Set security acl, Link DWS-1008 CLI Manual 475

set security acl

In the edit buffer, creates a security access control list (ACL), adds one access control entry (ACE) to a security ACL, and/or reorders ACEs in the ACL. The ACEs in an ACL filter IP packets by source IP address, a Layer 4 protocol, or IP, ICMP, TCP, or UDP packet information.

Syntax

By source address

set security acl ip acl-name{permit [cos cos] deny} {source-ip-addr mask any} [before editbuffer-index modify editbuffer-index] [hits]

By Layer 4 protocol

set security acl ip acl-name{permit [cos cos] deny} protocol-number{source-ip-addr mask any} {destination-ip-addr mask any} [[precedence precedence] [tos tos] [dscp codepoint]]

[before editbuffer-index modify editbuffer-index] [hits]

By IP packets

set security acl ip acl-name{permit [cos cos] deny}

ip {source-ip-addr mask any} {destination-ip-addr mask any} [[precedence precedence] [tos tos] [dscp codepoint]] [before editbuffer-index modify editbuffer-index] [hits]

By ICMP packets

set security acl ip acl-name{permit [cos cos] deny}

icmp {source-ip-addr mask any} {destination-ip-addr mask any} [type icmp-type] [code icmp-code]

[[precedence precedence] [tos tos] [dscp codepoint]] [before editbuffer-index modify editbuffer-index] [hits]

By TCP packets

set security acl ip acl-name{permit [cos cos] deny} tcp {source-ip-addr mask any [operator port [port2]]} {destination-ip-addr mask any [operator port [port2]]} [[precedence precedence] [tos tos] [dscp codepoint]] [established] [before editbuffer-index modify editbuffer-index] [hits]

By UDP packets

set security acl ip acl-name{permit [cos cos] deny} udp {source-ip-addr mask any [operator port [port2]]} {destination-ip-addr mask any [operator port [port2]]} [[precedence precedence] [tos tos] [dscp codepoint]] [before editbuffer-index modify editbuffer-index] [hits]

D-Link DWS-1008 CLI Manual

475

Page 478

Image 478

D-Link dws-1008 manual Set security acl, Before editbuffer-index modify editbuffer-index hits, Link DWS-1008 CLI Manual 475

