Encryption Keys, PKCS#7 Certificates | D-Link dws-1008 specification

Cryptography Commands

A digital certificate is a form of electronic identification for computers. The switch requires digital certificates to authenticate its communications to Web View, to WebAAA clients, and to Extensible Authentication Protocol (EAP) clients for which the switch performs all EAP processing. Certificates can be generated on the switch or obtained from a certificate authority (CA). Keys contained within the certificates allow the switch, its servers, and its wireless clients to exchange information secured by encryption.

Note: If the switch does not already have certificates, MSS automatically generates the missing ones the first time you boot using MSS Version 4.2 or later. You do not need to install certificates unless you want to replace the ones automatically generated by MSS.

Note: Before installing a new certificate, verify with the show timedate and show timezone commands that the switch is set to the correct date, time, and time zone. Otherwise, certificates might not be installed correctly.

Encryption Keys	crypto generate key on page 217
	show crypto key domain on page 226
	show crypto key ssh on page 226
PKCS#7 Certificates	crypto generate request on page 218
	crypto ca-certificate on page 215
	show crypto ca-certificate on page 224
	crypto certificate on page 216
	show crypto certificate on page 225
PKCS#12 Certificate	crypto otp on page 222
	crypto pkcs12 on page 223
Self-Signed Certificate	crypto generate self-signed on page 220

D-Link DWS-1008 CLI Manual

214

Page 217

Image 217

D-Link dws-1008 manual Encryption Keys, PKCS#7 Certificates, PKCS#12 Certificate, Self-Signed Certificate

Contents

Page Table of Contents Link DWS-1008 CLI Manual Link Mobility System Convention Use DWS-mmmm-nnnnnn# DWS-mmmm-nnnnnnDWS-1008 DWS-1008# Clear interface vlan-id ip Set port enable I disable port-listClear fdb dynamic I port port-list v1 an vlan-id Wildcard Masks Subnet Masks User Glob Users Designated MAC Address Globs DWS-1008#show port status 1-3,6 Port Lists Keyboard Shortcuts Function Command-Line Editing Using CLI Help Set ap dap name Set ap dap name command has the following complete syntaxSet ap port-list dap dap-numname name Enable DisableDefaults None Access Enabled Syntax enable Access All Syntax quit Defaults None Access All Set enablepassSyntax set enablepass Defaults None Access Enabled Quit Auto-Config ConfigurationDisplay System Identification Clear history Clear banner motdClear prompt Clear system Clears the system configuration of the specified information Help Quickstart History Set banner motd Syntax set banner motd text Defaults None Access Enabled Set length Set confirmSyntax set confirm on off DWS-1008#clear vlan red DWS-1008#set length Set licenseSyntax set license activation-key Activation-key Syntax set prompt string Set prompt Set system contact Stores a contact name for the DWS-1008 switchSet system country code Syntax set system contact string Link DWS-1008 CLI Manual Syntax set system idle-timeout seconds Set system idle-timeout Clear system Show system Set system ip-addressSyntax set system ip-address ip-addr Ip-addrIP address, in dotted decimal notation Set system name Set system locationSyntax set system location string Syntax set system name string Show banner motd Syntax show banner motd Defaults None Access EnabledClear banner motd Link DWS-1008 CLI Manual Syntax show load Defaults None Access Enabled Syntax show licenses Defaults None Access AllShow licenses Show load Show system Syntax show system Defaults None Access EnabledDisplays system information Field Description Configured with set system countrycodeName With set system location Show tech-support Show boot Show config Set licenses Link DWS-1008 CLI ManualNvram size /SDRAM size percent of total Syntax show tech-support file subdirname/ filename State Port TypeInterface Type Speed Clear dap Syntax clear port counters Defaults None Access EnabledClear port counters Syntax clear dap dap-num Clear port-group Syntax clear port mirror Defaults None Access EnabledClear port mirror Syntax clear port-group name name Clear port name Defaults NoneClear port type DWS-1008#clear port type STP Monitor port counters Key Effect on monitor display Syntax monitor port counters Displayed for All Statistics Option Field Description Transmit-errors Details command Reset portSet dap Serial id serial ID Disable Syntax set port enable disable port-list EnableSet port Port-list Mode on off Set reset portSet port-group Syntax set port-group name group-nameport-listmode on off Clear port-group Link DWS-1008 CLI Manual Set port name Set port mirrorName name Enable disable Syntax set port negotiation port-listenable disableSet port negotiation Clear port name Following command enables autonegotiation on port DWS-1008#set port negotiation 1,2,4-6 disableDWS-1008#set port negotiation 5 enable Syntax set port poe port-listenable disable DWS-1008#set port poe 2,4 enable DWS-1008#set port poe 3,5 disableSet port speed Syntax set port speed port-list10 100 auto Disable EnableSet port trap Model Poe enable disable radiotype 11a 11b 11g Configures a DWS-1008 switch port for an AP access pointSet port type ap Port Parameter Setting DWS-1008#set port type ap 2 model DWL-8220AP poe enable Configures an DWS-1008 port for a wired authentication user Set port type wired-authWired Authentication Port Defaults Port Parameter Setting Port-list tag-list Num last-resort Clear port type Set port type Link DWS-1008 CLI Manual Show port counters Defaults None Access AllPort port-list Statistics for all ports Show port mirror Show port-group Syntax show port poe port-list