Set location policy

Creates and enables a location policy on a switch. A location policy enables you to locally set or change authorization attributes for a user after the user is authorized by AAA, without making changes to the AAA server.

Syntax: set location policy deny if {ssid operator ssid-name vlan operator vlan-glob user operator user-glob port port-list dap dap-num} [before rule-number modify rule-number]

Syntax: set location policy permit {vlan vlan-name inacl inacl-name outacl outacl-name} if {ssid operator ssid-name vlan operator vlan-glob user operator user-glob port port-list dap dap-num} [before rule-number modify rule-number]

deny Denies access to the network to users with characteristics that match the location policy rule.

permit Allows access to the network or to a specified VLAN, and/or assigns a particular security ACL to users with characteristics that match the location policy rule.

Actionoptions—For a permit rule, MSS changes the attributes assigned to the user to the values specified by the following options:

vlan vlan-name	Name of an existing VLAN to assign to users with characteristics that
	match the location policy rule.
inacl inacl-name	Name of an existing security ACL to apply to packets sent to the switch
	with characteristics that match the location policy rule. Optionally, you
	can add the suffix .in to the name.
outacl outacl-name	Name of an existing security ACL to apply to packets sent from the
	switch with characteristics that match the location policy rule.
	Optionally, you can add the suffix .out to the name.

Condition options—MSS takes the action specified by the rule if all conditions in the rule are met. You can specify one or more of the following conditions:

ssid operator ssid-nameSSID with which the user is associated. The operator must be eq, which applies the location policy rule to all users associated with the SSID. Asterisks (wildcards) are not supported in SSID names.You must specify the complete SSID name.

vlan operator vlan-globVLAN-Name attribute assigned by AAA and condition by which to

determine if the location policy rule applies.

