D-Link DWL-8500AP, Command Reference Manual

Page 1: ...CLI Command Reference Product Model DWS 3000 Series DWL 3500AP 8500AP Unified Wired Wireless Access System Release 2 1 Copyright 2008 All rights reserved...

Page 2: ...f D Link Computer Corporation is strictly forbidden Trademarks used in this text D Link and the D Link logo are trademarks of D Link Computer Corporation Microsoft and Windows are registered trademark...

Page 3: ...e Commands on page 218 Captive Portal Local User Commands on page 219 Captive Portal Activity Log Commands on page 224 radius server attribute 4 on page 319 authorization network radius on page 321 Up...

Page 4: ...4 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference...

Page 5: ...CLI Help 35 Accessing the CLI 36 2 Switching Commands 37 Port Configuration Commands 38 interface 38 auto negotiate 38 auto negotiate all 38 description 38 mtu 39 shutdown 39 shutdown all 39 speed 40...

Page 6: ...database 53 network mgmt_vlan 53 vlan 53 vlan acceptframe 53 vlan ingressfilter 54 vlan makestatic 54 vlan name 54 vlan participation 55 vlan participation all 55 vlan port acceptframe all 55 vlan por...

Page 7: ...mode 69 show gvrp configuration 69 GMRP Commands 70 set gmrp adminmode 70 set gmrp interfacemode 71 show gmrp configuration 71 show mac address table gmrp 72 Port Based Network Access Control Commands...

Page 8: ...ontrol flowcontrol 87 show storm control 88 Port Channel LAG 802 3ad Commands 88 port channel 89 addport 89 deleteport Interface Config 89 deleteport Global Config 89 port channel static 90 port lacpm...

Page 9: ...port security static 105 show port security violation 105 LLDP 802 1AB Commands 105 lldp transmit 105 lldp receive 106 lldp timers 106 lldp transmit tlv 106 lldp transmit mgmt 107 lldp notification 1...

Page 10: ...arp switch 121 IP Routing Commands 121 routing 122 ip routing 122 ip address 122 ip route 123 ip route default 123 ip route distance 124 ip netdirbcast 124 ip mtu 124 encapsulation 125 show ip brief...

Page 11: ...42 ap validation 142 ap authentication 142 snmp server enable traps wireless 143 trapflags Wireless Config Mode 143 agetime 144 client roam timeout 144 tunnel mtu 145 show wireless 145 show wireless c...

Page 12: ...password AP Config Mode 156 profile 157 radio 157 show wireless ap database 157 Wireless Network Commands 158 network Wireless Config Mode 158 ssid 158 vlan Network Config Mode 159 hide ssid 159 secu...

Page 13: ...y 174 rf scan duration 174 station isolation 175 super a 175 super g 175 antenna 176 beacon interval 176 dtim period 176 fragmentation threshold 177 rts threshold 177 max clients 178 channel auto 178...

Page 14: ...ess ap failure list 197 show wireless ap failure status 197 RF Scan Access Point Status Commands 198 clear wireless ap rf scan list 198 show wireless ap rf scan status 198 Client Association Status an...

Page 15: ...Connection Commands 215 show captive portal client status 215 show captive portal client statistics 215 show captive portal interface client status 216 show captive portal configuration client status...

Page 16: ...n bandwidth 229 cos queue strict 229 traffic shape 229 show classofservice dot1p mapping 230 show classofservice ip precedence mapping 230 show classofservice ip dscp mapping 230 show classofservice t...

Page 17: ...mac access lists 249 IP Access Control List ACL Commands 249 access list 249 ip access group 251 acl trapflags 251 show ip access lists 251 show access lists 252 6 Utility Commands 253 Power Over Ethe...

Page 18: ...nfig 272 clear counters 273 clear igmpsnooping 273 clear pass 273 clear port channel 273 clear traplog 273 clear vlan 273 enable passwd 273 logout 274 ping 274 quit 274 reload 274 copy 275 Keying for...

Page 19: ...tatistics 288 clear ip dhcp conflict 288 show ip dhcp binding 288 show ip dhcp global configuration 289 show ip dhcp pool configuration 289 show ip dhcp server statistics 290 show ip dhcp conflict 290...

Page 20: ...sshcon maxsessions 303 sshcon timeout 303 show ip ssh 304 Hypertext Transfer Protocol HTTP Commands 304 ip http server 304 ip http secure server 304 ip http secure port 305 ip http secure protocol 305...

Page 21: ...counting mode 318 radius server host 318 radius server attribute 4 319 radius server key 319 radius server msgauth 319 radius server primary 320 radius server retransmit 320 radius server timeout 320...

Page 22: ...22 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference A List of Commands 329...

Page 23: ...ble 3 Type of Slots 29 Table 4 Type of Ports 30 Table 5 CLI Command Modes 31 Table 6 CLI Mode Access and Exit 32 Table 7 CLI Error Messages 34 Table 8 CLI Editing Conventions 34 Table 9 Ethertype Keyw...

Page 24: ...24 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference...

Page 25: ...ntinues to decline while performance and feature sets continue to improve Devices that are capable of switching Layers 2 3 and 4 are increasingly in demand D Link Unified Wired Wireless Access System...

Page 26: ...26 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference...

Page 27: ...entions on page 34 Using CLI Help on page 35 Accessing the CLI on page 36 Command Syntax A command is one or more words that might be followed by one or more parameters Parameters can be required or o...

Page 28: ...ight be a name or number Parameters are order dependent The parameters for a command might include mandatory values optional values or keyword choices Table 1 describes the conventions this document u...

Page 29: ...c 8 8 16 bits a b c d 8 8 8 8 In addition to these formats the CLI accepts decimal hexidecimal and octal formats through the following input formats where n is any valid hexidecimal octal or decimal...

Page 30: ...he no form Command Modes The CLI groups commands into modes according to the command function Each of the command modes supports specific D Link Unified Wired Wireless Access System software commands...

Page 31: ...e to set up a physi cal port for a specific logical connection operation Line Config Switch line Contains commands to config ure outbound telnet settings and console interface settings Policy Map Conf...

Page 32: ...ent networks Captive Portal Config Mode Switch Config CP Contains commands to config ure global captive portal settings Captive Portal Instance Mode Switch Config CP 1 Contains commands to config ure...

Page 33: ...r Ctrl Z AP Config Mode From the Wireless Config mode enter ap database macaddr where macaddr is the MAC address of the AP to configure To exit to Wireless Config mode enter exit To return to the User...

Page 34: ...to edit commands or increase the speed of command entry You can access this list from the CLI by entering help from the User or Privileged EXEC modes Table 7 CLI Error Messages Message Text Descripti...

Page 35: ...switch parms Configure Network Parameters of the router protocol Select DHCP BootP or None as the network config protocol If the help output shows a parameter in angle brackets you must replace the pa...

Page 36: ...tor Accessing the CLI You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a remote management host For the initial connection you must use a direct...

Page 37: ...cess Control Commands on page 72 Storm Control Commands on page 82 Port Channel LAG 802 3ad Commands on page 88 Port Mirroring on page 93 IGMP Snooping Configuration Commands on page 97 Port Security...

Page 38: ...ort Default enabled Format auto negotiate Mode Interface Config no auto negotiate This command disables automatic negotiation on a port NOTE Automatic sensing is disabled when automatic negotiation is...

Page 39: ...headers might require To configure the IP MTU size which is the maximum size of the IP packet IP Header IP payload see ip mtu on page 124 Default 1518 untagged Format mtu 1518 9216 Mode Interface Conf...

Page 40: ...100BASE T full duplex 10h 10BASE T half duplex 10f 10BASE T full duplex speed all This command sets the speed and duplex setting for all interfaces Format speed all 100 10 half duplex full duplex Mode...