Show port poeDWS-1008# show port poe Show port status Displays configuration and status information for portsSyntax show port status port-list DWS-1008# show port status Creation FDB Aging TimeoutPorts Restriction of Client Layer 2 Forwarding Deletes an entry from the forwarding database FDB Clear fdbPort port-lis Vlan vlan-id Tag tag-value Vlan-id Vlan name or number Clear security l2-restrictPermit-mac All Clear vlan Clear security l2-restrict countersSyntax clear security l2-restrict counters vlan vlan-id all All DWS-1008#clear vlan green port Set vlan port Show vlan config Link DWS-1008 CLI ManualDWS-1008#clear vlan red port 4 tag DWS-1008#clear vlan marigold Mac-addr Set fdbPort port-list Set fdb agingtime Mode enable disableSet security l2-restrict Syntax set fdb agingtime vlan-idage seconds Set vlan name Defaults Layer 2 restriction is disabled by defaultCreates a Vlan and assigns a number and name to it Syntax set vlan vlan-numname name Set vlan port Set vlan portSyntax set vlan vlan-idport port-listtag tag-value Show fdb DWS-1008# show fdb Show fdb agingtimeSyntax show fdb agingtime vlan vlan-id DWS-1008#show fdb agingtime Show fdb count Vlan vlan-id Defaults None. Access AllShow security l2-restrict DWS-1008#show fdb count dynamic Syntax show vlan config vlan-id Show vlan configDWS-1008# show security l2-restrict Displays Vlan information Vlan DWS-1008# show vlan config burgundyTunl Port Vlan Name Status State Affin Port Tag From-qos Clear qosFrom 0 to From-dscp Syntax set qos cos-to-dscp-map level dscp dscp-valuelevel Set qos cos-to-dscp-mapDscp dscp-value DWS-1008#set qos cos-to-dscp-map 5 dscp Set qos dscp-to-cos-map Syntax show qos defaultShow qos Syntax set qos dscp-to-cos-map dscp-rangecos level Syntax show qos dscp-table Defaults None Access Enabled DWS-1008#show qos defaultShow qos dscp-table DWS-1008#show qos dscp-table Removes an IP interface Clear interfaceSyntax clear interface vlan-idip Clear ip alias Syntax clear ip dns domain Defaults None Access EnabledClear ip dns domain Syntax clear ip alias name Clear ip dns server DefaultClear ip route Syntax clear ip dns server ip-addr Clear ip telnet Defaults The default Telnet port number isSet ip route Show ip route Syntax clear ip telnet Syntax clear ntp update-interval Clear ntp update-intervalClear ntp server Syntax clear ntp server ip-addr all Clear snmp notify profile Clear snmp communitySyntax clear snmp community name comm-string Syntax clear snmp notify profile profile-name Clear snmp usm Clear snmp notify targetSyntax clear snmp notify target target-num Target-num ID of the target Syntax clear system ip-address Defaults None Access Enabled Syntax clear summertime Defaults None Access EnabledClear summertime Clear system ip-address Ping Clear timezoneDnf Flood Size size DefaultsIs 8 bytes larger than the size you specify DWS-1008#ping Set arp agingtime Set arpIp-addr Mac-addr Syntax set arp agingtime seconds Set interface Configures an IP interface on a VlanSet arp Show arp Syntax set interface vlan-idip dhcp-client enable disable DWS-1008#set interface default ip 10.10.10.10/24Set interface dhcp-client DWS-1008#set interface mauve ip 10.10.20.10 Enables the Dhcp server Configures the MSS Dhcp serverDisables the Dhcp server Set interface dhcp-server Set interface status Administratively disables or reenables an IP interfaceSet ip dns domain Set ip dns server Show dhcp-server Syntax set interface vlan-idstatus up down Set ip dns Set ip alias Set ip dns server Set ip dns domainSyntax set ip dns domain name DWS-1008#set ip dns domain example.com Set ip https server Syntax set ip https server enable disable Adds a static route to the IP route table Set ip routeIs not available for the destination Ip-addr mask Syntax set ip snmp server enable disable Enables or disables the Snmp service on the DWS-1008 switchSet ip snmp server Clear ip route Show interface Show ip route Syntax set ip ssh port port-num Set ip sshSet ip ssh server Link DWS-1008 CLI Manual Set ip ssh server Syntax set ip ssh server enable disableSet ip telnet Syntax set ip telnet port-num Syntax set ip telnet server enable disable Enables the Telnet server on a DWS-1008 switchSet ip telnet server Set ntp Syntax set ntp enable disableSet ntp server Syntax set ntp server ip-addr Syntax set ntp update-interval seconds Set ntp update-intervalDWS-1008#set ntp server See Also Set snmp community Set snmp notify profile Default profile-nameDrop send Notifications you specify with notification-type or allPage Page RFDetectInterferingRogueAPTraps success change accepted DWS-1008#set snmp notify profile snmpprofrfdetect sendRFDetectRogueDisappearTraps success change accepted SNMPv3 with Informs Set snmp notify targetUsername Snmp-engine-id Authenticated encryptedIp hex hex-string Security unsecured SNMPv2c with Informs Timeout numRetries num SNMPv2c with Traps Success change accepted Link DWS-1008 CLI Manual 110 SNMPv1 with Traps Set snmp protocol Syntax set snmp protocol v1 v2c usm all enable disableV2c Usm Set snmp security AuthenticatedEncrypted Auth-req-unsecnotify Creates a USM user for SNMPv3 Set snmp usm Auth-pass-phrase string Auth-type none md5 shaAuth-key hex-string Encrypt-type none des Start Set summertimeStart of the time change period End DWS-1008#set interface taupe ip 10.10.20.20/24 Defaults None Access Enabled Set timezone Set timedateSyntax set timedate date mmm dd yyyy time hhmmss DWS-1008#set timedate date feb 29 2004 time DWS-1008#set timezone PST Show arpSyntax show arp ip-addr Ip-addr IP address Show dhcp-client Syntax show dhcp-client Defaults None Access AllDWS-1008#show dhcp-client Ifup Syntax show dhcp-server interface vlan-id verbose Show dhcp-serverVerbose