D-Link DWS-1008 CLI Manual

197

Page 200

Image 200

D-Link dws-1008 manual Set location policy

Contents

Page Table of Contents Link DWS-1008 CLI Manual Link Mobility System Convention Use DWS-1008 DWS-1008# DWS-mmmm-nnnnnnDWS-mmmm-nnnnnn# Clear fdb dynamic I port port-list v1 an vlan-id Set port enable I disable port-listClear interface vlan-id ip Subnet Masks Wildcard Masks User Glob Users Designated MAC Address Globs Port Lists DWS-1008#show port status 1-3,6 Command-Line Editing Keyboard Shortcuts Function Using CLI Help Set ap port-list dap dap-numname name Set ap dap name command has the following complete syntaxSet ap dap name Disable EnableDefaults None Access Enabled Syntax enable Access All Set enablepass Syntax quit Defaults None Access AllSyntax set enablepass Defaults None Access Enabled Quit Configuration Auto-ConfigDisplay System Identification Clear prompt Clear banner motdClear history Clears the system configuration of the specified information Clear system Help History Quickstart Syntax set banner motd text Defaults None Access Enabled Set banner motd Set confirm Set lengthSyntax set confirm on off DWS-1008#clear vlan red Set license DWS-1008#set lengthSyntax set license activation-key Activation-key Set prompt Syntax set prompt string Stores a contact name for the DWS-1008 switch Set system contactSet system country code Syntax set system contact string Link DWS-1008 CLI Manual Set system idle-timeout Syntax set system idle-timeout seconds Set system ip-address Clear system Show systemSyntax set system ip-address ip-addr Ip-addrIP address, in dotted decimal notation Set system location Set system nameSyntax set system location string Syntax set system name string Clear banner motd Link DWS-1008 CLI Manual Syntax show banner motd Defaults None Access EnabledShow banner motd Syntax show licenses Defaults None Access All Syntax show load Defaults None Access EnabledShow licenses Show load Displays system information Syntax show system Defaults None Access EnabledShow system Configured with set system countrycode Field DescriptionName With set system location Show boot Show config Set licenses Link DWS-1008 CLI Manual Show tech-supportNvram size /SDRAM size percent of total Syntax show tech-support file subdirname/ filename Port Type StateInterface Type Speed Syntax clear port counters Defaults None Access Enabled Clear dapClear port counters Syntax clear dap dap-num Syntax clear port mirror Defaults None Access Enabled Clear port-groupClear port mirror Syntax clear port-group name name Clear port type Defaults NoneClear port name STP DWS-1008#clear port type Monitor port counters Syntax monitor port counters Key Effect on monitor display Displayed for All Transmit-errors Statistics Option Field Description Reset port Details commandSet dap Serial id serial ID Syntax set port enable disable port-list Enable DisableSet port Port-list Set reset port Mode on offSet port-group Syntax set port-group name group-nameport-listmode on off Clear port-group Link DWS-1008 CLI Manual Name name Set port mirrorSet port name Syntax set port negotiation port-listenable disable Enable disableSet port negotiation Clear port name DWS-1008#set port negotiation 1,2,4-6 disable Following command enables autonegotiation on portDWS-1008#set port negotiation 5 enable Syntax set port poe port-listenable disable DWS-1008#set port poe 3,5 disable DWS-1008#set port poe 2,4 enableSet port speed Syntax set port speed port-list10 100 auto Set port trap EnableDisable Set port type ap Configures a DWS-1008 switch port for an AP access pointModel Poe enable disable radiotype 11a 11b 11g DWS-1008#set port type ap 2 model DWL-8220AP poe enable Port Parameter Setting Set port type wired-auth Configures an DWS-1008 port for a wired authentication userWired Authentication Port Defaults Port Parameter Setting Port-list tag-list Num last-resort Clear port type Set port type Link DWS-1008 CLI Manual Defaults None Access All Show port countersPort port-list Statistics for all ports Show port-group Show port mirror DWS-1008# show port poe Show port poeSyntax show port poe port-list Displays configuration and status information for ports Show port statusSyntax show port status port-list DWS-1008# show port status FDB Aging Timeout CreationPorts Restriction of Client Layer 2 Forwarding Port port-lis Vlan vlan-id Tag tag-value Clear fdbDeletes an entry from the forwarding database FDB Clear security l2-restrict Vlan-id Vlan name or numberPermit-mac All Clear security l2-restrict counters Clear vlanSyntax clear security l2-restrict counters vlan vlan-id all All Set vlan port Show vlan config Link DWS-1008 CLI Manual DWS-1008#clear vlan green portDWS-1008#clear vlan red port 4 tag DWS-1008#clear vlan marigold Port port-list Set fdbMac-addr Mode enable disable Set fdb agingtimeSet security l2-restrict Syntax set fdb agingtime vlan-idage seconds Defaults Layer 2 restriction is disabled by default Set vlan nameCreates a Vlan and assigns a number and name to it Syntax set vlan vlan-numname name Syntax set vlan vlan-idport port-listtag tag-value Set vlan portSet vlan port Show fdb Show fdb agingtime DWS-1008# show fdbSyntax show fdb agingtime vlan vlan-id DWS-1008#show fdb agingtime Vlan vlan-id Defaults None. Access All Show fdb countShow security l2-restrict DWS-1008#show fdb count dynamic Show vlan config Syntax show vlan config vlan-idDWS-1008# show security l2-restrict Displays Vlan information Tunl Port Vlan Name Status State Affin Port Tag DWS-1008# show vlan config burgundyVlan Clear qos From-qosFrom 0 to From-dscp Set qos cos-to-dscp-map Syntax set qos cos-to-dscp-map level dscp dscp-valuelevelDscp dscp-value DWS-1008#set qos cos-to-dscp-map 5 dscp Syntax show qos default Set qos dscp-to-cos-mapShow qos Syntax set qos dscp-to-cos-map dscp-rangecos level DWS-1008#show qos default Syntax show qos dscp-table Defaults None Access EnabledShow qos dscp-table DWS-1008#show qos dscp-table Syntax clear interface vlan-idip Clear interfaceRemoves an IP interface Syntax clear ip dns domain Defaults None Access Enabled Clear ip aliasClear ip dns domain Syntax clear ip alias name Default Clear ip dns serverClear ip route Syntax clear ip dns server ip-addr Defaults The default Telnet port number is Clear ip telnetSet ip route