- DL manuals
- D-Link
- Switch
- DWS-1008
- Cli Reference Manual
D-Link DWS-1008 Cli Reference Manual - Clear Vlan
D-Link DWS-1008 CLI Manual
clear security l2-restrict counters
Clear statistics counters for Layer 2 forwarding restriction.
Syntax: clear security l2-restrict counters [vlan vlan-id | all]
vlan-id
VLAN name or number.
all
Clears Layer 2 forwarding restriction counters for all VLANs.
Defaults: If you do not specify a VLAN or all, counters for all VLANs are cleared.
Access: Enabled.
Usage: To clear MAC addresses from the list of addresses to which clients are allowed to send
data, use the
clear security l2-restrict command instead.
Examples: The following command clears Layer 2 forwarding restriction statistics for
VLAN abc_air:
DWS-1008# clear security l2-restrict counters vlan abc_air
success: change accepted.
See Also:
• clear security l2-restrict
• set security l2-restrict
• show security l2-restrict
clear vlan
Removes physical or virtual ports from a VLAN or removes a VLAN entirely.
Caution: When you remove a VLAN, MSS completely removes the VLAN from the configuration
and also removes all configuration information that uses the VLAN. If you want to remove only a
specific port from the VLAN, make sure you specify the port number in the command.
Syntax: clear vlan vlan-id [port port-list [tag tag-value]]
vlan-id
VLAN name or number.
port port-list List of physical ports. MSS removes the specified ports from the VLAN. If you do
not specify a list of ports, MSS removes the VLAN entirely.
tag tag-value Tag number that identifies a virtual port. MSS removes only the specified virtual
port from the specified physical ports.
Summary of DWS-1008
Page 2: Table of Contents
D-link dws-1008 cli manual i table of contents introducing the d-link mobility system .........................................................................................1 d-link mobility system .......................................................................................................
Page 3
D-link dws-1008 cli manual ii igmp snooping commands ........................................................................................................450 security acl commands.............................................................................................................469 trace...
Page 4: D-Link Mobility System
D-link dws-1008 cli manual 1 the d-link mobility system is an enterprise-class wlan solution that seamlessly integrates with an existing wired enterprise network. The d-link system provides secure connectivity to both wireless and wired users in large environments such as office buildings, hospitals...
Page 5: Text and Syntax: Conventions
D-link dws-1008 cli manual text and syntax: conventions this cli manual uses the following text and syntax conventions: convention use monospace text sets off command syntax or sample commands and system responses. Bold text highlights commands that you enter or items you select. Italic text designa...
Page 6: Cli Conventions
D-link dws-1008 cli manual cli conventions be aware of the following mss cli conventions for command entry: • “command prompts” on page 3 • “syntax: notation” on page 4 • “text entry conventions and allowed characters” on page 4 • “user globs, mac address globs, and vlan globs” on page 6 • “port lis...
Page 7: Syntax: Notations
D-link dws-1008 cli manual the mss cli uses standard syntax notation: • bold monospace font identifies the command and keywords you must type. For example: set enable pass • italic monospace font indicates a placeholder for a value. For example, you replace vlan-id in the following command with a vi...
Page 8: Mac Address Notation
D-link dws-1008 cli manual mac address notation mss displays mac addresses in hexadecimal numbers with a colon (:) delimiter between bytes—for example, 00:01:02:1a:00:01. You can enter mac addresses with either hyphen (-) or colon (:) delimiters, but colons are preferred. For shortcuts: • you can ex...
Page 9: User Globs
D-link dws-1008 cli manual name “globbing” is a way of using a wildcard pattern to expand a single element into a list of elements that match the pattern. Mss accepts user globs, mac address globs, and vlan globs. The order in which globs appear in the configuration is important, because once a glob...
Page 10: Mac Address Globs
D-link dws-1008 cli manual mac address globs a media access control (mac) address glob is a similar method for matching some authentication, authorization, and accounting (aaa) and forwarding database (fdb) commands to one or more 6-byte mac addresses. In a mac address glob, you can use a single ast...
Page 11: Port Lists
D-link dws-1008 cli manual 8 port lists the physical ethernet ports on a switch can be set for connection to access points, authenticated wired users, or the network backbone. You can include a single port or multiple ports in one mss cli command by using the appropriate list format. The ports on a ...
Page 12: Command-Line Editing
D-link dws-1008 cli manual command-line editing mss editing functions are similar to those of many other network operating systems. Keyboard shortcuts the following keyboard shortcuts are available for entering and editing cli commands: keyboard shortcut(s) function ctrl+a jumps to the first charact...
Page 13: Using Cli Help
D-link dws-1008 cli manual 10 single-asterisk (*) wildcard character you can use the single-asterisk (*) wildcard character in globbing. For details, see “user globs, mac address globs, and vlan globs” on page 7. Double-asterisk (**) wildcard characters the double-asterisk (**) wildcard character ma...
Page 14
D-link dws-1008 cli manual 11 understanding command descriptions each command description in the d-link command reference contains the following elements: • a command name, which shows the keywords but not the variables. For example, the following command name appears at the top of a command descrip...
Page 15: Access Commands
D-link dws-1008 cli manual 1 access commands use access commands to control access to the mobility software system (mss) (cli). This chapter presents access commands alphabetically. Use the following table to locate commands in this chapter based on their use. Enable places the cli session in enable...
Page 16: Quit
D-link dws-1008 cli manual 1 quit exit from the cli session. Syntax: quit defaults: none. Access: all. Examples: to end the administrator’s session, type the following command: dws-1008> quit set enablepass sets the password that provides enabled access (for configuration and monitoring) to the swit...
Page 17: System Services Commands
D-link dws-1008 cli manual 1 system services commands use system services commands to configure and monitor system information for a dws-1008 switch. This chapter presents system services commands alphabetically. Use the following table to located commands in this chapter based on their use. Quickst...
Page 18: Clear Banner Motd
D-link dws-1008 cli manual 1 clear banner motd syntax: clear banner motd defaults: none. Access: enabled. Examples: to clear a banner, type the following command: dws-1008> clear banner motd success: change accepted note: as an alternative to clearing the banner, you can overwrite the existing banne...
Page 20: Help
D-link dws-1008 cli manual 1 help syntax: clear history defaults: none. Access: all. Examples: use this command to see a list of available commands. If you have restricted access, you see fewer commands than if you have enabled access. To display a list of cli commands available at the enabled acces...
Page 21: History
D-link dws-1008 cli manual 18 history syntax: clear history defaults: none. Access: all. Examples: to show the history of your session, type the following command: dws-1008# history quickstart runs a script that interactively helps you configure a new switch. Caution! The quickstart command is for c...
Page 22: Set Banner Motd
D-link dws-1008 cli manual 1 set banner motd configures the banner string that is displayed before the beginning of each login prompt for each cli session on the dws-1008 switch. Syntax: set banner motd ^text^ defaults: none. Access: enabled. Usage: type a caret (^), then the message, then another c...
Page 24: Set License
D-link dws-1008 cli manual 1 usage: use this command if the output of a cli command is greater than the number of lines allowed by default for a terminal type. Examples: to set the number of lines displayed to 100, type the following command: dws-1008# set length 100 success: screen length for this ...
Page 25: Set Prompt
D-link dws-1008 cli manual set prompt changes the cli prompt for the dws-1008 switch to a string you specify. Syntax: set prompt string string defaults: the factory default for the dws switch prompt is dws-mm-nnnnnn, where mm is the model number and nnnnnn is the last 6 digits of the 12-digit system...
Page 26: Set System Contact
D-link dws-1008 cli manual set system contact stores a contact name for the dws-1008 switch. Syntax: set system contact string string defaults: none. Access: enabled. To view the system contact string, type the show system command. Examples: the following command sets the system contact information ...
Page 27
D-link dws-1008 cli manual.
Page 28: Set System Idle-Timeout
D-link dws-1008 cli manual defaults: none. Access: enabled. Usage: you must set the system county code to a valid value before using any set ap commands to configure an access point. Examples: to set the country code to canada, type the following command: dws-1008# set system country code ca success...
Page 29: Set System Ip-Address
D-link dws-1008 cli manual access: enabled. Usage: this command applies to all types of cli management sessions: console, telnet, and ssh. The timeout change applies to existing sessions only, not to new sessions. Examples: the following command sets the idle timeout to 1800 seconds (one half hour):...
Page 30: Set System Location
D-link dws-1008 cli manual set system location stores location information for the dws-1008 switch. Syntax: set system location string string defaults: none. Access: enabled. To view the system location string, type the show system command. Examples: to store the location of the switch in the switch...
Page 31: Show Banner Motd
D-link dws-1008 cli manual 8 usage: entering set system name with no string resets the system name to the factory default. To view the system name string, type the show system command. Examples: the following example sets the system name to a name that identifies the dws switch: dws-1008# set system...
Page 32: Show Licenses
D-link dws-1008 cli manual show licenses displays information about the license key(s) currently installed on an dws-1008 switch. Syntax: show licenses defaults: none. Access: all examples: to view license keys, type the following command: dws-1008# show licenses feature : 80 additional aps see also...
Page 33: Show System
D-link dws-1008 cli manual 0 show system displays system information. Syntax: show system defaults: none. Access: enabled. Examples: to show system information, type the following command: dws-1008# show system the table on the next page describes the fields of show system output..
Page 34
D-link dws-1008 cli manual 1 field description product name dws model number. System name system name (factory default, or optionally configured with set system name). System countrycode country-specific 802.11 code required for ap operation. (configured with set system countrycode) total power over...
Page 35: Show Tech-Support
D-link dws-1008 cli manual field description memory current size (in megabytes) of nonvolatile memory (nvram) and synchronous dynamic ram (sdram), plus the percentage of total memory space in use, in the following format: nvram size /sdram size (percent of total) total power over ethernet total powe...
Page 36: Port Commands
D-link dws-1008 cli manual port commands use port commands to configure and manage individual ports and load-sharing port groups. This chapter presents port commands alphabetically. Use the following table to locate commands in this chapter based on their use. Set port type ap on page 51 set dap on ...
Page 37: Clear Dap
D-link dws-1008 cli manual clear dap caution: when you clear a distributed ap, mss ends user sessions that are using the ap. Removes a distributed ap. Syntax: clear dap dap-num dap-num defaults: none. Access: enabled. Examples: the following command clears distributed ap 1: dws-1008# clear dap 1 thi...
Page 38: Clear Port-Group
D-link dws-1008 cli manual clear port-group removes a port group syntax: clear port-group name name name defaults: none. Access: enabled. Examples: the following command clears port group server1: dws-1008# clear port-group name server1 success: change accepted. See also: • set port-group name of th...
Page 39: Clear Port Name
D-link dws-1008 cli manual clear port name removes the name assigned to a port. Syntax: clear port port-list name port-list defaults: none. Access: enabled. Examples: the following command clears the names of ports 1 through 4: dws-1008# clear port 1-4 name see also: • set port name list of physical...
Page 40
D-link dws-1008 cli manual port parameter setting vlan membership none. Note: although the command changes a port to a network port, the command does not place the port in any vlan. To use the port in a vlan, you must add the port to the vlan. Spanning tree protocol (stp) based on the vlan(s) you ad...
Page 42
D-link dws-1008 cli manual usage: each type of statistic is displayed separately. Press the spacebar to cycle through the displays for each type. If you use an option to specify a statistic type, the display begins with that statistic type. You can use one statistic option with the command. Use the ...
Page 43
D-link dws-1008 cli manual 0 statistics option field description displayed for all options port port the statistics are displayed for. Status port status. The status can be up or down. Octets rx octets total numbewr of octets reveived by the port. This number includes octets received in frames that ...