DWS-1008# show dhcp-server Bound DWS-1008#show dhcp-server verboseLink DWS-1008 CLI Manual 121 Show interface Displays the IP interfaces configured on the switchSyntax show interface vlan-id Set interface dhcp-client Set interface dhcp-server Set interface status Set ip alias Set ip dns domain Set ip https server Ip-addr/mask-length Default-routerMetric Enables or disables the Snmp service on the switch Disables or reenables the SSH server on a DWS-1008 switch Set ip telnet Set ntp Set ntp server Set snmp community Spaces To modify the default notification profile, specify defaultNotification-type Name of the notification typePage RFDetectAdhocUserTraps success change accepted Sends or drops all notifications RFDetectUnAuthorizedSsidTraps success change accepted RFDetectSpoofedMacAPTraps success change accepted Snmp-engine-id Authenticated encryptedIp hex hex-string Security unsecured SNMPv3 with Traps Resend a notification that has not been acknowledged Specifies the number of times the MSS Snmp engine willBy the target. You can specify from 0 to 3 retries Specifies the number of seconds MSS waits for SNMPv1 with Traps 144 Set snmp usm Page String auth-keyhex-string Auth-type none md5 sha auth-pass-phrase Link DWS-1008 CLI Manual 148 End Set system ip-address Link DWS-1008 CLI Manual 151 Sets the time of day and date on the switch Local Resolved Dynamic Resolved152 Show dhcp-client Link DWS-1008 CLI Manual 154 Link DWS-1008 CLI Manual 155 Table below shows the output for show dhcp-server verbose YES DWS-1008# show interfaceIpv4 Link DWS-1008 CLI Manual 156 Syntax show ip alias name Show ip aliasName Alias string DWS-1008#show ip alias Syntax show ip dns Defaults None Access All Displays the DNS servers the switch is configured to useShow ip dns Show ip https Syntax show ip https Defaults None Access AllDisplays information about the Https management port DWS-1008 show ip https Syntax show ip route destination Show ip routeDWS-1008# show ip route Multicast Show ip telnet Syntax show ip telnet Defaults None Access AllDisplays information about the Telnet management port Show ntp Syntax show ntp Defaults None Access AllDisplays NTP client information Link DWS-1008 CLI Manual 162 Show snmp community Syntax show snmp counters Defaults None Access EnabledShow snmp counters Show snmp notify profile Show snmp status Defaults None Access Enabled See AlsoShow snmp usm Show summertime Syntax show timedate Defaults None Access AllShow timedate Syntax show summertime Show timezone Syntax show timezone Defaults None Access AllTelnet DWS-1008#show timezone Clear sessions Show sessions Link DWS-1008 CLI Manual 167 DWS-1008#telnet Traceroute Ping Link DWS-1008 CLI Manual 169 Local Authorization for AuthenticationPassword Users Web authorization User-glob Clear accounting Clear authentication console Clear authentication adminSyntax clear authentication admin user-glob Syntax clear authentication console user-glob DWS-1008#clear authentication console Regina Clear authentication dot1xRemoves an 802.1X authentication rule Wired Clear authentication proxy Clear authentication macRemoves a MAC authentication rule Syntax clear authentication proxy ssid ssid-nameuser-glob Removes a rule from the location policy on a switch Clear authentication webClear location policy Removes a WebAAA rule Clear mac-user attr Clear mac-userSyntax clear mac-user mac-addr Syntax clear mac-user mac-addrattr attribute-name Set mac-user attr Show aaa Clear mac-user groupSyntax clear mac-user mac-addrgroup Clear mac-usergroup attr Clear mac-usergroupSyntax clear mac-usergroup group-name Group-name Name of an existing MAC user group Clear user Username Username of a user with a passwordClear mac-usergroup Set mac-usergroup attr Show aaa Syntax clear user username Clear user attr Username Username of a user with a passwordClear user group Syntax clear user username attr attribute-name Clear usergroup Set user group Show aaa Clear usergroupSyntax clear usergroup group-name Group-name Name of an existing user group Clear usergroup attr Set accounting admin consoleSyntax clear usergroup group-nameattr attribute-name Clear accounting Show accounting statistics Set accounting dot1x mac web last-resortMethod1 method2 method3 method4 Link DWS-1008 CLI Manual 183 Mac WiredWeb Start-stop Syntax set accounting system method1 method2 method3 method4 Set accounting system Link DWS-1008 CLI Manual 186 Set authentication admin Link DWS-1008 CLI Manual 187 Set authentication console Link DWS-1008 CLI Manual 188 Authentication port Set authentication dot1xFor details, see User Globs on Link DWS-1008 CLI Manual 189 Bonded Been authenticatedProtocol Access Enabled Authentication port Set authentication macLink DWS-1008 CLI Manual 192 Access Enabled User-glob Single user or a set of users Set authentication proxy Set authentication web See Also Set location policy Before rule-number User operator user-globModify rule-number DWS-1008#set location policy deny if user eq *.theirfirm.com Set mac-user attr Set mac-userSyntax set mac-user mac-addrgroup group-name Syntax set mac-user mac-addrattr attribute-name value Attribute Description Valid Values Link DWS-1008 CLI Manual 201 YY/MM/DD-HHMM Link DWS-1008 CLI Manual 202 Time-of-day tu1000-1600,th1000-1600 Link DWS-1008 CLI Manual 203 Clear mac-user attr Show aaa Link DWS-1008 CLI Manual 204 Syntax set mac-usergroup group-nameattr attribute-name value Set mac-usergroup attr DWS-1008#set user Nin password 29Jan04 See Also Syntax set user username password encrypted stringSet user Clear user Show aaa Link DWS-1008 CLI Manual 206 Clear user attr Show aaa Link DWS-1008 CLI Manual 207 Set user attr Set usergroup Set user groupSyntax set