Show ip route Syntax clear ip telnet Clear ntp update-interval Syntax clear ntp update-intervalClear ntp server Syntax clear ntp server ip-addr all Clear snmp community Clear snmp notify profileSyntax clear snmp community name comm-string Syntax clear snmp notify profile profile-name Clear snmp notify target Clear snmp usmSyntax clear snmp notify target target-num Target-num ID of the target Syntax clear summertime Defaults None Access Enabled Syntax clear system ip-address Defaults None Access EnabledClear summertime Clear system ip-address Clear timezone PingDnf Flood Defaults Size sizeIs 8 bytes larger than the size you specify DWS-1008#ping Set arp Set arp agingtimeIp-addr Mac-addr Syntax set arp agingtime seconds Set arp Show arp Configures an IP interface on a VlanSet interface DWS-1008#set interface default ip 10.10.10.10/24 Syntax set interface vlan-idip dhcp-client enable disableSet interface dhcp-client DWS-1008#set interface mauve ip 10.10.20.10 Configures the MSS Dhcp server Enables the Dhcp serverDisables the Dhcp server Set interface dhcp-server Administratively disables or reenables an IP interface Set interface statusSet ip dns domain Set ip dns server Show dhcp-server Syntax set interface vlan-idstatus up down Set ip alias Set ip dns Set ip dns domain Set ip dns serverSyntax set ip dns domain name DWS-1008#set ip dns domain example.com Syntax set ip https server enable disable Set ip https server Set ip route Adds a static route to the IP route tableIs not available for the destination Ip-addr mask Enables or disables the Snmp service on the DWS-1008 switch Syntax set ip snmp server enable disableSet ip snmp server Clear ip route Show interface Show ip route Set ip ssh server Link DWS-1008 CLI Manual Set ip sshSyntax set ip ssh port port-num Syntax set ip ssh server enable disable Set ip ssh serverSet ip telnet Syntax set ip telnet port-num Set ip telnet server Enables the Telnet server on a DWS-1008 switchSyntax set ip telnet server enable disable Syntax set ntp enable disable Set ntpSet ntp server Syntax set ntp server ip-addr DWS-1008#set ntp server See Also Set ntp update-intervalSyntax set ntp update-interval seconds Set snmp community Default profile-name Set snmp notify profileDrop send Notifications you specify with notification-type or allPage Page RFDetectRogueDisappearTraps success change accepted DWS-1008#set snmp notify profile snmpprofrfdetect sendRFDetectInterferingRogueAPTraps success change accepted Username Set snmp notify targetSNMPv3 with Informs Authenticated encrypted Snmp-engine-idIp hex hex-string Security unsecured Timeout num SNMPv2c with InformsRetries num SNMPv2c with Traps SNMPv1 with Traps Success change accepted Link DWS-1008 CLI Manual 110 Syntax set snmp protocol v1 v2c usm all enable disable Set snmp protocolV2c Usm Authenticated Set snmp securityEncrypted Auth-req-unsecnotify Set snmp usm Creates a USM user for SNMPv3 Auth-type none md5 sha Auth-pass-phrase stringAuth-key hex-string Encrypt-type none des Set summertime StartStart of the time change period End Defaults None Access Enabled DWS-1008#set interface taupe ip 10.10.20.20/24 Set timedate Set timezoneSyntax set timedate date mmm dd yyyy time hhmmss DWS-1008#set timedate date feb 29 2004 time Show arp DWS-1008#set timezone PSTSyntax show arp ip-addr Ip-addr IP address Syntax show dhcp-client Defaults None Access All Show dhcp-clientDWS-1008#show dhcp-client Ifup Show dhcp-server Syntax show dhcp-server interface vlan-id verboseVerbose DWS-1008# show dhcp-server Link DWS-1008 CLI Manual 121 DWS-1008#show dhcp-server verboseBound Syntax show interface vlan-id Displays the IP interfaces configured on the switchShow interface Set interface dhcp-client Set interface dhcp-server Set interface status Set ip alias Set ip dns domain Set ip https server Metric Default-routerIp-addr/mask-length Enables or disables the Snmp service on the switch Disables or reenables the SSH server on a DWS-1008 switch Set ip telnet Set ntp Set ntp server Set snmp community To modify the default notification profile, specify default SpacesNotification-type Name of the notification typePage Sends or drops all notifications RFDetectAdhocUserTraps success change accepted RFDetectSpoofedMacAPTraps success change accepted RFDetectUnAuthorizedSsidTraps success change accepted Authenticated encrypted Snmp-engine-idIp hex hex-string Security unsecured SNMPv3 with Traps Specifies the number of times the MSS Snmp engine will Resend a notification that has not been acknowledgedBy the target. You can specify from 0 to 3 retries Specifies the number of seconds MSS waits for SNMPv1 with Traps 144 Set snmp usm Page Auth-type none md5 sha auth-pass-phrase String auth-keyhex-string Link DWS-1008 CLI Manual 148 End Set system ip-address Sets the time of day and date on the switch Link DWS-1008 CLI Manual 151 152 Dynamic ResolvedLocal Resolved Show dhcp-client Link DWS-1008 CLI Manual 154 Table below shows the output for show dhcp-server verbose Link DWS-1008 CLI Manual 155 DWS-1008# show interface YESIpv4 Link DWS-1008 CLI Manual 156 Show ip alias Syntax show ip alias nameName Alias string DWS-1008#show ip alias Show ip dns Displays the DNS servers the switch is configured to useSyntax show ip dns Defaults None Access All Syntax show ip https Defaults None Access All Show ip httpsDisplays information about the Https management port DWS-1008 show ip https Show ip route Syntax show ip route destinationDWS-1008# show ip route Multicast Displays information about the Telnet management port Syntax show ip telnet Defaults None Access AllShow ip telnet Syntax show ntp Defaults None Access All Show ntpDisplays NTP client information Link DWS-1008 CLI Manual 162 Syntax show snmp counters Defaults None Access Enabled Show snmp communityShow snmp counters Show snmp notify profile Show snmp usm Defaults None Access Enabled See AlsoShow snmp status Syntax show timedate Defaults None Access All Show summertimeShow timedate Syntax show summertime Syntax show timezone Defaults None Access All Show timezoneTelnet DWS-1008#show timezone DWS-1008#telnet Clear sessions Show sessions Link DWS-1008 CLI Manual 167 Traceroute Ping Link DWS-1008 CLI Manual 169 Authentication Local Authorization forPassword Users Web authorization Clear accounting