Contents

Page Table of Contents Link DWS-1008 CLI Manual Link Mobility System Convention Use DWS-mmmm-nnnnnn# DWS-mmmm-nnnnnnDWS-1008 DWS-1008# Clear interface vlan-id ip Set port enable I disable port-listClear fdb dynamic I port port-list v1 an vlan-id Subnet Masks Wildcard Masks User Glob Users Designated MAC Address Globs Port Lists DWS-1008#show port status 1-3,6 Command-Line Editing Keyboard Shortcuts Function Using CLI Help Set ap dap name Set ap dap name command has the following complete syntaxSet ap port-list dap dap-numname name Defaults None Access Enabled DisableEnable Syntax enable Access All Syntax set enablepass Defaults None Access Enabled Set enablepassSyntax quit Defaults None Access All Quit Display ConfigurationAuto-Config System Identification Clear history Clear banner motdClear prompt Clears the system configuration of the specified information Clear system Help History Quickstart Syntax set banner motd text Defaults None Access Enabled Set banner motd Syntax set confirm on off Set confirmSet length DWS-1008#clear vlan red Syntax set license activation-key Set licenseDWS-1008#set length Activation-key Set prompt Syntax set prompt string Set system country code Stores a contact name for the DWS-1008 switchSet system contact Syntax set system contact string Link DWS-1008 CLI Manual Set system idle-timeout Syntax set system idle-timeout seconds Syntax set system ip-address ip-addr Set system ip-addressClear system Show system Ip-addrIP address, in dotted decimal notation Syntax set system location string Set system locationSet system name Syntax set system name string Show banner motd Syntax show banner motd Defaults None Access EnabledClear banner motd Link DWS-1008 CLI Manual Show licenses Syntax show licenses Defaults None Access AllSyntax show load Defaults None Access Enabled Show load Show system Syntax show system Defaults None Access EnabledDisplays system information Name Configured with set system countrycodeField Description With set system location Nvram size /SDRAM size percent of total Show boot Show config Set licenses Link DWS-1008 CLI ManualShow tech-support Syntax show tech-support file subdirname/ filename Interface Type Port TypeState Speed Clear port counters Syntax clear port counters Defaults None Access EnabledClear dap Syntax clear dap dap-num Clear port mirror Syntax clear port mirror Defaults None Access EnabledClear port-group Syntax clear port-group name name Clear port name Defaults NoneClear port type STP DWS-1008#clear port type Monitor port counters Syntax monitor port counters Key Effect on monitor display Displayed for All Transmit-errors Statistics Option Field Description Set dap Reset portDetails command Serial id serial ID Set port Syntax set port enable disable port-list EnableDisable Port-list Set port-group Set reset portMode on off Syntax set port-group name group-nameport-listmode on off Clear port-group Link DWS-1008 CLI Manual Set port name Set port mirrorName name Set port negotiation Syntax set port negotiation port-listenable disableEnable disable Clear port name DWS-1008#set port negotiation 5 enable DWS-1008#set port negotiation 1,2,4-6 disableFollowing command enables autonegotiation on port Syntax set port poe port-listenable disable Set port speed DWS-1008#set port poe 3,5 disableDWS-1008#set port poe 2,4 enable Syntax set port speed port-list10 100 auto Disable EnableSet port trap Model Poe enable disable radiotype 11a 11b 11g Configures a DWS-1008 switch port for an AP access pointSet port type ap DWS-1008#set port type ap 2 model DWL-8220AP poe enable Port Parameter Setting Wired Authentication Port Defaults Port Parameter Setting Set port type wired-authConfigures an DWS-1008 port for a wired authentication user Port-list tag-list Num last-resort Clear port type Set port type Link DWS-1008 CLI Manual Port port-list Defaults None Access AllShow port counters Statistics for all ports Show port-group Show port mirror Syntax show port poe port-list Show port poeDWS-1008# show port poe Syntax show port status port-list Displays configuration and status information for portsShow port status DWS-1008# show port status Ports FDB Aging TimeoutCreation Restriction of Client Layer 2 Forwarding Deletes an entry from the forwarding database FDB Clear fdbPort port-lis Vlan vlan-id Tag tag-value Permit-mac Clear security l2-restrictVlan-id Vlan name or number All Syntax clear security l2-restrict counters vlan vlan-id all Clear security l2-restrict countersClear vlan All DWS-1008#clear vlan red port 4 tag Set vlan port Show vlan config Link DWS-1008 CLI ManualDWS-1008#clear vlan green port DWS-1008#clear vlan marigold Mac-addr Set fdbPort port-list Set security l2-restrict Mode enable disableSet fdb agingtime Syntax set fdb agingtime vlan-idage seconds Creates a Vlan and assigns a number and name to it Defaults Layer 2 restriction is disabled by defaultSet vlan name Syntax set vlan vlan-numname name Set vlan port Set vlan portSyntax set vlan vlan-idport port-listtag tag-value Show fdb Syntax show fdb agingtime vlan vlan-id Show fdb agingtimeDWS-1008# show fdb DWS-1008#show fdb agingtime Show security l2-restrict Vlan vlan-id Defaults None. Access AllShow fdb count DWS-1008#show fdb count dynamic DWS-1008# show security l2-restrict Show vlan configSyntax show vlan config vlan-id Displays Vlan information Vlan DWS-1008# show vlan config burgundyTunl Port Vlan Name Status State Affin Port Tag From 0 to Clear qosFrom-qos From-dscp Dscp dscp-value Set qos cos-to-dscp-mapSyntax set qos cos-to-dscp-map level dscp dscp-valuelevel DWS-1008#set qos cos-to-dscp-map 5 dscp Show qos Syntax show qos defaultSet qos dscp-to-cos-map Syntax set qos dscp-to-cos-map dscp-rangecos level Show qos dscp-table DWS-1008#show qos defaultSyntax show qos dscp-table Defaults None Access Enabled DWS-1008#show qos dscp-table Removes an IP interface Clear interfaceSyntax clear interface vlan-idip Clear ip dns domain Syntax clear ip dns domain Defaults None Access EnabledClear ip alias Syntax clear ip alias name Clear ip route DefaultClear ip dns server Syntax clear ip dns server ip-addr Set ip route Show ip route Defaults The default Telnet port number isClear ip telnet Syntax clear ip telnet Clear ntp server Clear ntp update-intervalSyntax