user username group group-name Clear user group Show aaa Defaults Enabled Access Enabled Syntax set web-portal enable disableDWS-1008#set web-portal disable Set web-portal Syntax show aaa Defaults None Access Enabled Displays all current AAA settingsShow aaa Acctport DWS-1008#show accounting statistics Show accounting statisticsAAAACCTSVCATTR=2 Syntax show location policy Defaults None Access Enabled Clear accounting Set accounting admin console Show aaaShow location policy DWS-1008show location policy PKCS#7 Certificates Encryption KeysPKCS#12 Certificate Self-Signed Certificate Admin Syntax crypto ca-certificate admin eap webCrypto ca-certificate PEM-formatted-certificate Begin Certificate Crypto certificate Ssh Crypto generate key Crypto generate request Syntax crypto generate request admin eap web admin Eap WebString Alphanumeric characters with no spaces DWS-1008#crypto generate request adminAre supported on your network. This field is required With no spaces Crypto generate self-signed Syntax crypto generate self-signed admin eap web AdminBegin Certificate Request END Certificate Request Name. It simply needs to be formatted like one DWS-1008#crypto generate self-signed admin One-time-password Syntax crypto otp admin eap web one-time-password AdminCrypto otp DWS-1008#crypto generate otp eap hap9iN#ss Crypto pkcs12 Syntax crypto pkcs12 admin eap web file-location-urlFile-location-url DWS-1008#crypto otp eap hap9iN#ss DWS-1008#show crypto ca-certificate Show crypto ca-certificateTable below describes the fields in the display Fields Description DWS-1008#show crypto certificate eap Show crypto certificate Show crypto key domain Syntax show crypto key domain Defaults None Access EnabledShow crypto key ssh Crypto generate key Link DWS-1008 CLI Manual 226 Radius Servers Radius ClientServer Groups Radius Proxy Clear radius Clear radius client system-ip Clear radius proxy client Removes Radius proxy ports configured for third-party APsClear radius proxy port Removes Radius proxy client entries for third-party APs Clear server group Clear radius serverSyntax clear radius server server-name Syntax clear server group group-nameload-balance Set radius Timeout secondsDeadtime minutes Encrypted-key string Encrypted-key-No key Set radius proxy client Set radius client system-ipSyntax set radius client system-ip Clear radius client system-ip Set system ip-address Set radius proxy port Set radius server Author-passwordAddress Auth-port Encrypted-key-No key Author-password-trapeze Access Enabled Names of one or more configured Radius servers Configures a group of one to four Radius serversSet server group Members Defaults Load balancing is disabled by default Enable disableSet server group load-balance Group-name Server group name of up to 32 characters Bonded Authentication Wired AuthenticationReauthentication Port Control Clear dot1x max-req Clear dot1x bonded-periodSyntax clear dot1x max-req Clear dot1x quiet-period Clear dot1x port-controlSyntax clear dot1x port-control Syntax clear dot1x quiet-period Clear dot1x reauth-period Clear dot1x reauth-maxSyntax clear dot1x reauth-max Syntax clear dot1x reauth-period Clear dot1x timeout supplicant Clear dot1x timeout auth-serverDefaults The default is 30 seconds Set dot1x timeout auth-server Show dot1x Clear dot1x tx-period Syntax set dot1x authcontrol enable disable enable DisableSet dot1x authcontrol Syntax clear dot1x tx-period Syntax set dot1x bonded-period seconds Set dot1x bonded-period Defaults Key transmission is enabled by default Syntax set dot1x key-tx enable disable EnableSet dot1x key-tx Set dot1x max-req Clear dot1x max-req Show dot1x Set dot1x port-controlShow port status Show dot1x Link DWS-1008 CLI Manual 248 Set dot1x reauth-max Set dot1x quiet-periodSyntax set dot1x quiet-period seconds Seconds Specify a value between 0 and 65,535 Syntax set dot1x timeout auth-server seconds Set dot1x timeout auth-serverSet dot1x reauth-period Syntax set dot1x reauth-period seconds Syntax set dot1x timeout supplicant seconds Set dot1x timeout supplicantClear dot1x timeout auth-server Show dot1x Set dot1x tx-period Set dot1x wep-rekey Syntax set dot1X wep-rekey enable disable enable DisableSet dot1x wep-rekey-period Syntax set dot1x wep-rekey-period seconds Config Syntax show dot1x clients stats config clients StatsDisplays a summary of the current configuration Show dot1x DWS-1008#show dot1x config Type the following command to display the 802.1X clients DWS-1008# show dot1x stats Type the following command to display 802.1X statisticsLink DWS-1008 CLI Manual 255 DWS-1008#clear sessions admin Administrative SessionsClear sessions Network Sessions Clear sessions network Show sessions SSH DWS-1008# clear sessions adminDWS-1008# show sessions console DWS-1008# show sessions telnet Clear sessions Show sessions networkMac-addr Link DWS-1008 CLI Manual 260 Session-id Show sessions network commandVerbose Show sessions network session-id display DWS-1008# show sessions network user E DWS-1008# show sessions network mac-addr 00055d7e981aDWS-1008# show sessions network verbose Active DWS-1008#show sessions network session-idSsid LAST-RESORT Link DWS-1008 CLI Manual 264 Additional show sessions network verbose Output Link DWS-1008 CLI Manual 265 Show sessions network session-id Output Link DWS-1008 CLI Manual 266 Countermeasures Rogue InformationPermitted Vendor List Permitted Ssid List Clear rfdetect ignore Clear rfdetect attack-listSyntax clear rfdetect attack-list mac-addr Syntax clear rfdetect ignore mac-addr Clear rfdetect vendor-list Clear rfdetect ssid-listSyntax clear rfdetect ssid-list ssid-name Set rfdetect black-list Set rfdetect attack-listSyntax set rfdetect attack-list