User-glob Clear authentication admin Clear authentication consoleSyntax clear authentication admin user-glob Syntax clear authentication console user-glob Clear authentication dot1x DWS-1008#clear authentication console ReginaRemoves an 802.1X authentication rule Wired Clear authentication mac Clear authentication proxyRemoves a MAC authentication rule Syntax clear authentication proxy ssid ssid-nameuser-glob Clear authentication web Removes a rule from the location policy on a switchClear location policy Removes a WebAAA rule Clear mac-user Clear mac-user attrSyntax clear mac-user mac-addr Syntax clear mac-user mac-addrattr attribute-name Syntax clear mac-user mac-addrgroup Clear mac-user groupSet mac-user attr Show aaa Clear mac-usergroup Clear mac-usergroup attrSyntax clear mac-usergroup group-name Group-name Name of an existing MAC user group Username Username of a user with a password Clear userClear mac-usergroup Set mac-usergroup attr Show aaa Syntax clear user username Username Username of a user with a password Clear user attrClear user group Syntax clear user username attr attribute-name Clear usergroup Clear usergroup Set user group Show aaaSyntax clear usergroup group-name Group-name Name of an existing user group Syntax clear usergroup group-nameattr attribute-name Set accounting admin consoleClear usergroup attr Set accounting dot1x mac web last-resort Clear accounting Show accounting statisticsMethod1 method2 method3 method4 Link DWS-1008 CLI Manual 183 Wired MacWeb Start-stop Set accounting system Syntax set accounting system method1 method2 method3 method4 Set authentication admin Link DWS-1008 CLI Manual 186 Set authentication console Link DWS-1008 CLI Manual 187 Link DWS-1008 CLI Manual 188 For details, see User Globs on Link DWS-1008 CLI Manual 189 Set authentication dot1xAuthentication port Protocol Been authenticatedBonded Access Enabled Link DWS-1008 CLI Manual 192 Set authentication macAuthentication port Access Enabled Set authentication proxy User-glob Single user or a set of users Set authentication web See Also Set location policy Modify rule-number User operator user-globBefore rule-number DWS-1008#set location policy deny if user eq *.theirfirm.com Set mac-user Set mac-user attrSyntax set mac-user mac-addrgroup group-name Syntax set mac-user mac-addrattr attribute-name value Link DWS-1008 CLI Manual 201 Attribute Description Valid Values Link DWS-1008 CLI Manual 202 YY/MM/DD-HHMM Link DWS-1008 CLI Manual 203 Time-of-day tu1000-1600,th1000-1600 Clear mac-user attr Show aaa Link DWS-1008 CLI Manual 204 Set mac-usergroup attr Syntax set mac-usergroup group-nameattr attribute-name value Syntax set user username password encrypted string DWS-1008#set user Nin password 29Jan04 See AlsoSet user Clear user Show aaa Link DWS-1008 CLI Manual 206 Set user attr Clear user attr Show aaa Link DWS-1008 CLI Manual 207 Set user group Set usergroupSyntax set user username group group-name Clear user group Show aaa Syntax set web-portal enable disable Defaults Enabled Access EnabledDWS-1008#set web-portal disable Set web-portal Show aaa Displays all current AAA settingsSyntax show aaa Defaults None Access Enabled Acctport AAAACCTSVCATTR=2 Show accounting statisticsDWS-1008#show accounting statistics Clear accounting Set accounting admin console Show aaa Syntax show location policy Defaults None Access EnabledShow location policy DWS-1008show location policy Encryption Keys PKCS#7 CertificatesPKCS#12 Certificate Self-Signed Certificate Syntax crypto ca-certificate admin eap web AdminCrypto ca-certificate PEM-formatted-certificate Crypto certificate Begin Certificate Crypto generate key Ssh String Syntax crypto generate request admin eap web admin Eap WebCrypto generate request DWS-1008#crypto generate request admin Alphanumeric characters with no spacesAre supported on your network. This field is required With no spaces Syntax crypto generate self-signed admin eap web Admin Crypto generate self-signedBegin Certificate Request END Certificate Request DWS-1008#crypto generate self-signed admin Name. It simply needs to be formatted like one Syntax crypto otp admin eap web one-time-password Admin One-time-passwordCrypto otp DWS-1008#crypto generate otp eap hap9iN#ss Syntax crypto pkcs12 admin eap web file-location-url Crypto pkcs12File-location-url DWS-1008#crypto otp eap hap9iN#ss Show crypto ca-certificate DWS-1008#show crypto ca-certificateTable below describes the fields in the display Fields Description Show crypto certificate DWS-1008#show crypto certificate eap Syntax show crypto key domain Defaults None Access Enabled Show crypto key domainShow crypto key ssh Crypto generate key Link DWS-1008 CLI Manual 226 Radius Client Radius ServersServer Groups Radius Proxy Clear radius Clear radius client system-ip Removes Radius proxy ports configured for third-party APs Clear radius proxy clientClear radius proxy port Removes Radius proxy client entries for third-party APs Clear radius server Clear server groupSyntax clear radius server server-name Syntax clear server group group-nameload-balance Timeout seconds Set radiusDeadtime minutes Encrypted-key string Encrypted-key-No key Set radius client system-ip Set radius proxy clientSyntax set radius client system-ip Clear radius client system-ip Set system ip-address Set radius proxy port Author-password Set radius serverAddress Auth-port Encrypted-key-No key Author-password-trapeze Access Enabled Configures a group of one to four Radius servers Names of one or more configured Radius serversSet server group Members Enable disable Defaults Load balancing is disabled by defaultSet server group load-balance Group-name Server group name of up to 32 characters Wired Authentication Bonded AuthenticationReauthentication Port Control Syntax clear dot1x max-req Clear dot1x bonded-periodClear dot1x max-req Clear dot1x port-control Clear dot1x quiet-periodSyntax clear dot1x port-control Syntax clear dot1x quiet-period Clear dot1x reauth-max Clear dot1x reauth-periodSyntax clear dot1x reauth-max Syntax clear dot1x reauth-period Clear dot1x timeout auth-server Clear dot1x timeout supplicantDefaults The default is 30 seconds Set dot1x timeout auth-server Show dot1x Syntax set dot1x authcontrol enable disable enable Disable Clear dot1x tx-periodSet