Page 44
D-link dws-1008 cli manual 1 statistics option field description transmit-errors tx crc number of frames transmitted by the port that had the correct length but contained an invalid fcs value. Tx short number of frames transmitted by the port that were fewer than 64 bytes long. Tx fragment total num...
Page 45: Reset Port
D-link dws-1008 cli manual reset port resets a port by toggling its link state and power over ethernet (poe) state. Syntax: reset port port-list port-list defaults: none. Access: enabled. Usage: the reset command disables the port’s link and poe (if applicable) for at least 1 second, then reenables ...
Page 46: Set Port
D-link dws-1008 cli manual access: enabled. Examples: the following command configures distributed ap 1 for ap model mp-372 with serial-id 0322199999: dws-1008# set dap 1 serial-id 0322199999 model mp-372 success: change accepted. The following command removes distributed ap 1: dws-1008# clear dap 1...
Page 48
D-link dws-1008 cli manual the following commands disable the link for port group server1, change the list of ports in the group, and reenable the link: dws-1008# set port-group name server1 1-5 mode off success: change accepted. Dws-1008# set port-group name server1 1-4,7 mode on success: change ac...
Page 49: Set Port Mirror
D-link dws-1008 cli manual set port mirror configures port mirroring. Port mirroring is a troubleshooting feature that copies (mirrors) traffic sent or received by a dws-1008 port (the source port) to another port (the observer) on the same dws-1008. You can attach a protocol analyzer to the observe...
Page 50: Set Port Negotiation
D-link dws-1008 cli manual defaults: none access: enabled. Usage: to simplify configuration and avoid confusion between a port’s number and its name, d-link recommends that you do not use numbers as port names. Examples: the following command sets the name of port 4 to adminpool: dws-1008# set port ...
Page 51: Set Port Poe
D-link dws-1008 cli manual 8 a stream of large packets sent to an dws-1008 port in such a configuration can cause forwarding on the link to stop. Examples: the following command disables autonegotiation on ports 1, 2, and 4 through 6: dws-1008# set port negotiation 1,2,4-6 disable the following comm...
Page 52: Set Port Speed
D-link dws-1008 cli manual dws-1008# set port poe 3,5 disable if you are enabling power on these ports, they must be connected only to approved poe devices with the correct wiring. Do you wish to continue? (y/n) [n]y the following command enables poe on ports 2 and 4: dws-1008# set port poe 2,4 enab...
Page 53: Set Port Trap
D-link dws-1008 cli manual 0 examples: the following command sets the port speed on ports 1, 3 through 5, and 8 to 10 mbps and sets the operating mode to full-duplex: dws-1008# set port speed 1,3-5,8 10 set port trap enables or disables simple network management protocol (snmp) linkup and linkdown t...
Page 54: Set Port Type Ap
D-link dws-1008 cli manual 1 set port type ap configures a dws-1008 switch port for an (ap) access point. Caution! When you set the port type for ap use, you must specify the poe state (enable or disable) of the port. Use the dws-1008’s poe to power d-link access points or poe enabled devices only. ...
Page 55
D-link dws-1008 cli manual port parameter setting vlan membership removed from all vlans. You cannot assign an ap access port to a vlan. Mss automatically assigns ap access ports to vlans based on user traffic. Spanning tree protocol (stp) not applicable. 802.1x uses authentication parameters config...
Page 57
D-link dws-1008 cli manual for 802.1x clients, wired authentication works only if the clients are directly attached to the wired authentication port, or are attached through a hub that does not block forwarding of packets from the client to the pae group address (01:80:c2:00:00:03). Wired authentica...
Page 59: Show Port-Group
D-link dws-1008 cli manual show port-group displays port group information. Syntax: show port-group [name group-name] name group-name displays information for the specified port group. Defaults: none. Access: all. Examples: the following command displays the configuration of port group server2: dws-...
Page 60: Show Port Poe
D-link dws-1008 cli manual show port poe displays status information for ports on which power over ethernet (poe) is enabled. Syntax: show port poe [port-list] port-list list of physical ports. If you do not specify a port list, poe information is displayed for all ports. Defaults: none. Access: all...
Page 61: Show Port Status
D-link dws-1008 cli manual 8 show port status displays configuration and status information for ports. Syntax: show port status [port-list] port-list list of physical ports. If you do not specify a port list, information is displayed for all ports. Defaults: none. Access: all. Examples: the followin...
Page 62: Vlan Commands
D-link dws-1008 cli manual vlan commands use virtual lan (vlan) commands to configure and manage parameters for individual port vlans on network ports, and to display information about clients within a network. This chapter presents vlan commands alphabetically. Use the following table to locate com...
Page 66
D-link dws-1008 cli manual defaults: none. Access: enabled. Usage: if you do not specify a port-list, the entire vlan is removed from the configuration. Note: you cannot delete the default vlan but you can remove ports from it. To remove ports from the default vlan, use the port port-list option. Ex...
Page 68: Set Fdb Agingtime
D-link dws-1008 cli manual set fdb agingtime changes the aging timeout period for dynamic entries in the forwarding database. Syntax: set fdb agingtime vlan-id age seconds vlan-id vlan name or number. The timeout period change applies only to entries that match the specified vlan. Age seconds value ...
Page 69: Set Vlan Name
D-link dws-1008 cli manual defaults: layer 2 restriction is disabled by default. Access: enabled. Usage: you can specify multiple addresses by listing them on the same command line or by entering multiple commands. To change a mac address, use the clear security l2-restrict command to remove it, the...
Page 70: Set Vlan Port
D-link dws-1008 cli manual vlan names are case-sensitive for radius authorization when a client roams to a switch. If the switch is not configured with the vlan the client is on, but is configured with a vlan that has the same spelling but different capitalization, authorization for the client fails...
Page 72: Show Fdb Agingtime
D-link dws-1008 cli manual the top line of the display identifies the characters to distinguish among the entry types. The following command displays all entries that begin with the mac address glob 00: dws-1008# show fdb 00:* * = static entry. + = permanent entry. # = system entry. Vlan tag dest ma...
Page 74: Show Vlan Config
D-link dws-1008 cli manual 1 examples: the following command shows layer 2 forwarding restriction information for all vlans: dws-1008# show security l2-restrict vlan name en drops permit mac hits ------------------------------------------------------------------------------------------------- 1 defa...
Page 75
D-link dws-1008 cli manual examples: the following command displays information for vlan burgundy: dws-1008# show vlan config burgundy admin vlan tunl port vlan name status state affin port tag state ----------------------------------------------------------------------------------------------------...
Page 76: Quality of Service Commands
D-link dws-1008 cli manual quality of service commands use quality of service (qos) commands to configure packet prioritization in mss. Packet prioritization ensures that dws-1008 switches and dwl-8220ap access points give preferential treatment to high- priority traffic such as voice and video. Thi...
Page 77: Set Qos Cos-to-Dscp-Map
D-link dws-1008 cli manual defaults: none. Access: enabled. Usage: to reset all mappings to their default values, use the clear qos command without the optional parameters. Examples: the following command resets all qos mappings: dws-1008# clear qos success: change accepted. The following command re...
Page 78: Set Qos Dscp-to-Cos-Map
D-link dws-1008 cli manual set qos dscp-to-cos-map changes the internal qos value to which mss maps a packet’s dscp value when classifying inbound packets. Syntax: set qos dscp-to-cos-map dscp-range cos level dscp-range dscp range. You can specify the values as decimal numbers. Valid decimal values ...
Page 79: Show Qos Dscp-Table
D-link dws-1008 cli manual examples: the following command displays the default qos settings: dws-1008# show qos default ingress qos classification map (dscp-to-cos) ingress dscp cos level =============================================================== 00-09 0 0 0 0 0 0 0 0 1 1 10-19 1 1 1 1 1 1 2 2...
Page 80: Ip Services Commands
D-link dws-1008 cli manual ip services commands use ip services commands to configure and manage ip interfaces, management services, the domain name service (dns), network time protocol (ntp), and aliases, and to ping a host or trace a route. This chapter presents ip services commands alphabetically...
Page 81: Clear Ip Alias
D-link dws-1008 cli manual 8 clear ip alias removes an alias, which is a string that represents an ip address. Syntax: clear ip alias name name alias name. Defaults: none. Access: enabled. Examples: the following command removes the alias server1: dws-1008# clear ip alias server1 success: change acc...
Page 82: Clear Ip Dns Server
D-link dws-1008 cli manual clear ip dns server removes a dns server from a dws-1008 switch configuration. Syntax: clear ip dns server ip-addr ip-addr ip address of a dns server. Defaults: none. Access: enabled. Examples: the following command removes dns server 10.10.10.69 from a switch’s configurat...
Page 83: Clear Ip Telnet
D-link dws-1008 cli manual 80 defaults: none. Access: enabled. Examples: the following command removes the route to destination 10.10.10.68/24 through router 10.10.10.1: dws-1008# clear ip route 10.10.10.68/24 10.10.10.1 success: change accepted. See also: • set ip route • show ip route clear ip tel...
Page 85: Clear Snmp Community
D-link dws-1008 cli manual 8 clear snmp community clears an snmp community string. Syntax: clear snmp community name comm-string comm-string name of the snmp community you want to clear. Defaults: none. Access: enabled. Examples: the following command clears community string setswitch2: dws-1008# cl...
Page 86: Clear Snmp Notify Target
D-link dws-1008 cli manual 8 clear snmp notify target clears an snmp notification target. Syntax: clear snmp notify target target-num target-num id of the target. Defaults: none. Access: enabled. Examples: the following command clears notification target 3: dws-1008# clear snmp notify target 3 succe...
Page 87: Clear Summertime
D-link dws-1008 cli manual 8 clear summertime clears the summertime setting from a dws-1008 switch. Syntax: clear summertime defaults: none. Access: enabled. Examples: to clear the summertime setting from a switch, type the following command: dws-1008# clear summertime success: change accepted. See ...
Page 88: Clear Timezone
D-link dws-1008 cli manual 8 clear timezone clears the time offset for the switch’s real-time clock from coordinated universal time (utc). Utc is also know as greenwich mean time (gmt). Syntax: clear timezone defaults: none. Access: enabled. Examples: to return the switch’s real-time clock to utc, t...
Page 89
D-link dws-1008 cli manual 8 interval time time interval between ping packets, in milliseconds. You can specify from 100 through 10,000. Size size packet size, in bytes. You can specify from 56 through 65,507. Note: because the switch adds header information, the icmp packet size is 8 bytes larger t...
Page 91: Set Interface
D-link dws-1008 cli manual 88 access: enabled. Usage: aging applies only to dynamic entries. To reset the arp aging timeout to its default value, use the set arp agingtime 1200 command. Examples: the following command changes the arp aging timeout to 1800 seconds: dws-1008# set arp agingtime 1800 su...
Page 92: Set Interface Dhcp-Client
D-link dws-1008 cli manual 8 examples: the following command configures ip interface 10.10.10.10/24 on vlan default: dws-1008# set interface default ip 10.10.10.10/24 success: set ip address 10.10.10.10 netmask 255.255.255.0 on vlan default the following command configures ip interface 10.10.20.10 2...
Page 93: Set Interface Dhcp-Server
D-link dws-1008 cli manual 0 set interface dhcp-server configures the mss dhcp server. Note: use of the mss dhcp server to allocate client addresses is intended for temporary, demonstration deployments and not for production networks. D-link recommends that you do not use the mss dhcp server to allo...
Page 94: Set Interface Status
D-link dws-1008 cli manual 1 • dns servers—if these options are not set with the set interface dhcp-server command’s primary-dns and secondary-dns options, the mss dhcp server uses the values set by the set ip dns server command. • default router—if this option is not set with the set interface dhcp...