mac-addr Syntax set rfdetect black-list mac-addr Set rfdetect black-list Show rfdetect black-list Set rfdetect ignoreSyntax set rfdetect ignore mac-addr Mac-addr Bssid MAC address of the device to ignore Syntax set rfdetect signature enable disable Enable Syntax set rfdetect log enable disable EnableSet rfdetect log Set rfdetect signature Syntax set rfdetect ssid-list ssid-name Set rfdetect ssid-list Show rfdetect attack-list Set rfdetect vendor-listLink DWS-1008 CLI Manual 274 Show rfdetect clients Show rfdetect black-listDWS-1008# show rfdetect attack-list DWS-1008# show rfdetect black-list Total number of entries Client MAC DWS-1008# show rfdetect clientsAP MAC DWS-1008#show rfdetect clients mac 000c4163fd6d Rssi Show rfdetect countermeasuresBssid Link DWS-1008 CLI Manual 277 Show rfdetect counters Syntax show rfdetect counters Defaults None Access EnabledDWS-1008# show rfdetect countermeasures Link DWS-1008 CLI Manual 278 Type Current DWS-1008#show rfdetect countermeasures Syntax show rfdetect data Defaults None Access Enabled Displays information about the APs detected by a switchShow rfdetect data Vendor Type Port/Radio Flags Show rfdetect ignore Syntax show rfdetect ignore Defaults None Access EnabledShow rfdetect visible Show rfdetect ssid-list Syntax show rfdetect ssid-list Defaults None Access EnabledShow rfdetect vendor-list Show rfdetect visible Showapdapstatus commandRadio Show rfdetect data Test rflinkSyntax test rflink mac mac-addr session-id session-id Rssi SNR DWS-1008# test rflink mac 000e9bbfad13RTT micro-secs 976 Configuration File Boot SettingsSoftware Version File Management Syntax backup system tftp/ip-addr/filenameall critical BackupDir command output Critical Clear boot config Clear boot backup-configurationSyntax clear boot config Defaults None Access Enabled DWS-1008#reset system force DWS-1008#clear boot configCopy Delete Dir Link DWS-1008 CLI Manual 290 DWS-1008#copy tftp//10.1.1.1/closetmx closetmx Syntax delete url DeleteFor example subdira/filea Copy Dir Link DWS-1008 CLI Manual 291 Boot1 Boot0Dir FilePage DWS-1008#install soda agent soda.ZIP agent-directory sp1 Install soda agentThis command may take up to 20 seconds Table below describes the fields in the dir output Syntax load config url Load configBackupconfigs/configc DWS-1008#load config DWS-1008#md5 boot0MX040003.020 Syntax md5 boot0 boot1filenameMd5 Mkdir Restarts a switch and reboots the software Reset systemSyntax reset system force Dir Rmdir DWS-1008#reset system RestoreSave config Show boot Show version Backup DWS-1008#restore system tftp/10.10.20.9/sysabakRmdir Removes a subdirectory from nonvolatile storage Syntax save config filename Save configDWS-1008#save config DWS-1008#save config testconfig1 Set boot configuration-file Set boot backup-configurationSyntax set boot backup-configuration filename Syntax set boot configuration-file filename Show boot Set boot partitionSyntax set boot partition boot0 boot1 Boot0 Boot1 Table below describes the fields in the show boot output Show configClear boot config Reset system Set boot configuration-file Displays the configuration running on the switch Show version DWS-1008#show config area vlanSpantree System Trace Vlan Vlan-fdb Syntax show version details Details DWS-1008#show version details DWS-1008#show version Syntax uninstall soda agent agent-directory directory Uninstall soda agentDWS-1008#uninstall soda agent agent-directory sp1 Table below describes the fields in the show version output Clear ap dap radio Access Point Commands DWS-1008#clear dap 1 boot-configuration Clear dap boot-configurationDWS-1008#clear ap 3 radio DWS-1008#set radio-profile rptest mode disable DWS-1008#set radio-profile rp1 mode disableClear radio-profile Syntax clear radio-profile name parameter Clear service-profile DWS-1008#set radio-profile rp6 mode disable Reset ap dapRestarts an access point Syntax reset ap port-list dap dap-num Set dap auto Syntax set dap auto Defaults None Access EnabledLink DWS-1008 CLI Manual 312 Syntax set dap auto mode enable disable Enable Set dap auto modeEnables the AP configuration profile Disables the AP configuration profile Set dap auto radiotype Set dap auto persistentSyntax set dap auto persistent dap-num all Dap-num Low Defaults Access Set dap auto Set dap auto mode Set dap auto persistentSet ap dap bias Dap dap-num dap auto high Set ap dap blink Dap dap-num dap auto enable disable Defaults Access Enabled Enables or disables the static IP address for the AP Set dap boot-ip Switch ip ip-addr Set dap boot-switch Link DWS-1008 CLI Manual 319 Specifies contact information for an AP Set ap dap contactSyntax set ap port-list dap dap-num contact string Contact string Syntax set dap dap-numfingerprint hex Set dap fingerprint Force-image-download disable Force-image-download enableSet ap dap force-image-download Dap auto Set ap dap group Defaults AP access points are not grouped by defaultSyntax set ap port-list dap dap-num auto group name Ap port-list dap dap-num dap auto Specifies location information for an AP Set ap dap locationSyntax set ap port-list dap dap-num location string Ap port-list Dap dap-num location string Set ap dap radio antenna-location Set ap dap nameSyntax set ap port-list dap dap-num name name Ap port-list Indoors Set ap dap radio antennatypeOutdoors Ap port-list Dap dap-num Configuration template Set ap dap radio auto-tune max-powerPower-level Radio 1 of the DWL-8220AP Sets an DWS-8220AP radio’s channel Set ap dap radio channelDap dap-num radio 1 radio Channel-number Radio 1 radio 2 enable disable Set ap dap radio modeDap dap-num dap auto Mode disable Mode enableSet ap dap radio radio-profile Radio-profile name Access Enabled Set dap security