Page 41: ...ether or not to send a trap when link status changes The factory default is enabled LACP Mode LACP is enabled or disabled on this port show port protocol This command displays the Protocol Based VLAN...

Page 42: ...he system configuration or have a no version Format spanning tree bpdumigrationcheck slot port all Mode Global Config spanning tree configuration name This command sets the Configuration Identifier Na...

Page 43: ...ig spanning tree forceversion This command sets the Force Protocol Version parameter to a new value Use 802 1d to specify that the switch transmits ST BPDUs rather than MST BPDUs IEEE 802 1d functiona...

Page 44: ...to Bridge Max Age 2 1 Default 2 Format spanning tree hello time 1 10 Mode Interface Config no spanning tree hello time This command sets the admin Hello Time parameter for the common and internal span...

Page 45: ...t within a multiple spanning tree instance or the common and internal spanning tree instance depending on the mstid parameter You can set the path cost as a number in the range of 1 to 200000000 or au...

Page 46: ...ple spanning tree instance to the switch The parameter mstid is a number within a range of 1 to 4094 that corresponds to the new instance ID to be added The maximum number of multiple instances suppor...

Page 47: ...ernal spanning tree The parameter mstid is a number that corresponds to the desired existing multiple spanning tree instance The vlanid corresponds to an existing VLAN ID Format spanning tree mst vlan...

Page 48: ...dge Identifier The bridge identifier for the CST It is made up using the bridge priority and the base MAC address of the bridge Time Since Topology Change Time in seconds Topology Change Count Number...

Page 49: ...ge max hops count for the device Bridge Hello Time Configured value Bridge Forward Delay Configured value Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units...

Page 50: ...t Role for each spanning tree The port role is one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Auto Calculate Port Path Cost Indicates whe...

Page 51: ...CST Port Cost The configured path cost for this port show spanning tree mst port summary This command displays the settings of one or all ports within the specified multiple spanning tree instance Th...

Page 52: ...802 1w or IEEE 802 1d based upon the Force Protocol Version parameter Configuration Name Identifier used to identify the configuration currently being used Configuration Revision Level Identifier used...

Page 53: ...for the default VLAN VLAN range is 2 3965 Format vlan 2 3965 Mode VLAN Config no vlan This command deletes an existing VLAN The ID is a valid VLAN identification number ID 1 is reserved for the defaul...

Page 54: ...eived with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN Format no vlan ingressfilter Mode Interface Confi...

Page 55: ...n number You can use the following participation options include The interface is always a member of this VLAN This is equivalent to registra tion fixed exclude The interface is never a member of this...

Page 56: ...VLAN Default disabled Format vlan port ingressfilter all Mode Global Config no vlan port ingressfilter all This command disables ingress filtering for all ports If ingress filtering is disabled frame...

Page 57: ...may have more than one protocol associated with it Each interface and protocol combination can only be associated with one group If adding a protocol to a group causes any conflicts with interfaces cu...

Page 58: ...ciate each interface and protocol combination with one group If adding an interface to a group causes any conflicts with protocols currently associated with the group this command fails and the interf...

Page 59: ...is command sets the VLAN ID per interface to 1 Format no vlan pvid Mode Interface Config vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to enabled If tagg...

Page 60: ...ileged EXEC User EXEC VLAN ID There is a VLAN Identifier VID associated with each VLAN The range of the VLAN ID is 1 to 3965 VLAN Name A string associated with this VLAN as a convenience It can be up...

Page 61: ...VLAN as tagged frames Untagged Transmit traffic for this VLAN as untagged frames show vlan brief This command displays a list of all configured VLANs Format show vlan brief Modes Privileged EXEC User...

Page 62: ...igned to tagged packets arriving on the port show vlan association subnet This command displays the VLAN associated with a specific configured IP Address and net mask If no IP address and net mask are...

Page 63: ...command is used to enable Double VLAN Tunneling on the specified interface Default disabled Format mode dot1q tunnel Mode Interface Config no mode dot1q tunnel This command is used to disable Double V...

Page 64: ...is a custom tunnel value representing any value in the range of 0 to 65535 show dvlan tunnel Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneli...

Page 65: ...ected and unprotected ports Ports are unprotected by default If an interface is configured as a protected port and you add that interface to a Port Channel or Link Aggregation Group LAG the protected...

Page 66: ...itchport protected groupid Mode Interface Config no switchport protected Interface Config Use this command to configure a port as unprotected The groupid parameter identifies the set of protected port...

Page 67: ...Join time is the interval between the transmission of GARP Protocol Data Units PDUs registering or re registering membership for a VLAN or multicast group This command has an effect only when GVRP is...

Page 68: ...rticipation The time may range from 200 to 6000 centiseconds The value 1000 centiseconds is 10 seconds You can use this command on all ports Global Config mode or a single port Interface Config mode a...

Page 69: ...mode This command disables GVRP Format no set gvrp adminmode Mode Privileged EXEC set gvrp interfacemode This command enables GVRP on a single port Interface Config mode or all ports Global Config mod...

Page 70: ...requently LeaveAll PDUs are gener ated A LeaveAll PDU indicates that all registrations will shortly be deregis tered Participants will need to rejoin in order to maintain registration There is an inst...

Page 71: ...interface which has GARP enabled is enabled for routing or is enlisted as a member of a port channel LAG GARP functionality is disabled GARP functionality is subsequently re enabled if routing is dis...

Page 72: ...onds The factory default is 1000 centiseconds 10 seconds Port GMRP Mode The GMRP administrative mode for the port It may be enabled or dis abled If this parameter is disabled Join Time Leave Time and...

Page 73: ...er authenticated To authenticate a user the first authentication method in the user s login authentication login list is attempted D Link Unified Wired Wireless Access System software does not utilize...

Page 74: ...dot1x default login listname Mode Global Config dot1x guest vlan This command specifies an active VLAN as an IEEE 802 1x guest VLAN The vlan id range is 1 to the maximum VLAN ID Format dot1x guest vla...

Page 75: ...timing out the supplicant The count value must be in the range 1 10 Default 2 Format dot1x max req count Mode Interface Config no dot1x max req This command sets the maximum number of times the authe...

Page 76: ...authenticator and the authentication server Default auto Format dot1x port control all force unauthorized force authorized auto Mode Global Config no dot1x port control all This command sets the auth...

Page 77: ...value in the range 1 65535 quiet period The value in seconds of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a sup...

Page 78: ...Mode Global Config users defaultlogin This command assigns the authentication login list to use for non configured users when attempting to log in to the system This setting is overridden by the authe...

Page 79: ...ser assigned to the specified authentication login list Component The component User or 802 1x for which the authentication login list is assigned show dot1x This command is used to show a summary of...

Page 80: ...e of the authenticator PAE state machine Possible val ues are Initialize Disconnected Connecting Authenticating Authenticated Aborting Held ForceAuthorized and ForceUnauthorized Backend Authentication...

Page 81: ...tion The control direction for the specified port or ports Possible values are both or in Example The following shows example CLI display output for the command DWS 3026 show dot1x detail 0 1 Port 0 1...

Page 82: ...gth Error Frames Received The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized show dot1x users This command displays 802 1x port security...

Page 83: ...broadcast storm recovery mode is enabled on the interface and broadcast storm recovery is active If the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured thresho...

Page 84: ...g no storm control broadcast all level This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery Format no storm control br...

Page 85: ...2 multicast traffic ingressing on an interface increases beyond the configured threshold the traffic will be dropped Therefore the rate of multicast traffic will be limited to the configured threshold...