dot1x authcontrol Syntax clear dot1x tx-period Set dot1x bonded-period Syntax set dot1x bonded-period seconds Syntax set dot1x key-tx enable disable Enable Defaults Key transmission is enabled by defaultSet dot1x key-tx Set dot1x max-req Show port status Show dot1x Link DWS-1008 CLI Manual 248 Set dot1x port-controlClear dot1x max-req Show dot1x Set dot1x quiet-period Set dot1x reauth-maxSyntax set dot1x quiet-period seconds Seconds Specify a value between 0 and 65,535 Set dot1x timeout auth-server Syntax set dot1x timeout auth-server secondsSet dot1x reauth-period Syntax set dot1x reauth-period seconds Set dot1x timeout supplicant Syntax set dot1x timeout supplicant secondsClear dot1x timeout auth-server Show dot1x Set dot1x tx-period Syntax set dot1X wep-rekey enable disable enable Disable Set dot1x wep-rekeySet dot1x wep-rekey-period Syntax set dot1x wep-rekey-period seconds Syntax show dot1x clients stats config clients Stats ConfigDisplays a summary of the current configuration Show dot1x Type the following command to display the 802.1X clients DWS-1008#show dot1x config Link DWS-1008 CLI Manual 255 Type the following command to display 802.1X statisticsDWS-1008# show dot1x stats Administrative Sessions DWS-1008#clear sessions adminClear sessions Network Sessions Clear sessions network Show sessions DWS-1008# clear sessions admin SSHDWS-1008# show sessions console DWS-1008# show sessions telnet Show sessions network Clear sessionsMac-addr Link DWS-1008 CLI Manual 260 Show sessions network command Session-idVerbose Show sessions network session-id display DWS-1008# show sessions network verbose DWS-1008# show sessions network mac-addr 00055d7e981aDWS-1008# show sessions network user E DWS-1008#show sessions network session-id ActiveSsid LAST-RESORT Additional show sessions network verbose Output Link DWS-1008 CLI Manual 264 Show sessions network session-id Output Link DWS-1008 CLI Manual 265 Link DWS-1008 CLI Manual 266 Rogue Information CountermeasuresPermitted Vendor List Permitted Ssid List Clear rfdetect attack-list Clear rfdetect ignoreSyntax clear rfdetect attack-list mac-addr Syntax clear rfdetect ignore mac-addr Syntax clear rfdetect ssid-list ssid-name Clear rfdetect ssid-listClear rfdetect vendor-list Set rfdetect attack-list Set rfdetect black-listSyntax set rfdetect attack-list mac-addr Syntax set rfdetect black-list mac-addr Set rfdetect ignore Set rfdetect black-list Show rfdetect black-listSyntax set rfdetect ignore mac-addr Mac-addr Bssid MAC address of the device to ignore Syntax set rfdetect log enable disable Enable Syntax set rfdetect signature enable disable EnableSet rfdetect log Set rfdetect signature Set rfdetect ssid-list Syntax set rfdetect ssid-list ssid-name Link DWS-1008 CLI Manual 274 Set rfdetect vendor-listShow rfdetect attack-list Show rfdetect black-list Show rfdetect clientsDWS-1008# show rfdetect attack-list DWS-1008# show rfdetect black-list DWS-1008# show rfdetect clients Total number of entries Client MACAP MAC DWS-1008#show rfdetect clients mac 000c4163fd6d Show rfdetect countermeasures RssiBssid Link DWS-1008 CLI Manual 277 Syntax show rfdetect counters Defaults None Access Enabled Show rfdetect countersDWS-1008# show rfdetect countermeasures Link DWS-1008 CLI Manual 278 DWS-1008#show rfdetect countermeasures Type Current Displays information about the APs detected by a switch Syntax show rfdetect data Defaults None Access EnabledShow rfdetect data Vendor Type Port/Radio Flags Show rfdetect visible Syntax show rfdetect ignore Defaults None Access EnabledShow rfdetect ignore Show rfdetect vendor-list Syntax show rfdetect ssid-list Defaults None Access EnabledShow rfdetect ssid-list Radio Showapdapstatus commandShow rfdetect visible Syntax test rflink mac mac-addr session-id session-id Test rflinkShow rfdetect data DWS-1008# test rflink mac 000e9bbfad13 Rssi SNRRTT micro-secs 976 Boot Settings Configuration FileSoftware Version File Management Backup Syntax backup system tftp/ip-addr/filenameall criticalDir command output Critical Syntax clear boot config Defaults None Access Enabled Clear boot backup-configurationClear boot config Copy DWS-1008#clear boot configDWS-1008#reset system force DWS-1008#copy tftp//10.1.1.1/closetmx closetmx Delete Dir Link DWS-1008 CLI Manual 290 Delete Syntax delete urlFor example subdira/filea Copy Dir Link DWS-1008 CLI Manual 291 Boot0 Boot1Dir FilePage Install soda agent DWS-1008#install soda agent soda.ZIP agent-directory sp1This command may take up to 20 seconds Table below describes the fields in the dir output Load config Syntax load config urlBackupconfigs/configc DWS-1008#load config Syntax md5 boot0 boot1filename DWS-1008#md5 boot0MX040003.020Md5 Mkdir Reset system Restarts a switch and reboots the softwareSyntax reset system force Dir Rmdir Save config Show boot Show version RestoreDWS-1008#reset system DWS-1008#restore system tftp/10.10.20.9/sysabak BackupRmdir Removes a subdirectory from nonvolatile storage Save config Syntax save config filenameDWS-1008#save config DWS-1008#save config testconfig1 Set boot backup-configuration Set boot configuration-fileSyntax set boot backup-configuration filename Syntax set boot configuration-file filename Set boot partition Show bootSyntax set boot partition boot0 boot1 Boot0 Boot1 Show config Table below describes the fields in the show boot outputClear boot config Reset system Set boot configuration-file Displays the configuration running on the switch DWS-1008#show config area vlan Show versionSpantree System Trace Vlan Vlan-fdb Syntax show version details Details DWS-1008#show version DWS-1008#show version details Uninstall soda agent Syntax uninstall soda agent agent-directory directoryDWS-1008#uninstall soda agent agent-directory sp1 Table below describes the fields in the show version output Access Point Commands Clear ap dap radio DWS-1008#clear ap 3 radio Clear dap boot-configurationDWS-1008#clear dap 1 boot-configuration DWS-1008#set radio-profile rp1 mode disable DWS-1008#set radio-profile rptest mode disableClear radio-profile Syntax clear radio-profile name parameter Clear service-profile Reset ap dap DWS-1008#set radio-profile rp6 mode disableRestarts an access point Syntax reset ap port-list dap dap-num Link DWS-1008 CLI Manual 312 Syntax