Page 95: Set Ip Alias
D-link dws-1008 cli manual set ip alias configures an alias, which maps a name to an ip address. You can use aliases as shortcuts in cli commands. Syntax: set ip alias name ip-addr name string of up to 32 alphanumeric characters, with no spaces. Ip-addr ip address in dotted decimal notation. Default...
Page 96: Set Ip Dns Domain
D-link dws-1008 cli manual set ip dns domain configures a default domain name for dns queries. The switch appends the default domain name to domain names or hostnames you enter in commands. Syntax: set ip dns domain name name domain name of between 1 and 64 alphanumeric characters with no spaces (fo...
Page 97: Set Ip Https Server
D-link dws-1008 cli manual defaults: none. Access: enabled. Usage: you can configure a dws-1008 switch to use one primary dns server and up to five secondary dns servers. Examples: the following commands configure a dws-1008 switch to use a primary dns server and two secondary dns servers: dws-1008#...
Page 99: Set Ip Snmp Server
D-link dws-1008 cli manual examples: the following command adds a default route that uses default router 10.5.4.1 and gives the route a cost of 1: dws-1008# set ip route default 10.5.4.1 1 success: change accepted. The following commands add two default routes, and configure mss to always use the ro...
Page 100: Set Ip Ssh
D-link dws-1008 cli manual examples: the following command enables the snmp server on a dws-1008 switch: dws-1008# set ip snmp server enable success: change accepted. See also: • clear snmp trap receiver • set port trap • set snmp community • set snmp trap • set snmp trap receiver • show snmp config...
Page 102: Set Ip Telnet Server
D-link dws-1008 cli manual defaults: the default telnet port number is 23. Access: enabled. Examples: the following command changes the telnet port number on a switch to 5000: dws-1008# set ip telnet 5000 success: change accepted. See also: • clear ip telnet • set ip https server • set ip telnet ser...
Page 104: Set Ntp Update-Interval
D-link dws-1008 cli manual 101 examples: the following command configures a switch to use ntp server 192.168.1.5: dws-1008# set ntp server 192.168.1.5 see also: • clear ntp server • clear ntp update-interval • set ntp • set ntp update-interval • show ntp set ntp update-interval changes how often mss...
Page 106: Set Snmp Notify Profile
D-link dws-1008 cli manual 10 examples: the following command configures the read-write community good_community: dws-1008# set snmp community read-write good_community success: change accepted. The following command configures community string switchmgr1 with access level notify-read- write: dws-10...
Page 107
D-link dws-1008 cli manual 10 notification-type name of the notification type: • apboottraps—generated when an access point boots. • apnonoperstatustraps—generated to indicate an ap radio is nonoperational. • apoperradiostatustraps—generated when the status of an ap radio changes. • aptimeouttraps—g...
Page 108
D-link dws-1008 cli manual 10 • countermeasurestoptraps—generated when mss stops countermeasures against a rogue access point. • dapconnectwarningtraps—generated when a distributed ap whose fingerprint has not been configured in mss establishes a management session with the switch. • devicefailtraps...
Page 109
D-link dws-1008 cli manual 10 all sends or drops all notifications. Defaults: a default notification profile (named default) is already configured in mss. All notifications in the default profile are dropped by default. Access: enabled. Examples: the following command changes the action in the defau...
Page 110: Set Snmp Notify Target
D-link dws-1008 cli manual 10 dws-1008# set snmp notify profile snmpprof_rfdetect send rfdetectspoofedssidaptraps success: change accepted. Dws-1008# set snmp notify profile snmpprof_rfdetect send rfdetectunauthorizedaptraps success: change accepted. Dws-1008# set snmp notify profile snmpprof_rfdete...
Page 113
D-link dws-1008 cli manual 110 target-num id for the target. This id is local to the switch and does not need to correspond to a value on the target itself. You can specify a number from 1 to 10. Ip-addr[:udp-port-number] ip address of the server. You also can specify the udp port number to send not...
Page 114: Set Snmp Protocol
D-link dws-1008 cli manual 111 this command configures target 1 at ip address 10.10.40.9. The target’s snmp engine id is based on its address. The mss snmp engine will send notifications based on the default profile, and will require the target to acknowledge receiving them. The following command co...
Page 117
D-link dws-1008 cli manual 11 specifies the authentication type used to authenticate communications with the remote snmp engine. You can specify one of the following: • none—no authentication is used. • md5—message-digest algorithm 5 is used. • sha—secure hashing algorithm (sha) is used. If the auth...
Page 118: Set Summertime
D-link dws-1008 cli manual 11 set summertime offsets the real-time clock of a dws-1008 switch by +1 hour and returns it to standard time for daylight savings time or a similar summertime period that you set. Syntax: set summertime summer-name [start week weekday month hour min end week weekday month...
Page 119: Set System Ip-Address
D-link dws-1008 cli manual 11 set system ip-address configures the system ip address. The system ip address determines the interface or source ip address mss uses for system tasks, including the following: • topology reporting for dual-homed access points • default source ip address used in unsolici...
Page 120: Set Timedate
D-link dws-1008 cli manual 11 set timedate sets the time of day and date on the dws-1008 switch. Syntax: set timedate {date mmm dd yyyy [time hh:mm:ss]} date mmm dd yyyy system date: • mmm—month. • dd—day. • yyyy—year. Time hh:mm:ss system time, in hours, minutes, and seconds. Defaults: none. Access...
Page 121: Show Arp
D-link dws-1008 cli manual 118 defaults: if this command is not used, then the default time zone is utc. Access: enabled. Examples: to set the time zone for pacific standard time (pst), type the following command: dws-1008# set timezone pst -8 timezone is set to ‘pst’, offset from utc is -8:0 hours....
Page 122: Show Dhcp-Client
D-link dws-1008 cli manual 11 the table below describes the fields in this display. Field description arp aging time number of seconds a dynamic entry can remain unused before mss removes the entry from the arp table. Host ip address, hostname, or alias. Hw address mac address mapped to the ip addre...
Page 123: Show Dhcp-Server
D-link dws-1008 cli manual 10 the table below describes the fields in this display. Field description interface vlan name and number. Configuration status status of the dhcp client on this vlan: • enabled • disabled dhcp state state of the ip interface: • if_up • if_down lease allocation duration of...
Page 124
D-link dws-1008 cli manual 11 the following command displays configuration and status information for each vlan on which the dhcp server is configured: dws-1008# show dhcp-server verbose interface: 0 (direct ap) status: up address range: 10.0.0.1-10.0.0.253 interface: default(1) status: up address r...
Page 125: Show Interface
D-link dws-1008 cli manual 1 field description lease remaining number of seconds remaining before the address lease expires. Ip address ip address leased to the client. Subnet mask network mask of the ip address leased to the client. Default router default router ip address included in the dhcp offe...
Page 127: Set Interface Dhcp-Server
D-link dws-1008 cli manual 1 set interface dhcp-server configures the mss dhcp server. Note: use of the mss dhcp server to allocate client addresses is intended for temporary, demonstration deployments and not for production networks. D-link recommends that you do not use the mss dhcp server to allo...
Page 128: Set Interface Status
D-link dws-1008 cli manual 1 specification of the dns domain name, dns servers, and default router are optional. If you omit one or more of these options, the mss dhcp server uses oath values configured elsewhere on the switch: • dns domain name—if this option is not set with the set interface dhcp-...
Page 129: Set Ip Alias
D-link dws-1008 cli manual 1 set ip alias configures an alias, which maps a name to an ip address. You can use aliases as shortcuts in cli commands. Syntax: set ip alias name ip-addr name string of up to 32 alphanumeric characters, with no spaces. Ip-addr ip address in dotted decimal notation. Defau...
Page 130: Set Ip Dns Domain
D-link dws-1008 cli manual 1 set ip dns domain configures a default domain name for dns queries. The switch appends the default domain name to domain names or hostnames you enter in commands. Syntax: set ip dns domain name name domain name of between 1 and 64 alphanumeric characters with no spaces (...
Page 131: Set Ip Https Server
D-link dws-1008 cli manual 18 defaults: none. Access: enabled. Usage: you can configure a switch to use one primary dns server and up to five secondary dns servers. Examples: the following commands configure a switch to use a primary dns server and two secondary dns servers: dws-1008# set ip dns ser...
Page 133: Set Ip Snmp Server
D-link dws-1008 cli manual 10 example: the following command adds a default route that uses default router 10.5.4.1 and gives the route a cost of 1: dws-1008# set ip route default 10.5.4.1 1 success: change accepted. The following commands add two default routes, and configure mss to always use the ...
Page 134: Set Ip Ssh
D-link dws-1008 cli manual 11 set ip ssh changes the tcp port number on which a dws-1008 switch listens for secure shell (ssh) management traffic. Caution: if you change the ssh port number from an ssh session, mss immediately ends the session. To open a new management session, you must configure th...
Page 135: Set Ip Telnet
D-link dws-1008 cli manual 1 set ip telnet changes the tcp port number on which a dws-1008 switch listens for telnet management traffic. Caution: if you change the telnet port number from a telnet session, mss immediately ends the session. To open a new management session, you must telnet to the swi...
Page 136: Set Ntp
D-link dws-1008 cli manual 1 usage: the maximum number of telnet sessions supported on a switch is eight. If ssh is also enabled, the switch can have up to eight telnet or ssh sessions, in any combination, and one console session. Examples: the following command enables the telnet server on a dws-10...
Page 137: Set Ntp Server
D-link dws-1008 cli manual 1 set ntp server configures a dws-1008 switch to use an ntp server. Syntax: set ntp server ip-addr ip-addr ip address of the ntp server, in dotted decimal notation. Defaults: none. Access: enabled. Usage: you can configure up to three ntp servers. Mss queries all the serve...
Page 139: Set Snmp Notify Profile
D-link dws-1008 cli manual 1 the following command configures community string switchmgr1 with access level notify-read- write: dws-1008# set snmp community name switchmgr1 notify-read-write success: change accepted. See also: • clear snmp community • set ip snmp server • set snmp notify target • se...
Page 140
D-link dws-1008 cli manual 1 • autotuneradiopowerchangetraps—generated when the rfauto-tuning feature changes the power setting on a radio. • clientassociationfailuretraps—generated when a client’s attempt to associate with a radio fails. • clientauthorizationsuccesstraps—generated when a client is ...
Page 141
D-link dws-1008 cli manual 18 • rfdetectspoofedmacaptraps—generated when mss detects a wireless packet with the source mac address of a d-link ap, but without the spoofed mp’s signature (fingerprint). • rfdetectspoofedssidaptraps—generated when mss detects beacon frames for a valid ssid, but sent by...
Page 142
D-link dws-1008 cli manual 1 dws-1008# set snmp notify profile snmpprof_rfdetect send rfdetectinterferingroguedisappeartraps success: change accepted. Dws-1008# set snmp notify profile snmpprof_rfdetect send rfdetectrogueaptraps success: change accepted. Dws-1008# set snmp notify profile snmpprof_rf...
Page 143: Set Snmp Notify Target
D-link dws-1008 cli manual 10 set snmp notify target configures a notification target for notifications from snmp. A notification target is a remote device to which mss sends snmp notifications. You can configure the mss snmp engine to send confirmed notifications (informs) or unconfirmed notificati...
Page 144
D-link dws-1008 cli manual 11 retries num specifies the number of times the mss snmp engine will resend a notification that has not been acknowledged by the target. You can specify from 0 to 3 retries. Timeout num specifies the number of seconds mss waits for acknowledgement of a notification. You c...
Page 145
D-link dws-1008 cli manual 1 snmpv2c with informs to configure a notification target for informs from snmpv2c, use the following command: syntax: set snmp notify target target-num ip-addr [:udp-port-number] v2c community-string inform [profile profile-name] [retries num] [timeout num] target-num id ...