Page 86: ...rm control unicast This command disables unicast storm recovery mode for an interface Format no storm control unicast Mode Interface Config storm control unicast level This command configures the unic...

Page 87: ...les unicast storm recovery for all interfaces If the mode is enabled unicast storm recovery is active and if the rate of unknown L2 unicast destination lookup failure traffic ingressing on an interfac...

Page 88: ...tion Lookup Failure storm control mode is enabled or disabled Ucast Level The Unknown Unicast or DLF Destination Lookup Failure storm control level Port Channel LAG 802 3ad Commands This section descr...

Page 89: ...ll Mode Global Config addport This command adds one port to the port channel LAG The first interface is a logical slot port number of a configured port channel NOTE Before adding a port to a port chan...

Page 90: ...rt channel static This command sets the static mode on a particular port channel LAG interface to the default value This command will be executed only for interfaces of type port channel LAG Format no...

Page 91: ...of a particular device type actor or partner to either long or short timeout Default long Format port lacptimeout actor partner long short Mode Global Config no port lacptimeout This command sets the...

Page 92: ...ommand defines a name for the port channel LAG The interface is a logical slot port for a configured port channel and name is an alphanumeric string up to 15 characters Format port channel name logica...

Page 93: ...annel is statically maintained Dynamic The port channel is dynamically maintained Active Ports This field lists ports that are actively participating in the port channel LAG Port Mirroring Port mirror...

Page 94: ...ode Mode Global Config no monitor This command removes all the source ports and a destination port for the and restores the default value for mirroring session mode for all the configured sessions NOT...

Page 95: ...o 100 static MAC filters Format macfilter macaddr vlanid Mode Global Config no macfilter This command removes all filtering restrictions and the static MAC filter entry for the MAC address macaddr on...

Page 96: ...onfig show mac address table static This command displays the Static MAC Filtering information for all Static MAC Filters If you select all all the Static MAC Filters in the system are displayed If yo...

Page 97: ...ace Interface Config Mode This command also enables IGMP snooping on a particular VLAN VLAN Config Mode and can enable IGMP snooping on all interfaces participating in a VLAN If an interface has IGMP...

Page 98: ...ooping fast leave admin mode on a selected interface or VLAN Enabling fast leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an IGM...

Page 99: ...p Membership Interval time to the default value Format no set igmp groupmembership interval Modes Interface Config Global Config Format no set igmp groupmembership interval vlan_id Mode VLAN Config se...

Page 100: ...t set igmp mcrtrexpiretime vlan_id 0 3600 Mode VLAN Config no set igmp mcrtrexpiretime This command sets the Multicast Router Present Expiration time to 0 The time is set for the system on a particula...

Page 101: ...IGMP Snooping The list of VLANS on which IGMP Snooping is enabled When you specify the slot port values the following information appears IGMP Snooping Admin Mode Indicates whether IGMP Snooping is a...

Page 102: ...interface slot port Mode Privileged EXEC Interface The port on which multicast router information is being displayed Multicast Router Attached Indicates whether multicast router is statically enabled...

Page 103: ...n on page 312 port security This command enables port locking at the system level Global Config or port level Interface Config Default disabled Format port security Modes Global Config Interface Confi...

Page 104: ...his command removes a MAC address from the list of statically locked MAC addresses Format no port security mac address mac address vid Mode Interface Config port security mac address move This command...

Page 105: ...MAC show port security violation This command displays the source MAC address of the last packet discarded on a locked port Format show port security violation slot port Mode Privileged EXEC MAC Addr...

Page 106: ...ransmit interval that sets the TTL in local data LLDPDUs The multiplier range is 2 10 The reinit seconds is the delay before re initialization and the range is 1 0 seconds Default interval 30 seconds...

Page 107: ...rface Config lldp transmit mgmt Use this command to include transmission of the local system management address information in the LLDPDUs Format lldp transmit mgmt Mode Interface Config no lldp trans...

Page 108: ...LLDP statistics Format clear lldp statistics Mode Privileged Exec clear lldp remote data Use this command to delete all information from the LLDP remote data table Format clear lldp remote data Mode G...

Page 109: ...ce the last update to the remote table in days hours minutes and seconds Total Inserts Total number of inserts to the remote data table Total Deletes Total number of deletes from the remote data table...

Page 110: ...Chassis ID field Chassis ID The chassis of the remote device Port ID Subtype The type of port on the remote device Port ID The port number that transmitted the LLDPDU System Name The system name of th...

Page 111: ...ed in the device Port Description Describes the port in an alpha numeric format System Capabilities Supported Indicates the primary function s of the device System Capabilities Enabled Shows which of...

Page 112: ...enial of Service protection If the mode is enabled Denial of Service prevention is active for this type of attack If packets ingress having a TCP Header Size smaller then the configured value the pack...

Page 113: ...t dos control tcpflag Mode Global Config no dos control tcpflag This command sets disables TCP Flag Denial of Service protections Format no dos control tcpflag Mode Global Config dos control l4port Th...

Page 114: ...rol Mod Privileged EXEC SIPDIP Mode May be enabled or disabled The factory default is disabled First Fragment Mode May be enabled or disabled The factory default is disabled Min TCP Hdr Size 0 255 The...

Page 115: ...splayed You can display the table entry for one MAC Address by specifying the MAC address as an optional parameter Format show mac address table multicast macaddr Mode Privileged EXEC MAC Address A mu...

Page 116: ...ormat show mac address table stats Mode Privileged EXEC Total Entries The total number of entries that can possibly be in the Multicast Forwarding Database table Most MFDB Entries Ever Used The larges...

Page 117: ...ation Commands are used to configure features and options of the switch For every configuration command there is a show command that will display the configuration setting Clear commands clear some or...

Page 118: ...address is reachable The device only responds if all next hops in its route to the destination are through interfaces other than the interface that received the ARP request Default enabled Format ip...

Page 119: ...e integer which represents the IP ARP entry response timeout time in seconds The range for seconds is between 1 10 seconds Default 1 Format arp resptime 1 10 Mode Global Config no arp resptime This co...

Page 120: ...RP cache The displayed results are not the total ARP entries To view the total ARP entries the operator should view the show arp results in conjunction with the show arp switch results Format show arp...

Page 121: ...ble Response time is measured in seconds Retries The maximum number of times an ARP request is retried This value is con figurable Cache Size The maximum number of entries in the ARP table This value...

Page 122: ...dmin Mode for the master switch Format no ip routing Mode Global Config ip address This command configures an IP address on an interface You can also use this command to configure one or more secondar...

Page 123: ...m the following steps Enable ip routing globally Enable ip routing for the interface Confirm that the associated link is also up Default preference 1 Format ip route ipaddr subnetmask nexthopip prefer...

Page 124: ...e distance 1 255 Mode Global Config no ip route distance This command sets the default static route preference value in the router Lower route preference values are preferred when determining the best...

Page 125: ...ets the ip mtu to the default value Format no ip mtu mtu Mode Interface Config encapsulation This command configures the link layer encapsulation type for the packet The encapsulation type can be ethe...

Page 126: ...is enabled or disabled on the system Interface Configuration Status Displays whether the Interface Configuration is enabled or disabled on the system Forward Net Directed Broadcasts Displays whether...

Page 127: ...are Enable or Disable MultiCast Fwd The multicast forwarding administrative mode on the interface Possible val ues are Enable or Disable show ip route This command displays the routing table The ip ad...

Page 128: ...router interface to use when forwarding traffic to the next desti nation show ip route summary Use this command to display the routing table summary Use the optional all parameter to show the number...

Page 129: ...SA preferences is not supported in this release show ip stats This command displays IP statistical information Refer to RFC 1213 for more information about the fields that are displayed Format show ip...