set dap auto Defaults None Access EnabledSet dap auto Set dap auto mode Syntax set dap auto mode enable disable EnableEnables the AP configuration profile Disables the AP configuration profile Set dap auto persistent Set dap auto radiotypeSyntax set dap auto persistent dap-num all Dap-num Set dap auto Set dap auto mode Set dap auto persistent Low Defaults AccessSet ap dap bias Dap dap-num dap auto high Dap dap-num dap auto enable disable Defaults Access Enabled Set ap dap blink Set dap boot-ip Enables or disables the static IP address for the AP Set dap boot-switch Switch ip ip-addr Link DWS-1008 CLI Manual 319 Set ap dap contact Specifies contact information for an APSyntax set ap port-list dap dap-num contact string Contact string Set dap fingerprint Syntax set dap dap-numfingerprint hex Force-image-download enable Force-image-download disableSet ap dap force-image-download Dap auto Defaults AP access points are not grouped by default Set ap dap groupSyntax set ap port-list dap dap-num auto group name Ap port-list dap dap-num dap auto Set ap dap location Specifies location information for an APSyntax set ap port-list dap dap-num location string Ap port-list Dap dap-num location string Set ap dap name Set ap dap radio antenna-locationSyntax set ap port-list dap dap-num name name Ap port-list Set ap dap radio antennatype IndoorsOutdoors Ap port-list Dap dap-num Set ap dap radio auto-tune max-power Configuration templatePower-level Radio 1 of the DWL-8220AP Dap dap-num radio 1 radio Channel-number Set ap dap radio channelSets an DWS-8220AP radio’s channel Dap dap-num dap auto Set ap dap radio modeRadio 1 radio 2 enable disable Mode enable Mode disableSet ap dap radio radio-profile Radio-profile name Access Enabled Defaults By default, encryption keys are optional Set dap security Set ap dap upgrade-firmware Set dap fingerprint Show ap dap config Show ap dap statusDap auto enable disable Defaults Access Enabled DWS-1008#set ap 2 upgrade-firmware disable Set radio-profile auto-tune channel-config Syntax set radio-profile name active-scan enable disableSet radio-profile active-scan Link DWS-1008 CLI Manual 334 Enable Disable No-client Set radio-profile auto-tune channel-holddownName Link DWS-1008 CLI Manual 335 Name Radio profile name Set radio-profile auto-tune channel-intervalName Rate Set radio-profile auto-tune channel-lockdown Syntax set radio-profile name auto-tune channel-lockdown Set radio-profile auto-tune power-config Set radio-profile auto-tune power-interval Syntax set radio-profile name auto-tune power-lockdown Set radio-profile auto-tune power-lockdownSet radio-profile auto-tune power-ramp-interval Syntax set radio-profile name beacon-interval interval Defaults The default interval is 60 secondsSet radio-profile beacon-interval Configured Set radio-profile countermeasuresRogue None Set radio-profile dtim-interval Set radio-profile frag-threshold Syntax set radio-profile name frag-threshold threshold Set radio-profile max-rx-lifetime Set radio-profile max-tx-lifetimeSyntax set radio-profile name max-rx-lifetime time Syntax set radio-profile name max-tx-lifetime time Set radio-profile mode Syntax set radio-profile name mode enable disable Link DWS-1008 CLI Manual 347 MMS Access Enabled Set radio-profile preamble-length Syntax set radio-profile name preamble-length long shortLong Short Set radio-profile qos-mode Set radio-profile rfid-modeSyntax set radio-profile name qos-mode svp wmm Svp Syntax set radio-profile name rfid-mode enable disable Enables radios to function as asset location receiversDefaults The default is disable Access Enabled Set radio-profile rts-threshold DWS-1008#set radio-profile rp1 rts-threshold Table Defaults for Radio Profile Parameters Link DWS-1008 CLI Manual 353 Link DWS-1008 CLI Manual 354 Portal-acl setting Link DWS-1008 CLI Manual 355 Set radio-profile wmm-powersave Set service-profile attr Syntax set radio-profile name wmm-powersave enable disableSyntax set service-profile name attr attribute-name value Link DWS-1008 CLI Manual 357 Access Enabled Set service-profile auth-dot1x Syntax set service-profile name auth-dot1x enable disableName Service profile name Enables 802.1X authentication of WPA clients Set service-profile auth-fallthru Set service-profile auth-psk Syntax set service-profile name auth-psk enable disableEnables PSK authentication of WPA clients Disables PSK authentication of WPA clients Set service-profile beacon Set service-profile cac-modeSyntax set service-profile name beacon enable disable Syntax set service-profile name cac-mode none session Set service-profile cac-session Syntax set service-profile name cac-session max-sessionsCAC is not used Session Set service-profile cipher-ccmp Syntax set service-profile name cipher-ccmp enable disableEnables Ccmp encryption for WPA clients Disables Ccmp encryption for WPA clients Set service-profile cipher-tkip Set service-profile cipher-wep104Enables 104-bit WEP encryption for WPA clients Disables 104-bit WEP encryption for WPA clients Set service-profile cipher-wep40 Defaults 104-bit WEP encryption is disabled by default Set service-profile cos Defaults 40-bit WEP encryption is disabled by defaultSets the Class-of-Service CoS level for static CoS Syntax set service-profile name cos level Set service-profile dhcp-restrict Set service-profile static-cos Show service-profileEnables Dhcp Restrict Disables Dhcp Restrict Set service-profile idle-client-probing Set service-profile keep-initial-vlanEnables keepalives Disables keepalives Set service-profile long-retry-count Configures radios to reassign a roamed user’s VlanDefaults This option is disabled by default Syntax set service-profile name long-retry-count threshold Link DWS-1008 CLI Manual 371 Set service-profile no-broadcastSyntax set service-profile name no-broadcast enable disable Syntax set service-profile name proxy-arp enable disable Set service-profile proxy-arpEnable Disable Defaults Access Enabled Syntax set service-profile name psk-phrase passphrase Set service-profile psk-phraseDefaults Proxy ARP is disabled by default Set service-profile psk-raw Syntax set service-profile name psk-raw hex Set service-profile rsn-ie Syntax set service-profile name rsn-ie enable disableEnables the RSN IE Disables the RSN IE Set service-profile