telnet Modes • Privileged EXEC • User EXEC Term Definition Outbound Telnet...
  • Page 490 Default Format sshcon maxsessions <0-5> Mode Privileged EXEC no sshcon maxsessions This command sets the maximum number of allowed SSH connection sessions to the default value. Format no sshcon maxsessions Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 491: Management Security Commands

    Management Security Commands sshcon timeout This command sets the SSH connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. The time is a decimal value from 1 to 160. Changing the timeout value for active sessions does not become effective until the session is re accessed.
  • Page 492 Mode Global Config no crypto key generate dsa Use this command to delete the DSA key files from the device. Format no crypto key generate dsa Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 493: Hypertext Transfer Protocol Commands

    Hypertext Transfer Protocol Commands YPERTEXT RANSFER ROTOCOL OMMANDS This section describes the commands you use to configure Hypertext Transfer Protocol (HTTP) and secure HTTP access to the switch. Access to the switch by using a Web browser is enabled by default. Everything you can view and configure by using the CLI is also available by using the Web.
  • Page 494 When this timeout expires the user will be forced to re-authenticate. This timer begins on initiation of the Web session and is re-started with each access to the switch. Default Format ip http session soft-timeout <0-60> Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 495 Hypertext Transfer Protocol Commands no ip http session soft-timeout This command resets the soft timeout for un-secure HTTP sessions to the default value. Format no ip http session soft-timeout Mode Privileged EXEC ip http secure-session hard-timeout This command configures the hard timeout for secure HTTP sessions in hours. When this timeout expires, the user is forced to re-authenticate.
  • Page 496 The java applet administrative mode which applies to both secure and un-secure web connections. Maximum The number of allowable un-secure http sessions. Allowable HTTP Sessions HTTP Session Hard The hard timeout for un-secure http sessions in hours. Timeout © 2009 D-Link Corporation. All Rights Reserved...
  • Page 497: Access Commands

    Access Commands Term Definition HTTP Session Soft The soft timeout for un-secure http sessions in minutes. Timeout HTTP Mode The secure HTTP server administrative mode. (Secure) Secure Port The secure HTTP server port number. Secure Protocol The protocol level may have the values of SSL3, TSL1, or both SSL3 and TSL1. Level(s) Maximum The number of allowable secure http sessions.
  • Page 498: User Account Commands

    Note: You cannot delete the “admin” user account. users name unlock Use this command to unlock a locked user account. Only a user with read/write access can re-activate a locked user account. Format users name unlock Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 499 User Account Commands users passwd Use this command to change a password. Passwords are a maximum of 64 alphanumeric characters. If a user is authorized for authentication or encryption is enabled, the password length must be at least eight alphanumeric characters. The password is case sensitive.
  • Page 500 To see the case of the , enter the show users command. Default no encryption Format users snmpv3 encryption {none | des[key]} Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 501 User Account Commands no users snmpv3 encryption This command sets the encryption protocol to none. The is the login user name for which the specified encryption protocol will be used. Format no users snmpv3 encryption Mode Global Config show users This command displays the configured user names and their settings.
  • Page 502 Use this command to implement aging on passwords for local users. When a user’s password expires, the user will be prompted to change it before logging in again. The valid range is 1-365. The default is 0, or no aging. Default Format passwords aging <1-365> Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 503 User Account Commands no passwords aging Use this command to set the password aging to the default value. Format no passwords aging Mode Global Config passwords lock-out Use this command to strengthen the security of the switch by locking user accounts that have failed login due to wrong passwords.
  • Page 504: Snmp Commands