Page 146
D-link dws-1008 cli manual 1 snmpv1 with traps to configure a notification target for traps from snmpv1, use the following command: syntax: set snmp notify target target-num ip-addr [:udp-port-number] v1 community-string [profile profile-name] target-num id for the target. This id is local to the sw...
Page 148: Set Snmp Usm
D-link dws-1008 cli manual 1 defaults: by default, mss allows nonsecure (unsecured) snmp message exchanges. Access: enabled. Usage: snmpv1 and snmpv2c do not support authentication or encryption. If you plan to use snmpv1 or snmpv2c, leave the minimum level of snmp security set to unsecured. Example...
Page 151: Set Summertime
D-link dws-1008 cli manual 18 defaults: no snmpv3 users are configured by default. When you configure an snmpv3 user, the default access is read-only, and the default authentication and encryption types are both none. Access: enabled. Examples: the following command creates usm user snmpmgr1, associ...
Page 152
D-link dws-1008 cli manual 1 weekday day of the week to start or end the time change. Valid values are sun, mon, tue, wed, thu, fri, and sat. Month month of the year to start or end the time change. Valid values are jan, feb, mar, apr, may, jun, jul, aug, sep, oct, nov, and dec. Hour hour to start o...
Page 153: Set System Ip-Address
D-link dws-1008 cli manual 10 set system ip-address configures the system ip address. The system ip address determines the interface or source ip address mss uses for system tasks, including the following: • topology reporting for dual-homed access points • default source ip address used in unsolici...
Page 154: Set Timedate
D-link dws-1008 cli manual 11 set timedate sets the time of day and date on the switch. Syntax: set timedate {date mmm dd yyyy [time hh:mm:ss]} date mmm dd yyyy system date: • mmm—month. • dd—day. • yyyy—year. Time hh:mm:ss system time, in hours, minutes, and seconds. Defaults: none. Access: enabled...
Page 155: Show Arp
D-link dws-1008 cli manual 1 zone-name time zone name of up to 32 alphabetic characters. You can use a standard name or any name you like. - minus time to indicate hours (and minutes) to be subtracted from utc. Otherwise, hours and minutes are added by default. Hours number of hours to add or subtra...
Page 156: Show Dhcp-Client
D-link dws-1008 cli manual 1 the table below describes the fields in this display. Field description arp aging time number of seconds a dynamic entry can remain unused before mss removes the entry from the arp table. Host ip address, hostname, or alias. Hw address mac address mapped to the ip addres...
Page 157: Show Dhcp-Server
D-link dws-1008 cli manual 1 the table below describes the fields in this display. Field description interface vlan name and number. Configuration status status of the dhcp client on this vlan: • enabled • disabled dhcp state state of the ip interface: • if_up • if_down lease allocation duration of ...
Page 158
D-link dws-1008 cli manual 1 the following command displays configuration and status information for each vlan on which the dhcp server is configured: dws-1008# show dhcp-server verbose interface: 0 (direct ap) status: up address range: 10.0.0.1-10.0.0.253 interface: default(1) status: up address ra...
Page 159: Show Interface
D-link dws-1008 cli manual 1 field description lease remaining number of seconds remaining before the address lease expires. Ip address ip address leased to the client. Subnet mask network mask of the ip address leased to the client. Default router default router ip address included in the dhcp offe...
Page 160: Show Ip Alias
D-link dws-1008 cli manual 1 show ip alias displays the ip aliases configured on the dws-1008 switch. Syntax: show ip alias [name] name alias string. Defaults: if you do not specify an alias name, all aliases are displayed. Access: enabled. Examples: the following command displays all the aliases co...
Page 161: Show Ip Dns
D-link dws-1008 cli manual 18 show ip dns displays the dns servers the switch is configured to use. Syntax: show ip dns defaults: none. Access: all. Examples: the following command displays the dns information: dws-1008# show ip dns domain name: example.Com dns status: enabled ip address type ------...
Page 162: Show Ip Https
D-link dws-1008 cli manual 1 show ip https displays information about the https management port. Syntax: show ip https defaults: none. Access: all. Examples: the following command shows the status and port number for the https management interface to the switch: dws-1008> show ip https https is enab...
Page 163: Show Ip Route
D-link dws-1008 cli manual 10 show ip route displays the ip route table. Syntax: show ip route [destination] destination route destination ip address, in dotted decimal notation. Defaults: none. Access: all. Usage: when you add an ip interface to a vlan that is up, mss adds direct and local routes f...
Page 164: Show Ip Telnet
D-link dws-1008 cli manual 11 field description gateway next-hop router for reaching the route destination. Note: this field applies only to static routes. Vlan:interface destination vlan, protocol type, and ip address of the route. Because direct routes are for local interfaces, a destination ip ad...
Page 165: Show Ntp
D-link dws-1008 cli manual 1 show ntp displays ntp client information. Syntax: show ntp defaults: none. Access: all. Examples: to display ntp information for a dws-1008 switch, type the following command: dws-1008> show ntp ntp client: enabled current update-interval: 20(secs) current time: fri feb ...
Page 166: Show Snmp Community
D-link dws-1008 cli manual 1 show snmp community displays the configured snmp community strings. Syntax: show snmp community defaults: none. Access: enabled. See also: • clear snmp community • set snmp community show snmp counters displays snmp statistics counters. Syntax: show snmp counters default...
Page 167: Show Snmp Status
D-link dws-1008 cli manual 1 show snmp status displays snmp version and status information. Syntax: show snmp status defaults: none. Access: enabled. See also: • set snmp community • set snmp notify target • set snmp notify profile • set snmp protocol • set snmp security • set snmp usm • show snmp c...
Page 168: Show Summertime
D-link dws-1008 cli manual 1 show summertime shows a switch’s offset from its real-time clock. Syntax: show summertime defaults: there is no summertime offset by default. Access: all. Examples: to display the summertime setting on a switch, type the following command: dws-1008# show summertime summe...
Page 169: Show Timezone
D-link dws-1008 cli manual 1 show timezone shows the time offset for the real-time clock from utc on a switch. Syntax: show timezone defaults: none. Access: all. Examples: to display the offset from utc, type the following command: dws-1008# show timezone timezone set to ‘pst’, offset from utc is -8...
Page 170
D-link dws-1008 cli manual 1 examples: in the following example, an administrator establishes a telnet session with another switch and enters a command on the remote switch: dws-1008# telnet 10.10.10.90 session 0 pty tty2.D trying 10.10.10.90... Connected to 10.10.10.90 disconnect character is ‘^t’ ...
Page 171: Traceroute
D-link dws-1008 cli manual 18 traceroute traces the route to an ip host. Syntax: traceroute host [dnf] [no-dns] [port port-num] [queries num] [size size] [ttl hops] [wait ms] host ip address, hostname, or alias of the destination host. Specify the ip address in dotted decimal notation. Dnf sets the ...
Page 172
D-link dws-1008 cli manual 1 the first row of the display indicates the target host, the maximum number of hops, and the packet size. Each numbered row displays information about one hop. The rows are displayed in the order in which the hops occur, beginning with the hop closest to the switch. The r...
Page 173: Aaa Commands
D-link dws-1008 cli manual 10 aaa commands use authentication, authorization, and accounting (aaa) commands to provide a secure network connection and a record of user activity. Location policy commands override any virtual lan (vlan) or security acl assignment by aaa or the local database to help y...
Page 175: Clear Authentication Admin
D-link dws-1008 cli manual 1 clear authentication admin removes an authentication rule for administrative access through telnet or web view. Syntax: clear authentication admin user-glob user-glob a single user or set of users. Specify a username, use the double-asterisk wildcard character (**) to sp...
Page 176: Clear Authentication Dot1X
D-link dws-1008 cli manual 1 defaults: none. Access: enabled. Note: the syntax descriptions for the clear authentication commands have been separated for clarity. However, the options and behavior for the clear authentication console command are the same as in previous releases. Examples: the follow...
Page 179: Clear Mac-User
D-link dws-1008 cli manual 1 clear mac-user removes a user profile from the local database on the switch, for a user who is authenticated by a mac address. (to remove a user profile in radius, see the documentation for your radius server.) syntax: clear mac-user mac-addr mac-addr mac address of the ...
Page 180: Clear Mac-User Group
D-link dws-1008 cli manual 1 defaults: none. Access: enabled. Examples: the following command removes an access control list (acl) from the profile of a user at mac address 01:02:03:04:05:06: dws-1008# clear mac-user 01:02:03:04:05:06 attr filter-id success: change accepted. See also: • set mac-user...
Page 181: Clear Mac-Usergroup
D-link dws-1008 cli manual 18 clear mac-usergroup removes a user group from the local database on the dws-1008 switch, for a group of users who are authenticated by a mac address. (to delete a mac user group in radius, see the documentation for your radius server.) syntax: clear mac-usergroup group-...
Page 182: Clear User
D-link dws-1008 cli manual 1 examples: the following command removes the members of the mac user group eastcoasters from a vlan assignment by deleting the vlan-name attribute from the group: dws-1008# clear mac-usergroup eastcoasters attr vlan-name success: change accepted. See also: • clear mac-use...
Page 183: Clear User Attr
D-link dws-1008 cli manual 180 clear user attr removes an authorization attribute from the user profile in the local database on the switch, for a user with a password. (to remove an authorization attribute from a radius user profile, see the documentation for your radius server.) syntax: clear user...
Page 184: Clear Usergroup
D-link dws-1008 cli manual 181 examples: the following command removes the user nin from the user group nin is in: dws-1008# clear user nin group success: change accepted. See also: • clear usergroup • set user group • show aaa clear usergroup removes a user group and its attributes from the local d...
Page 185: Clear Usergroup Attr
D-link dws-1008 cli manual 18 clear usergroup attr removes an authorization attribute from a user group in the local database on the switch. (to remove an authorization attribute in radius, see the documentation for your radius server.) syntax: clear usergroup group-name attr attribute-name group-na...
Page 186
D-link dws-1008 cli manual 18 start-stop sends accounting records at the start and end of a network session. Stop-only sends accounting records only at the end of a network session. Method1-4 at least one of up to four methods that mss uses to process accounting records. Specify one or more of the f...
Page 187
D-link dws-1008 cli manual 18 dot1x users with network access through the switch who are authenticated by 802.1x. Mac users with network access through the switch who are authenticated by mac authentication. Web users with network access through the switch who are authenticated by webaaa. Ssid ssid-...
Page 188: Set Accounting System
D-link dws-1008 cli manual 18 defaults: accounting is disabled for all users by default. Access: enabled. Usage: for network users with start-stop accounting whose records are sent to a radius server, mss sends interim updates to the radius server when the user roams. Examples: the following command...
Page 189: Set Authentication Admin
D-link dws-1008 cli manual 18 set authentication admin configures authentication and defines where it is performed for specified users with administrative access through telnet or web view. Syntax: set authentication admin user-globmethod1 [method2] [method3] [method4] user-glob single user or set o...
Page 190: Set Authentication Console
D-link dws-1008 cli manual 18 usage: you can configure different authentication methods for different groups of users. (for details, see “user globs, mac address globs, and vlan globs” on page 7.) if you specify multiple authentication methods in the set authentication console command, mss applies t...
Page 191
D-link dws-1008 cli manual 188 user-glob single user or set of users with administrative access over the network through telnet or web view. Specify a username, use the double-asterisk wildcard character (**) to specify all usernames, or use the single-asterisk wildcard character (*) to specify a se...
Page 192: Set Authentication Dot1X
D-link dws-1008 cli manual 18 usage: you can configure different authentication methods for different groups of users. (for details, see “user globs, mac address globs, and vlan globs” on page 7.) if you specify multiple authentication methods in the set authentication console command, mss applies t...