shared-key-auth Set service-profile short-retry-countEnables shared-key authentication, in a service profile Syntax set service-profile name short-retry-count threshold Set service-profile soda agent-directory Set service-profile soda enforce-checks Set service-profile soda mode Link DWS-1008 CLI Manual 378 Set service-profile soda failure-page Syntax set service-profile name soda failure-page Set service-profile soda logout-page Syntax set service-profile name soda logout-page Set service-profile soda mode Set service-profile soda remediation-aclSyntax set service-profile name soda mode enable disable Defaults Disabled Access Enabled Set service-profile soda success-page Syntax set service-profile name soda success-page Set service-profile ssid-name Configures the Ssid name in a service profileSyntax set service-profile name ssid-name ssid-name Name Ssid-name Set service-profile ssid-type Syntax set service-profile name ssid-type clear cryptoClear Crypto Set service-profile static-cos Syntax set service-profile name static-cos enable disableEnables static CoS on the service profile Disables static CoS on the service profile Set service-profile tkip-mc-time Set service-profile transmit-ratesSyntax set service-profile name tkip-mc-time wait-time Link DWS-1008 CLI Manual 386 Disabled rate-list 11a 11b 11gMandantory rate-list Beacon-rate rate Set service-profile user-idle-timeout Defaults This command has the following defaults Set service-profile web-portal-acl Syntax set service-profile name user-idle-timeout secondsSyntax set service-profile name web-portal-acl aclname Name Seconds Set service-profile web-portal-form Set service-profile auth-fallthru Show service-profileSyntax set service-profile name web-portal-form url Defaults The D-Link Web login page is served by default Success change accepted Set service-profile web-portal-session-timeout Set service-profile wep active-multicast-index Set service-profile wep active-unicast-index Set service-profile wep key-index Key-index num key value Set service-profile wpa-ie Syntax set service-profile name wpa-ie enable disable Show ap dap config Shows configuration information for radioDWS-1008#show ap config DWS-1008#show dap config Following Table describes the fields in this display Link DWS-1008 CLI Manual 397 DWS-1008# show dap counters Show ap dap countersShows statistics counters for radio Totl Link DWS-1008 CLI Manual 399 Link DWS-1008 CLI Manual 400 Ccmp MIC Link DWS-1008 CLI Manual 402 DWS-1008#set service-profile sp2 wpa-ie enable Show ap dap qos-statsDisplays statistics for DWL-8220AP forwarding queues Clear Link DWS-1008 CLI Manual 404 Show ap dap etherstatsSyntax show ap dap etherstats port-list dap-num DWS-1008# show dap etherstats Link DWS-1008 CLI Manual 405 Show ap dap group Syntax show ap dap group nameName Name of an AP group or Distributed AP group Link DWS-1008 CLI Manual 406 DWS-1008# set service-profile sp2 wpa-ie enable Link DWS-1008 CLI Manual 407 Show ap dap status Radio1Radio2 DWS-1008#show dap status DWS-1008#show ap status Link DWS-1008 CLI Manual 410 Link DWS-1008 CLI Manual 411 Mp-num Dap-num Radio1 Radio2 radio all Defaults AccessShow auto-tune attributes DWS-1008# show auto-tune attributes ap 2 radio Show auto-tune neighbors DWS-1008#show auto-tune neighbors ap 2 radio Link DWS-1008 CLI Manual 415 Show dap boot-configurationSyntax show dap boot-configuration dap-num Link DWS-1008 CLI Manual 416 DWS-1008#show dap boot-configurationDNS IP Show dap connection Syntax show dap connection dap-num serial-id serial-IDDWS-1008#show dap connection DAP Show dap global Syntax show dap global dap-num serial-id serial-ID LOW DWS-1008#show dap globalHigh Show dap unconfigured Syntax show dap unconfigured Defaults None Access EnabledDWS-1008#show dap unconfigured Link DWS-1008 CLI Manual 420 DWS-1008# show radio-profile default Show radio-profileSyntax show radio-profile name ? Name Displays information about the named radio profile Link DWS-1008 CLI Manual 422 See Also Show service-profile Name Link DWS-1008 CLI Manual 425 Soda Link DWS-1008 CLI Manual 426 Link DWS-1008 CLI Manual 427 Timers STP StateBridge Priority Port Cost Clear spantree portcost Clear spantree portpriSyntax clear spantree portcost port-list Syntax clear spantree portpri port-list Resets the cost for all VLANs Resets the priority for all VLANsClear spantree portvlancost Clear spantree portvlanpri Show spantree statistics Link DWS-1008 CLI Manual 431 Clear spantree statisticsSyntax clear spantree statistics port-listvlan vlan-id Syntax set spantree backbonefast enable disable Enable Set spantreeSet spantree backbonefast Vlan vlan-id Port port-list vlan-id Set spantree fwddelay Syntax set spantree fwddelay delay all vlan vlan-id Delay Syntax set spantree maxage aging-timeall vlan vlan-id Set spantree helloSet spantree maxage Set spantree portcost Syntax set spantree portcost port-listcost cost Syntax set spantree portfast port port-listenable disable Set spantree portfastSet spantree portpri Syntax set spantree portpri port-listpriority value Changes the priority on all VLANs Set spantree portvlancostSet spantree portvlanpri Set spantree priority Show spantree Link DWS-1008 CLI Manual 438 Syntax set spantree uplinkfast enable disable Set spantree uplinkfastShow spantree Active Ieee DWS-1008# show spantree vlan defaultPVST+ Show spantree blockedports Link DWS-1008 CLI Manual 441 Vlan ID Syntax show spantree backbonefast Defaults None Access All DWS-1008#show spantree blockedports vlan defaultShow spantree backbonefast Show spantree blockedports Show spantree portfast Syntax show spantree portfast port-listDWS-1008#show spantree portfast Set spantree portfast Link DWS-1008 CLI Manual 443 Show spantree portvlancost Show spantree statisticsSyntax show spantree portvlancost port-list Port-list List of ports Inactive DWS-1008#show spantree statisticsFalse Link DWS-1008 CLI Manual 446 Topology change time Topology change detectedNum of similar BPDU’s to process Receivedinferiorbpdu Link DWS-1008 CLI Manual 447 Defaults None Access All Show spantree uplinkfastClear spantree statistics Syntax show spantree uplinkfast vlan vlan-id DWS-1008#show spantree uplinkfast Set spantree uplinkfast Link DWS-1008 CLI Manual 449 Igmp Snooping State Proxy ReportingPseudo-querier