Set security acl map

The following command creates acl_125 by defining an ACE that denies TCP packets from source IP address 192.168.0.1 to destination IP address 192.168.0.2 for established sessions only, and counts the hits:

DWS-1008# set security acl ip acl_125 deny tcp 192.168.0.1 0.0.0.0 192.168.0.2 0.0.0.0 established hits

The following command adds an ACE to acl_125 that denies TCP packets from source IP address 192.168.1.1 to destination IP address 192.168.1.2, on destination port 80 only, and counts the hits:

DWS-1008# set security acl ip acl_125 deny tcp 192.168.1.1 0.0.0.0 192.168.1.2 0.0.0.0 eq 80 hits

Finally, the following command commits the security ACLs in the edit buffer to the configuration:

DWS-1008# commit security acl all configuration accepted

•clear security acl

•commit security acl

•show security acl

Assigns a committed security ACL to a VLAN, physical port or ports, virtual port, or Distributed AP on the switch.

Note: To assign a security ACL to a user or group in the local database, use the command set user attr, set mac-user attr, set usergroup attr, or set mac-usergroup attr with the Filter-Id attribute. To assign a security ACL to a user or group with Filter-Id on a RADIUS server, see the documentation for your RADIUS server.

Syntax: set security acl map acl-name{vlan vlan-id port port-list[tag tag-list] dap dap-num} {in out}

acl-name	Name of an existing security ACL to map. ACL names start with a letter and
	are case-insensitive.
vlan vlan-id	VLAN name or number. MSS assigns the security ACL to the specified
	VLAN.
port port-list	Port list. MSS assigns the security ACL to the specified physical switch port
	or ports.

D-Link DWS-1008 CLI Manual

479

Page 482

Image 482

D-Link dws-1008 manual Set security acl map, Clear security acl Commit security acl Show security acl