Defaults By default, encryption keys are optional Set dap fingerprint Show ap dap config Show ap dap status Set ap dap upgrade-firmwareDap auto enable disable Defaults Access Enabled DWS-1008#set ap 2 upgrade-firmware disable Syntax set radio-profile name active-scan enable disable Set radio-profile auto-tune channel-configSet radio-profile active-scan Link DWS-1008 CLI Manual 334 Set radio-profile auto-tune channel-holddown Enable Disable No-clientName Link DWS-1008 CLI Manual 335 Name Rate Set radio-profile auto-tune channel-intervalName Radio profile name Syntax set radio-profile name auto-tune channel-lockdown Set radio-profile auto-tune channel-lockdown Set radio-profile auto-tune power-config Set radio-profile auto-tune power-interval Set radio-profile auto-tune power-ramp-interval Set radio-profile auto-tune power-lockdownSyntax set radio-profile name auto-tune power-lockdown Set radio-profile beacon-interval Defaults The default interval is 60 secondsSyntax set radio-profile name beacon-interval interval Set radio-profile countermeasures ConfiguredRogue None Set radio-profile dtim-interval Syntax set radio-profile name frag-threshold threshold Set radio-profile frag-threshold Set radio-profile max-tx-lifetime Set radio-profile max-rx-lifetimeSyntax set radio-profile name max-rx-lifetime time Syntax set radio-profile name max-tx-lifetime time Syntax set radio-profile name mode enable disable Set radio-profile mode MMS Link DWS-1008 CLI Manual 347 Access Enabled Syntax set radio-profile name preamble-length long short Set radio-profile preamble-lengthLong Short Set radio-profile rfid-mode Set radio-profile qos-modeSyntax set radio-profile name qos-mode svp wmm Svp Enables radios to function as asset location receivers Syntax set radio-profile name rfid-mode enable disableDefaults The default is disable Access Enabled Set radio-profile rts-threshold DWS-1008#set radio-profile rp1 rts-threshold Link DWS-1008 CLI Manual 353 Table Defaults for Radio Profile Parameters Link DWS-1008 CLI Manual 354 Link DWS-1008 CLI Manual 355 Portal-acl setting Set radio-profile wmm-powersave Syntax set radio-profile name wmm-powersave enable disable Set service-profile attrSyntax set service-profile name attr attribute-name value Link DWS-1008 CLI Manual 357 Access Enabled Syntax set service-profile name auth-dot1x enable disable Set service-profile auth-dot1xName Service profile name Enables 802.1X authentication of WPA clients Set service-profile auth-fallthru Syntax set service-profile name auth-psk enable disable Set service-profile auth-pskEnables PSK authentication of WPA clients Disables PSK authentication of WPA clients Set service-profile cac-mode Set service-profile beaconSyntax set service-profile name beacon enable disable Syntax set service-profile name cac-mode none session Syntax set service-profile name cac-session max-sessions Set service-profile cac-sessionCAC is not used Session Syntax set service-profile name cipher-ccmp enable disable Set service-profile cipher-ccmpEnables Ccmp encryption for WPA clients Disables Ccmp encryption for WPA clients Set service-profile cipher-wep104 Set service-profile cipher-tkipEnables 104-bit WEP encryption for WPA clients Disables 104-bit WEP encryption for WPA clients Defaults 104-bit WEP encryption is disabled by default Set service-profile cipher-wep40 Defaults 40-bit WEP encryption is disabled by default Set service-profile cosSets the Class-of-Service CoS level for static CoS Syntax set service-profile name cos level Set service-profile static-cos Show service-profile Set service-profile dhcp-restrictEnables Dhcp Restrict Disables Dhcp Restrict Set service-profile keep-initial-vlan Set service-profile idle-client-probingEnables keepalives Disables keepalives Configures radios to reassign a roamed user’s Vlan Set service-profile long-retry-countDefaults This option is disabled by default Syntax set service-profile name long-retry-count threshold Syntax set service-profile name no-broadcast enable disable Set service-profile no-broadcastLink DWS-1008 CLI Manual 371 Enable Disable Defaults Access Enabled Set service-profile proxy-arpSyntax set service-profile name proxy-arp enable disable Defaults Proxy ARP is disabled by default Set service-profile psk-phraseSyntax set service-profile name psk-phrase passphrase Syntax set service-profile name psk-raw hex Set service-profile psk-raw Syntax set service-profile name rsn-ie enable disable Set service-profile rsn-ieEnables the RSN IE Disables the RSN IE Set service-profile short-retry-count Set service-profile shared-key-authEnables shared-key authentication, in a service profile Syntax set service-profile name short-retry-count threshold Set service-profile soda agent-directory Set service-profile soda mode Link DWS-1008 CLI Manual 378 Set service-profile soda enforce-checks Syntax set service-profile name soda failure-page Set service-profile soda failure-page Syntax set service-profile name soda logout-page Set service-profile soda logout-page Set service-profile soda remediation-acl Set service-profile soda modeSyntax set service-profile name soda mode enable disable Defaults Disabled Access Enabled Syntax set service-profile name soda success-page Set service-profile soda success-page Configures the Ssid name in a service profile Set service-profile ssid-nameSyntax set service-profile name ssid-name ssid-name Name Ssid-name Syntax set service-profile name ssid-type clear crypto Set service-profile ssid-typeClear Crypto Syntax set service-profile name static-cos enable disable Set service-profile static-cosEnables static CoS on the service profile Disables static CoS on the service profile Set service-profile