clear ntp update-interval Syntax clear ntp server ip-addr all Syntax clear snmp community name comm-string Clear snmp communityClear snmp notify profile Syntax clear snmp notify profile profile-name Syntax clear snmp notify target target-num Clear snmp notify targetClear snmp usm Target-num ID of the target Clear summertime Syntax clear summertime Defaults None Access EnabledSyntax clear system ip-address Defaults None Access Enabled Clear system ip-address Dnf Clear timezonePing Flood Is 8 bytes larger than the size you specify DefaultsSize size DWS-1008#ping Ip-addr Mac-addr Set arpSet arp agingtime Syntax set arp agingtime seconds Set interface Configures an IP interface on a VlanSet arp Show arp Set interface dhcp-client DWS-1008#set interface default ip 10.10.10.10/24Syntax set interface vlan-idip dhcp-client enable disable DWS-1008#set interface mauve ip 10.10.20.10 Disables the Dhcp server Configures the MSS Dhcp serverEnables the Dhcp server Set interface dhcp-server Set ip dns domain Set ip dns server Show dhcp-server Administratively disables or reenables an IP interfaceSet interface status Syntax set interface vlan-idstatus up down Set ip alias Set ip dns Syntax set ip dns domain name Set ip dns domainSet ip dns server DWS-1008#set ip dns domain example.com Syntax set ip https server enable disable Set ip https server Is not available for the destination Set ip routeAdds a static route to the IP route table Ip-addr mask Set ip snmp server Enables or disables the Snmp service on the DWS-1008 switchSyntax set ip snmp server enable disable Clear ip route Show interface Show ip route Syntax set ip ssh port port-num Set ip sshSet ip ssh server Link DWS-1008 CLI Manual Set ip telnet Syntax set ip ssh server enable disableSet ip ssh server Syntax set ip telnet port-num Syntax set ip telnet server enable disable Enables the Telnet server on a DWS-1008 switchSet ip telnet server Set ntp server Syntax set ntp enable disableSet ntp Syntax set ntp server ip-addr Syntax set ntp update-interval seconds Set ntp update-intervalDWS-1008#set ntp server See Also Set snmp community Drop send Default profile-nameSet snmp notify profile Notifications you specify with notification-type or allPage Page RFDetectInterferingRogueAPTraps success change accepted DWS-1008#set snmp notify profile snmpprofrfdetect sendRFDetectRogueDisappearTraps success change accepted SNMPv3 with Informs Set snmp notify targetUsername Ip hex hex-string Authenticated encryptedSnmp-engine-id Security unsecured Retries num Timeout numSNMPv2c with Informs SNMPv2c with Traps SNMPv1 with Traps Success change accepted Link DWS-1008 CLI Manual 110 V2c Syntax set snmp protocol v1 v2c usm all enable disableSet snmp protocol Usm Encrypted AuthenticatedSet snmp security Auth-req-unsecnotify Set snmp usm Creates a USM user for SNMPv3 Auth-key hex-string Auth-type none md5 shaAuth-pass-phrase string Encrypt-type none des Start of the time change period Set summertimeStart End Defaults None Access Enabled DWS-1008#set interface taupe ip 10.10.20.20/24 Syntax set timedate date mmm dd yyyy time hhmmss Set timedateSet timezone DWS-1008#set timedate date feb 29 2004 time Syntax show arp ip-addr Show arpDWS-1008#set timezone PST Ip-addr IP address DWS-1008#show dhcp-client Syntax show dhcp-client Defaults None Access AllShow dhcp-client Ifup Verbose Show dhcp-serverSyntax show dhcp-server interface vlan-id verbose DWS-1008# show dhcp-server Bound DWS-1008#show dhcp-server verboseLink DWS-1008 CLI Manual 121 Show interface Displays the IP interfaces configured on the switchSyntax show interface vlan-id Set interface dhcp-client Set interface dhcp-server Set interface status Set ip alias Set ip dns domain Set ip https server Ip-addr/mask-length Default-routerMetric Enables or disables the Snmp service on the switch Disables or reenables the SSH server on a DWS-1008 switch Set ip telnet Set ntp Set ntp server Set snmp community Notification-type To modify the default notification profile, specify defaultSpaces Name of the notification typePage Sends or drops all notifications RFDetectAdhocUserTraps success change accepted RFDetectSpoofedMacAPTraps success change accepted RFDetectUnAuthorizedSsidTraps success change accepted Ip hex hex-string Authenticated encryptedSnmp-engine-id Security unsecured SNMPv3 with Traps By the target. You can specify from 0 to 3 retries Specifies the number of times the MSS Snmp engine willResend a notification that has not been acknowledged Specifies the number of seconds MSS waits for SNMPv1 with Traps 144 Set snmp usm Page Auth-type none md5 sha auth-pass-phrase String auth-keyhex-string Link DWS-1008 CLI Manual 148 End Set system ip-address Sets the time of day and date on the switch Link DWS-1008 CLI Manual 151 Local Resolved Dynamic Resolved152 Show dhcp-client Link DWS-1008 CLI Manual 154 Table below shows the output for show dhcp-server verbose Link DWS-1008 CLI Manual 155 Ipv4 DWS-1008# show interfaceYES Link DWS-1008 CLI Manual 156 Name Alias string Show ip aliasSyntax show ip alias name DWS-1008#show ip alias Syntax show ip dns Defaults None Access All Displays the DNS servers the switch is configured to useShow ip dns Displays information about the Https management port Syntax show ip https Defaults None Access AllShow ip https DWS-1008 show ip https DWS-1008# show ip route Show ip routeSyntax show ip route destination Multicast Show ip telnet Syntax show ip telnet Defaults None Access AllDisplays information about the Telnet management port Displays NTP client information Syntax show ntp Defaults None Access AllShow ntp Link DWS-1008 CLI Manual 162 Show snmp counters Syntax show snmp counters Defaults None Access EnabledShow snmp community Show snmp notify profile Show snmp status Defaults None Access Enabled See AlsoShow snmp usm Show timedate Syntax show timedate Defaults None Access AllShow summertime Syntax show summertime Telnet Syntax show timezone Defaults None Access AllShow timezone DWS-1008#show timezone DWS-1008#telnet Clear sessions Show sessions Link DWS-1008 CLI Manual 167 Traceroute Ping Link DWS-1008 CLI Manual 169 Password Users AuthenticationLocal Authorization for Web authorization Clear accounting User-glob Syntax clear authentication admin user-glob Clear