Contents

Page Table of Contents Link DWS-1008 CLI Manual Link Mobility System Convention Use DWS-1008 DWS-1008# DWS-mmmm-nnnnnnDWS-mmmm-nnnnnn# Clear fdb dynamic I port port-list v1 an vlan-id Set port enable I disable port-listClear interface vlan-id ip Subnet Masks Wildcard Masks User Glob Users Designated MAC Address Globs Port Lists DWS-1008#show port status 1-3,6 Command-Line Editing Keyboard Shortcuts Function Using CLI Help Set ap port-list dap dap-numname name Set ap dap name command has the following complete syntaxSet ap dap name Defaults None Access Enabled DisableEnable Syntax enable Access All Syntax set enablepass Defaults None Access Enabled Set enablepassSyntax quit Defaults None Access All Quit Display ConfigurationAuto-Config System Identification Clear prompt Clear banner motdClear history Clears the system configuration of the specified information Clear system Help History Quickstart Syntax set banner motd text Defaults None Access Enabled Set banner motd Syntax set confirm on off Set confirmSet length DWS-1008#clear vlan red Syntax set license activation-key Set licenseDWS-1008#set length Activation-key Set prompt Syntax set prompt string Set system country code Stores a contact name for the DWS-1008 switchSet system contact Syntax set system contact string Link DWS-1008 CLI Manual Set system idle-timeout Syntax set system idle-timeout seconds Syntax set system ip-address ip-addr Set system ip-addressClear system Show system Ip-addrIP address, in dotted decimal notation Syntax set system location string Set system locationSet system name Syntax set system name string Clear banner motd Link DWS-1008 CLI Manual Syntax show banner motd Defaults None Access EnabledShow banner motd Show licenses Syntax show licenses Defaults None Access AllSyntax show load Defaults None Access Enabled Show load Displays system information Syntax show system Defaults None Access EnabledShow system Name Configured with set system countrycodeField Description With set system location Nvram size /SDRAM size percent of total Show boot Show config Set licenses Link DWS-1008 CLI ManualShow tech-support Syntax show tech-support file subdirname/ filename Interface Type Port TypeState Speed Clear port counters Syntax clear port counters Defaults None Access EnabledClear dap Syntax clear dap dap-num Clear port mirror Syntax clear port mirror Defaults None Access EnabledClear port-group Syntax clear port-group name name Clear port type Defaults NoneClear port name STP DWS-1008#clear port type Monitor port counters Syntax monitor port counters Key Effect on monitor display Displayed for All Transmit-errors Statistics Option Field Description Set dap Reset portDetails command Serial id serial ID Set port Syntax set port enable disable port-list EnableDisable Port-list Set port-group Set reset portMode on off Syntax set port-group name group-nameport-listmode on off Clear port-group Link DWS-1008 CLI Manual Name name Set port mirrorSet port name Set port negotiation Syntax set port negotiation port-listenable disableEnable disable Clear port name DWS-1008#set port negotiation 5 enable DWS-1008#set port negotiation 1,2,4-6 disableFollowing command enables autonegotiation on port Syntax set port poe port-listenable disable Set port speed DWS-1008#set port poe 3,5 disableDWS-1008#set port poe 2,4 enable Syntax set port speed port-list10 100 auto Set port trap EnableDisable Set port type ap Configures a DWS-1008 switch port for an AP access pointModel Poe enable disable radiotype 11a 11b 11g DWS-1008#set port type ap 2 model DWL-8220AP poe enable Port Parameter Setting Wired Authentication Port Defaults Port Parameter Setting Set port type wired-authConfigures an DWS-1008 port for a wired authentication user Port-list tag-list Num last-resort Clear port type Set port type Link DWS-1008 CLI Manual Port port-list Defaults None Access AllShow port counters Statistics for all ports Show port-group Show port mirror DWS-1008# show port poe Show port poeSyntax show port poe port-list Syntax show port status port-list Displays configuration and status information for portsShow port status DWS-1008# show port status Ports FDB Aging TimeoutCreation Restriction of Client Layer 2 Forwarding Port port-lis Vlan vlan-id Tag tag-value Clear fdbDeletes an entry from the forwarding database FDB Permit-mac Clear security l2-restrictVlan-id Vlan name or number All Syntax clear security l2-restrict counters vlan vlan-id all Clear security l2-restrict countersClear vlan All DWS-1008#clear vlan red port 4 tag Set vlan port Show vlan config Link DWS-1008 CLI ManualDWS-1008#clear vlan green port DWS-1008#clear vlan marigold Port port-list Set fdbMac-addr Set security l2-restrict Mode enable disableSet fdb agingtime Syntax set fdb agingtime vlan-idage seconds Creates a Vlan and assigns a number and name to it Defaults Layer 2 restriction is disabled by defaultSet vlan name Syntax set vlan vlan-numname name Syntax set vlan vlan-idport port-listtag tag-value Set vlan portSet vlan port Show fdb Syntax show fdb agingtime vlan vlan-id Show fdb agingtimeDWS-1008# show fdb DWS-1008#show fdb agingtime Show security l2-restrict Vlan vlan-id Defaults None. Access AllShow fdb count DWS-1008#show fdb count dynamic DWS-1008# show security l2-restrict Show vlan configSyntax show vlan config vlan-id Displays Vlan information Tunl Port Vlan Name Status State Affin Port Tag DWS-1008# show vlan config burgundyVlan From 0 to Clear qosFrom-qos From-dscp Dscp dscp-value Set qos cos-to-dscp-mapSyntax set qos cos-to-dscp-map level dscp dscp-valuelevel DWS-1008#set qos cos-to-dscp-map 5 dscp Show qos Syntax show qos defaultSet qos dscp-to-cos-map Syntax set qos dscp-to-cos-map dscp-rangecos level Show qos dscp-table DWS-1008#show qos defaultSyntax show qos dscp-table Defaults None Access Enabled DWS-1008#show qos dscp-table Syntax clear interface vlan-idip Clear interfaceRemoves an IP interface Clear ip dns domain Syntax clear ip dns domain Defaults None Access EnabledClear ip alias Syntax clear ip alias name Clear ip route DefaultClear ip dns server Syntax clear ip dns server ip-addr Set ip route Show ip route Defaults The default Telnet port number isClear ip telnet Syntax clear ip telnet Clear ntp server Clear ntp update-intervalSyntax clear ntp update-interval Syntax