    A value of 0.0.0.0 allows access from any IP address. Otherwise, this value is ANDed with the mask to determine the range of allowed client IP addresses. The name is the applicable community name. Default 0.0.0.0 Format snmp-server community ipaddr Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 505 SNMP Commands no snmp-server community ipaddr This command sets a client IP address for an SNMP community to 0.0.0.0. The name is the applicable community name. Format no snmp-server community ipaddr Mode Global Config snmp-server community ipmask This command sets a client IP mask for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP address value to denote a range of IP addresses from which SNMP clients may use that community to access the device.
  • Page 506 This command enables the Authentication failure trap. Default enabled Format snmp-server enable traps Mode Global Config no snmp-server enable traps This command disables the Authentication failure trap. Format no snmp-server enable traps Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 507 SNMP Commands snmp-server enable traps linkmode This command enables Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled. See “snmp trap link-status” on page 501. Default enabled Format...
  • Page 508 Note: IP addresses in the SNMP trap receiver table must be unique. If you make multiple entries using the same IP address, the first entry is retained and processed. All duplicate entries are ignored. Format snmptrap ipaddr Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 509 SNMP Commands snmptrap mode This command activates or deactivates an SNMP trap. Enabled trap receivers are active (able to receive traps). Disabled trap receivers are inactive (not able to receive traps). Format snmptrap mode Mode Global Config no snmptrap mode This command deactivates an SNMP trap.
  • Page 510 This command displays SNMP trap receivers. Trap messages are sent across a network to an SNMP Network Manager. These messages alert the manager to events occurring within the switch or on the network. Six trap receivers are simultaneously supported. Format show snmptrap Mode Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 511 SNMP Commands Term Definition SNMP Trap Name The community string of the SNMP trap packet sent to the trap manager. The string is case sensitive and can be up to 16 alphanumeric characters. IP Address The IPv4 address to receive SNMP traps from this device. SNMP Version SNMPv2 Mode...
  • Page 512: Radius Commands

    This command specifies the RADIUS client to use the NAS-IP Address attribute in the RADIUS requests. If the specific IP address is configured while enabling this attribute, the RADIUS client uses that IP address while sending NAS-IP-Address attribute in RADIUS communication. Format radius server attribute <4> [] Mode Global Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 513 RADIUS Commands Term Definition NAS-IP-Address attribute to be used in RADIUS requests. ipaddr The IPv4 address of the server. no radius server attribute version of this command disables the NAS-IP-Address attribute global parameter for RADIUS client. When this parameter is disabled, the RADIUS client does not send the NAS-IP-Address attribute in RADIUS requests. Format no radius server attribute <4>...
  • Page 514 Note: The secret must be an alphanumeric value not exceeding 16 characters. Format radius server key {auth | acct} {} encrypted Mode Global Config Field Description ipaddr The IP address of the server. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 515 RADIUS Commands Field Description dnsname The DNS name of the server. password The password in encrypted format. Example: The following shows an example of the CLI command. radius server key acct 10.240.4.10 encrypted radius server msgauth This command enables the message authenticator attribute to be used for the specified RADIUS Authenticating server. Format radius server msgauth ...
  • Page 516 The no version of this command sets the timeout global parameter to the default value. Format no radius server timeout Mode Global Config show radius This command displays the values configured for the global parameters of the RADIUS client. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 517 RADIUS Commands Format show radius Mode Privileged EXEC Term Definition Number of The number of RADIUS Authentication servers that have been configured. Configured Authentication Servers Number of The number of RADIUS Accounting servers that have been configured. Configured Accounting Servers Number of Named The number of configured named RADIUS server groups.
  • Page 518 Current Host Address Server Name Type ------------------------ --------------------------------- ----------192.168.37.200 Network1_RADIUS_Server Secondary 192.168.37.201 Network2_RADIUS_Server Primary 192.168.37.202 Network3_RADIUS_Server Secondary 192.168.37.203 Network4_RADIUS_Server Primary (DWS-4026) #show radius servers name Default_RADIUS_Server Server Name......Default_RADIUS_Server Host Address......192.168.37.58 Secret Configured...... No © 2009 D-Link Corporation. All Rights Reserved...
  • Page 519 RADIUS Commands Message Authenticator ....Enable Number of Retransmits....4 Time Duration......10 RADIUS Accounting Mode....Disable RADIUS Attribute 4 Mode....Enable RADIUS Attribute 4 Value ....192.168.37.60 (DWS-4026) #show radius servers 192.168.37.58 Server Name......Default_RADIUS_Server Host Address......192.168.37.58 Secret Configured...... No Message Authenticator ....
  • Page 520 The number of RADIUS packets received from this server on the accounting port and dropped for some other reason. Example: The following shows example CLI display output for the command. (DWS-4026) #show radius accounting statistics 192.168.37.200 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 521 RADIUS Commands RADIUS Accounting Server Name....Default_RADIUS_Server Host Address........192.168.37.200 Round Trip Time....... 0.00 Requests........0 Retransmissions....... 0 Responses........0 Malformed Responses......0 Bad Authenticators......0 Pending Requests......0 Timeouts........0 Unknown Types......... 0 Packets Dropped....... 0 (DWS-4026) #show radius accounting statistics name Default_RADIUS_Server RADIUS Accounting Server Name....
  • Page 522 Access Requests....... 0.00 Access Retransmissions......0 Access Accepts........ 0 Access Rejects........ 0 Access Challenges......0 Malformed Access Responses....0 Bad Authenticators......0 Pending Requests......0 Timeouts........0 Unknown Types......... 0 Packets Dropped....... 0 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 523: Tacacs+ Commands