Page 193
D-link dws-1008 cli manual 10 bonded enables bonded auth™ (bonded authentication). When this feature is enabled, mss authenticates the user only if the machine the user is on has already been authenticated. Protocol protocol used for authentication. Specify one of the following: • eap-md5—extensible...
Page 194
D-link dws-1008 cli manual 11 method1-4 at least one of up to four methods that mss uses to handle authentication. Specify one or more of the following methods in priority order. Mss applies multiple methods in the order you enter them. A method can be one of the following: • local—uses the local da...
Page 195: Set Authentication Mac
D-link dws-1008 cli manual 1 if the username does not match an authentication rule for the ssid the user is attempting to access, mss uses the fallthru authentication type configured for the ssid, which can be last-resort, web-portal (for webaaa), or none. Examples: the following command configures ...
Page 196
D-link dws-1008 cli manual 1 method1-4 at least one of up to four methods that mss uses to handle authentication. Specify one or more of the following methods in priority order. Mss applies multiple methods in the order you enter them. A method can be one of the following: • local—uses the local dat...
Page 197: Set Authentication Proxy
D-link dws-1008 cli manual 1 set authentication proxy configures a proxy authentication rule for a third-party ap’s wireless users. Syntax: set authentication proxy ssid ssid-nameuser-glob radius-server-group ssid ssid-name ssid name to which this authentication rule applies. User-glob a single user...
Page 198: Set Authentication Web
D-link dws-1008 cli manual 1 set authentication web configures an authentication rule to allow a user to log in to the network using a web page served by the switch. The rule can be activated if the user is not otherwise granted or denied access by 802.1x, or granted access by mac authentication. Sy...
Page 199
D-link dws-1008 cli manual 1 usage: you can configure different authentication methods for different groups of users by “globbing.” you can configure a rule either for wireless access to an ssid, or for wired access through a switch’s wired authentication port. If the rule is for wireless access to ...
Page 200: Set Location Policy
D-link dws-1008 cli manual 1 set location policy creates and enables a location policy on a switch. A location policy enables you to locally set or change authorization attributes for a user after the user is authorized by aaa, without making changes to the aaa server. Syntax: set location policy de...
Page 201
D-link dws-1008 cli manual 18 replace operator with one of the following operands: • eq—applies the location policy rule to all users assigned vlan names matching vlan-glob. • neq—applies the location policy rule to all users assigned vlan names not matching vlan-glob. For vlan-glob, specify a vlan ...
Page 202
D-link dws-1008 cli manual 1 conditions within a rule are anded. All conditions in the rule must match in order for mss to take the specified action. If the location policy contains multiple rules, mss compares the user information to the rules one at a time, in the order the rules appear in the swi...
Page 203: Set Mac-User
D-link dws-1008 cli manual 00 set mac-user configures a user profile in the local database on the switch for a user who can be authenticated by a mac address, and optionally adds the user to a mac user group. (to configure a mac user profile in radius, see the documentation for your radius server.) ...
Page 204
D-link dws-1008 cli manual 01 defaults: none. Access: enabled. Usage: to change the value of an attribute, enter set mac-user attr with the new value. To delete an attribute, use clear mac-user attr. You can assign attributes to individual mac users and to mac user groups. If attributes are configur...
Page 205
D-link dws-1008 cli manual 0 attribute description valid value(s) filter-id (network access mode only) security access control list (acl), to permit or deny traffic received (input) or sent (output) by the switch. Name of an existing security acl, up to 253 alphanumeric characters, with no tabs or s...
Page 206
D-link dws-1008 cli manual 0 attribute description valid value(s) time-of-day (network access mode only) day(s) and time(s) during which the user is permitted to log into the network. After authorization, the user’s session can last until either the time-of-day range or the session- timeout duration...
Page 207
D-link dws-1008 cli manual 0 attribute description valid value(s) vlan-name (network access mode only) virtual lan (vlan) assignment. Note: on some radius servers, you might need to use the standard radius attribute tunnel-pvt-group-id, instead of vlan-name. Name of a vlan that you want the user to ...
Page 208: Set Mac-Usergroup Attr
D-link dws-1008 cli manual 0 set mac-usergroup attr creates a user group in the local database on the switch for users who are authenticated by a mac address, and assigns authorization attributes for the group. (to configure a user group and assign authorization attributes through radius, see the do...
Page 209: Set User
D-link dws-1008 cli manual 0 set user configures a user profile in the local database on the switch for a user with a password. (to configure a user profile in radius, see the documentation for your radius server.) syntax: set user username password [encrypted] string username username of a user wit...
Page 210: Set User Attr
D-link dws-1008 cli manual 0 set user attr configures an authorization attribute in the local database on the switch for a user with a password. (to assign authorization attributes in radius, see the documentation for your radius server.) syntax: set user username attr attribute-name value username ...
Page 211: Set User Group
D-link dws-1008 cli manual 08 set user group adds a user to a user group. The user must have a password and a profile that exists in the local database on the switch. (to configure a user in radius, see the documentation for your radius server.) syntax: set user username group group-name username us...
Page 212: Set Web-Portal
D-link dws-1008 cli manual 0 defaults: none. Access: enabled. Usage: to change the value of an attribute, enter set usergroup attr with the new value. To delete an attribute, use clear usergroup attr. To add a user to a group, user the command set user group. You can assign attributes to individual ...
Page 213: Show Aaa
D-link dws-1008 cli manual 10 show aaa displays all current aaa settings. Syntax: show aaa defaults: none. Access: enabled. Examples: to display all current aaa settings, type the following command: dws-1008# show aaa default values authport=1812 acctport=1813 timeout=5 acct-timeout=5 retrans=3 dead...
Page 214
D-link dws-1008 cli manual 11 the table below describes the fields that can appear in show aaa output. Field description default values radius default values for all parameters. Authport udp port on the switch for transmission of radius authorization and authentication messages. The default port is ...
Page 215: Show Accounting Statistics
D-link dws-1008 cli manual 1 show accounting statistics displays the aaa accounting records for wireless users. The records are stored in the local database on the switch. (to display radius accounting records, see the documentation for your radius server.) syntax: show accounting statistics default...
Page 216: Show Location Policy
D-link dws-1008 cli manual 1 the table below describes the fields that can appear in show accounting statistics output. Field description date and time date and time of the accounting record. Acct-status-type type of accounting record: • start • stop • update acct-authentic location where the user w...
Page 217: Cryptography Commands
D-link dws-1008 cli manual 1 cryptography commands a digital certificate is a form of electronic identification for computers. The switch requires digital certificates to authenticate its communications to web view, to webaaa clients, and to extensible authentication protocol (eap) clients for which...
Page 219: Crypto Certificate
D-link dws-1008 cli manual 1 examples the following command adds the certificate authority’s certificate to switch certificate and key storage: dws-1008# crypto ca-certificate admin enter pem-encoded certificate -----begin certificate----- miidwdcca2qgawibagiql2jvuu4po5faqcyewu3ojanbgkqhkig9wobaqufa...
Page 220: Crypto Generate Key
D-link dws-1008 cli manual 1 1. Open the pkcs#7 object file with an ascii text editor such as notepad or vi. 2. Enter the crypto certificate command on the cli command line. 3. When mss prompts you for the pem-formatted certificate, paste the pkcs#7 object file onto the command line. The switch veri...
Page 222
D-link dws-1008 cli manual 1 state name string (optional) specify the name of the state, in up to 64 alphanumeric characters. Spaces are allowed. Locality name string (optional) specify the name of the locality, in up to 80 alphanumeric characters with no spaces. Organizational name (optional) speci...
Page 223: Crypto Generate Self-Signed
D-link dws-1008 cli manual 0 csr for admin is -----begin certificate request----- miibuzccasqcaqawezelmakga1uebhmcdxmxczajbgnvbagtamnhmqswcqydvqqh ewjjytelmakga1uechmcy2exczajbgnvbastamnhmqswcqydvqqdewjjyteymbyg csqgsib3dqejaryjy2fay2euy29tmrewdwyjkozihvcnaqkcewjjytcbnzanbgkq hkig9w0baqefaaobjqawgyk...
Page 224
D-link dws-1008 cli manual 1 common name specify a unique name for the switch, in up to 80 alphanumeric string characters with no spaces. Use a fully qualified name if such names are supported on your network. This field is required. Note: if you are generating a webaaa (web) certificate, use a comm...
Page 226: Crypto Pkcs12
D-link dws-1008 cli manual crypto pkcs12 unpacks a pkcs#12 object file into the certificate and key storage area on the switch. This object file contains a public-private key pair, a switch certificate signed by a certificate authority, and the certificate authority’s certificate. Syntax: crypto pkc...
Page 229: Show Crypto Key Domain
D-link dws-1008 cli manual show crypto key domain displays the checksum (also called a fingerprint) of the public key used to authenticate management traffic between switches. Syntax: show crypto key domain defaults: none. Access: enabled. Examples: to display the fingerprint for switch-switch secur...
Page 230
D-link dws-1008 cli manual radius and server groups commands use radius commands to set up communication between a switch and groups of up to four radius servers for remote authentication, authorization, and accounting (aaa) of administrators and network users. This chapter presents radius commands ...
Page 232
D-link dws-1008 cli manual clear radius client system-ip removes the switch’s system ip address from use as the permanent source address in radius client requests from the switch to its radius server(s). Syntax: clear radius client system-ip deadtime number of minutes to wait after declaring an unre...
Page 233: Clear Radius Proxy Client
D-link dws-1008 cli manual 0 clear radius proxy client removes radius proxy client entries for third-party aps. Syntax: clear radius proxy client all defaults: none access: enabled. Examples: the following command clears all radius proxy client entries from the switch: dws-1008# clear radius proxy c...
Page 234: Clear Radius Server
D-link dws-1008 cli manual 1 clear radius server removes the named radius server from the switch configuration. Syntax: clear radius server server-name server-name name of a radius server configured to perform remote aaa services for the switch. Defaults: none access: enabled. Examples: the followin...
Page 235: Set Radius
D-link dws-1008 cli manual to disable load balancing in a server group shorebirds, type the following command: dws-1008# set server group shorebirds load-balance disable success: change accepted. See also: • set server group set radius configures global defaults for radius servers that do not explic...
Page 236
D-link dws-1008 cli manual defaults: global radius parameters have the following default values: • deadtime—0 (zero) minutes (the switch does not designate unresponsive radius servers as unavailable.) • encrypted-key—no key • key—no key • retransmit—3 (the total number of attempts, including the fir...
Page 237: Set Radius Client System-Ip
D-link dws-1008 cli manual set radius client system-ip causes all radius requests to be sourced from the ip address specified by the set system ip-address command, providing a permanent source ip address for radius packets sent from the switch. Syntax: set radius client system-ip defaults: none. If ...
Page 238: Set Radius Proxy Port
D-link dws-1008 cli manual access: enabled. Usage: aaa for third-party ap users has additional configuration requirements. Examples: the following command configures a radius proxy entry for a third-party ap radius client at 10.20.20.9, sending radius traffic to the default udp ports 1812 and 1813 o...
Page 239: Set Radius Server
D-link dws-1008 cli manual set radius server configures radius servers and their parameters. By default, the switch automatically sets all these values except the password (key). Syntax: set radius server server-name [address ip-address] [auth-port port-number] [acct-port port-number] [timeout secon...
Page 240
D-link dws-1008 cli manual defaults: default values are listed below: • auth-port—udp port1812 • acct-port—udp port1813 • timeout—5 seconds • retransmit—3 (the total number of attempts, including the first attempt) • deadtime—0 (zero) minutes (the switch does not designate unresponsive radius server...
Page 241: Set Server Group
D-link dws-1008 cli manual 8 set server group configures a group of one to four radius servers. Syntax: set server group group-name members server-name1 [server-name2] [server-name3] [server-name4] group-name server group name of up to 32 characters, with no spaces or tabs. Members the names of one ...