clear ntp server ip-addr all Syntax clear snmp community name comm-string Clear snmp communityClear snmp notify profile Syntax clear snmp notify profile profile-name Syntax clear snmp notify target target-num Clear snmp notify targetClear snmp usm Target-num ID of the target Clear summertime Syntax clear summertime Defaults None Access EnabledSyntax clear system ip-address Defaults None Access Enabled Clear system ip-address Dnf Clear timezonePing Flood Is 8 bytes larger than the size you specify DefaultsSize size DWS-1008#ping Ip-addr Mac-addr Set arpSet arp agingtime Syntax set arp agingtime seconds Set arp Show arp Configures an IP interface on a VlanSet interface Set interface dhcp-client DWS-1008#set interface default ip 10.10.10.10/24Syntax set interface vlan-idip dhcp-client enable disable DWS-1008#set interface mauve ip 10.10.20.10 Disables the Dhcp server Configures the MSS Dhcp serverEnables the Dhcp server Set interface dhcp-server Set ip dns domain Set ip dns server Show dhcp-server Administratively disables or reenables an IP interfaceSet interface status Syntax set interface vlan-idstatus up down Set ip alias Set ip dns Syntax set ip dns domain name Set ip dns domainSet ip dns server DWS-1008#set ip dns domain example.com Syntax set ip https server enable disable Set ip https server Is not available for the destination Set ip routeAdds a static route to the IP route table Ip-addr mask Set ip snmp server Enables or disables the Snmp service on the DWS-1008 switchSyntax set ip snmp server enable disable Clear ip route Show interface Show ip route Set ip ssh server Link DWS-1008 CLI Manual Set ip sshSyntax set ip ssh port port-num Set ip telnet Syntax set ip ssh server enable disableSet ip ssh server Syntax set ip telnet port-num Set ip telnet server Enables the Telnet server on a DWS-1008 switchSyntax set ip telnet server enable disable Set ntp server Syntax set ntp enable disableSet ntp Syntax set ntp server ip-addr DWS-1008#set ntp server See Also Set ntp update-intervalSyntax set ntp update-interval seconds Set snmp community Drop send Default profile-nameSet snmp notify profile Notifications you specify with notification-type or allPage Page RFDetectRogueDisappearTraps success change accepted DWS-1008#set snmp notify profile snmpprofrfdetect sendRFDetectInterferingRogueAPTraps success change accepted Username Set snmp notify targetSNMPv3 with Informs Ip hex hex-string Authenticated encryptedSnmp-engine-id Security unsecured Retries num Timeout numSNMPv2c with Informs SNMPv2c with Traps SNMPv1 with Traps Success change accepted Link DWS-1008 CLI Manual 110 V2c Syntax set snmp protocol v1 v2c usm all enable disableSet snmp protocol Usm Encrypted AuthenticatedSet snmp security Auth-req-unsecnotify Set snmp usm Creates a USM user for SNMPv3 Auth-key hex-string Auth-type none md5 shaAuth-pass-phrase string Encrypt-type none des Start of the time change period Set summertimeStart End Defaults None Access Enabled DWS-1008#set interface taupe ip 10.10.20.20/24 Syntax set timedate date mmm dd yyyy time hhmmss Set timedateSet timezone DWS-1008#set timedate date feb 29 2004 time Syntax show arp ip-addr Show arpDWS-1008#set timezone PST Ip-addr IP address DWS-1008#show dhcp-client Syntax show dhcp-client Defaults None Access AllShow dhcp-client Ifup Verbose Show dhcp-serverSyntax show dhcp-server interface vlan-id verbose DWS-1008# show dhcp-server Link DWS-1008 CLI Manual 121 DWS-1008#show dhcp-server verboseBound Syntax show interface vlan-id Displays the IP interfaces configured on the switchShow interface Set interface dhcp-client Set interface dhcp-server Set interface status Set ip alias Set ip dns domain Set ip https server Metric Default-routerIp-addr/mask-length Enables or disables the Snmp service on the switch Disables or reenables the SSH server on a DWS-1008 switch Set ip telnet Set ntp Set ntp server Set snmp community Notification-type To modify the default notification profile, specify defaultSpaces Name of the notification typePage Sends or drops all notifications RFDetectAdhocUserTraps success change accepted RFDetectSpoofedMacAPTraps success change accepted RFDetectUnAuthorizedSsidTraps success change accepted Ip hex hex-string Authenticated encryptedSnmp-engine-id Security unsecured SNMPv3 with Traps By the target. You can specify from 0 to 3 retries Specifies the number of times the MSS Snmp engine willResend a notification that has not been acknowledged Specifies the number of seconds MSS waits for SNMPv1 with Traps 144 Set snmp usm Page Auth-type none md5 sha auth-pass-phrase String auth-keyhex-string Link DWS-1008 CLI Manual 148 End Set system ip-address Sets the time of day and date on the switch Link DWS-1008 CLI Manual 151 152 Dynamic ResolvedLocal Resolved Show dhcp-client Link DWS-1008 CLI Manual 154 Table below shows the output for show dhcp-server verbose Link DWS-1008 CLI Manual 155 Ipv4 DWS-1008# show interfaceYES Link DWS-1008 CLI Manual 156 Name Alias string Show ip aliasSyntax show ip alias name DWS-1008#show ip alias Show ip dns Displays the DNS servers the switch is configured to useSyntax show ip dns Defaults None Access All Displays information about the Https management port Syntax show ip https Defaults None Access AllShow ip https DWS-1008 show ip https DWS-1008# show ip route Show ip routeSyntax show ip route destination Multicast Displays information about the Telnet management port Syntax show ip telnet Defaults None Access AllShow ip telnet Displays NTP client information Syntax show ntp Defaults None Access AllShow ntp Link DWS-1008 CLI Manual 162 Show snmp counters Syntax show snmp counters Defaults None Access EnabledShow snmp community Show snmp notify profile Show snmp usm Defaults None Access Enabled See AlsoShow snmp status Show timedate Syntax show timedate Defaults None Access AllShow summertime Syntax show summertime Telnet Syntax show timezone Defaults None Access AllShow timezone DWS-1008#show timezone DWS-1008#telnet Clear sessions Show sessions Link DWS-1008 CLI Manual 167 Traceroute Ping Link DWS-1008 CLI Manual 169 Password Users AuthenticationLocal Authorization for Web authorization Clear accounting User-glob Syntax clear authentication admin user-glob Clear authentication adminClear authentication console Syntax clear authentication