    TACACS+ Commands TACACS+ C OMMANDS TACACS+ provides access control for networked devices via one or more centralized servers. Similar to RADIUS, this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides for separate authentication, authorization, and accounting services.
  • Page 524 Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority. The parameter specifies the priority for servers. The highest priority is 0 (zero), and the range is 0 - 65535. Default Format priority Mode TACACS Config © 2009 D-Link Corporation. All Rights Reserved...
  • Page 525: Configuration Scripting Commands

    Configuration Scripting Commands timeout Use the timeout command in TACACS Configuration mode to specify the timeout value in seconds. If no timeout value is specified, the global value is used. The parameter has a range of 1-30 and is the timeout value in seconds. Format timeout ...
  • Page 526 This command lists all scripts present on the switch as well as the remaining available space. Format script list Mode Global Config Term Definition Configuration Name of the script. Script Size Privileged EXEC © 2009 D-Link Corporation. All Rights Reserved...
  • Page 527: Pre-Login Banner And System Prompt Commands

    Pre-login Banner and System Prompt Commands script show This command displays the contents of a script file, which is named . Format script show Mode Privileged EXEC Term Definition Output Format line : script validate This command validates a script file by parsing each line in the script file where is the name of the script to validate.The validate option is intended to be used as a tool for script development.
  • Page 528 D-Link Unified Switch CLI Command Reference © 2009 D-Link Corporation. All Rights Reserved...
  • Page 529: Section 10: Unified Switch Log Messages

    D-Link in determining the root cause of such a problem. Note: This section is not a complete list of all syslog messages.
  • Page 530: Table 14: System Log Messages

    SYSTEM Building Defaults Configuration did not exist or could not be read for the specified feature. Default configuration values will be used. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 531: Utilities

    Utilities Table 14: System Log Messages (Cont.) Component Message Cause SYSTEM sysapiCfgFileGet failed size = version = the specified feature. This message is usually followed by a message indicating that default configuration values will be used.
  • Page 532: Table 19: Tacacs+ Log Messages

    TACACS+: received invalid packet type from Received packet type that is not supported. server. TACACS+ TACACS+: invalid major version in received Major version mismatch. packet. TACACS+ TACACS+: invalid minor version in received Minor version mismatch. packet. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 533: Management