authentication adminClear authentication console Syntax clear authentication console user-glob Removes an 802.1X authentication rule Clear authentication dot1xDWS-1008#clear authentication console Regina Wired Removes a MAC authentication rule Clear authentication macClear authentication proxy Syntax clear authentication proxy ssid ssid-nameuser-glob Clear location policy Clear authentication webRemoves a rule from the location policy on a switch Removes a WebAAA rule Syntax clear mac-user mac-addr Clear mac-userClear mac-user attr Syntax clear mac-user mac-addrattr attribute-name Set mac-user attr Show aaa Clear mac-user groupSyntax clear mac-user mac-addrgroup Syntax clear mac-usergroup group-name Clear mac-usergroupClear mac-usergroup attr Group-name Name of an existing MAC user group Clear mac-usergroup Set mac-usergroup attr Show aaa Username Username of a user with a passwordClear user Syntax clear user username Clear user group Username Username of a user with a passwordClear user attr Syntax clear user username attr attribute-name Syntax clear usergroup group-name Clear usergroupClear usergroup Set user group Show aaa Group-name Name of an existing user group Clear usergroup attr Set accounting admin consoleSyntax clear usergroup group-nameattr attribute-name Method1 method2 method3 method4 Set accounting dot1x mac web last-resortClear accounting Show accounting statistics Link DWS-1008 CLI Manual 183 Web WiredMac Start-stop Set accounting system Syntax set accounting system method1 method2 method3 method4 Set authentication admin Link DWS-1008 CLI Manual 186 Set authentication console Link DWS-1008 CLI Manual 187 Link DWS-1008 CLI Manual 188 Authentication port Set authentication dot1xFor details, see User Globs on Link DWS-1008 CLI Manual 189 Bonded Been authenticatedProtocol Access Enabled Authentication port Set authentication macLink DWS-1008 CLI Manual 192 Access Enabled Set authentication proxy User-glob Single user or a set of users Set authentication web See Also Set location policy Before rule-number User operator user-globModify rule-number DWS-1008#set location policy deny if user eq *.theirfirm.com Syntax set mac-user mac-addrgroup group-name Set mac-userSet mac-user attr Syntax set mac-user mac-addrattr attribute-name value Link DWS-1008 CLI Manual 201 Attribute Description Valid Values Link DWS-1008 CLI Manual 202 YY/MM/DD-HHMM Link DWS-1008 CLI Manual 203 Time-of-day tu1000-1600,th1000-1600 Clear mac-user attr Show aaa Link DWS-1008 CLI Manual 204 Set mac-usergroup attr Syntax set mac-usergroup group-nameattr attribute-name value Set user Syntax set user username password encrypted stringDWS-1008#set user Nin password 29Jan04 See Also Clear user Show aaa Link DWS-1008 CLI Manual 206 Set user attr Clear user attr Show aaa Link DWS-1008 CLI Manual 207 Syntax set user username group group-name Set user groupSet usergroup Clear user group Show aaa DWS-1008#set web-portal disable Syntax set web-portal enable disableDefaults Enabled Access Enabled Set web-portal Syntax show aaa Defaults None Access Enabled Displays all current AAA settingsShow aaa Acctport DWS-1008#show accounting statistics Show accounting statisticsAAAACCTSVCATTR=2 Show location policy Clear accounting Set accounting admin console Show aaaSyntax show location policy Defaults None Access Enabled DWS-1008show location policy PKCS#12 Certificate Encryption KeysPKCS#7 Certificates Self-Signed Certificate Crypto ca-certificate Syntax crypto ca-certificate admin eap webAdmin PEM-formatted-certificate Crypto certificate Begin Certificate Crypto generate key Ssh Crypto generate request Syntax crypto generate request admin eap web admin Eap WebString Are supported on your network. This field is required DWS-1008#crypto generate request adminAlphanumeric characters with no spaces With no spaces Begin Certificate Request Syntax crypto generate self-signed admin eap web AdminCrypto generate self-signed END Certificate Request DWS-1008#crypto generate self-signed admin Name. It simply needs to be formatted like one Crypto otp Syntax crypto otp admin eap web one-time-password AdminOne-time-password DWS-1008#crypto generate otp eap hap9iN#ss File-location-url Syntax crypto pkcs12 admin eap web file-location-urlCrypto pkcs12 DWS-1008#crypto otp eap hap9iN#ss Table below describes the fields in the display Show crypto ca-certificateDWS-1008#show crypto ca-certificate Fields Description Show crypto certificate DWS-1008#show crypto certificate eap Show crypto key ssh Syntax show crypto key domain Defaults None Access EnabledShow crypto key domain Crypto generate key Link DWS-1008 CLI Manual 226 Server Groups Radius ClientRadius Servers Radius Proxy Clear radius Clear radius client system-ip Clear radius proxy port Removes Radius proxy ports configured for third-party APsClear radius proxy client Removes Radius proxy client entries for third-party APs Syntax clear radius server server-name Clear radius serverClear server group Syntax clear server group group-nameload-balance Deadtime minutes Timeout secondsSet radius Encrypted-key string Encrypted-key-No key Syntax set radius client system-ip Set radius client system-ipSet radius proxy client Clear radius client system-ip Set system ip-address Set radius proxy port Address Author-passwordSet radius server Auth-port Encrypted-key-No key Author-password-trapeze Access Enabled Set server group Configures a group of one to four Radius serversNames of one or more configured Radius servers Members Set server group load-balance Enable disableDefaults Load balancing is disabled by default Group-name Server group name of up to 32 characters Reauthentication Wired AuthenticationBonded Authentication Port Control Clear dot1x max-req Clear dot1x bonded-periodSyntax clear dot1x max-req Syntax clear dot1x port-control Clear dot1x port-controlClear dot1x quiet-period Syntax clear dot1x quiet-period Syntax clear dot1x reauth-max Clear dot1x reauth-maxClear dot1x reauth-period Syntax clear dot1x reauth-period Defaults The default is 30 seconds Clear dot1x timeout auth-serverClear dot1x timeout supplicant Set dot1x timeout auth-server Show dot1x Set dot1x authcontrol Syntax set dot1x authcontrol enable disable enable DisableClear dot1x tx-period Syntax clear dot1x tx-period Set