Page 130: ...outer Redundancy Protocol VRRP and to view VRRP status information VRRP helps provide failover and load balancing when you configure two devices as a VRRP pair ip vrrp Global Config Use this command i...

Page 131: ...l router ID which has an integer value range from 1 to 255 You can use the optional secondary parameter to designate the IP address as a secondary IP address Default none Format ip vrrp vrid ip ipaddr...

Page 132: ...priority of a router within a VRRP group Higher values equal higher priority The range is from 1 to 254 The parameter vrid is the virtual router ID whose range is from 1 to 255 The router with the hi...

Page 133: ...onds Protocol The protocol configured on the interface State Transitioned to Master The total number of times virtual router state has changed to MASTER Advertisement Received The total number of VRRP...

Page 134: ...for VRRP functionality on the switch Router Checksum Errors The total number of VRRP packets received with an invalid VRRP checksum value Router Version Errors The total number of VRRP packets receive...

Page 135: ...ds you use to configure BootP DHCP Relay on the switch A DHCP relay agent operates at Layer 3 and forwards DHCP requests and replies between clients and servers when they are not on the same physical...

Page 136: ...igures the minimum wait time in seconds for BootP DHCP Relay on the system When the BOOTP relay agent receives a BOOTREQUEST message it MAY use the seconds since client began booting field of the requ...

Page 137: ...hcprelay Modes Privileged EXEC User EXEC Maximum Hop Count The maximum allowable relay agent hops Minimum Wait Time Seconds The minimum wait time Admin Mode Indicates whether relaying of requests is e...

Page 138: ...138 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference...

Page 139: ...age 197 RF Scan Access Point Status Commands on page 198 Client Association Status and Statistics Commands on page 199 Client Failure and Ad Hoc Status Commands on page 202 Captive Portal Global Comma...

Page 140: ...of this command disables the Unified Switch functionality Format no enable Mode Wireless Config country code This command globally configures the country code for the Unified Switch and all managed ac...

Page 141: ...method is specified then it enables all the discovery methods Default IP Polling Enable L2 Multicast Enable Format discovery method ip poll l2 multicast Mode Wireless Config ip poll Enable IP based d...

Page 142: ...o discovery vlan list The no version of this command deletes the VLAN ID from the discovery list If no arguments are specified all VLANs are deleted from the list except for the first entry At least o...

Page 143: ...eless Config Mode This command enables Unified Switch SNMP trap groups for wireless system events If no parameters are specified then all traps are enabled Default All Disable Format trapflags ap fail...

Page 144: ...list ap failure Time in hours to maintain an entry in the AP association and authentication failure list client failure Time in hours to maintain an entry in the client association and authentication...

Page 145: ...mtu 1500 Set the Tunnel MTU value to 1500 bytes 1520 Set the Tunnel MTU value to 1520 bytes show wireless This show command displays the configured Unified Switch global parameters and the operational...

Page 146: ...be configured for different physical radio modes for the configured country code and regulatory domain Format show wireless country code channels Mode Privileged EXEC Channel Lists the available RF ch...

Page 147: ...ted configured and have an active connection with the Unified Switch Connection Failed Access Points The number of APs that were previously authenticated and managed but lost connection with the Unifi...

Page 148: ...eless trapflags Mode Privileged EXEC AP Failure Traps Shows whether AP Failure Traps are enabled AP State Change Traps Shows whether AP State Change Traps are enabled Client Failure Traps Shows whethe...

Page 149: ...reless tunnel mtu Mode Privileged EXEC Example show wireless tunnel mtu DWS 3024 show wireless tunnel mtu tunnel mtu 1500 clear wireless statistics This clear command resets the global Unified Switch...

Page 150: ...plan mode for 802 11a bg Configure channel plan mode for 802 11b g 6 24 The channel plan interval in hours no channel plan interval The no version of this command returns the configured channel plan...

Page 151: ...and returns the history depth for the channel plan to the default Format no channel plan a bg history depth Mode Wireless Config power plan mode This command configures the power plan mode for managed...

Page 152: ...oposed channel plan clear Clear the current proposed channel plan apply Apply the entire proposed channel plan wireless power plan This command allows you to manage manual power adjustments for the ma...

Page 153: ...gorithm maintains a configured number of iterations of applied channel changes to avoid frequent channel changes to the same managed AP radio Format show wireless channel plan history a bg Mode Privil...

Page 154: ...terval If the mode is manual the power algorithm will not run unless you request it Power Plan Interval If the power adjustment mode is interval this indicates the frequency in minutes that power adju...

Page 155: ...date was received from the switch Local Access Point Database Commands The commands in this section provide configuration of the local valid AP database These configurations may also be performed on a...

Page 156: ...alue Mode AP Config value This parameter is an AP location string It should not be more than 32 charac ters long To use spaces in the location enclose the value with quotes for example Conference Room...

Page 157: ...l is not valid for the physical mode configured within the AP configuration profile this configuration is ignored Default channel 0 auto power 0 auto Format radio 1 2 channel channel power 0 100 Mode...

Page 158: ...mmands The commands in this section provide configuration of wireless networks network Wireless Config Mode This command adds a network configuration if not already present and enters the network conf...

Page 159: ...onfig 1 4094 A valid VLAN ID no vlan The no version of this command sets the default VLAN ID for the network to its default value Format no vlan Mode Network Config hide ssid This command enables hidi...

Page 160: ...ue is applicable only when the security mode is configured for static WEP authentication and encryption Default Open System Format wep authentication open system shared key shared key Mode Network Con...

Page 161: ...hentication The no version of this command disables MAC authentication on the network Format no mac authentication Mode Network Config radius use ap profile This command indicates to use the global AP...

Page 162: ...et and then again to confirm the secret Format radius server secret Mode Network Config radius accounting This command enables RADIUS accounting mode for authentication on this network Default Disable...

Page 163: ...CMP encryption no wpa ciphers The no version of this command WPA returns supported cipher suites to the default value Format no wpa ciphers Mode Network Config wpa key This command configures the WPA...

Page 164: ...ss mask A valid subnet mask no tunnel subnet The no version of this command deletes the configured tunnel subnet parameters Format no tunnel subnet Mode Network Config wpa2 pre authentication This com...

Page 165: ...a limit on the number of APs within the peer group to which one client is allowed to pre authenticate Default 0 no limit Format wpa2 pre authentication limit 0 192 Mode Network Config 0 192 Valid WPA2...

Page 166: ...figured WEP transfer key index The number of characters required depends on the configured WEP key type and length Format wep key 1 4 value Mode Network Config 1 4 A valid WEP key index value The WEP...

Page 167: ...rk security mode is set to WEP shared key The WEP key length affects the number of characters required for a valid WEP key and therefore changing the WEP key length will reset all keys Default 128 For...

Page 168: ...thentication RADIUS Server Secret Configured Indicates whether a value is configured for the RADIUS secret RADIUS Accounting Mode Indicates whether RADIUS accounting is enabled WEP Transfer Key Index...

Page 169: ...modify an AP profile at any time If the profile is associated with one or more Managed APs you must use the wireless ap profile apply command to send the changes to those APs Default 1 Default Format...

Page 170: ...RADIUS server IP address Format no radius server host Mode AP Profile Config radius server secret This command configures a RADIUS server secret global to the AP profile This is an alphanumeric strin...

Page 171: ...lient This command configures a client MAC address in the MAC authentication list Format mac authentication client macaddr Mode AP Profile Config macaddr A valid MAC address no mac authentication clie...

Page 172: ...ap profile 1 16 mac authentication client macaddr Mode Privileged EXEC macaddr MAC address of a physical AP AP Profile ID Existing AP profile ID Profile Name A descriptive name for the corresponding...