    Management Table 20: LLDP Log Message Component Message Cause LLDP lldpTask(): invalid message type:xx. xxxxxx:xx Unsupported LLDP packet received. Table 21: SNTP Log Message Component Message Cause SNTP SNTP: system clock synchronized on %s UTC Indicates that SNTP has successfully synchronized the time of the box with the server.
  • Page 534: Table 24: Web Log Messages

    Failed to open connection to unsecure server. result = YYYY, errno = ZZZZ XXXX is the unsecure server socket address. YYYY is the result returned from connect function and ZZZZ is the error code. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 535: Switching

    Switching Table 27: SSLT Log Messages Component Message Cause SSLT SSLT: Msg Queue is full, event = XXXX Failed to send the received message to the SSLT message queue as message queue is full. XXXX indicates the event to be sent. SSLT SSLT: Unknown UI event in message, Failed to dispatch the received UI event to the...
  • Page 536: Table 30: Ip Subnet Vlans Log Messages

    This appears when a semaphore deletion of this delete avl semaphore component fails. Mac based VLANS vlanMacAddApply: Failed to add an entry This appears when a dtl call fails to add an entry into the table. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 537: Table 32: 802.1X Log Messages

    Switching Table 31: MAC-based VLANs Log Messages (Cont.) Component Message Cause Mac based VLANS vlanMacDeleteApply: Unable to delete an Entry This appears when a dtl fails to delete an entry from the table. Mac based VLANS vlanMacVlanChangeCallback: Failed to add an This appears when a dtl fails to add an entry for a entry vlan add notify event.
  • Page 538: Table 34: Garp/Gvrp/Gmrp Log Messages

    Double Vlan Tag dvlantagIntfIsConfigurable: Error accessing A default configuration does not exist for this dvlantag config data for interface %d interface. Typically a case when a new interface is created and has no pre-configuration. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 539: Table 38: Mfdb Log Message

    Switching Table 38: MFDB Log Message Component Message Cause MFDB mfdbTreeEntryUpdate: entry does not exist Trying to update a non existing entry. Table 39: 802.1Q Log Messages Component Message Cause 802.1Q dot1qIssueCmd: Unable to send message %d to dot1qMsgQueue is full. dot1qMsgQueue for vlan %d - %d msgs in queue 802.1Q dot1qVlanCreateProcess: Attempt to create a vlan...
  • Page 540: Qos

    Policy invalid for service intf: "policy name , The DiffServ policy definition is not compatible with intIfNum x , direction y the capabilities of the interface specified. Check the platform release notes for information on configuration limitations. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 541: Routing

    Routing OUTING Table 46: DHCP Relay Log Messages Component Message Cause DHCP relay REQUEST hops field more than config value The DHCP relay agent has processed a DHCP request whose HOPS field is larger than the maximum value allowed. The relay agent will not forward a message with a hop count greater than DHCP relay Request's seconds field less than the config value The DHCP relay agent has processed a DHCP...
  • Page 542: Technologies

    USL: failed to sync ipmc table on unit = x Either the transport failed or the message was dropped. Driver usl_task_ipmc_msg_send(): failed to send with x Either the transport failed or the message was dropped. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 543 Technologies Table 51: Driver Error Messages (Cont.) Component Message Cause Driver USL: No available entries in the STG table The Spanning Tree Group table is full in USL. Driver USL: failed to sync stg table on unit = x Could not synchronize unit x due to a transport failure or API issue on remote unit.
  • Page 544: O/S Support

    OSAPI VxWorks osapiSemaTake failed The requested semaphore can not be taken because: the call is made from an ISR or the semaphore ID is invalid. © 2009 D-Link Corporation. All Rights Reserved...
  • Page 545 O/S Support...
  • Page 546 D-Link Unified Switch CLI Command Reference © 2009 D-Link Corporation. All Rights Reserved...
  • Page 547: Section 11: List Of Commands