dot1x bonded-period Syntax set dot1x bonded-period seconds Set dot1x key-tx Syntax set dot1x key-tx enable disable EnableDefaults Key transmission is enabled by default Set dot1x max-req Clear dot1x max-req Show dot1x Set dot1x port-controlShow port status Show dot1x Link DWS-1008 CLI Manual 248 Syntax set dot1x quiet-period seconds Set dot1x quiet-periodSet dot1x reauth-max Seconds Specify a value between 0 and 65,535 Set dot1x reauth-period Set dot1x timeout auth-serverSyntax set dot1x timeout auth-server seconds Syntax set dot1x reauth-period seconds Clear dot1x timeout auth-server Show dot1x Set dot1x timeout supplicantSyntax set dot1x timeout supplicant seconds Set dot1x tx-period Set dot1x wep-rekey-period Syntax set dot1X wep-rekey enable disable enable DisableSet dot1x wep-rekey Syntax set dot1x wep-rekey-period seconds Displays a summary of the current configuration Syntax show dot1x clients stats config clients StatsConfig Show dot1x Type the following command to display the 802.1X clients DWS-1008#show dot1x config DWS-1008# show dot1x stats Type the following command to display 802.1X statisticsLink DWS-1008 CLI Manual 255 Clear sessions Administrative SessionsDWS-1008#clear sessions admin Network Sessions Clear sessions network Show sessions DWS-1008# show sessions console DWS-1008# clear sessions adminSSH DWS-1008# show sessions telnet Mac-addr Show sessions networkClear sessions Link DWS-1008 CLI Manual 260 Verbose Show sessions network commandSession-id Show sessions network session-id display DWS-1008# show sessions network user E DWS-1008# show sessions network mac-addr 00055d7e981aDWS-1008# show sessions network verbose Ssid DWS-1008#show sessions network session-idActive LAST-RESORT Additional show sessions network verbose Output Link DWS-1008 CLI Manual 264 Show sessions network session-id Output Link DWS-1008 CLI Manual 265 Link DWS-1008 CLI Manual 266 Permitted Vendor List Rogue InformationCountermeasures Permitted Ssid List Syntax clear rfdetect attack-list mac-addr Clear rfdetect attack-listClear rfdetect ignore Syntax clear rfdetect ignore mac-addr Clear rfdetect vendor-list Clear rfdetect ssid-listSyntax clear rfdetect ssid-list ssid-name Syntax set rfdetect attack-list mac-addr Set rfdetect attack-listSet rfdetect black-list Syntax set rfdetect black-list mac-addr Syntax set rfdetect ignore mac-addr Set rfdetect ignoreSet rfdetect black-list Show rfdetect black-list Mac-addr Bssid MAC address of the device to ignore Set rfdetect log Syntax set rfdetect log enable disable EnableSyntax set rfdetect signature enable disable Enable Set rfdetect signature Set rfdetect ssid-list Syntax set rfdetect ssid-list ssid-name Show rfdetect attack-list Set rfdetect vendor-listLink DWS-1008 CLI Manual 274 DWS-1008# show rfdetect attack-list Show rfdetect black-listShow rfdetect clients DWS-1008# show rfdetect black-list AP MAC DWS-1008# show rfdetect clientsTotal number of entries Client MAC DWS-1008#show rfdetect clients mac 000c4163fd6d Bssid Show rfdetect countermeasuresRssi Link DWS-1008 CLI Manual 277 DWS-1008# show rfdetect countermeasures Syntax show rfdetect counters Defaults None Access EnabledShow rfdetect counters Link DWS-1008 CLI Manual 278 DWS-1008#show rfdetect countermeasures Type Current Show rfdetect data Displays information about the APs detected by a switchSyntax show rfdetect data Defaults None Access Enabled Vendor Type Port/Radio Flags Show rfdetect ignore Syntax show rfdetect ignore Defaults None Access EnabledShow rfdetect visible Show rfdetect ssid-list Syntax show rfdetect ssid-list Defaults None Access EnabledShow rfdetect vendor-list Show rfdetect visible Showapdapstatus commandRadio Show rfdetect data Test rflinkSyntax test rflink mac mac-addr session-id session-id RTT micro-secs DWS-1008# test rflink mac 000e9bbfad13Rssi SNR 976 Software Version Boot SettingsConfiguration File File Management Dir command output BackupSyntax backup system tftp/ip-addr/filenameall critical Critical Clear boot config Clear boot backup-configurationSyntax clear boot config Defaults None Access Enabled DWS-1008#reset system force DWS-1008#clear boot configCopy DWS-1008#copy tftp//10.1.1.1/closetmx closetmx Delete Dir Link DWS-1008 CLI Manual 290 For example subdira/filea DeleteSyntax delete url Copy Dir Link DWS-1008 CLI Manual 291 Dir Boot0Boot1 FilePage This command may take up to 20 seconds Install soda agentDWS-1008#install soda agent soda.ZIP agent-directory sp1 Table below describes the fields in the dir output Backupconfigs/configc Load configSyntax load config url DWS-1008#load config Md5 Syntax md5 boot0 boot1filenameDWS-1008#md5 boot0MX040003.020 Mkdir Syntax reset system force Reset systemRestarts a switch and reboots the software Dir Rmdir DWS-1008#reset system RestoreSave config Show boot Show version Rmdir DWS-1008#restore system tftp/10.10.20.9/sysabakBackup Removes a subdirectory from nonvolatile storage DWS-1008#save config Save configSyntax save config filename DWS-1008#save config testconfig1 Syntax set boot backup-configuration filename Set boot backup-configurationSet boot configuration-file Syntax set boot configuration-file filename Syntax set boot partition boot0 boot1 Boot0 Set boot partitionShow boot Boot1 Clear boot config Reset system Set boot configuration-file Show configTable below describes the fields in the show boot output Displays the configuration running on the switch Spantree System Trace Vlan Vlan-fdb DWS-1008#show config area vlanShow version Syntax show version details Details DWS-1008#show version DWS-1008#show version details DWS-1008#uninstall soda agent agent-directory sp1 Uninstall soda agentSyntax uninstall soda agent agent-directory directory Table below describes the fields in the show version output Access Point Commands Clear ap dap radio DWS-1008#clear dap 1 boot-configuration Clear dap boot-configurationDWS-1008#clear ap 3 radio Clear radio-profile DWS-1008#set radio-profile rp1 mode disableDWS-1008#set radio-profile rptest mode disable Syntax clear radio-profile name parameter Clear service-profile Restarts an access point Reset ap dapDWS-1008#set radio-profile rp6 mode disable Syntax reset ap port-list dap dap-num Set dap auto Syntax set dap auto Defaults None Access EnabledLink DWS-1008 CLI