Router Solicitation Syntax set igmp enable disable vlan vlan-id Clear igmp statisticsSet igmp DWS-1008#clear igmp statistics Set igmp lmqi Set igmp mrouterSet igmp oqi Set igmp qi Set igmp mrouter Link DWS-1008 CLI Manual 452 Set igmp mrsol mrsi Link DWS-1008 CLI Manual 453 Set igmp mrsolShow igmp mrouter Set igmp mrsol mrsi Set igmp oqiSyntax set igmp mrsol mrsi seconds vlan vlan-id Set igmp mrsol Show igmp Link DWS-1008 CLI Manual 455 Defaults Proxy reporting is enabled on all VLANs by defaultSet igmp proxy-report Syntax set igmp qi seconds vlan vlan-id qi seconds Defaults The default query interval is 125 secondsSet igmp qi Set igmp qri Syntax set igmp qri tenth-secondsvlan vlan-id Set igmp querier Set igmp receiverShow igmp querier Link DWS-1008 CLI Manual 458 Defaults The default robustness value for all VLANs is Set igmp rvShow igmp receiver-table Syntax set igmp rv num vlan vlan-id Show igmp DWS-1008# show igmp vlan orange Dvmrp PIM Link DWS-1008 CLI Manual 461 Link DWS-1008 CLI Manual 462 Show igmp mrouterSyntax show igmp mrouter vlan vlan-id DWS-1008# show igmp mrouter vlan orange DWS-1008#show igmp querier vlan default Show igmp querierDWS-1008# show igmp querier vlan orange DWS-1008#show igmp querier vlan red Show igmp receiver-table Group group-ip-addr/mask-lengthDWS-1008# show igmp receiver-table vlan orange Vlan orange Session Port Receiver-IP Receiver-MAC Show igmp statistics DWS-1008#show igmp receiver-table group 237.255.255.0/24Set igmp receiver Displays Igmp statistics DWS-1008# show igmp statistics vlan orange Link DWS-1008 CLI Manual 467 Clear igmp statistics Link DWS-1008 CLI Manual 468 Create Security ACLs Commit Security ACLsMap Security ACLs Monitor Security ACLs Clear security acl Syntax clear security acl acl-name all editbuffer-indexClears all security ACLs DWS-1008#clear security acl acl133 Clear security acl map Commit security acl Syntax commit security acl acl-name allCommits all security ACLs in the edit buffer Link DWS-1008 CLI Manual 472 DWS-1008#show security acl ACL tableACL Type Class Mapping Rollback security acl Syntax rollback security acl acl-name allDWS-1008#show security acl info all editbuffer ACL edit-buffer information for all Link DWS-1008 CLI Manual 475 Set security aclBefore editbuffer-index modify editbuffer-index hits Deny PermitCos cos Tos tos PrecedencePrecedence DWS-1008#set security acl ip acl123 deny 192.168.2.11 EstablishedHits Link DWS-1008 CLI Manual 479 Set security acl mapClear security acl Commit security acl Show security acl Assigns the security ACL to traffic coming from the switch Out DWS-1008#set security acl hit-sample-rate Set security acl hit-sample-rateSyntax set security acl hit-sample-rate seconds Syntax show security acl Defaults None Access Enabled Show security aclDisplays a summary of the security ACLs that are mapped DWS-1008# show security acl Show security acl editbuffer Syntax show security acl hits Defaults None Access Enabled Show security acl hitsShow security acl info Syntax show security acl info acl-name all editbuffer Defaults None Access Enabled Show security acl map Show security acl resource-usageSyntax show security acl map acl-name DWS-1008#show security acl map acl111 DWS-1008#show security acl resource-usage Link DWS-1008 CLI Manual 488 Link DWS-1008 CLI Manual 489 DWS-1008#clear log trace See Also Syntax clear log trace Defaults None Access EnabledClear log trace Syntax clear trace trace-area all Deletes running trace commands and ends trace processesClear trace Set trace authentication Save traceSyntax save trace filename DWS-1008#save trace traces/trace1 Set trace authorization Traces authorization informationSet trace dot1x Clear trace Show trace Link DWS-1008 CLI Manual 494 Set trace smTraces session manager activity Show trace Syntax show trace all Clear snoop Remote monitoring snoopingSyntax clear snoop filter-name DWS-1008#clear snoop snoop1 See Also Clear snoop map Set snoopExamples clear snoop map filter-namedap dap-numradio 1 Radio 1 of the AP Frame-type eq neq beacon control data management ProbeChannel eq neq channel Bssid eq neq bssid DWS-1008#set snoop snoop1 observer 10.10.30.2 snap-length Examples set snoop map filter-namedap dap-numradio 1 Defaults Snoop filters are unmapped by defaultSet snoop map Set snoop mode Enable stop-after num-pktsDisables the snoop filter Defaults Snoop filters are disabled by default Syntax show snoop Defaults None Access Enabled Show snoopShow snoop info Syntax show snoop filter-name Show snoop map Show snoop statsSyntax show snoop map filter-name DWS-1008#show snoop map snoop1 filter ‘snoop1’ mapping Link DWS-1008 CLI Manual 504 Clear log System Logs Set log BufferCurrent Sessions Show log config Clear log Link DWS-1008 CLI Manual 507 Enables messages to the specified targetDisables messages to the specified target Interval interval Set log markSeverity level Matching string Show log bufferFacility facility-name Show log config Syntax show log config Defaults None Access EnabledDWS-1008#show log config DWS-1008#show log buffer facility ? Show log trace Number-of-messages DWS-1008#show log trace +5 facility Rogue Clear log Show log config Link DWS-1008 CLI Manual 512DWS-1008#show log trace facility ? Command Information BootingBoot Profile Management Diagnostics Autoboot BootSyntax autoboot on on OFF off Boot autoboot Boot boot FN=MX010101.020 DEV=boot1 Change Syntax change Creates a new boot profile CreateSyntax create Change Delete Next Show Link DWS-1008 CLI Manual 517 Removes the currently active boot profile Syntax delete Defaults NoneDhcp Change Create Next Show Accesses the diagnostic mode Syntax dir c d e f boot0 boot1Diag Syntax diag Syntax fver c d e f boot0 boot1 filename FverBload Bstrap Boot fver boot1 Syntax help command-nameCommand-name Boot prompt command Boot help fver Help Link DWS-1008 CLI Manual 522 Displays a list of the boot prompt commandsSyntax ls Defaults None Syntax next Defaults None Next Reset Resets a DWS-1008 switch’s hardwareSyntax reset Defaults None Boot Link DWS-1008 CLI Manual 524 Show Syntax show Defaults NoneBoot Type Boot Type Change Create Delete Dhcp Next Link DWS-1008 CLI Manual 526 Syntax version Defaults None TestVersion Syntax test on on OFF off Boot version Dir Fver Link DWS-1008 CLI Manual 528