Page 173: ...rative mode of the radio interface to the on state Default on Format enable Mode AP Profile Radio Config no enable The no version of this command configures the administrative mode of the radio interf...

Page 174: ...channels within specified mode frequency a Perform RF scan on all 802 11a channels 5 GHz frequency bg Perform RF scan on all 802 11b g channels 2 4 GHz frequency all Perform RF scan on all channels n...

Page 175: ...adio Config super a This command enables the Super A mode on the radio Super A mode enables Atheros frame compression and fast frames mode In order to use channel aggregation the radio must be set to...

Page 176: ...ondary Select primary antenna for transmit receive Default primary Format antenna auto primary secondary Mode AP Profile Radio Config no antenna Use this command to set the Antenna Diversity feature o...

Page 177: ...mentation Default 2346 no fragmentation Format fragmentation threshold 256 2346 Mode AP Profile Radio Config 256 2346 Fragmentation threshold for the radio even values no fragmentation threshold The n...

Page 178: ...hannel adjustment for the radio This indicates the initial AP channel assignment can be automatically adjusted by the switch If the optional parameter is specified selection for the 802 11a channels i...

Page 179: ...to its default value Format no power default Mode AP Profile Radio Config rate This command is used to configure the list of supported and advertised client data rates for the radio The supported rate...

Page 180: ...raffic Default Enabled Format wmm Mode AP Profile Radio Config no wmm The no version of this command disables WMM mode for the radio Format no wmm Mode AP Profile Radio Config load balance This comman...

Page 181: ...dio does not allow any client associations RF Scan Sentry Scan Channels Indicates which set of channels are scanned when sentry scan mode is enabled for example 802 11a indicates the radio will scan a...

Page 182: ...lue is only displayed for 802 11a mode Automatic Power Adjustment Indicates if automatic power adjustment is enabled If enabled the switch may modify the power on the radio due to changes in per forma...

Page 183: ...ximum Contention Window 7 msecs Maximum Burst Duration 1500 usec Video AIFS 1 msec Minimum Contention Window 7 msecs Maximum Contention Window 15 msecs Maximum Burst Duration 3000 usec Best Effort AIF...

Page 184: ...for each of these queues Default Voice AIFS 2 msec Minimum Contention Window 3 msecs Maximum Contention Window 7 msecs Transmission Opportunity Limit 47 msecs Video AIFS 2 msec Minimum Contention Wind...

Page 185: ...ed AP profile ID Profile Name Name associated with the AP Profile ID Radio Index AP profile radio interface Mode The configured physical mode for the radio WMM Mode Indicates the Wireless Multimedia m...

Page 186: ...s the configured VAP on the radio This command is not valid for VAP 0 Format no enable Mode AP Profile VAP Config network AP Profile VAP Config Mode This command configures the network to apply to the...

Page 187: ...maintained until the next time the AP is discovered AP or switch reset This command prompts for the debug password each time it is invoked NOTE The AP admin user password will remain changed on the A...

Page 188: ...on it is maintained until the next time the AP is discovered AP or switch reset Format wireless ap power set macaddr radio 1 2 0 100 Mode Privileged EXEC macaddr Managed AP MAC Address 1 2 Radio Index...

Page 189: ...lied to the managed AP the profile is assigned to the AP in the valid AP database Note Once an AP is discov ered and managed by the Unified Switch if the profile is changed in the valid AP database ei...

Page 190: ...overy Protocol Status The current managed state of the AP The possible values are Discovered The AP is discovered and by the switch but is not yet authenti cated Authenticated The AP has been validate...

Page 191: ...figured and assigned to the radio A fixed channel can be configured in the valid AP database locally or on a RADIUS server Manual Channel Adjustment Status Indicates the current state of a manual requ...

Page 192: ...naged AP is displayed If a VAP ID is specified the detailed status is displayed Format show wireless ap macaddr radio 1 2 vap 0 7 status Mode Privileged EXEC macaddr Switch managed AP MAC address 1 2...

Page 193: ...ates the managed status of the AP whether this is a valid AP known to the switch or a Rogue on the network The valid values are WS Managed The neighbor AP is managed by this switch The neighbor AP sta...

Page 194: ...ethods are more common for client neighbor detection Probe Request The managed AP received a probe request from the client Associated This neighbor is associated to another managed AP Associated to th...

Page 195: ...on the AP MAC Address The Ethernet address of the switch managed AP Location A description for the AP this is the value configured in the valid AP database either locally or on the RADIUS server Radio...

Page 196: ...atistics for each VAP on a switch managed AP radio All parameters are required and the command displays a detailed view of the current statistics Format show wireless ap macaddr radio 1 2 vap 0 7 stat...

Page 197: ...d APs that have successfully down loaded their code for the current code download request Failure Count Indicates the total number of managed APs that have failed to download their code for the curren...

Page 198: ...n data obtained from the managed access points clear wireless ap rf scan list This command deletes all entries from the RF scan list entries normally age out according to the configured age time Forma...

Page 199: ...d Statistics Commands The commands in this section provide views and management of all status and statistics for wireless clients In addition to commands to display data from the associated client per...

Page 200: ...ta forwarding mode indicates the current assigned VLAN User Name Indicates the user name of clients that have authenticated via 802 1x Clients on networks with other security modes will not have a use...

Page 201: ...t macaddr neighbor ap status Mode Privileged EXEC macaddr Client MAC address MAC Address The Ethernet address of the client station AP MAC Address The base Ethernet address of the switch managed AP Lo...

Page 202: ...ified the display will only show clients associated to that network The SSID network may exist on one or more managed AP VAPs Format show wireless ssid ssid client status Mode Privileged EXEC ssid Ser...

Page 203: ...s client Age Time since failure occurred show wireless client adhoc status This command displays summary or detailed data for Ad Hoc clients detected on the network by a managed AP Format show wireles...

Page 204: ...nfig enable This command globally enables or disables the captive portal feature on the switch Default Disable Format enable Mode Captive Portal Config Mode no enable The no version of this command di...

Page 205: ...mple of the command Switch Config CP no statistics interval cr authentication timeout This command configures the authentication timeout If the captive portal user does not enter valid credentials wit...

Page 206: ...ls Shows the number of supported captive portals in the system Active Captive Portals Shows the number of captive portal instances that are operationally enabled Captive Portal Configuration Commands...

Page 207: ...Mode Captive Portal Instance Mode verification This command configures the verification mode for a captive portal configuration The type of user verification to perform can be one of the following Gu...

Page 208: ...t url mode This command enables or disables the redirect mode for a captive portal configuration Default Disable Format redirect url mode Mode Captive Portal Instance Mode no redirect url mode This co...

Page 209: ...maximum rate at which a client can receive data from the network Default 0 Format rate limit down rate Mode Captive Portal Instance Mode Rate Rate in bps 0 indicates the limit is not enforced Example...

Page 210: ...After this limit has been reached the user will be disconnected If the value is set to 0 then the limit is not enforced Default 0 Format rate limit output octets bytes Mode Captive Portal Instance Mod...

Page 211: ...timeout for a captive portal configuration The timeout variable is a number that represents the session timeout in seconds Use 0 to indicate that the timeout is not enforced Default 0 Format session...

Page 212: ...fault value Format intrusion threshold time Mode Captive Portal Instance Mode Example The following shows an example of the command Switch Config CP no intrusion threshold cr locale This command is no...

Page 213: ...mat show captive portal configuration cp id Mode Privileged EXEC CP ID Shows the captive portal ID CP Name Shows the captive portal name Operational Status Shows whether the captive portal is enabled...

Page 214: ...or disabled Protocol Shows the current connection protocol which is either HTTP or HTTPS Verification Shows the current account type which is Guest Local or RADIUS If you include the optional cp id st...