transmit-rates Set service-profile tkip-mc-timeSyntax set service-profile name tkip-mc-time wait-time Link DWS-1008 CLI Manual 386 11a 11b 11g Disabled rate-listMandantory rate-list Beacon-rate rate Defaults This command has the following defaults Set service-profile user-idle-timeout Syntax set service-profile name user-idle-timeout seconds Set service-profile web-portal-aclSyntax set service-profile name web-portal-acl aclname Name Seconds Set service-profile auth-fallthru Show service-profile Set service-profile web-portal-formSyntax set service-profile name web-portal-form url Defaults The D-Link Web login page is served by default Success change accepted Set service-profile web-portal-session-timeout Set service-profile wep active-unicast-index Set service-profile wep active-multicast-index Key-index num key value Set service-profile wep key-index Syntax set service-profile name wpa-ie enable disable Set service-profile wpa-ie Shows configuration information for radio Show ap dap configDWS-1008#show ap config DWS-1008#show dap config Link DWS-1008 CLI Manual 397 Following Table describes the fields in this display Shows statistics counters for radio Show ap dap countersDWS-1008# show dap counters Link DWS-1008 CLI Manual 399 Totl Ccmp Link DWS-1008 CLI Manual 400 MIC Link DWS-1008 CLI Manual 402 Show ap dap qos-stats DWS-1008#set service-profile sp2 wpa-ie enableDisplays statistics for DWL-8220AP forwarding queues Clear Syntax show ap dap etherstats port-list dap-num Show ap dap etherstatsLink DWS-1008 CLI Manual 404 Link DWS-1008 CLI Manual 405 DWS-1008# show dap etherstats Syntax show ap dap group name Show ap dap groupName Name of an AP group or Distributed AP group Link DWS-1008 CLI Manual 406 Link DWS-1008 CLI Manual 407 DWS-1008# set service-profile sp2 wpa-ie enable Radio1 Show ap dap statusRadio2 DWS-1008#show dap status DWS-1008#show ap status Link DWS-1008 CLI Manual 410 Link DWS-1008 CLI Manual 411 Show auto-tune attributes Radio1 Radio2 radio all Defaults AccessMp-num Dap-num DWS-1008# show auto-tune attributes ap 2 radio DWS-1008#show auto-tune neighbors ap 2 radio Show auto-tune neighbors Syntax show dap boot-configuration dap-num Show dap boot-configurationLink DWS-1008 CLI Manual 415 DNS IP DWS-1008#show dap boot-configurationLink DWS-1008 CLI Manual 416 Syntax show dap connection dap-num serial-id serial-ID Show dap connectionDWS-1008#show dap connection DAP Syntax show dap global dap-num serial-id serial-ID Show dap global High DWS-1008#show dap globalLOW Syntax show dap unconfigured Defaults None Access Enabled Show dap unconfiguredDWS-1008#show dap unconfigured Link DWS-1008 CLI Manual 420 Show radio-profile DWS-1008# show radio-profile defaultSyntax show radio-profile name ? Name Displays information about the named radio profile Link DWS-1008 CLI Manual 422 See Also Name Show service-profile Soda Link DWS-1008 CLI Manual 425 Link DWS-1008 CLI Manual 426 Link DWS-1008 CLI Manual 427 STP State TimersBridge Priority Port Cost Clear spantree portpri Clear spantree portcostSyntax clear spantree portcost port-list Syntax clear spantree portpri port-list Resets the priority for all VLANs Resets the cost for all VLANsClear spantree portvlancost Clear spantree portvlanpri Syntax clear spantree statistics port-listvlan vlan-id Clear spantree statisticsShow spantree statistics Link DWS-1008 CLI Manual 431 Set spantree Syntax set spantree backbonefast enable disable EnableSet spantree backbonefast Vlan vlan-id Port port-list vlan-id Syntax set spantree fwddelay delay all vlan vlan-id Delay Set spantree fwddelay Set spantree maxage Set spantree helloSyntax set spantree maxage aging-timeall vlan vlan-id Syntax set spantree portcost port-listcost cost Set spantree portcost Set spantree portfast Syntax set spantree portfast port port-listenable disableSet spantree portpri Syntax set spantree portpri port-listpriority value Set spantree portvlanpri Set spantree portvlancostChanges the priority on all VLANs Show spantree Link DWS-1008 CLI Manual 438 Set spantree priority Set spantree uplinkfast Syntax set spantree uplinkfast enable disableShow spantree Active PVST+ DWS-1008# show spantree vlan defaultIeee Vlan ID Show spantree blockedports Link DWS-1008 CLI Manual 441 DWS-1008#show spantree blockedports vlan default Syntax show spantree backbonefast Defaults None Access AllShow spantree backbonefast Show spantree blockedports Syntax show spantree portfast port-list Show spantree portfastDWS-1008#show spantree portfast Set spantree portfast Link DWS-1008 CLI Manual 443 Show spantree statistics Show spantree portvlancostSyntax show spantree portvlancost port-list Port-list List of ports False DWS-1008#show spantree statisticsInactive Num of similar BPDU’s to process Receivedinferiorbpdu Topology change time Topology change detectedLink DWS-1008 CLI Manual 446 Link DWS-1008 CLI Manual 447 Show spantree uplinkfast Defaults None Access AllClear spantree statistics Syntax show spantree uplinkfast vlan vlan-id Set spantree uplinkfast Link DWS-1008 CLI Manual 449 DWS-1008#show spantree uplinkfast Proxy Reporting Igmp Snooping StatePseudo-querier Router Solicitation Clear igmp statistics Syntax set igmp enable disable vlan vlan-idSet igmp DWS-1008#clear igmp statistics Set igmp mrouter Set igmp lmqiSet igmp oqi Set igmp qi Set igmp mrouter Link DWS-1008 CLI Manual 452 Show igmp mrouter Set igmp mrsolSet igmp mrsol mrsi Link DWS-1008 CLI Manual 453 Set igmp oqi Set igmp mrsol mrsiSyntax set igmp mrsol mrsi seconds vlan vlan-id Set igmp mrsol Set igmp proxy-report Defaults Proxy reporting is enabled on all VLANs by defaultShow igmp Link DWS-1008 CLI Manual 455 Set igmp qi Defaults The default query interval is 125 