    List of Commands Se cti on 11: Li st of Co mma nd s {deny | permit} (IP ACL)..............................402 {deny | permit} (MAC ACL) ..............................398 access-list ...................................400 acl-trapflags ..................................403 addport ....................................80 agetime....................................205 ap authentication ................................203 ap client-qos ..................................204 ap database ..................................237 ap profile copy ..................................263 ap profile .....................................261 ap validation ..................................203...
  • Page 548 ..................................442 client-qos access-control ..............................245 client-qos bandwidth-limit..............................246 client-qos diffserv-policy..............................246 client-qos enable.................................246 clock summer-time date..............................441 clock timezone ..................................440 cluster-priority ..................................208 configuration (Captive Portal) .............................351 configuration ..................................476 conform-color ..................................388 copy (pre-login banner)...............................519 copy ....................................434 cos-queue min-bandwidth..............................377 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 549 List of Commands cos-queue strict ..................................377 country-code ..................................200 crypto certificate generate ..............................484 crypto key generate dsa ..............................484 crypto key generate rsa ..............................484 debug arp ...................................456 debug auto-voip ..................................456 debug clear ..................................457 debug console ..................................457 debug dot1x packet ................................457 debug igmpsnooping packet receive ..........................459 debug igmpsnooping packet transmit ..........................458 debug igmpsnooping packet...............................457 debug ip acl ..................................459...
  • Page 550 (AP Profile VAP Config Mode) ..........................286 enable (Captive Portal Config Mode)..........................345 enable (Captive Portal) ...............................351 enable (Privileged EXEC access) ............................473 enable (RIP)..................................190 enable (Wireless Config Mode)............................200 enable passwd encrypted ..............................433 enable passwd ..................................432 encapsulation..................................172 filedescr ....................................410 foreground-color .................................358 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 551 List of Commands fragmentation-threshold..............................270 group ....................................352 hardware-address................................443 hide-ssid .....................................245 host.....................................444 hostroutesaccept ................................194 http port ....................................346 https port.....................................346 hwtype ....................................262 idle-timeout ..................................356 incorrect-frame-no-ack................................277 interface ....................................14 interface ....................................356 ip access-group ..................................403 ip access-list rename ................................402 ip access-list ..................................402 ip address ...................................169 ip arp inspection filter................................115 ip arp inspection limit ................................114 ip arp inspection trust .................................114 ip arp inspection validate ..............................113...
  • Page 552 ...................................81 lacp actor port priority ................................83 lacp actor port ..................................83 lacp actor system priority ..............................84 lacp admin key ..................................80 lacp collector max-delay ...............................81 lacp partner admin key................................84 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 553 List of Commands lacp partner admin state individual ............................85 lacp partner admin state longtimeout............................85 lacp partner admin state passive ............................86 lacp partner admin state ...............................85 lacp partner port id................................86 lacp partner port priority................................87 lacp partner system priority..............................87 lacp partner system-id ................................87 lease ....................................444 lineconfig ....................................476 lldp med all ..................................140...
  • Page 554 ..............................206 permit ip host mac host...............................115 ping .....................................433 police-simple ..................................389 policy-map rename ................................390 policy-map ..................................390 port lacpmode all ..................................89 port lacpmode ..................................88 port lacptimeout (Global Config) ............................89 port lacptimeout (Interface Config)............................89 port......................................516 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 555 List of Commands port-channel adminmode ..............................90 port-channel linktrap ................................90 port-channel load-balance ..............................90 port-channel name................................91 port-channel static ................................88 port-channel system priority..............................91 port-channel..................................79 port-security mac-address move ............................130 port-security mac-address ..............................130 port-security max-dynamic..............................129 port-security max-static...............................130 port-security ..................................129 power auto ..................................272 power default ..................................273 power-plan interval ................................229 power-plan mode ................................229 priority ....................................516...