Page 215: ...C Address Identifies the MAC address of the wireless client if applicable Client IP Address Identifies the IP address of the wireless client if applicable Protocol Shows the current connection protoco...

Page 216: ...t connection protocol which is either HTTP or HTTPS Verification Mode Shows the current account type which is Guest Local or RADIUS CP ID Shows the captive portal ID the connected client is using CP N...

Page 217: ...h is Guest Local or RADIUS Attempts Shows the number of times the client has unsuccessfully tried to log on to the captive portal Last Attempt Shows the time when the client last tried to log on If yo...

Page 218: ...terface configuration cp id status Mode Privileged EXEC Intf Valid slot and port number separated by forward slashes Intf Description Describes the interface CP ID Shows the captive portal ID the conn...

Page 219: ...tabase If the user has an existing session it is disconnected Format no user user id Mode Captive Portal Config Mode Example The following shows an example of the command Switch Config CP no user 1 cr...

Page 220: ...Config Mode user idle timeout This command sets the session idle timeout value for the associated captive portal user The user name variable is a user configured in the local database The timeout vari...

Page 221: ...he captive portal The user id variable is the user ID which can be from 1 to 128 alphanumeric characters The bps variable is the client receive rate in bits per second bps 0 denotes unlimited bandwidt...

Page 222: ...no user 1 rate limit input octets cr user rate limit output octets Use this command to limit the number of octets the user is allowed to receive After this limit has been reached the user will be disc...

Page 223: ...to the default value Format no user user id rate limit total octets Mode Captive Portal Config Mode Example The following shows an example of the command Switch Config CP no user 1 rate limit total oc...

Page 224: ...Config Mode no user group Use this command to delete a user group Format no user group group name Mode Captive Portal Config Mode user group name Use this command to configure a group name The group i...

Page 225: ...s command displays the information in the captive portal activity log Format show captive portal activity log Mode Privileged EXEC clear captive portal activity log This command deletes all entries fr...

Page 226: ...226 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference...

Page 227: ...witch For every configuration command there is a show command that will display the configuration setting Show commands are used to display device settings statistics and other information Class of Se...

Page 228: ...asses depends on the platform Format classofservice ip dscp mapping ipdscp trafficclass Mode Global Config no classofservice ip dscp mapping This command maps each IP DSCP value to its default interna...

Page 229: ...queue min bandwidth This command restores the default for each queue s minimum bandwidth value Format no cos queue min bandwidth Modes Global Config Interface Config cos queue strict This command act...

Page 230: ...iority value Traffic Class The traffic class internal queue identifier to which the user priority value is mapped show classofservice ip precedence mapping This command displays the current IP Precede...

Page 231: ...port parameter is optional and is only valid on platforms that support independent per port class of service mappings If specified the class of service queue configuration of the interface is displaye...

Page 232: ...one referenced nested class Class definitions do not support hierarchical service policies A given class definition can contain a maximum of one reference to another class You can combine the referen...

Page 233: ...gs to the class NOTE Once you create a class match criterion for a class you cannot change or delete the criterion To change or delete a class match criterion you must delete and re create the entire...

Page 234: ...ass map This command adds to the specified class definition the set of match conditions defined for another class The refclassname is the name of an existing DiffServ class whose match conditions are...

Page 235: ...is one of the supported port name keywords The currently supported portkey values are domain echo ftp ftpdata http smtp snmp telnet tftp www Each of these translates into its equivalent port number T...

Page 236: ...a packet For example to check for an IP TOS value having bits 7 and 5 set and bit 1 clear where bit 7 is most significant use a tosbits value of a0 hex and a tosmask of a2 hex NOTE The IP DSCP IP Pre...

Page 237: ...number which is used as both the start and end of a port range To specify the match condition as a numeric value one layer 4 port number is required The port number is an integer from 0 to 65535 Defa...

Page 238: ...p Mode Policy Class Map Config Incompatibilities Assign Queue Mark all forms Police conform color Use this command to enable color aware traffic policing and define the conform color class map Used in...

Page 239: ...is inserted The CoS value is an integer from 0 to 7 Default 1 Format mark cos 0 7 Mode Policy Class Map Config Incompatibilities Drop Mark IP DSCP IP Precedence Police mark ip dscp This command marks...

Page 240: ...n IP Precedence value is required and is specified as an integer from 0 7 For set cos transmit an 802 1p priority value is required and is specified as an integer from 0 7 Format police simple 1 42949...

Page 241: ...n the inbound direction The policyname parameter is the name of an existing DiffServ policy This command causes a service to create a reference to the policy NOTE This command effectively enables Diff...

Page 242: ...Match Criteria The Match Criteria fields are only displayed if they have been configured Not all platforms support all match criteria values They are displayed in the order entered by the user The fie...

Page 243: ...nce Table Policy Attribute Table Size Current number of entries rows in the Policy Attribute Table Policy Attribute Table Max Maximum allowed entries rows for the Policy Attribute Table Service Table...

Page 244: ...he current setting for the action taken on a packet considered to not conform to the policing parameters This is not displayed if policing not in use for the class under this policy Non Conform COS Th...

Page 245: ...Valid slot and port number separated by forward slashes Direction The traffic direction of this interface service OperStatus The current operational status of this DiffServ service interface Policy Na...

Page 246: ...twork resources The following rules apply to MAC ACLs The maximum number of ACLs you create is 100 regardless of type The system supports only Ethernet II frame types The maximum number of rules per M...

Page 247: ...st NOTE For assign queue attributes are configurable for a deny rule but they have no operational effect A rule may either deny or permit traffic according to the specified classification fields At a...

Page 248: ...ed by name to an interface in a given direction The name parameter must be the name of an existing MAC ACL An optional sequence number may be specified to indicate the order of this mac access list re...

Page 249: ...only authorized users have access to specific resources and block any unwarranted attempts to reach network resources The following rules apply to IP ACLs D Link Unified Wired Wireless Access System...

Page 250: ...ue attributes are configurable for a deny rule but they have no operational effect every Match every packet icmp igmp ip tcp udp number Specifies the protocol to filter for an extended IP ACL rule src...

Page 251: ...ce number is not specified for this command a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used Default none Format ip acce...

Page 252: ...e value specified for IP TOS Log Displays when you enable logging for the rule Assign Queue The queue identifier to which packets matching this rule are assigned show access lists This command display...

Page 253: ...s statistics and other information Configuration commands configure features and options of the switch For every configu ration command there is a show command that displays the configuration setting...

Page 254: ...to determine which ports will supply power if adequate power capacity is not available for all enabled ports For ports that have the same priority level the lower numbered port will have higher priori...

Page 255: ...of N A Format show poe port slot port all Mode Privileged EXEC Slot Port The slot and port number associated with the rest of the data in the row Admin Mode The admin mode of the port Class The class...

Page 256: ...ommand activates the specified image It will be the active image for subsequent reboots and will be loaded by the boot loader The current active image is marked as the backup image for subsequent rebo...

Page 257: ...face For a service port the output is Management For a network port the output is the slot port of the physical interface show eventlog This command displays the event log which contains error message...

Page 258: ...switch Operating System The operating system currently running on the switch Network Processing Device The type of the processor microcode Additional Packages The additional packages incorporated into...

Page 259: ...ding Database Address Table entries now active on the switch including learned and static entries VLAN Entries Currently In Use The number of VLAN entries presently occupying the VLAN table Time Since...

Page 260: ...received that were longer than 1522 octets excluding framing bits but including FCS octets and were otherwise well formed Packets RX and TX 64 Octets The total number of packets including bad packets...

Page 261: ...packets Packets Received with MAC Errors Total The total number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Jabbers Received The total nu...