console user-glob Removes an 802.1X authentication rule Clear authentication dot1xDWS-1008#clear authentication console Regina Wired Removes a MAC authentication rule Clear authentication macClear authentication proxy Syntax clear authentication proxy ssid ssid-nameuser-glob Clear location policy Clear authentication webRemoves a rule from the location policy on a switch Removes a WebAAA rule Syntax clear mac-user mac-addr Clear mac-userClear mac-user attr Syntax clear mac-user mac-addrattr attribute-name Syntax clear mac-user mac-addrgroup Clear mac-user groupSet mac-user attr Show aaa Syntax clear mac-usergroup group-name Clear mac-usergroupClear mac-usergroup attr Group-name Name of an existing MAC user group Clear mac-usergroup Set mac-usergroup attr Show aaa Username Username of a user with a passwordClear user Syntax clear user username Clear user group Username Username of a user with a passwordClear user attr Syntax clear user username attr attribute-name Syntax clear usergroup group-name Clear usergroupClear usergroup Set user group Show aaa Group-name Name of an existing user group Syntax clear usergroup group-nameattr attribute-name Set accounting admin consoleClear usergroup attr Method1 method2 method3 method4 Set accounting dot1x mac web last-resortClear accounting Show accounting statistics Link DWS-1008 CLI Manual 183 Web WiredMac Start-stop Set accounting system Syntax set accounting system method1 method2 method3 method4 Set authentication admin Link DWS-1008 CLI Manual 186 Set authentication console Link DWS-1008 CLI Manual 187 Link DWS-1008 CLI Manual 188 For details, see User Globs on Link DWS-1008 CLI Manual 189 Set authentication dot1xAuthentication port Protocol Been authenticatedBonded Access Enabled Link DWS-1008 CLI Manual 192 Set authentication macAuthentication port Access Enabled Set authentication proxy User-glob Single user or a set of users Set authentication web See Also Set location policy Modify rule-number User operator user-globBefore rule-number DWS-1008#set location policy deny if user eq *.theirfirm.com Syntax set mac-user mac-addrgroup group-name Set mac-userSet mac-user attr Syntax set mac-user mac-addrattr attribute-name value Link DWS-1008 CLI Manual 201 Attribute Description Valid Values Link DWS-1008 CLI Manual 202 YY/MM/DD-HHMM Link DWS-1008 CLI Manual 203 Time-of-day tu1000-1600,th1000-1600 Clear mac-user attr Show aaa Link DWS-1008 CLI Manual 204 Set mac-usergroup attr Syntax set mac-usergroup group-nameattr attribute-name value Set user Syntax set user username password encrypted stringDWS-1008#set user Nin password 29Jan04 See Also Clear user Show aaa Link DWS-1008 CLI Manual 206 Set user attr Clear user attr Show aaa Link DWS-1008 CLI Manual 207 Syntax set user username group group-name Set user groupSet usergroup Clear user group Show aaa DWS-1008#set web-portal disable Syntax set web-portal enable disableDefaults Enabled Access Enabled Set web-portal Show aaa Displays all current AAA settingsSyntax show aaa Defaults None Access Enabled Acctport AAAACCTSVCATTR=2 Show accounting statisticsDWS-1008#show accounting statistics Show location policy Clear accounting Set accounting admin console Show aaaSyntax show location policy Defaults None Access Enabled DWS-1008show location policy PKCS#12 Certificate Encryption KeysPKCS#7 Certificates Self-Signed Certificate Crypto ca-certificate Syntax crypto ca-certificate admin eap webAdmin PEM-formatted-certificate Crypto certificate Begin Certificate Crypto generate key Ssh String Syntax crypto generate request admin eap web admin Eap WebCrypto generate request Are supported on your network. This field is required DWS-1008#crypto generate request adminAlphanumeric characters with no spaces With no spaces Begin Certificate Request Syntax crypto generate self-signed admin eap web AdminCrypto generate self-signed END Certificate Request DWS-1008#crypto generate self-signed admin Name. It simply needs to be formatted like one Crypto otp Syntax crypto otp admin eap web one-time-password AdminOne-time-password DWS-1008#crypto generate otp eap hap9iN#ss File-location-url Syntax crypto pkcs12 admin eap web file-location-urlCrypto pkcs12 DWS-1008#crypto otp eap hap9iN#ss Table below describes the fields in the display Show crypto ca-certificateDWS-1008#show crypto ca-certificate Fields Description Show crypto certificate DWS-1008#show crypto certificate eap Show crypto key ssh Syntax show crypto key domain Defaults None Access EnabledShow crypto key domain Crypto generate key Link DWS-1008 CLI Manual 226 Server Groups Radius ClientRadius Servers Radius Proxy Clear radius Clear radius client system-ip Clear radius proxy port Removes Radius proxy ports configured for third-party APsClear radius proxy client Removes Radius proxy client entries for third-party APs Syntax clear radius server server-name Clear radius serverClear server group Syntax clear server group group-nameload-balance Deadtime minutes Timeout secondsSet radius Encrypted-key string Encrypted-key-No key Syntax set radius client system-ip Set radius client system-ipSet radius proxy client Clear radius client system-ip Set system ip-address Set radius proxy port Address Author-passwordSet radius server Auth-port Encrypted-key-No key Author-password-trapeze Access Enabled Set server group Configures a group of one to four Radius serversNames of one or more configured Radius servers Members Set server group load-balance Enable disableDefaults Load balancing is disabled by default Group-name Server group name of up to 32 characters Reauthentication Wired AuthenticationBonded Authentication Port Control Syntax clear dot1x max-req Clear dot1x bonded-periodClear dot1x max-req Syntax clear dot1x port-control Clear dot1x port-controlClear dot1x quiet-period Syntax clear dot1x quiet-period Syntax clear dot1x reauth-max Clear dot1x reauth-maxClear dot1x reauth-period Syntax clear dot1x reauth-period Defaults The default is 30 seconds Clear dot1x timeout auth-serverClear dot1x timeout supplicant Set dot1x timeout auth-server Show dot1x Set dot1x authcontrol Syntax set dot1x authcontrol enable disable enable DisableClear dot1x tx-period Syntax clear dot1x tx-period Set dot1x bonded-period Syntax set dot1x bonded-period seconds Set dot1x key-tx Syntax set dot1x key-tx