secondsSyntax set igmp qi seconds vlan vlan-id qi seconds Syntax set igmp qri tenth-secondsvlan vlan-id Set igmp qri Set igmp receiver Set igmp querierShow igmp querier Link DWS-1008 CLI Manual 458 Set igmp rv Defaults The default robustness value for all VLANs isShow igmp receiver-table Syntax set igmp rv num vlan vlan-id DWS-1008# show igmp vlan orange Show igmp Link DWS-1008 CLI Manual 461 Dvmrp PIM Syntax show igmp mrouter vlan vlan-id Show igmp mrouterLink DWS-1008 CLI Manual 462 DWS-1008# show igmp mrouter vlan orange Show igmp querier DWS-1008#show igmp querier vlan defaultDWS-1008# show igmp querier vlan orange DWS-1008#show igmp querier vlan red Group group-ip-addr/mask-length Show igmp receiver-tableDWS-1008# show igmp receiver-table vlan orange Vlan orange Session Port Receiver-IP Receiver-MAC DWS-1008#show igmp receiver-table group 237.255.255.0/24 Show igmp statisticsSet igmp receiver Displays Igmp statistics Link DWS-1008 CLI Manual 467 DWS-1008# show igmp statistics vlan orange Clear igmp statistics Link DWS-1008 CLI Manual 468 Commit Security ACLs Create Security ACLsMap Security ACLs Monitor Security ACLs Syntax clear security acl acl-name all editbuffer-index Clear security aclClears all security ACLs DWS-1008#clear security acl acl133 Clear security acl map Syntax commit security acl acl-name all Commit security aclCommits all security ACLs in the edit buffer Link DWS-1008 CLI Manual 472 ACL table DWS-1008#show security aclACL Type Class Mapping Syntax rollback security acl acl-name all Rollback security aclDWS-1008#show security acl info all editbuffer ACL edit-buffer information for all Before editbuffer-index modify editbuffer-index hits Set security aclLink DWS-1008 CLI Manual 475 Cos cos PermitDeny Precedence PrecedenceTos tos Hits EstablishedDWS-1008#set security acl ip acl123 deny 192.168.2.11 Clear security acl Commit security acl Show security acl Set security acl mapLink DWS-1008 CLI Manual 479 Out Assigns the security ACL to traffic coming from the switch Syntax set security acl hit-sample-rate seconds Set security acl hit-sample-rateDWS-1008#set security acl hit-sample-rate Show security acl Syntax show security acl Defaults None Access EnabledDisplays a summary of the security ACLs that are mapped DWS-1008# show security acl Show security acl editbuffer Show security acl hits Syntax show security acl hits Defaults None Access EnabledShow security acl info Syntax show security acl info acl-name all editbuffer Defaults None Access Enabled Show security acl resource-usage Show security acl mapSyntax show security acl map acl-name DWS-1008#show security acl map acl111 DWS-1008#show security acl resource-usage Link DWS-1008 CLI Manual 488 Link DWS-1008 CLI Manual 489 Clear log trace Syntax clear log trace Defaults None Access EnabledDWS-1008#clear log trace See Also Clear trace Deletes running trace commands and ends trace processesSyntax clear trace trace-area all Save trace Set trace authenticationSyntax save trace filename DWS-1008#save trace traces/trace1 Traces authorization information Set trace authorizationSet trace dot1x Clear trace Show trace Traces session manager activity Set trace smLink DWS-1008 CLI Manual 494 Syntax show trace all Show trace Remote monitoring snooping Clear snoopSyntax clear snoop filter-name DWS-1008#clear snoop snoop1 See Also Set snoop Clear snoop mapExamples clear snoop map filter-namedap dap-numradio 1 Radio 1 of the AP Probe Frame-type eq neq beacon control data managementChannel eq neq channel Bssid eq neq bssid DWS-1008#set snoop snoop1 observer 10.10.30.2 snap-length Set snoop map Defaults Snoop filters are unmapped by defaultExamples set snoop map filter-namedap dap-numradio 1 Enable stop-after num-pkts Set snoop modeDisables the snoop filter Defaults Snoop filters are disabled by default Show snoop Syntax show snoop Defaults None Access EnabledShow snoop info Syntax show snoop filter-name Show snoop stats Show snoop mapSyntax show snoop map filter-name DWS-1008#show snoop map snoop1 filter ‘snoop1’ mapping Link DWS-1008 CLI Manual 504 System Logs Clear log Buffer Set logCurrent Sessions Disables messages to the specified target Enables messages to the specified targetShow log config Clear log Link DWS-1008 CLI Manual 507 Severity level Set log markInterval interval Facility facility-name Show log bufferMatching string Syntax show log config Defaults None Access Enabled Show log configDWS-1008#show log config DWS-1008#show log buffer facility ? Number-of-messages Show log trace DWS-1008#show log trace facility ? Clear log Show log config Link DWS-1008 CLI Manual 512DWS-1008#show log trace +5 facility Rogue Booting Command InformationBoot Profile Management Diagnostics Boot AutobootSyntax autoboot on on OFF off Boot autoboot Boot boot FN=MX010101.020 DEV=boot1 Syntax change Change Create Creates a new boot profileSyntax create Change Delete Next Show Link DWS-1008 CLI Manual 517 Syntax delete Defaults None Removes the currently active boot profileDhcp Change Create Next Show Syntax dir c d e f boot0 boot1 Accesses the diagnostic modeDiag Syntax diag Fver Syntax fver c d e f boot0 boot1 filenameBload Bstrap Syntax help command-name Boot fver boot1Command-name Boot prompt command Boot help fver Syntax ls Defaults None Displays a list of the boot prompt commandsHelp Link DWS-1008 CLI Manual 522 Next Syntax next Defaults None Resets a DWS-1008 switch’s hardware ResetSyntax reset Defaults None Boot Link DWS-1008 CLI Manual 524 Boot Type Syntax show Defaults NoneShow Change Create Delete Dhcp Next Link DWS-1008 CLI Manual 526 Boot Type Test Syntax version Defaults NoneVersion Syntax test on on OFF off Dir Fver Link DWS-1008 CLI Manual 528 Boot version