Page 243: 802.1X Management Commands
D-link dws-1008 cli manual 0 802.1x management commands use 802. Ieee x management commands to modify the default settings for ieee 802.1x sessions on a dws-1008 switch. For best results, change the settings only if you are aware of a problem with the switch’s 802.1x performance. This chapter presen...
Page 244: Clear Dot1X Bonded-Period
D-link dws-1008 cli manual 1 clear dot1x bonded-period resets the bonded auth period to its default value. Syntax: clear dot1x max-req defaults: the default bonded authentication period is 0 seconds. Access: enabled. Examples: to reset the bonded period to its default, type the following command: dw...
Page 245: Clear Dot1X Port-Control
D-link dws-1008 cli manual clear dot1x port-control resets all wired authentication ports on the switch to default 802.1x authentication. Syntax: clear dot1x port-control defaults: by default, all wired authentication ports are set to auto and they process authentication requests as determined by th...
Page 246: Clear Dot1X Reauth-Max
D-link dws-1008 cli manual clear dot1x reauth-max resets the maximum number of reauthorization attempts to the default setting. Syntax: clear dot1x reauth-max defaults: the default is 2 attempts. Access: enabled. Examples: type the following command to reset the maximum number of reauthorization att...
Page 247
D-link dws-1008 cli manual clear dot1x timeout auth-server resets to the default setting the number of seconds that must elapse before the switch times out a request to a radius server. Syntax: clear dot1x reauth-period defaults: the default is 30 seconds. Access: enabled. Examples: to reset the def...
Page 248: Clear Dot1X Tx-Period
D-link dws-1008 cli manual clear dot1x tx-period resets to the default setting the number of seconds that must elapse before the switch retransmits an eap over lan (eapol) packet. Syntax: clear dot1x tx-period defaults: the default is 5 seconds. Access: enabled. Examples: type the following command ...
Page 249: Set Dot1X Bonded-Period
D-link dws-1008 cli manual set dot1x bonded-period changes the bonded auth™ (bonded authentication) period. The bonded auth period is the number of seconds mss allows a bonded auth user to reauthenticate. Syntax: set dot1x bonded-period seconds seconds number of seconds mss retains session informati...
Page 252: Set Dot1X Quiet-Period
D-link dws-1008 cli manual set dot1x quiet-period sets the number of seconds a switch remains quiet and does not respond to a supplicant after a failed authentication. Syntax: set dot1x quiet-period seconds seconds specify a value between 0 and 65,535. Defaults: the default is 60 seconds. Access: en...
Page 253: Set Dot1X Reauth-Period
D-link dws-1008 cli manual 0 set dot1x reauth-period sets the number of seconds that must elapse before the switch attempts reauthentication. Syntax: set dot1x reauth-period seconds seconds specify a value between 60 (1 minute) and 1,641,600 (19 days). Defaults: the default is 3600 seconds (1 hour)....
Page 254: Set Dot1X Timeout Supplicant
D-link dws-1008 cli manual 1 set dot1x timeout supplicant sets the number of seconds that must elapse before the switch times out an authentication session with a supplicant (client). Syntax: set dot1x timeout supplicant seconds seconds specify a value between 1 and 65,535. Defaults: the default is ...
Page 257
D-link dws-1008 cli manual type the following command to display the 802.1x clients: dws-1008# show dot1x config 802.1x user policy ---------------------- ‘host/bob-laptop.Mycorp.Com’ on ssid ‘mycorp’ doing passthru ’bob.Mycorp.Com’ on ssid ‘mycorp’ doing passthru (bonded) 802.1x parameter setting -...
Page 258
D-link dws-1008 cli manual type the following command to display 802.1x statistics: dws-1008# show dot1x stats 802.1x statistic value ---------------------- ---------------------- enters connecting: 709 logoffs while connecting: 112 enters authenticating: 467 success while authenticating: 0 timeouts...
Page 259: Session Management Commands
D-link dws-1008 cli manual session management commands use session management commands to display and clear administrative and network user sessions. This chapter presents session management commands alphabetically. Use the following table to locate commands in this chapter based on their use. Admin...
Page 262
D-link dws-1008 cli manual defaults: none. Access: all, except for show sessions telnet client, which has enabled access. Examples: to view information about sessions of administrative users, type the following command: dws-1008# clear sessions admin tty username time (s) type ------- --------------...
Page 263: Show Sessions Network
D-link dws-1008 cli manual 0 the table below describes the fields of the show sessions admin, show sessions console, and show sessions telnet displays. Show sessions admin, show sessions console, and show sessions telnet output field description tty the telnet terminal number, or console for adminis...
Page 264
D-link dws-1008 cli manual 1 ssid ssid-name displays all network sessions for an ssid. Vlan vlan-glob displays all network sessions on a single vlan or a set of vlans. Specify a vlan name, use the double-asterisk wildcard character (**) to specify all vlan names, or use the single-asterisk wildcard ...
Page 265
D-link dws-1008 cli manual the following command displays summary information about the sessions for mac address 00:05:5d:7e:98:1a: dws-1008# show sessions network mac-addr 00:05:5d:7e:98:1a user sess ip or mac vlan port/ name id address name radio ------------------------------ ---- ---------------...
Page 266
D-link dws-1008 cli manual the following command displays information about network session 88: dws-1008# show sessions network session-id 88 local id: 88 global id: sess-88-00040f-876766-623fd6 state: active ssid: rack-39-pm port/radio: 10/1 mac address: 00:0f:66:f4:71:6d user name: last-resort-rac...
Page 267
D-link dws-1008 cli manual additional show sessions network verbose output field description client mac mac address of the session user. Gid global session id, a unique session number. State status of the session: • auth, assoc req—client is being associated by the 802.1x protocol. • auth and assoc—...
Page 268
D-link dws-1008 cli manual show sessions network session-id output field description local id identifier for the session on this particular switch. (this is the session id you specify when entering the show sessions network session-id command.) global id unique session identifier within the network....
Page 269
D-link dws-1008 cli manual unicast bytes out total number of unicast bytes sent by the switch to the user (64-bit counter). Multicast packets in total number of multicast packets received from the user by the switch (64-bit counter). Multicast bytes in total number of multicast bytes received from t...
Page 270: Rf Detection Commands
D-link dws-1008 cli manual rf detection commands mss automatically performs rf detection scans on enabled and disabled radios to detect rogue access points. A rogue access point is a bssid (mac address associated with an ssid) that does not belong to a d-link device and is not a member of the ignore...
Page 271: Clear Rfdetect Attack-List
D-link dws-1008 cli manual 8 clear rfdetect attack-list removes a mac address from the attack list. Syntax: clear rfdetect attack-list mac-addr mac-addr mac address you want to remove from the attack list. Defaults: none. Access: enabled. Examples: the following command clears mac address 11:22:33:4...
Page 272: Clear Rfdetect Ssid-List
D-link dws-1008 cli manual clear rfdetect ssid-list removes an ssid from the permitted ssid list. Syntax: clear rfdetect ssid-list ssid-name ssid-name ssid name you want to remove from the permitted ssid list. Defaults: none. Access: enabled. Examples: the following command clears ssid mycorp from t...
Page 273: Set Rfdetect Attack-List
D-link dws-1008 cli manual 0 set rfdetect attack-list adds an entry to the attack list. The attack list specifies the mac addresses of devices that mss should issue countermeasures against whenever the devices are detected on the network. The attack list can contain the mac addresses of aps and clie...
Page 274: Set Rfdetect Ignore
D-link dws-1008 cli manual 1 mss can place a client in the black list due to an association, reassociation or disassociation flood from the client. The client black list applies only to the switch on which the list is configured. Switches do not share client black lists. Examples: the following comm...
Page 276: Set Rfdetect Ssid-List
D-link dws-1008 cli manual usage: the command applies only to aps managed by the switch on which you enter the command. To enable signatures on all aps, enter the command on each switch. Note: you must use the same ap signature setting (enabled or disabled) on all switches. Examples: the following c...
Page 277: Set Rfdetect Vendor-List
D-link dws-1008 cli manual set rfdetect vendor-list adds an entry to the permitted vendor list. The permitted vendor list specifies the third-party ap or client vendors that are allowed on the network. Mss does not list a device as a rogue or interfering device if the device’s oui is in the permitte...
Page 278: Show Rfdetect Black-List
D-link dws-1008 cli manual examples: the following example shows the attack list on switch: dws-1008# show rfdetect attack-list total number of entries: 1 attacklist mac port/radio/chan rssi ssid ----------------- ----------------- ------ ------------ 11:22:33:44:55:66 dap 2/1/11 -53 rogue-ssid see ...
Page 279
D-link dws-1008 cli manual examples: the following command shows information about all wireless clients detected by a switch’s aps: dws-1008# show rfdetect clients total number of entries: 30 client mac client ap mac ap port/radio nol type last vendor vendor /channel seen ----------------- ------- -...
Page 280
D-link dws-1008 cli manual type classification of the rogue device: • rogue—wireless device that is on the network but is not supposed to be on the network. • intfr—wireless device that is not part of your network and is not a rogue, but might be causing rf interference with ap radios. • known—devic...
Page 281: Show Rfdetect Counters
D-link dws-1008 cli manual 8 usage: this command is valid only on the seed switch examples: the following example displays countermeasures status: dws-1008# show rfdetect countermeasures total number of entries: 190 rogue mac type countermeasures ipaddr port/radio radio mac /channel ----------------...
Page 282
D-link dws-1008 cli manual examples: the following command shows counters for rogue activity detected by a switch: dws-1008# show rfdetect countermeasures type current total ------------------------------------------------------------------------------------------------------------ rogue access poin...
Page 283: Show Rfdetect Data
D-link dws-1008 cli manual 80 show rfdetect data displays information about the aps detected by a switch. Syntax: show rfdetect data defaults: none. Access: enabled. Usage: you can enter this command on any switch. The output applies only to the switch on which you enter the command. To display all ...
Page 284: Show Rfdetect Ignore
D-link dws-1008 cli manual 81 the table below describes the fields in this display. Field description bssid mac address of the ssid used by the detected device. Vendor company that manufactures or sells the rogue device. Type classification of the rogue device: • rogue—wireless device that is not su...
Page 285: Show Rfdetect Ssid-List
D-link dws-1008 cli manual 8 show rfdetect ssid-list displays the entries in the permitted ssid list. Syntax: show rfdetect ssid-list defaults: none. Access: enabled. Examples: the following example shows the permitted ssid list on switch: dws-1008# show rfdetect ssid-list total number of entries: 3...
Page 287: Test Rflink
D-link dws-1008 cli manual 8 the table below describes the fields in this display. Field description transmit mac mac address the rogue device that sent the 802.11 packet detected by the ap radio vendor company that manufactures or sells the rogue device. Type classification of the rogue device: • r...
Page 288
D-link dws-1008 cli manual 8 examples: the following command tests the rf link between the switch and the client with mac address 00:0e:9b:bf:ad:13: dws-1008# test rflink mac 00:0e:9b:bf:ad:13 rf-link test to 00:0e:9b:bf:ad:13 : session-id: 2 packets sent packets rcvd rssi snr rtt (micro-secs) -----...
Page 289: File Management Commands
D-link dws-1008 cli manual 8 file management commands use file management commands to manage system files and to display software and boot information. This chapter presents file management commands alphabetically. Use the following table to locate commands in this chapter based on their use. Softwa...
Page 291: Clear Boot Config
D-link dws-1008 cli manual 88 examples: the following command creates an archive of the system-critical files and copies the archive directly to a tftp server. The filename in this example includes a tftp server ip address, so the archive is not stored locally on the switch. Dws-1008# backup system ...