enable disable EnableDefaults Key transmission is enabled by default Set dot1x max-req Show port status Show dot1x Link DWS-1008 CLI Manual 248 Set dot1x port-controlClear dot1x max-req Show dot1x Syntax set dot1x quiet-period seconds Set dot1x quiet-periodSet dot1x reauth-max Seconds Specify a value between 0 and 65,535 Set dot1x reauth-period Set dot1x timeout auth-serverSyntax set dot1x timeout auth-server seconds Syntax set dot1x reauth-period seconds Clear dot1x timeout auth-server Show dot1x Set dot1x timeout supplicantSyntax set dot1x timeout supplicant seconds Set dot1x tx-period Set dot1x wep-rekey-period Syntax set dot1X wep-rekey enable disable enable DisableSet dot1x wep-rekey Syntax set dot1x wep-rekey-period seconds Displays a summary of the current configuration Syntax show dot1x clients stats config clients StatsConfig Show dot1x Type the following command to display the 802.1X clients DWS-1008#show dot1x config Link DWS-1008 CLI Manual 255 Type the following command to display 802.1X statisticsDWS-1008# show dot1x stats Clear sessions Administrative SessionsDWS-1008#clear sessions admin Network Sessions Clear sessions network Show sessions DWS-1008# show sessions console DWS-1008# clear sessions adminSSH DWS-1008# show sessions telnet Mac-addr Show sessions networkClear sessions Link DWS-1008 CLI Manual 260 Verbose Show sessions network commandSession-id Show sessions network session-id display DWS-1008# show sessions network verbose DWS-1008# show sessions network mac-addr 00055d7e981aDWS-1008# show sessions network user E Ssid DWS-1008#show sessions network session-idActive LAST-RESORT Additional show sessions network verbose Output Link DWS-1008 CLI Manual 264 Show sessions network session-id Output Link DWS-1008 CLI Manual 265 Link DWS-1008 CLI Manual 266 Permitted Vendor List Rogue InformationCountermeasures Permitted Ssid List Syntax clear rfdetect attack-list mac-addr Clear rfdetect attack-listClear rfdetect ignore Syntax clear rfdetect ignore mac-addr Syntax clear rfdetect ssid-list ssid-name Clear rfdetect ssid-listClear rfdetect vendor-list Syntax set rfdetect attack-list mac-addr Set rfdetect attack-listSet rfdetect black-list Syntax set rfdetect black-list mac-addr Syntax set rfdetect ignore mac-addr Set rfdetect ignoreSet rfdetect black-list Show rfdetect black-list Mac-addr Bssid MAC address of the device to ignore Set rfdetect log Syntax set rfdetect log enable disable EnableSyntax set rfdetect signature enable disable Enable Set rfdetect signature Set rfdetect ssid-list Syntax set rfdetect ssid-list ssid-name Link DWS-1008 CLI Manual 274 Set rfdetect vendor-listShow rfdetect attack-list DWS-1008# show rfdetect attack-list Show rfdetect black-listShow rfdetect clients DWS-1008# show rfdetect black-list AP MAC DWS-1008# show rfdetect clientsTotal number of entries Client MAC DWS-1008#show rfdetect clients mac 000c4163fd6d Bssid Show rfdetect countermeasuresRssi Link DWS-1008 CLI Manual 277 DWS-1008# show rfdetect countermeasures Syntax show rfdetect counters Defaults None Access EnabledShow rfdetect counters Link DWS-1008 CLI Manual 278 DWS-1008#show rfdetect countermeasures Type Current Show rfdetect data Displays information about the APs detected by a switchSyntax show rfdetect data Defaults None Access Enabled Vendor Type Port/Radio Flags Show rfdetect visible Syntax show rfdetect ignore Defaults None Access EnabledShow rfdetect ignore Show rfdetect vendor-list Syntax show rfdetect ssid-list Defaults None Access EnabledShow rfdetect ssid-list Radio Showapdapstatus commandShow rfdetect visible Syntax test rflink mac mac-addr session-id session-id Test rflinkShow rfdetect data RTT micro-secs DWS-1008# test rflink mac 000e9bbfad13Rssi SNR 976 Software Version Boot SettingsConfiguration File File Management Dir command output BackupSyntax backup system tftp/ip-addr/filenameall critical Critical Syntax clear boot config Defaults None Access Enabled Clear boot backup-configurationClear boot config Copy DWS-1008#clear boot configDWS-1008#reset system force DWS-1008#copy tftp//10.1.1.1/closetmx closetmx Delete Dir Link DWS-1008 CLI Manual 290 For example subdira/filea DeleteSyntax delete url Copy Dir Link DWS-1008 CLI Manual 291 Dir Boot0Boot1 FilePage This command may take up to 20 seconds Install soda agentDWS-1008#install soda agent soda.ZIP agent-directory sp1 Table below describes the fields in the dir output Backupconfigs/configc Load configSyntax load config url DWS-1008#load config Md5 Syntax md5 boot0 boot1filenameDWS-1008#md5 boot0MX040003.020 Mkdir Syntax reset system force Reset systemRestarts a switch and reboots the software Dir Rmdir Save config Show boot Show version RestoreDWS-1008#reset system Rmdir DWS-1008#restore system tftp/10.10.20.9/sysabakBackup Removes a subdirectory from nonvolatile storage DWS-1008#save config Save configSyntax save config filename DWS-1008#save config testconfig1 Syntax set boot backup-configuration filename Set boot backup-configurationSet boot configuration-file Syntax set boot configuration-file filename Syntax set boot partition boot0 boot1 Boot0 Set boot partitionShow boot Boot1 Clear boot config Reset system Set boot configuration-file Show configTable below describes the fields in the show boot output Displays the configuration running on the switch Spantree System Trace Vlan Vlan-fdb DWS-1008#show config area vlanShow version Syntax show version details Details DWS-1008#show version DWS-1008#show version details DWS-1008#uninstall soda agent agent-directory sp1 Uninstall soda agentSyntax uninstall soda agent agent-directory directory Table below describes the fields in the show version output Access Point Commands Clear ap dap radio DWS-1008#clear ap 3 radio Clear dap boot-configurationDWS-1008#clear dap 1 boot-configuration Clear radio-profile DWS-1008#set radio-profile rp1 mode disableDWS-1008#set radio-profile rptest mode disable Syntax clear radio-profile name parameter Clear service-profile Restarts an access point Reset ap dapDWS-1008#set radio-profile rp6 mode disable Syntax reset ap port-list dap dap-num Link DWS-1008 CLI Manual 312 Syntax set dap auto Defaults None Access EnabledSet dap auto Enables the AP configuration profile Set dap auto modeSyntax set dap auto mode enable disable Enable Disables the AP configuration