Page 262: ...carded that are des tined for FF FF FF FF FF FF when Broadcast Storm Recovery is enabled CFI Discards The number of frames discarded that have CFI bit set and the addresses in RIF are in non canonical...

Page 263: ...be transmitted to the Broadcast address including those that were discarded or not sent Transmit Errors Total Errors The sum of Single Multiple and Excessive Collisions Tx FCS Errors The total number...

Page 264: ...number of times attempted GVRP regis trations could not be completed GMRP PDUs Received The count of GMRP PDU s received in the GARP layer GMRP PDUs Transmitted The count of GMRP PDU s transmitted fro...

Page 265: ...aracters Packets Transmitted without Errors The total number of packets transmitted out of the interface Unicast Packets Transmitted The total number of packets that higher level protocols requested b...

Page 266: ...le macaddr vlan_id all count inter face slot port vlan vlan_id Mode Privileged EXEC The following information displays if you do not enter a parameter the keyword all or the MAC address and VLAN ID If...

Page 267: ...ng config Use this command to display or capture the current setting of different protocol packages supported on the switch This command displays or captures commands with settings and configurations...

Page 268: ...ch reboot MIBs Supported A list of MIBs supported by this agent show tech support Use the show tech support command to display system and configuration information when you contact technical support T...

Page 269: ...bles the D Link Unified Wired Wireless Access System software to log all CLI commands issued on the system Default enabled Format logging cli command Mode Global Config no logging cli command This com...

Page 270: ...ritylevel Mode Global Config logging host remove This command disables logging to host See show logging hosts on page 271 for a list of host indexes Format logging host remove hostindex Mode Global Co...

Page 271: ...e dropped or ignored Log Messages Dropped Number of messages that could not be processed due to error or lack of resources Log Messages Relayed Number of messages sent to the collector relay show logg...

Page 272: ...cribes the commands you use to help troubleshoot connectivity issues and to restore various configurations to their factory defaults traceroute Use the traceroute command to discover the routes that p...

Page 273: ...command resets all user passwords to the factory defaults without powering off the switch You are prompted to confirm that the password reset should proceed Format clear pass Mode Privileged EXEC clea...

Page 274: ...tation the switch is connected to through the default VLAN VLAN 1 as long as there is a physical path between the switch and the workstation The terminal interface sends three pings to the target stat...

Page 275: ...log url Copies the log file to a server nvram script scriptname url Copies a specified configuration script file to a server nvram startup con fig url Copies the startup configuration to a server nvr...

Page 276: ...ar feature This command also disables the corresponding show commands The key parameter specifies the hexadecimal key for the feature Format no license advanced key Mode Privileged EXEC show key featu...

Page 277: ...6 to 16 Default 6 Format sntp broadcast client poll interval poll interval Mode Global Config no sntp broadcast client poll interval This command resets the poll interval for SNTP broadcast client ba...

Page 278: ...t poll interval This command resets the poll interval for SNTP unicast clients to its default value Format no sntp unicast client poll interval Mode Global Config sntp unicast client poll timeout This...

Page 279: ...ast clients to its default value Format no sntp multicast client poll interval Mode Global Config sntp server This command configures an SNTP server a maximum of three The optional priority can be a v...

Page 280: ...p server Mode Privileged EXEC Server IP Address IP address of configured SNTP Server Server Type Address Type of Server Server Stratum Claimed stratum of the server for the last received valid packet...

Page 281: ...er for a DHCP client Unique identifier is a valid notation in hexadecimal format In some systems such as Microsoft DHCP clients the client identifier is required instead of hardware addresses The uniq...

Page 282: ...d removes the default router list Format no default router Mode DHCP Pool Config dns server This command specifies the IP servers available to a DHCP client Address parameters are valid IP addresses e...

Page 283: ...Format host address mask prefix length Mode DHCP Pool Config no host This command removes the IP address of the DHCP client Format no host Mode DHCP Pool Config lease This command configures the dura...

Page 284: ...refixlength Mode DHCP Pool Config no network This command removes the subnet number and mask Format no network Mode DHCP Pool Config bootfile The command specifies the name of the default boot image f...

Page 285: ...t no netbios name server Mode DHCP Pool Config netbios node type The command configures the NetBIOS node type for Microsoft Dynamic Host Configuration Protocol DHCP clients type Specifies the NetBIOS...

Page 286: ...ault none Format option code ascii string hex string1 string2 string8 ip address1 address2 address8 Mode DHCP Pool Config no option This command removes the DHCP Server options The code parameter spec...

Page 287: ...resses and sets the number of packets to 0 Default 0 Format no ip dhcp ping packets Mode Global Config service dhcp This command enables the DHCP server Default disabled Format service dhcp Mode Globa...

Page 288: ...from 0 to 255 IP address 0 0 0 0 is invalid Format clear ip dhcp binding address Mode Privileged EXEC clear ip dhcp server statistics This command clears DHCP server statistics counters Format clear i...

Page 289: ...tic Shows whether BootP for dynamic pools is enabled or disabled show ip dhcp pool configuration This command displays pool configuration If all is specified configuration for all the pools is display...

Page 290: ...number of DHCPINFORM messages the server has received Message Sent DHCP OFFER The number of DHCPOFFER messages the server sent DHCP ACK The number of DHCPACK messages the server sent DHCP NACK The num...

Page 291: ...p dhcp filtering This command disables DHCP filtering Format no ip dhcp filtering Mode Global Config ip dhcp filtering trust This command configures an interface as trusted Default untrusted Format ip...

Page 292: ...292 2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference...

Page 293: ...Pre login Banner and System Prompt Commands on page 328 The commands in this chapter are divided into three functional groups Show commands display switch settings statistics and other information Con...

Page 294: ...dhcp Mode Privileged EXEC network parms This command sets the IP address subnet mask and gateway of the device The IP address and the gateway must be on the same subnet Format network parms ipaddr ne...

Page 295: ...pecifies whether or not the switch should allow access to the Java applet in the header frame of the Web interface When access is enabled the Java applet can be viewed from the Web interface When acce...

Page 296: ...ired to be unique When concatenated with dot1dStpPriority a unique BridgeIdentifier is formed which is used in the Spanning Tree Protocol MAC Address Type The MAC address which should be used for in b...

Page 297: ...ves you access to the Line Config mode which allows you to configure various Telnet settings and the console port Format lineconfig Mode Global Config serial baudrate This command specifies the commun...

Page 298: ...s 9600 baud Character Size bits The number of bits in a character The number of bits is always 8 Flow Control Whether Hardware Flow Control is enabled or disabled Hardware Flow Con trol is always disa...

Page 299: ...s can be established until there are no more sessions available An established session remains active until the session is ended or an abnormal network error ends the session NOTE If the Telnet Server...

Page 300: ...ximum number of simultaneous outbound Telnet sessions to the default value Format no session limit Mode Line Config session timeout This command sets the Telnet session timeout value The timeout value...

Page 301: ...0 Mode Privileged EXEC no telnetcon timeout This command sets the Telnet connection session timeout value to the default NOTE Changing the timeout value for active sessions does not become effective u...

Page 302: ...ltaneous remote connection sessions allowed The factory default is 5 Allow New Telnet Sessions New Telnet sessions will not be allowed when this field is set to no The factory default value is yes Sec...

Page 303: ...the maximum number of allowed SSH connection sessions to the default value Format no sshcon maxsessions Mode Privileged EXEC sshcon timeout This command sets the SSH connection session timeout value i...

Page 304: ...sing a Web browser is enabled by default Everything you can view and configure by using the CLI is also available by using the Web ip http server This command enables access to the switch through the...