Page 292: Copy
D-link dws-1008 cli manual 8 examples: the following commands back up the configuration file on a switch, reset the switch to its factory default configuration, and reboot the switch: dws-1008# copy configuration tftp://10.1.1.1/backupcfg success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] dws...
Page 293
D-link dws-1008 cli manual 0 usage: the filename and file:filename urls are equivalent. You can use either url to refer to a file in a switch’s nonvolatile memory. The tftp://ip-addr/filename url refers to a file on a tftp server. If dns is configured on the switch, you can specify a tftp server’s h...
Page 294: Delete
D-link dws-1008 cli manual 1 delete caution: mss does not prompt you to verify whether you want to delete a file. When you press enter after typing a delete command, mss immediately deletes the specified file. Note: mss does not allow you to delete the currently running software image file or the ru...
Page 296
D-link dws-1008 cli manual core:command_audit.Cur 37 bytes aug 28 2005, 21:11:41 total: 37 bytes used, 91707 kbytes free the following command displays the files in the root directory: dws-1008# dir file: =========================================================== file: filename size created file:co...
Page 297: Install Soda Agent
D-link dws-1008 cli manual the table below describes the fields in the dir output. Field description filename filename or subdirectory name. For files, the directory name is shown in front of the filename (for example, file: configuration). The file: directory is the root directory. For subdirectori...
Page 298: Load Config
D-link dws-1008 cli manual load config caution: this command completely removes the running configuration and replaces it with the configuration contained in the file. D-link recommends that you save a copy of the current running configuration to a backup configuration file before loading a new conf...
Page 300: Reset System
D-link dws-1008 cli manual dws-1008# dir ========================================================== file: filename size created file:configuration 17 kb may 21 2004, 18:20:53 file:configuration.Txt 379 bytes may 09 2004, 18:55:17 corp2/ 512 bytes may 21 2004, 19:22:09 corp_a/ 512 bytes may 21 2004, ...
Page 301: Restore
D-link dws-1008 cli manual 8 examples: the following command restarts a switch that does not have any unsaved configuration changes: dws-1008# reset system this will reset the entire system. Are you sure (y/n)y the following commands attempt to restart a switch with a running configuration that has ...
Page 302: Rmdir
D-link dws-1008 cli manual usage: if a file in the archive has a counterpart on the switch, the archive version of the file replaces the file on the switch. The restore command does not delete files that do not have counterparts in the archive. For example, the command does not completely replace th...
Page 303: Save Config
D-link dws-1008 cli manual 00 examples: the following example removes subdirectory corp2: dws-1008# rmdir corp2 success: change accepted. See also: • dir • mkdir save config saves the running configuration to a configuration file. Syntax: save config [filename] filename name of the configuration fil...
Page 304: Set Boot Configuration-File
D-link dws-1008 cli manual 01 set boot backup-configuration specifies the name of a backup configuration file to be used in the event that mss cannot read the switch’s configuration file at boot time. Syntax: set boot backup-configuration filename filename name of the file to use as a backup configu...
Page 306: Show Config
D-link dws-1008 cli manual 0 the table below describes the fields in the show boot output. Field description configured boot version software version the switch will run next time the software is rebooted. Configured boot image boot partition and image filename mss will use to boot next time the sof...
Page 307: Show Version
D-link dws-1008 cli manual 0 • spantree • system • trace • vlan • vlan-fdb if you do not specify a configuration area, nondefault information for all areas is displayed. All includes configuration items that are set to their default values. Defaults: none. Access: enabled. Usage: if you do not use o...
Page 308
D-link dws-1008 cli manual 0 examples: the following command displays version information for a switch: dws-1008# show version mobility system software, version: 4.1.0 qa 67 copyright (c) 2002, 2003, 2004, 2005 d-link, inc. All rights reserved. Build information: (build#67) top 2005-07-21 04:41:00 m...
Page 309: Uninstall Soda Agent
D-link dws-1008 cli manual 0 the table below describes the fields in the show version output. Field description build information factory timestamp of the image file. Label software version and build date. Build suffix build suffix. Model build model. Hardware version information for the switch’s mo...
Page 310: Access Point Commands
D-link dws-1008 cli manual 0 access point commands use dwl-8220ap access point commands to configure and manage dwl-8220ap access points. Be sure to do the following before using the commands: • define the country-specific ieee 802.11 regulations on the dws-1008 switch. • install the dwl-8220ap acce...
Page 311: Clear Dap Boot-Configuration
D-link dws-1008 cli manual 08 examples the following command disables and resets radio 2 on the dwl-8220ap access point connected to port 3: dws-1008# clear ap 3 radio 2 clear dap boot-configuration removes the static ip address configuration for a distributed ap. Syntax: clear dap boot-configuratio...
Page 312: Clear Radio-Profile
D-link dws-1008 cli manual 0 clear radio-profile removes a radio profile or resets one of the profile’s parameters to its default value. Syntax: clear radio-profile name [parameter] name parameter defaults if you reset an individual parameter, the parameter is returned to it’s default value. Access:...
Page 314
D-link dws-1008 cli manual 11 examples: the following commands disable the radios that are using radio profile rp6, remove service-profile svcprof6 from rp6, then clear svcprof6 from the configuration. Dws-1008# set radio-profile rp6 mode disable dws-1008# clear radio-profile rp6 service-profile svc...
Page 315: Set Dap Auto
D-link dws-1008 cli manual 1 set dap auto creates a profile for automatic configuration of distributed aps. Syntax: set dap auto defaults: none. Access: enabled. The following table lists the configurable profile parameters and their defaults. The only parameter that requires configuration is the pr...
Page 318
D-link dws-1008 cli manual 1 defaults: the default radio type for the dwl-8220ap is 802.11g. Access: enabled examples: the following command sets the radio type to 802.11b: dws-1008# set dap auto radiotype 11b success: change accepted. See also: • set dap auto • set dap auto mode • set dap auto pers...
Page 319
D-link dws-1008 cli manual 1 if ap port 1 is indirectly connected to dws-1008 switches through the network, the ap boots from the switch with the high bias for the ap. If the bias for all connections is the same, the ap selects the switch that has the greatest capacity to add more active aps. For ex...
Page 320: Set Dap Boot-Ip
D-link dws-1008 cli manual 1 examples: the following command enables led blink mode on the access points connected to ports 3 and 4: dws-1008# set ap 3-4 blink enable success: change accepted. Set dap boot-ip specifies static ip address information for a distributed ap. Syntax: set dap dap-num boot-...
Page 321: Set Dap Boot-Switch
D-link dws-1008 cli manual 18 examples: the following command configures distributed ap 1 to use ip address 172.16.0.42 with a 24-bit netmask, and use 172.16.0.20 as its default gateway: dws-1008# set dap 1 boot-ip ip 172.16.0.42 netmask 255.255.255.0 gateway 172.16.0.20 mode enable success: change ...
Page 322: Set Dap Boot-Switch
D-link dws-1008 cli manual 1 when a static ip address is specified for a distributed ap, there is no preconfigured dns information or dns name for the dws-1008 the distributed ap attempts to use as its boot device. If you configure a static ip address for a distributed ap, but do not specify a boot ...
Page 323
D-link dws-1008 cli manual 0 usage: when this command is configured, all ethernet frames emitted from the distributed ap are formatted with an 802.1q tag with a specified vlan number. Frames sent to the distributed ap that are not tagged with this value are ignored. Examples: the following command c...
Page 324: Set Dap Fingerprint
D-link dws-1008 cli manual 1 set dap fingerprint verifies an ap’s fingerprint on an dws-1008. If ap-dws security is required by an dws-1008, an ap can establish a management session with the switch only if you have verified the ap’s identity by verifying its fingerprint on the switch. Syntax: set da...
Page 329
D-link dws-1008 cli manual indoors outdoors defaults: the default antenna location is indoors. Access: enabled examples: the following command sets the antenna location for radio 1 on distributed ap 22 to outdoors: dws-1008# set dap 22 radio 1 antenna-location outdoors success: change accepted. See ...
Page 330
D-link dws-1008 cli manual defaults: all radios use the internal antenna by default. Access: enabled examples: the following command configures the 802.11b/g radio on distributed ap 1 to use antenna model ant1060: dws-1008# set dap 1 radio 1 antennatype ant1060 success: change accepted. See also: • ...
Page 331
D-link dws-1008 cli manual 8 example: the following command sets the maximum power that rf auto-tuning can set on radio 1 on the dwl-8220ap access point on port 5 to 12 dbm. Dws-1008# set ap 5 radio 1 auto-tune max-power 12 success: change accepted. See also: • set radio-profile auto-tune power-conf...
Page 332
D-link dws-1008 cli manual examples: the following command configures the channel on the 802.11a radio on the dwl-8220ap access point connected to port 5: dws-1008# set ap 5 radio 1 channel 36 success: change accepted. The following command configures the channel and transmit power on the 802.11b/g ...
Page 333
D-link dws-1008 cli manual 0 usage: to enable or disable one or more radios to which a profile is assigned, use the set ap radio radio-profile command. To enable or disable all radios that use a specific radio profile, use the set radio-profile command. Examples: the following command enables radio ...
Page 334
D-link dws-1008 cli manual 1 defaults: when you create a new profile, the radio parameters in the profile are set to their factory default values. To enable or disable all radios that use a specific radio profile, use set radio-profile. Access: enabled. Examples: the following command enables radio ...
Page 335: Set Dap Security
D-link dws-1008 cli manual examples: the following command configures the transmit power on the 802.11a radio on the dwl-8220ap access point connected to port 5: dws-1008# set ap 5 radio 1 tx-power 10 success: change accepted. The following command configures the channel and transmit power on the 80...
Page 336
D-link dws-1008 cli manual ap can establish a management session with the dws-1008 switch only if its fingerprint has been confirmed by you in mss. A change to dwl-8220ap security support does not affect management sessions that are already established. To apply the new setting to an dwl-8220ap, res...
Page 337
D-link dws-1008 cli manual set radio-profile active-scan disables or reenables active rf detection scanning on the dwl-8220ap radios managed by a radio profile. When active scanning is enabled, dwl-8220ap radios look for rogue devices by sending probe any requests (probe requests with a null ssid na...
Page 338
D-link dws-1008 cli manual name enable disable no-client defaults: dynamic channel assignment is enabled by default. Access: enabled. Usage: if you disable rf auto-tuning for channels, mss does not dynamically set the channels when radios are first enabled and also does not tune the channels during ...
Page 339
D-link dws-1008 cli manual name rate defaults: the default rf auto-tuning channel holddown is 900 seconds. Access: enabled. Usage: the channel holddown applies even if rf anomalies occur that normally cause an immediate channel change. Examples: the following command changes the channel holddown for...
Page 340
D-link dws-1008 cli manual if you set the interval to 0, rf auto-tuning does not reevaluate the channel at regular intervals. However, rf auto-tuning can still change the channel in response to rf anomalies. Examples: the following command sets the channel interval for radios in radio profile rp2 to...
Page 342
D-link dws-1008 cli manual set radio-profile auto-tune power-interval sets the interval at which rf auto-tuning decides whether to change the power level on radios in a radio profile. At the end of each interval, mss processes the results of the rf scans performed during the previous interval, and c...
Page 343
D-link dws-1008 cli manual 0 set radio-profile auto-tune power-lockdown locks down the current power settings on all radios in a radio profile. The power settings that are in effect when the command is entered are changed into statically configured power settings on the radios. Rf auto-tuning of pow...
Page 344
D-link dws-1008 cli manual 1 defaults: the default interval is 60 seconds. Access: enabled. Examples: the following command changes the power ramp interval for radios in radio profile rp2 to 120 seconds: dws-1008# set radio-profile rp2 auto-tune power-ramp-interval 120 success: change accepted. See ...