Manual 312 Enables the AP configuration profile Set dap auto modeSyntax set dap auto mode enable disable Enable Disables the AP configuration profile Syntax set dap auto persistent dap-num all Set dap auto persistentSet dap auto radiotype Dap-num Set ap dap bias Set dap auto Set dap auto mode Set dap auto persistentLow Defaults Access Dap dap-num dap auto high Dap dap-num dap auto enable disable Defaults Access Enabled Set ap dap blink Set dap boot-ip Enables or disables the static IP address for the AP Set dap boot-switch Switch ip ip-addr Link DWS-1008 CLI Manual 319 Syntax set ap port-list dap dap-num contact string Set ap dap contactSpecifies contact information for an AP Contact string Set dap fingerprint Syntax set dap dap-numfingerprint hex Set ap dap force-image-download Force-image-download enableForce-image-download disable Dap auto Syntax set ap port-list dap dap-num auto group name Defaults AP access points are not grouped by defaultSet ap dap group Ap port-list dap dap-num dap auto Syntax set ap port-list dap dap-num location string Set ap dap locationSpecifies location information for an AP Ap port-list Dap dap-num location string Syntax set ap port-list dap dap-num name name Set ap dap nameSet ap dap radio antenna-location Ap port-list Outdoors Set ap dap radio antennatypeIndoors Ap port-list Dap dap-num Power-level Set ap dap radio auto-tune max-powerConfiguration template Radio 1 of the DWL-8220AP Sets an DWS-8220AP radio’s channel Set ap dap radio channelDap dap-num radio 1 radio Channel-number Radio 1 radio 2 enable disable Set ap dap radio modeDap dap-num dap auto Set ap dap radio radio-profile Mode enableMode disable Radio-profile name Access Enabled Defaults By default, encryption keys are optional Set dap security Dap auto enable disable Defaults Access Enabled Set ap dap upgrade-firmwareSet dap fingerprint Show ap dap config Show ap dap status DWS-1008#set ap 2 upgrade-firmware disable Set radio-profile active-scan Set radio-profile auto-tune channel-configSyntax set radio-profile name active-scan enable disable Link DWS-1008 CLI Manual 334 Name Enable Disable No-clientSet radio-profile auto-tune channel-holddown Link DWS-1008 CLI Manual 335 Name Rate Set radio-profile auto-tune channel-intervalName Radio profile name Set radio-profile auto-tune channel-lockdown Syntax set radio-profile name auto-tune channel-lockdown Set radio-profile auto-tune power-config Set radio-profile auto-tune power-interval Set radio-profile auto-tune power-ramp-interval Set radio-profile auto-tune power-lockdownSyntax set radio-profile name auto-tune power-lockdown Set radio-profile beacon-interval Defaults The default interval is 60 secondsSyntax set radio-profile name beacon-interval interval Rogue ConfiguredSet radio-profile countermeasures None Set radio-profile dtim-interval Set radio-profile frag-threshold Syntax set radio-profile name frag-threshold threshold Syntax set radio-profile name max-rx-lifetime time Set radio-profile max-rx-lifetimeSet radio-profile max-tx-lifetime Syntax set radio-profile name max-tx-lifetime time Set radio-profile mode Syntax set radio-profile name mode enable disable Link DWS-1008 CLI Manual 347 MMS Access Enabled Long Set radio-profile preamble-lengthSyntax set radio-profile name preamble-length long short Short Syntax set radio-profile name qos-mode svp wmm Set radio-profile qos-modeSet radio-profile rfid-mode Svp Defaults The default is disable Access Enabled Syntax set radio-profile name rfid-mode enable disableEnables radios to function as asset location receivers Set radio-profile rts-threshold DWS-1008#set radio-profile rp1 rts-threshold Table Defaults for Radio Profile Parameters Link DWS-1008 CLI Manual 353 Link DWS-1008 CLI Manual 354 Portal-acl setting Link DWS-1008 CLI Manual 355 Set radio-profile wmm-powersave Syntax set service-profile name attr attribute-name value Set service-profile attrSyntax set radio-profile name wmm-powersave enable disable Link DWS-1008 CLI Manual 357 Access Enabled Name Service profile name Set service-profile auth-dot1xSyntax set service-profile name auth-dot1x enable disable Enables 802.1X authentication of WPA clients Set service-profile auth-fallthru Enables PSK authentication of WPA clients Set service-profile auth-pskSyntax set service-profile name auth-psk enable disable Disables PSK authentication of WPA clients Syntax set service-profile name beacon enable disable Set service-profile beaconSet service-profile cac-mode Syntax set service-profile name cac-mode none session CAC is not used Set service-profile cac-sessionSyntax set service-profile name cac-session max-sessions Session Enables Ccmp encryption for WPA clients Set service-profile cipher-ccmpSyntax set service-profile name cipher-ccmp enable disable Disables Ccmp encryption for WPA clients Enables 104-bit WEP encryption for WPA clients Set service-profile cipher-tkipSet service-profile cipher-wep104 Disables 104-bit WEP encryption for WPA clients Set service-profile cipher-wep40 Defaults 104-bit WEP encryption is disabled by default Sets the Class-of-Service CoS level for static CoS Set service-profile cosDefaults 40-bit WEP encryption is disabled by default Syntax set service-profile name cos level Enables Dhcp Restrict Set service-profile dhcp-restrictSet service-profile static-cos Show service-profile Disables Dhcp Restrict Enables keepalives Set service-profile idle-client-probingSet service-profile keep-initial-vlan Disables keepalives Defaults This option is disabled by default Set service-profile long-retry-countConfigures radios to reassign a roamed user’s Vlan Syntax set service-profile name long-retry-count threshold Syntax set service-profile name no-broadcast enable disable Set service-profile no-broadcastLink DWS-1008 CLI Manual 371 Enable Disable Defaults Access Enabled Set service-profile proxy-arpSyntax set service-profile name proxy-arp enable disable Defaults Proxy ARP is disabled by default Set service-profile psk-phraseSyntax set service-profile name psk-phrase passphrase Set service-profile psk-raw Syntax set service-profile name psk-raw hex Enables the RSN IE Set service-profile rsn-ieSyntax set service-profile name rsn-ie enable disable Disables the RSN IE Enables shared-key authentication, in a service