  • Page 556 ................................61 show autoinstall ..................................472 show auto-voip..................................406 show bootpdhcprelay ................................189 show bootvar ..................................410 show captive-portal client statistics.............................362 show captive-portal client status ............................362 show captive-portal configuration client status ........................363 show captive-portal configuration interface.........................359 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 557 List of Commands show captive-portal configuration locales ...........................360 show captive-portal configuration status..........................360 show captive-portal configuration ............................359 show captive-portal interface capability ..........................365 show captive-portal interface client status ..........................363 show captive-portal interface configuration status......................365 show captive-portal status ..............................348 show captive-portal trapflags ..............................349 show captive-portal user..............................372 show captive-portal................................348 show class-map ..................................392...
  • Page 558 .....................................135 show logging buffered.................................429 show logging hosts ................................429 show logging traplogs .................................429 show logging ..................................428 show loginsession................................489 show mac access-lists ................................399 show mac-address-table gmrp..............................54 show mac-address-table igmpsnooping ..........................125 show mac-address-table multicast............................155 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 559 List of Commands show mac-address-table static .............................98 show mac-address-table staticfiltering..........................98 show mac-address-table stats ............................156 show mac-addr-table ................................418 show monitor session ................................95 show network..................................475 show passwords configuration............................495 show policy-map interface ..............................396 show policy-map .................................393 show port protocol ................................17 show port ....................................17 show port-channel brief ................................93 show port-channel system priority ............................94 show port-channel ................................93...
  • Page 560 ........................220 show wireless country-code..............................211 show wireless discovery ip-list ............................212 show wireless discovery vlan-list ............................213 show wireless discovery ..............................212 show wireless known-client..............................224 show wireless mac-authentication-mode ..........................224 show wireless multicast tx-rates ............................281 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 561 List of Commands show wireless network................................258 show wireless OUI database ..............................211 show wireless peer-switch ap status ..........................235 show wireless peer-switch configuration ..........................220 show wireless peer-switch configure status........................234 show wireless peer-switch ..............................234 show wireless power-plan proposed...........................233 show wireless power-plan..............................232 show wireless radius................................223 show wireless rates ................................280 show wireless ssid client status ............................318 show wireless statistics...............................215...
  • Page 562 ................................76 storm-control unicast level ..............................76 storm-control unicast rate ..............................76 storm-control unicast................................75 switchport protected (Global Config).............................47 switchport protected (Interface Config) ..........................48 tacacs-server host................................515 tacacs-server key................................515 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 563 List of Commands tacacs-server timeout .................................516 telnet ....................................478 telnetcon maxsessions ...............................480 telnetcon timeout ................................480 terminal length ..................................424 timeout ....................................517 traceroute ...................................430 traffic-shape ..................................377 transport input telnet ................................478 transport output telnet.................................479 trapflags (Captive Portal Config Mode)..........................347 trapflags (Wireless Config Mode) ............................205 tunnel subnet ..................................254 tunnel ....................................254 tunnel-mtu...................................207...
  • Page 564 ...........................325 wids-security unknown-ap-managed-ssid...........................325 wids-security unmanaged-ap-wired ............................325 wids-security wds-device-unexpected ..........................326 wids-security wired-detection-interval ..........................326 wireless acknowledge-rogue...............................225 wireless ap channel set...............................287 wireless ap debug ................................287 wireless ap download abort ..............................288 wireless ap download group-size............................288 © 2009 D-Link Corporation. All Rights Reserved...
  • Page 565 List of Commands wireless ap download image-type............................288 wireless ap download start ..............................288 wireless ap power set .................................289 wireless ap profile apply ..............................263 wireless ap reset.................................289 wireless channel-plan .................................229 wireless client disassociate..............................311 wireless peer-switch configure............................207 wireless power-plan ................................230 wireless....................................200 wmm ....................................274 wpa ciphers ..................................253 wpa key ....................................254 wpa versions..................................253...
  • Page 566 D-Link Unified Switch CLI Command Reference © 2009 D-Link Corporation. All Rights Reserved...

This manual is also suitable for:

Dwl-8600ap

Table of Contents