profile Syntax set dap auto persistent dap-num all Set dap auto persistentSet dap auto radiotype Dap-num Set ap dap bias Set dap auto Set dap auto mode Set dap auto persistentLow Defaults Access Dap dap-num dap auto high Dap dap-num dap auto enable disable Defaults Access Enabled Set ap dap blink Set dap boot-ip Enables or disables the static IP address for the AP Set dap boot-switch Switch ip ip-addr Link DWS-1008 CLI Manual 319 Syntax set ap port-list dap dap-num contact string Set ap dap contactSpecifies contact information for an AP Contact string Set dap fingerprint Syntax set dap dap-numfingerprint hex Set ap dap force-image-download Force-image-download enableForce-image-download disable Dap auto Syntax set ap port-list dap dap-num auto group name Defaults AP access points are not grouped by defaultSet ap dap group Ap port-list dap dap-num dap auto Syntax set ap port-list dap dap-num location string Set ap dap locationSpecifies location information for an AP Ap port-list Dap dap-num location string Syntax set ap port-list dap dap-num name name Set ap dap nameSet ap dap radio antenna-location Ap port-list Outdoors Set ap dap radio antennatypeIndoors Ap port-list Dap dap-num Power-level Set ap dap radio auto-tune max-powerConfiguration template Radio 1 of the DWL-8220AP Dap dap-num radio 1 radio Channel-number Set ap dap radio channelSets an DWS-8220AP radio’s channel Dap dap-num dap auto Set ap dap radio modeRadio 1 radio 2 enable disable Set ap dap radio radio-profile Mode enableMode disable Radio-profile name Access Enabled Defaults By default, encryption keys are optional Set dap security Dap auto enable disable Defaults Access Enabled Set ap dap upgrade-firmwareSet dap fingerprint Show ap dap config Show ap dap status DWS-1008#set ap 2 upgrade-firmware disable Set radio-profile active-scan Set radio-profile auto-tune channel-configSyntax set radio-profile name active-scan enable disable Link DWS-1008 CLI Manual 334 Name Enable Disable No-clientSet radio-profile auto-tune channel-holddown Link DWS-1008 CLI Manual 335 Name Radio profile name Set radio-profile auto-tune channel-intervalName Rate Set radio-profile auto-tune channel-lockdown Syntax set radio-profile name auto-tune channel-lockdown Set radio-profile auto-tune power-config Set radio-profile auto-tune power-interval Syntax set radio-profile name auto-tune power-lockdown Set radio-profile auto-tune power-lockdownSet radio-profile auto-tune power-ramp-interval Syntax set radio-profile name beacon-interval interval Defaults The default interval is 60 secondsSet radio-profile beacon-interval Rogue ConfiguredSet radio-profile countermeasures None Set radio-profile dtim-interval Set radio-profile frag-threshold Syntax set radio-profile name frag-threshold threshold Syntax set radio-profile name max-rx-lifetime time Set radio-profile max-rx-lifetimeSet radio-profile max-tx-lifetime Syntax set radio-profile name max-tx-lifetime time Set radio-profile mode Syntax set radio-profile name mode enable disable Link DWS-1008 CLI Manual 347 MMS Access Enabled Long Set radio-profile preamble-lengthSyntax set radio-profile name preamble-length long short Short Syntax set radio-profile name qos-mode svp wmm Set radio-profile qos-modeSet radio-profile rfid-mode Svp Defaults The default is disable Access Enabled Syntax set radio-profile name rfid-mode enable disableEnables radios to function as asset location receivers Set radio-profile rts-threshold DWS-1008#set radio-profile rp1 rts-threshold Table Defaults for Radio Profile Parameters Link DWS-1008 CLI Manual 353 Link DWS-1008 CLI Manual 354 Portal-acl setting Link DWS-1008 CLI Manual 355 Set radio-profile wmm-powersave Syntax set service-profile name attr attribute-name value Set service-profile attrSyntax set radio-profile name wmm-powersave enable disable Link DWS-1008 CLI Manual 357 Access Enabled Name Service profile name Set service-profile auth-dot1xSyntax set service-profile name auth-dot1x enable disable Enables 802.1X authentication of WPA clients Set service-profile auth-fallthru Enables PSK authentication of WPA clients Set service-profile auth-pskSyntax set service-profile name auth-psk enable disable Disables PSK authentication of WPA clients Syntax set service-profile name beacon enable disable Set service-profile beaconSet service-profile cac-mode Syntax set service-profile name cac-mode none session CAC is not used Set service-profile cac-sessionSyntax set service-profile name cac-session max-sessions Session Enables Ccmp encryption for WPA clients Set service-profile cipher-ccmpSyntax set service-profile name cipher-ccmp enable disable Disables Ccmp encryption for WPA clients Enables 104-bit WEP encryption for WPA clients Set service-profile cipher-tkipSet service-profile cipher-wep104 Disables 104-bit WEP encryption for WPA clients Set service-profile cipher-wep40 Defaults 104-bit WEP encryption is disabled by default Sets the Class-of-Service CoS level for static CoS Set service-profile cosDefaults 40-bit WEP encryption is disabled by default Syntax set service-profile name cos level Enables Dhcp Restrict Set service-profile dhcp-restrictSet service-profile static-cos Show service-profile Disables Dhcp Restrict Enables keepalives Set service-profile idle-client-probingSet service-profile keep-initial-vlan Disables keepalives Defaults This option is disabled by default Set service-profile long-retry-countConfigures radios to reassign a roamed user’s Vlan Syntax set service-profile name long-retry-count threshold Link DWS-1008 CLI Manual 371 Set service-profile no-broadcastSyntax set service-profile name no-broadcast enable disable Syntax set service-profile name proxy-arp enable disable Set service-profile proxy-arpEnable Disable Defaults Access Enabled Syntax set service-profile name psk-phrase passphrase Set service-profile psk-phraseDefaults Proxy ARP is disabled by default Set service-profile psk-raw Syntax set service-profile name psk-raw hex Enables the RSN IE Set service-profile rsn-ieSyntax set service-profile name rsn-ie enable disable Disables the RSN IE Enables shared-key authentication, in a service profile Set service-profile shared-key-authSet service-profile short-retry-count Syntax set service-profile name short-retry-count threshold Set service-profile soda