profile Set service-profile shared-key-authSet service-profile short-retry-count Syntax set service-profile name short-retry-count threshold Set service-profile soda agent-directory Set service-profile soda enforce-checks Set service-profile soda mode Link DWS-1008 CLI Manual 378 Set service-profile soda failure-page Syntax set service-profile name soda failure-page Set service-profile soda logout-page Syntax set service-profile name soda logout-page Syntax set service-profile name soda mode enable disable Set service-profile soda modeSet service-profile soda remediation-acl Defaults Disabled Access Enabled Set service-profile soda success-page Syntax set service-profile name soda success-page Syntax set service-profile name ssid-name ssid-name Set service-profile ssid-nameConfigures the Ssid name in a service profile Name Ssid-name Clear Set service-profile ssid-typeSyntax set service-profile name ssid-type clear crypto Crypto Enables static CoS on the service profile Set service-profile static-cosSyntax set service-profile name static-cos enable disable Disables static CoS on the service profile Syntax set service-profile name tkip-mc-time wait-time Set service-profile tkip-mc-timeSet service-profile transmit-rates Link DWS-1008 CLI Manual 386 Mandantory rate-list Disabled rate-list11a 11b 11g Beacon-rate rate Set service-profile user-idle-timeout Defaults This command has the following defaults Syntax set service-profile name web-portal-acl aclname Set service-profile web-portal-aclSyntax set service-profile name user-idle-timeout seconds Name Seconds Syntax set service-profile name web-portal-form url Set service-profile web-portal-formSet service-profile auth-fallthru Show service-profile Defaults The D-Link Web login page is served by default Success change accepted Set service-profile web-portal-session-timeout Set service-profile wep active-multicast-index Set service-profile wep active-unicast-index Set service-profile wep key-index Key-index num key value Set service-profile wpa-ie Syntax set service-profile name wpa-ie enable disable DWS-1008#show ap config Show ap dap configShows configuration information for radio DWS-1008#show dap config Following Table describes the fields in this display Link DWS-1008 CLI Manual 397 Shows statistics counters for radio Show ap dap countersDWS-1008# show dap counters Totl Link DWS-1008 CLI Manual 399 Link DWS-1008 CLI Manual 400 Ccmp MIC Link DWS-1008 CLI Manual 402 Displays statistics for DWL-8220AP forwarding queues DWS-1008#set service-profile sp2 wpa-ie enableShow ap dap qos-stats Clear Syntax show ap dap etherstats port-list dap-num Show ap dap etherstatsLink DWS-1008 CLI Manual 404 DWS-1008# show dap etherstats Link DWS-1008 CLI Manual 405 Name Name of an AP group or Distributed AP group Show ap dap groupSyntax show ap dap group name Link DWS-1008 CLI Manual 406 DWS-1008# set service-profile sp2 wpa-ie enable Link DWS-1008 CLI Manual 407 Radio2 Show ap dap statusRadio1 DWS-1008#show dap status DWS-1008#show ap status Link DWS-1008 CLI Manual 410 Link DWS-1008 CLI Manual 411 Show auto-tune attributes Radio1 Radio2 radio all Defaults AccessMp-num Dap-num DWS-1008# show auto-tune attributes ap 2 radio Show auto-tune neighbors DWS-1008#show auto-tune neighbors ap 2 radio Syntax show dap boot-configuration dap-num Show dap boot-configurationLink DWS-1008 CLI Manual 415 DNS IP DWS-1008#show dap boot-configurationLink DWS-1008 CLI Manual 416 DWS-1008#show dap connection Show dap connectionSyntax show dap connection dap-num serial-id serial-ID DAP Show dap global Syntax show dap global dap-num serial-id serial-ID High DWS-1008#show dap globalLOW DWS-1008#show dap unconfigured Show dap unconfiguredSyntax show dap unconfigured Defaults None Access Enabled Link DWS-1008 CLI Manual 420 Syntax show radio-profile name ? DWS-1008# show radio-profile defaultShow radio-profile Name Displays information about the named radio profile Link DWS-1008 CLI Manual 422 See Also Show service-profile Name Link DWS-1008 CLI Manual 425 Soda Link DWS-1008 CLI Manual 426 Link DWS-1008 CLI Manual 427 Bridge Priority TimersSTP State Port Cost Syntax clear spantree portcost port-list Clear spantree portcostClear spantree portpri Syntax clear spantree portpri port-list Clear spantree portvlancost Resets the cost for all VLANsResets the priority for all VLANs Clear spantree portvlanpri Syntax clear spantree statistics port-listvlan vlan-id Clear spantree statisticsShow spantree statistics Link DWS-1008 CLI Manual 431 Set spantree backbonefast Syntax set spantree backbonefast enable disable EnableSet spantree Vlan vlan-id Port port-list vlan-id Set spantree fwddelay Syntax set spantree fwddelay delay all vlan vlan-id Delay Set spantree maxage Set spantree helloSyntax set spantree maxage aging-timeall vlan vlan-id Set spantree portcost Syntax set spantree portcost port-listcost cost Set spantree portpri Syntax set spantree portfast port port-listenable disableSet spantree portfast Syntax set spantree portpri port-listpriority value Set spantree portvlanpri Set spantree portvlancostChanges the priority on all VLANs Set spantree priority Show spantree Link DWS-1008 CLI Manual 438 Show spantree Syntax set spantree uplinkfast enable disableSet spantree uplinkfast Active PVST+ DWS-1008# show spantree vlan defaultIeee Show spantree blockedports Link DWS-1008 CLI Manual 441 Vlan ID Show spantree backbonefast Syntax show spantree backbonefast Defaults None Access AllDWS-1008#show spantree blockedports vlan default Show spantree blockedports DWS-1008#show spantree portfast Show spantree portfastSyntax show spantree portfast port-list Set spantree portfast Link DWS-1008 CLI Manual 443 Syntax show spantree portvlancost port-list Show spantree portvlancostShow spantree statistics Port-list List of ports False DWS-1008#show spantree statisticsInactive Num of similar BPDU’s to process Receivedinferiorbpdu Topology change time Topology change detectedLink DWS-1008 CLI Manual 446 Link DWS-1008 CLI Manual 447 Clear spantree statistics Defaults None Access AllShow spantree uplinkfast Syntax show spantree uplinkfast vlan vlan-id DWS-1008#show spantree uplinkfast Set spantree uplinkfast Link DWS-1008 CLI Manual 449 Pseudo-querier Igmp Snooping StateProxy Reporting Router