Page 305: ...default value Format no ip http secure port Mode Privileged EXEC ip http secure protocol This command is used to set protocol levels versions The protocol level can be set to TLS1 SSL3 or to both TLS...

Page 306: ...e this session has been idle Session Time Total time this session has been connected Session Type Shows the type of session which can be telnet serial or SSH User Account Commands This section describ...

Page 307: ...ter You must enter the username in the same case you used when you added the user To see the case of the username enter the show users command NOTE To specify a blank password in the configuration scr...

Page 308: ...l to be used for the specified user The valid authentication protocols are none md5 or sha If you specify md5 or sha the login password is also used as the snmpv3 authentication password and therefore...

Page 309: ...em Format show users Mode Privileged EXEC User Name The name the user enters to login using the serial port Telnet or Web Access Mode Shows whether the user is able to change parameters on the switch...

Page 310: ...c and private which you can rename default values for the remaining four community names are blank Format snmp server community name Mode Global Config no snmp server community This command removes th...

Page 311: ...e up to 16 alphanumeric characters Format no snmp server community ipmask name Mode Global Config snmp server community mode This command activates an SNMP community If a community is enabled an SNMP...

Page 312: ...otected Ports Commands on page 65 Default disabled Format snmp server enable traps violation Mode Interface Config no snmp server enable traps violation This command disables the sending of new violat...

Page 313: ...are sent only if the Link Trap flag setting associated with the port is enabled See snmp trap link status on page 315 Default enabled Format snmp server enable traps linkmode Mode Global Config no sn...

Page 314: ...not need to be unique however the name and ipaddr pair must be unique Multiple entries can exist with the same name as long as they are associated with a different ipaddr The reverse scenario is also...

Page 315: ...rap mode name ipaddr Mode Global Config no snmptrap mode This command deactivates an SNMP trap Disabled trap receivers are unable to receive traps Format no snmptrap mode name ipaddr Mode Global Confi...

Page 316: ...sitive alphanumeric string of up to 16 characters Each row of this table must contain a unique community name Client IP Address An IP address or portion thereof from which this device will accept SNMP...

Page 317: ...led The factory default is enabled Indicates whether link status traps will be sent Multiple Users Flag Can be enabled or disabled The factory default is enabled Indicates whether a trap will be sent...

Page 318: ...one of the servers by issuing the no form of the command If you use the optional port parameter the command configures the UDP port number to use when connecting to the configured RADIUS server The po...

Page 319: ...r variable then the outgoing interface IP address that is used to send the packet to the RADIUS server is added as NAS IP Address Default disabled Format radius server attribute 4 ipaddr Mode Global C...

Page 320: ...used in this command will become the new primary server The IP address must match that of a previously configured RADIUS authentication server Format radius server primary ipaddr Mode Global Config ra...

Page 321: ...servers If the optional token servers is not included the following RADIUS configuration items are displayed Format show radius servers Mode Privileged EXEC Primary Server IP Address The configured se...

Page 322: ...between the most recent Accounting Response and the Accounting Request that matched it from the RADIUS accounting server Requests The number of RADIUS Accounting Request packets sent to this accountin...

Page 323: ...Access Accepts The number of RADIUS Access Accept packets including both valid and invalid packets which were received from this server Access Rejects The number of RADIUS Access Reject packets includ...

Page 324: ...multiple hosts multiple tacacs server host commands can be used Format tacacs server host ip address Mode Global Config no tacacs server host Use the no tacacs server host command to delete the speci...

Page 325: ...nd encryption key for all TACACS communications between the device and the TACACS server This key must match the key used on the TACACS daemon The key string parameter specifies the key name For an em...

Page 326: ...nd edit them Then you can download the edited files to the system and apply the new configuration You can apply configuration scripts to one or more switches with no or minor modifications Use the sho...

Page 327: ...ies the commands in the script to the switch The scriptname parameter is the name of the script to apply Format script apply scriptname Mode Privileged EXEC script delete This command deletes a specif...

Page 328: ...r and System Prompt Commands This section describes the commands you use to configure the pre login banner and the system prompt The pre login banner is the text that displays before you login at the...

Page 329: ...cachesize 118 arp dynamicrenew 118 arp purge 119 arp resptime 119 arp retries 119 arp timeout 120 arp 117 assign queue 238 authentication login 73 authentication timeout 205 authorization network radi...

Page 330: ...r captive portal activity log 225 clear captive portal client failure 217 clear captive portal users 224 clear config 272 clear counters 273 clear dot1x statistics 73 clear igmpsnooping 273 clear ip d...

Page 331: ...stfrag 112 dos control icmp 114 dos control l4port 113 dos control sipdip 112 dos control tcpflag 113 dos control tcpfrag 112 dot1x default login 74 dot1x guest vlan supplicant 74 dot1x guest vlan 74...

Page 332: ...ogging 288 ip dhcp excluded address 286 ip dhcp filtering trust 291 ip dhcp filtering 291 ip dhcp ping packets 287 ip dhcp pool 281 ip http secure port 305 ip http secure protocol 305 ip http secure s...

Page 333: ...ng host remove 270 logging host 270 logging port 270 logging syslog 270 logout 274 mac access group 248 mac access list extended rename 247 mac access list extended 246 mac authentication action 171 m...

Page 334: ...an 53 network parms 294 network protocol 294 next server 285 no monitor 94 option 286 password AP Config Mode 156 peer group 141 ping 274 poe limit 253 poe priority 254 poe usagethreshold 254 police s...

Page 335: ...s server host 161 radius server host 170 radius server host 318 radius server key 319 radius server msgauth 319 radius server primary 320 radius server retransmit 320 radius server secret 162 radius s...

Page 336: ...et igmp groupmembership interval 99 set igmp interfacemode 98 set igmp maxresponse 99 set igmp mcrtrexpiretime 100 set igmp mrouter interface 100 set igmp mrouter 100 set igmp 97 set prompt 328 show a...

Page 337: ...ow dot1q tunnel 64 show dot1x users 82 show dot1x 79 show dvlan tunnel 64 show eventlog 257 show forwardingdb agetime 115 show garp 68 show gmrp configuration 71 show gvrp configuration 69 show hardwa...

Page 338: ...271 show logging traplogs 272 show logging 271 show loginsession 306 show mac access lists 249 show mac address table gmrp 72 show mac address table igmpsnooping 102 show mac address table multicast 1...

Page 339: ...acacs 326 show tech support 268 show telnet 301 show telnetcon 302 show trapflags modified command 148 show trapflags 317 show users authentication 82 show users 309 show version 258 show vlan associa...

Page 340: ...6 show wireless discovery ip list 146 show wireless discovery vlan list 147 show wireless discovery 146 show wireless network 167 show wireless peer switch 155 show wireless power plan proposed 154 sh...

Page 341: ...42 spanning tree configuration revision 42 spanning tree edgeport 43 spanning tree forceversion 43 spanning tree forward time 43 spanning tree hello time 44 spanning tree max age 44 spanning tree max...

Page 342: ...ions 300 telnetcon timeout 301 timeout 326 traceroute 272 traffic shape 229 transport input telnet 299 transport output telnet 299 trapflags Wireless Config Mode 143 tunnel subnet 164 tunnel 163 tunne...

Page 343: ...protocol group add protocol 57 vlan protocol group remove 57 vlan protocol group 57 vlan pvid 59 vlan routing 129 vlan tagging 59 vlan 53 wep authentication 160 wep key length 167 wep key type 166 we...

Page 344: ...2001 2008 D Link Corporation D Link Systems Inc All Rights Reserved CLI Command Reference wpa2 pre authentication limit 165 wpa2 pre authentication timeout 164 wpa2 pre authentication 164 write memory...