agent-directory Set service-profile soda enforce-checks Set service-profile soda mode Link DWS-1008 CLI Manual 378 Set service-profile soda failure-page Syntax set service-profile name soda failure-page Set service-profile soda logout-page Syntax set service-profile name soda logout-page Syntax set service-profile name soda mode enable disable Set service-profile soda modeSet service-profile soda remediation-acl Defaults Disabled Access Enabled Set service-profile soda success-page Syntax set service-profile name soda success-page Syntax set service-profile name ssid-name ssid-name Set service-profile ssid-nameConfigures the Ssid name in a service profile Name Ssid-name Clear Set service-profile ssid-typeSyntax set service-profile name ssid-type clear crypto Crypto Enables static CoS on the service profile Set service-profile static-cosSyntax set service-profile name static-cos enable disable Disables static CoS on the service profile Syntax set service-profile name tkip-mc-time wait-time Set service-profile tkip-mc-timeSet service-profile transmit-rates Link DWS-1008 CLI Manual 386 Mandantory rate-list Disabled rate-list11a 11b 11g Beacon-rate rate Set service-profile user-idle-timeout Defaults This command has the following defaults Syntax set service-profile name web-portal-acl aclname Set service-profile web-portal-aclSyntax set service-profile name user-idle-timeout seconds Name Seconds Syntax set service-profile name web-portal-form url Set service-profile web-portal-formSet service-profile auth-fallthru Show service-profile Defaults The D-Link Web login page is served by default Success change accepted Set service-profile web-portal-session-timeout Set service-profile wep active-multicast-index Set service-profile wep active-unicast-index Set service-profile wep key-index Key-index num key value Set service-profile wpa-ie Syntax set service-profile name wpa-ie enable disable DWS-1008#show ap config Show ap dap configShows configuration information for radio DWS-1008#show dap config Following Table describes the fields in this display Link DWS-1008 CLI Manual 397 DWS-1008# show dap counters Show ap dap countersShows statistics counters for radio Totl Link DWS-1008 CLI Manual 399 Link DWS-1008 CLI Manual 400 Ccmp MIC Link DWS-1008 CLI Manual 402 Displays statistics for DWL-8220AP forwarding queues DWS-1008#set service-profile sp2 wpa-ie enableShow ap dap qos-stats Clear Link DWS-1008 CLI Manual 404 Show ap dap etherstatsSyntax show ap dap etherstats port-list dap-num DWS-1008# show dap etherstats Link DWS-1008 CLI Manual 405 Name Name of an AP group or Distributed AP group Show ap dap groupSyntax show ap dap group name Link DWS-1008 CLI Manual 406 DWS-1008# set service-profile sp2 wpa-ie enable Link DWS-1008 CLI Manual 407 Radio2 Show ap dap statusRadio1 DWS-1008#show dap status DWS-1008#show ap status Link DWS-1008 CLI Manual 410 Link DWS-1008 CLI Manual 411 Mp-num Dap-num Radio1 Radio2 radio all Defaults AccessShow auto-tune attributes DWS-1008# show auto-tune attributes ap 2 radio Show auto-tune neighbors DWS-1008#show auto-tune neighbors ap 2 radio Link DWS-1008 CLI Manual 415 Show dap boot-configurationSyntax show dap boot-configuration dap-num Link DWS-1008 CLI Manual 416 DWS-1008#show dap boot-configurationDNS IP DWS-1008#show dap connection Show dap connectionSyntax show dap connection dap-num serial-id serial-ID DAP Show dap global Syntax show dap global dap-num serial-id serial-ID LOW DWS-1008#show dap globalHigh DWS-1008#show dap unconfigured Show dap unconfiguredSyntax show dap unconfigured Defaults None Access Enabled Link DWS-1008 CLI Manual 420 Syntax show radio-profile name ? DWS-1008# show radio-profile defaultShow radio-profile Name Displays information about the named radio profile Link DWS-1008 CLI Manual 422 See Also Show service-profile Name Link DWS-1008 CLI Manual 425 Soda Link DWS-1008 CLI Manual 426 Link DWS-1008 CLI Manual 427 Bridge Priority TimersSTP State Port Cost Syntax clear spantree portcost port-list Clear spantree portcostClear spantree portpri Syntax clear spantree portpri port-list Clear spantree portvlancost Resets the cost for all VLANsResets the priority for all VLANs Clear spantree portvlanpri Show spantree statistics Link DWS-1008 CLI Manual 431 Clear spantree statisticsSyntax clear spantree statistics port-listvlan vlan-id Set spantree backbonefast Syntax set spantree backbonefast enable disable EnableSet spantree Vlan vlan-id Port port-list vlan-id Set spantree fwddelay Syntax set spantree fwddelay delay all vlan vlan-id Delay Syntax set spantree maxage aging-timeall vlan vlan-id Set spantree helloSet spantree maxage Set spantree portcost Syntax set spantree portcost port-listcost cost Set spantree portpri Syntax set spantree portfast port port-listenable disableSet spantree portfast Syntax set spantree portpri port-listpriority value Changes the priority on all VLANs Set spantree portvlancostSet spantree portvlanpri Set spantree priority Show spantree Link DWS-1008 CLI Manual 438 Show spantree Syntax set spantree uplinkfast enable disableSet spantree uplinkfast Active Ieee DWS-1008# show spantree vlan defaultPVST+ Show spantree blockedports Link DWS-1008 CLI Manual 441 Vlan ID Show spantree backbonefast Syntax show spantree backbonefast Defaults None Access AllDWS-1008#show spantree blockedports vlan default Show spantree blockedports DWS-1008#show spantree portfast Show spantree portfastSyntax show spantree portfast port-list Set spantree portfast Link DWS-1008 CLI Manual 443 Syntax show spantree portvlancost port-list Show spantree portvlancostShow spantree statistics Port-list List of ports Inactive DWS-1008#show spantree statisticsFalse Link DWS-1008 CLI Manual 446 Topology change time Topology change detectedNum of similar BPDU’s to process Receivedinferiorbpdu Link DWS-1008 CLI Manual 447 Clear spantree statistics Defaults None Access AllShow spantree uplinkfast Syntax show spantree uplinkfast vlan vlan-id DWS-1008#show spantree uplinkfast Set spantree uplinkfast Link DWS-1008 CLI Manual 449 Pseudo-querier Igmp Snooping StateProxy Reporting Router Solicitation Set igmp Syntax set igmp enable disable vlan vlan-idClear igmp statistics DWS-1008#clear igmp statistics Set igmp oqi Set igmp qi Set igmp mrouter Set igmp lmqiSet igmp mrouter Link DWS-1008 CLI