Solicitation Set igmp Syntax set igmp enable disable vlan vlan-idClear igmp statistics DWS-1008#clear igmp statistics Set igmp oqi Set igmp qi Set igmp mrouter Set igmp lmqiSet igmp mrouter Link DWS-1008 CLI Manual 452 Show igmp mrouter Set igmp mrsolSet igmp mrsol mrsi Link DWS-1008 CLI Manual 453 Syntax set igmp mrsol mrsi seconds vlan vlan-id Set igmp mrsol mrsiSet igmp oqi Set igmp mrsol Set igmp proxy-report Defaults Proxy reporting is enabled on all VLANs by defaultShow igmp Link DWS-1008 CLI Manual 455 Set igmp qi Defaults The default query interval is 125 secondsSyntax set igmp qi seconds vlan vlan-id qi seconds Set igmp qri Syntax set igmp qri tenth-secondsvlan vlan-id Show igmp querier Set igmp querierSet igmp receiver Link DWS-1008 CLI Manual 458 Show igmp receiver-table Defaults The default robustness value for all VLANs isSet igmp rv Syntax set igmp rv num vlan vlan-id Show igmp DWS-1008# show igmp vlan orange Dvmrp PIM Link DWS-1008 CLI Manual 461 Syntax show igmp mrouter vlan vlan-id Show igmp mrouterLink DWS-1008 CLI Manual 462 DWS-1008# show igmp mrouter vlan orange DWS-1008# show igmp querier vlan orange DWS-1008#show igmp querier vlan defaultShow igmp querier DWS-1008#show igmp querier vlan red DWS-1008# show igmp receiver-table vlan orange Show igmp receiver-tableGroup group-ip-addr/mask-length Vlan orange Session Port Receiver-IP Receiver-MAC Set igmp receiver Show igmp statisticsDWS-1008#show igmp receiver-table group 237.255.255.0/24 Displays Igmp statistics DWS-1008# show igmp statistics vlan orange Link DWS-1008 CLI Manual 467 Clear igmp statistics Link DWS-1008 CLI Manual 468 Map Security ACLs Create Security ACLsCommit Security ACLs Monitor Security ACLs Clears all security ACLs Clear security aclSyntax clear security acl acl-name all editbuffer-index DWS-1008#clear security acl acl133 Clear security acl map Commits all security ACLs in the edit buffer Commit security aclSyntax commit security acl acl-name all Link DWS-1008 CLI Manual 472 ACL DWS-1008#show security aclACL table Type Class Mapping DWS-1008#show security acl info all editbuffer Rollback security aclSyntax rollback security acl acl-name all ACL edit-buffer information for all Before editbuffer-index modify editbuffer-index hits Set security aclLink DWS-1008 CLI Manual 475 Cos cos PermitDeny Precedence PrecedenceTos tos Hits EstablishedDWS-1008#set security acl ip acl123 deny 192.168.2.11 Clear security acl Commit security acl Show security acl Set security acl mapLink DWS-1008 CLI Manual 479 Assigns the security ACL to traffic coming from the switch Out Syntax set security acl hit-sample-rate seconds Set security acl hit-sample-rateDWS-1008#set security acl hit-sample-rate Displays a summary of the security ACLs that are mapped Syntax show security acl Defaults None Access EnabledShow security acl DWS-1008# show security acl Show security acl editbuffer Show security acl info Syntax show security acl hits Defaults None Access EnabledShow security acl hits Syntax show security acl info acl-name all editbuffer Defaults None Access Enabled Syntax show security acl map acl-name Show security acl mapShow security acl resource-usage DWS-1008#show security acl map acl111 DWS-1008#show security acl resource-usage Link DWS-1008 CLI Manual 488 Link DWS-1008 CLI Manual 489 Clear log trace Syntax clear log trace Defaults None Access EnabledDWS-1008#clear log trace See Also Clear trace Deletes running trace commands and ends trace processesSyntax clear trace trace-area all Syntax save trace filename Set trace authenticationSave trace DWS-1008#save trace traces/trace1 Set trace dot1x Set trace authorizationTraces authorization information Clear trace Show trace Traces session manager activity Set trace smLink DWS-1008 CLI Manual 494 Show trace Syntax show trace all Syntax clear snoop filter-name Clear snoopRemote monitoring snooping DWS-1008#clear snoop snoop1 See Also Examples clear snoop map filter-namedap dap-numradio 1 Clear snoop mapSet snoop Radio 1 of the AP Channel eq neq channel Frame-type eq neq beacon control data managementProbe Bssid eq neq bssid DWS-1008#set snoop snoop1 observer 10.10.30.2 snap-length Set snoop map Defaults Snoop filters are unmapped by defaultExamples set snoop map filter-namedap dap-numradio 1 Disables the snoop filter Set snoop modeEnable stop-after num-pkts Defaults Snoop filters are disabled by default Show snoop info Syntax show snoop Defaults None Access EnabledShow snoop Syntax show snoop filter-name Syntax show snoop map filter-name Show snoop mapShow snoop stats DWS-1008#show snoop map snoop1 filter ‘snoop1’ mapping Link DWS-1008 CLI Manual 504 Clear log System Logs Current Set logBuffer Sessions Disables messages to the specified target Enables messages to the specified targetShow log config Clear log Link DWS-1008 CLI Manual 507 Severity level Set log markInterval interval Facility facility-name Show log bufferMatching string DWS-1008#show log config Show log configSyntax show log config Defaults None Access Enabled DWS-1008#show log buffer facility ? Show log trace Number-of-messages DWS-1008#show log trace facility ? Clear log Show log config Link DWS-1008 CLI Manual 512DWS-1008#show log trace +5 facility Rogue Boot Profile Management Command InformationBooting Diagnostics Syntax autoboot on on OFF off AutobootBoot Boot autoboot Boot boot FN=MX010101.020 DEV=boot1 Change Syntax change Syntax create Creates a new boot profileCreate Change Delete Next Show Link DWS-1008 CLI Manual 517 Dhcp Removes the currently active boot profileSyntax delete Defaults None Change Create Next Show Diag Accesses the diagnostic modeSyntax dir c d e f boot0 boot1 Syntax diag Bload Syntax fver c d e f boot0 boot1 filenameFver Bstrap Command-name Boot prompt command Boot fver boot1Syntax help command-name Boot help fver Syntax ls Defaults None Displays a list of the boot prompt commandsHelp Link DWS-1008 CLI Manual 522 Syntax next Defaults None Next Syntax reset Defaults None ResetResets a DWS-1008 switch’s hardware Boot Link DWS-1008 CLI Manual 524 Boot Type Syntax show Defaults NoneShow Boot Type Change Create Delete Dhcp Next Link DWS-1008 CLI Manual 526 Version Syntax version Defaults NoneTest Syntax test on on OFF off Boot version Dir Fver Link DWS-1008 CLI Manual 528