Manual 452 Set igmp mrsol mrsi Link DWS-1008 CLI Manual 453 Set igmp mrsolShow igmp mrouter Syntax set igmp mrsol mrsi seconds vlan vlan-id Set igmp mrsol mrsiSet igmp oqi Set igmp mrsol Show igmp Link DWS-1008 CLI Manual 455 Defaults Proxy reporting is enabled on all VLANs by defaultSet igmp proxy-report Syntax set igmp qi seconds vlan vlan-id qi seconds Defaults The default query interval is 125 secondsSet igmp qi Set igmp qri Syntax set igmp qri tenth-secondsvlan vlan-id Show igmp querier Set igmp querierSet igmp receiver Link DWS-1008 CLI Manual 458 Show igmp receiver-table Defaults The default robustness value for all VLANs isSet igmp rv Syntax set igmp rv num vlan vlan-id Show igmp DWS-1008# show igmp vlan orange Dvmrp PIM Link DWS-1008 CLI Manual 461 Link DWS-1008 CLI Manual 462 Show igmp mrouterSyntax show igmp mrouter vlan vlan-id DWS-1008# show igmp mrouter vlan orange DWS-1008# show igmp querier vlan orange DWS-1008#show igmp querier vlan defaultShow igmp querier DWS-1008#show igmp querier vlan red DWS-1008# show igmp receiver-table vlan orange Show igmp receiver-tableGroup group-ip-addr/mask-length Vlan orange Session Port Receiver-IP Receiver-MAC Set igmp receiver Show igmp statisticsDWS-1008#show igmp receiver-table group 237.255.255.0/24 Displays Igmp statistics DWS-1008# show igmp statistics vlan orange Link DWS-1008 CLI Manual 467 Clear igmp statistics Link DWS-1008 CLI Manual 468 Map Security ACLs Create Security ACLsCommit Security ACLs Monitor Security ACLs Clears all security ACLs Clear security aclSyntax clear security acl acl-name all editbuffer-index DWS-1008#clear security acl acl133 Clear security acl map Commits all security ACLs in the edit buffer Commit security aclSyntax commit security acl acl-name all Link DWS-1008 CLI Manual 472 ACL DWS-1008#show security aclACL table Type Class Mapping DWS-1008#show security acl info all editbuffer Rollback security aclSyntax rollback security acl acl-name all ACL edit-buffer information for all Link DWS-1008 CLI Manual 475 Set security aclBefore editbuffer-index modify editbuffer-index hits Deny PermitCos cos Tos tos PrecedencePrecedence DWS-1008#set security acl ip acl123 deny 192.168.2.11 EstablishedHits Link DWS-1008 CLI Manual 479 Set security acl mapClear security acl Commit security acl Show security acl Assigns the security ACL to traffic coming from the switch Out DWS-1008#set security acl hit-sample-rate Set security acl hit-sample-rateSyntax set security acl hit-sample-rate seconds Displays a summary of the security ACLs that are mapped Syntax show security acl Defaults None Access EnabledShow security acl DWS-1008# show security acl Show security acl editbuffer Show security acl info Syntax show security acl hits Defaults None Access EnabledShow security acl hits Syntax show security acl info acl-name all editbuffer Defaults None Access Enabled Syntax show security acl map acl-name Show security acl mapShow security acl resource-usage DWS-1008#show security acl map acl111 DWS-1008#show security acl resource-usage Link DWS-1008 CLI Manual 488 Link DWS-1008 CLI Manual 489 DWS-1008#clear log trace See Also Syntax clear log trace Defaults None Access EnabledClear log trace Syntax clear trace trace-area all Deletes running trace commands and ends trace processesClear trace Syntax save trace filename Set trace authenticationSave trace DWS-1008#save trace traces/trace1 Set trace dot1x Set trace authorizationTraces authorization information Clear trace Show trace Link DWS-1008 CLI Manual 494 Set trace smTraces session manager activity Show trace Syntax show trace all Syntax clear snoop filter-name Clear snoopRemote monitoring snooping DWS-1008#clear snoop snoop1 See Also Examples clear snoop map filter-namedap dap-numradio 1 Clear snoop mapSet snoop Radio 1 of the AP Channel eq neq channel Frame-type eq neq beacon control data managementProbe Bssid eq neq bssid DWS-1008#set snoop snoop1 observer 10.10.30.2 snap-length Examples set snoop map filter-namedap dap-numradio 1 Defaults Snoop filters are unmapped by defaultSet snoop map Disables the snoop filter Set snoop modeEnable stop-after num-pkts Defaults Snoop filters are disabled by default Show snoop info Syntax show snoop Defaults None Access EnabledShow snoop Syntax show snoop filter-name Syntax show snoop map filter-name Show snoop mapShow snoop stats DWS-1008#show snoop map snoop1 filter ‘snoop1’ mapping Link DWS-1008 CLI Manual 504 Clear log System Logs Current Set logBuffer Sessions Show log config Clear log Link DWS-1008 CLI Manual 507 Enables messages to the specified targetDisables messages to the specified target Interval interval Set log markSeverity level Matching string Show log bufferFacility facility-name DWS-1008#show log config Show log configSyntax show log config Defaults None Access Enabled DWS-1008#show log buffer facility ? Show log trace Number-of-messages DWS-1008#show log trace +5 facility Rogue Clear log Show log config Link DWS-1008 CLI Manual 512DWS-1008#show log trace facility ? Boot Profile Management Command InformationBooting Diagnostics Syntax autoboot on on OFF off AutobootBoot Boot autoboot Boot boot FN=MX010101.020 DEV=boot1 Change Syntax change Syntax create Creates a new boot profileCreate Change Delete Next Show Link DWS-1008 CLI Manual 517 Dhcp Removes the currently active boot profileSyntax delete Defaults None Change Create Next Show Diag Accesses the diagnostic modeSyntax dir c d e f boot0 boot1 Syntax diag Bload Syntax fver c d e f boot0 boot1 filenameFver Bstrap Command-name Boot prompt command Boot fver boot1Syntax help command-name Boot help fver Help Link DWS-1008 CLI Manual 522 Displays a list of the boot prompt commandsSyntax ls Defaults None Syntax next Defaults None Next Syntax reset Defaults None ResetResets a DWS-1008 switch’s hardware Boot Link DWS-1008 CLI Manual 524 Show Syntax show Defaults NoneBoot Type Boot Type Change Create Delete Dhcp Next Link DWS-1008 CLI Manual 526 Version Syntax version Defaults NoneTest Syntax test on on OFF off Boot version Dir Fver Link DWS-1008 CLI Manual 528

D-Link dws-1008 Set security acl map, Clear security acl Commit security acl Show security acl

Models: dws-1008

See Also:

•clear security acl

•commit security acl

•show security acl

set security acl map

D-Link DWS-1008 CLI Manual

479