Page 345
D-link dws-1008 cli manual set radio-profile countermeasures countermeasures affect wireless service on a radio. When an ap radio is sending countermeasures, the radio is disabled for use by network traffic, until the radio finishes sending the countermeasures. Enables or disables countermeasures fo...
Page 346
D-link dws-1008 cli manual the following command causes radios managed by radio profile radprof3 to issue countermeasures against devices in the dws-1008’s attack list: dws-1008# radio-profile radprof3 countermeasures configured success: change accepted. Note that when you issue this command, counte...
Page 347
D-link dws-1008 cli manual set radio-profile frag-threshold changes the fragmentation threshold for the dwl-8220ap radios in a radio profile. The fragmentation threshold is the threshold at which the long-retry-count is applicable instead of the short-retry-count. The long-retry-count specifies the ...
Page 348
D-link dws-1008 cli manual set radio-profile max-rx-lifetime changes the maximum receive threshold for the dwl-8220ap radios in a radio profile. The maximum receive threshold specifies the number of milliseconds that a frame received by a radio can remain in buffer memory. Syntax: set radio-profile ...
Page 349: Set Radio-Profile Mode
D-link dws-1008 cli manual defaults: the default maximum receive threshold for dwl-8220ap radios is 2000ms (2 seconds). Access: enabled. Usage: you must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples...
Page 350
D-link dws-1008 cli manual parameter default value radio behavior when parameter set to default value active-scan enable sends probe any requests (probe requests with a null ssid name) to solicit probe responses from other access points. Auto-tune enable allows dynamic configuration of channel and p...
Page 351
D-link dws-1008 cli manual 8 access: enabled. Usage: use the command without any optional parameters to create new profile. If the radio profile does not already exist, mss creates a new radio profile. Use the enable or disable option to enable or disable all the radios using a profile. To assign th...
Page 355
D-link dws-1008 cli manual examples: the following command changes the rts threshold for radio profile rp1 to 1500 bytes: dws-1008# set radio-profile rp1 rts-threshold 1500 success: change accepted. See also: • set radio-profile mode • show radio-profile set radio-profile service-profile maps a serv...
Page 356
D-link dws-1008 cli manual parameter default value radio behavior when parameter set to default value cac-mode none does not limit the number of active user sessions based on call admission control. Cac-session 14 if session-based cac is enabled ( cac-mode is set to session), limits the number of ac...
Page 357
D-link dws-1008 cli manual parameter default value radio behavior when parameter set to default value psk-phrase no passphrase defined uses dynamically generated keys rather than statically configured keys to authenticate wpa clients. Psk-raw no preshared key defined uses dynamically generated keys ...
Page 358
D-link dws-1008 cli manual parameter default value radio behavior when parameter set to default value user-idle-timeout 180 allows a client to remain idle for 180 seconds (3 minutes) before mss changes the client’s session to the disassociated state. Web-portal-acl portalacl note: this is the defaul...
Page 359
D-link dws-1008 cli manual access: enabled. Usage: you must configure the service profile before you can map it to a radio profile. You can map the same service profile to more than one radio profile. You must disable all radios that use a radio profile before you can change parameters in the profil...
Page 360: Set Service-Profile Attr
D-link dws-1008 cli manual set service-profile attr configures authorization attributes that are applied by default to users accessing the ssid managed by the service profile. These ssid default attributes are applied in addition to any supplied by the radius server or from the local database. Synta...
Page 361
D-link dws-1008 cli manual 8 defaults: by default, a service profile does not have any authorization attributes set. Access: enabled. Usage: to change the value of a default attribute for a service profile, use the set service- profile attr command and specify a new value. The ssid default attribute...
Page 362
D-link dws-1008 cli manual set service-profile auth-dot1x disables or reenables 802.1x authentication of wi-fi protected access (wpa) clients by ap radios, when the wpa information element (ie) is enabled in the service profile that is mapped to the radio profile that the radios are using. Syntax: s...
Page 363
D-link dws-1008 cli manual 0 set service-profile auth-fallthru specifies the authentication type for users who do not match an 802.1x or mac authentication rule for an ssid managed by the service profile. When a user tries to associate with an ssid, mss checks the authentication rules for that ssid ...
Page 364: Set Service-Profile Auth-Psk
D-link dws-1008 cli manual 1 the service profile rnd_lab to web-portal: dws-1008# set service-profile rnd_lab auth-fallthru web-portal success: change accepted. See also: • set web-portal • set service-profile web-portal-form • show service-profile set service-profile auth-psk enables preshared key ...
Page 365: Set Service-Profile Beacon
D-link dws-1008 cli manual set service-profile beacon disables or reenables beaconing of the ssid managed by the service profile. An ap radio responds to an 802.11 probe any request with only the beaconed ssid(s). For a nonbeaconed ssid, radios respond only to directed 802.11 probe requests that mat...
Page 366
D-link dws-1008 cli manual name none session defaults: the default cac mode is none. Access: enabled. Examples: the following command enables session-based cac on service profile sp1: dws-1008# set service-profile sp1 cac-mode session success: change accepted. See also: • set service-profile cac-ses...
Page 367
D-link dws-1008 cli manual examples: the following command changes the maximum number of sessions for radios used by service profile sp1 to 10: dws-1008# set service-profile sp1 cac-session 10 success: change accepted. See also: • set service-profile cac-mode • show service-profile set service-profi...
Page 369
D-link dws-1008 cli manual defaults: 104-bit wep encryption is disabled by default. Access: enabled. Usage: to use 104-bit wep with wpa clients, you must also enable the wpa ie. When 104-bit wep in wpa is enabled in the service profile, radios managed by a radio profile that is mapped to the service...
Page 370: Set Service-Profile Cos
D-link dws-1008 cli manual defaults: 40-bit wep encryption is disabled by default. Access: enabled. Usage: to use 40-bit wep with wpa clients, you must also enable the wpa ie. When 40-bit wep in wpa is enabled in the service profile, radios managed by a radio profile that is mapped to the service pr...
Page 371
D-link dws-1008 cli manual 8 usage: this command applies only when static cos is enabled. If static cos is disabled, prioritization is based on the qos mode configured in the radio profile, and on any acls that set cos. To enable static cos, use the set service-profile static-cos command. Examples: ...
Page 372
D-link dws-1008 cli manual set service-profile idle-client-probing disables or reenables periodic keepalives from ap radios to clients on a service profile’s ssid. When idle-client probing is enabled, the ap radio sends a unicast null-data frame to each client every 10 seconds. Normally, a client th...
Page 373
D-link dws-1008 cli manual 0 name enable disable defaults: this option is disabled by default. Access: enabled. Usage: even when this option is enabled, the dws-1008 to which a user roams (the roamed-to switch) can reassign the vlan in any of the following cases: examples: the following command enab...
Page 374
D-link dws-1008 cli manual 1 access: enabled. Usage: the length of time a client can remain idle (unresponsive to idle-client probes) is specified by the user-idle-timeout command. Examples: the following command changes the long retry threshold for service profile sp1 to 8: dws-1008# set service-pr...
Page 375
D-link dws-1008 cli manual name enable disable defaults: the no-broadcast mode is disabled by default. (broadcast traffic not disabled.) access: enabled. Usage: to further reduce arp traffic on a service profile, use the set service-profile proxy-arp command to enable proxy arp. Examples: the follow...
Page 376
D-link dws-1008 cli manual defaults: proxy arp is disabled by default. Access: enabled. Usage: to further reduce broadcast traffic on a service profile, use the set service-profile no- broadcast command to disable dhcp and arp request broadcasts. Examples: the following command enables proxy arp on ...
Page 377: Set Service-Profile Psk-Raw
D-link dws-1008 cli manual examples: the following command configures service profile sp3 to use passphrase “1234567890123?=+&% the quick brown fox jumps over the lazy sl”: dws-1008# set service-profile sp3 psk-phrase “1234567890123?=+&% the quick brown fox jumps over the lazy sl” success: change ac...
Page 378: Set Service-Profile Rsn-Ie
D-link dws-1008 cli manual set service-profile rsn-ie enables the robust security network (rsn) information element (ie). The rsn ie advertises the rsn (sometimes called wpa2) authentication methods and cipher suites supported by radios in the radio profile mapped to the service profile. Syntax: set...
Page 379
D-link dws-1008 cli manual set service-profile short-retry-count changes the short retry threshold for a service profile. The short retry threshold specifies the number of times a radio can send a short unicast frame without receiving an acknowledgment. A short unicast frame is a frame that is short...
Page 380
D-link dws-1008 cli manual name threshold defaults: the default short unicast retry threshold is 5 attempts. Access: enabled. Examples: the following command changes the short retry threshold for service profile sp1 to 3: dws-1008# set service-profile sp1 short-retry-count 3 success: change accepted...
Page 382
D-link dws-1008 cli manual set service-profile soda failure-page specifies a page on the dws-1008 that is loaded when a client fails the security checks performed by the soda agent. Syntax: set service-profile name soda failure-page page name page defaults: by default, the dws-1008 dynamically gener...
Page 383
D-link dws-1008 cli manual 80 set service-profile soda logout-page specifies a page on the dws-1008 that is loaded when a client logs out of the network by closing the soda virtual desktop. Syntax: set service-profile name soda logout-page page name page defaults: none. Access: enabled. Usage: when ...
Page 385
D-link dws-1008 cli manual 8 defaults: disabled. Access: enabled. Usage: if the soda agent checks fail on a client, by default the client is disconnected from the network. Optionally, you can specify a failure page for the client to load (with the set service-profile soda failure-page command). When...
Page 386
D-link dws-1008 cli manual 8 the page is assumed to reside in the root directory on the dws-1008. Optionally specify a different directory where the page resides. This functionality occurs only when the enforce checks option is enabled for the service profile. The enforce checks option is enabled by...
Page 387
D-link dws-1008 cli manual 8 examples: the following command applies the name guest to the ssid managed by service profile clear_wlan: dws-1008# set service-profile clear_wlan ssid-name guest success: change accepted. The following command applies the name corporate users to the ssid managed by serv...
Page 388
D-link dws-1008 cli manual 8 set service-profile static-cos enables or disables static cos on a service profile. Static cos assigns the same cos level to all traffic on the service profile’s ssid, regardless of 802.1p or dscp markings in the packets themselves, and regardless of any acls that mark c...
Page 389
D-link dws-1008 cli manual 8 set service-profile tkip-mc-time changes the length of time that ap radios use countermeasures if two message integrity code (mic) failures occur within 60 seconds. When countermeasures are in effect, dwl-8220aps dissociate all tkip and wpa wep clients and refuse all ass...
Page 391
D-link dws-1008 cli manual 88 defaults: this command has the following defaults: • mandantory: • 11a - 6.0,12.0,24.0 • 11b - 1.0,2.0 • 11g - 1.0,2.0,5.5,11.0 • disabled - none. All rates applicable to the radio type are supported by default. • beacon-rate: • 11a - 6.0 • 11b - 2.0 • 11g - 2.0 • multi...
Page 392
D-link dws-1008 cli manual 8 syntax: set service-profile name user-idle-timeout seconds name seconds defaults: the default user idle timeout is 180 seconds (3 minutes). Access: enabled. Examples: the following command increases the user idle timeout to 360 seconds (6 minutes): dws-1008# set service-...
Page 393
D-link dws-1008 cli manual 0 access: enabled. Usage: the first time you set the service profile’s auth-fallthru option to web-portal, mss sets the web-portal-acl option to portalacl. The value remains portalacl even if you change the auth-fallthru option again. To change the web-portal-acl value, yo...
Page 394
D-link dws-1008 cli manual 1 note: to use webaaa, the fallthru authentication type in the service profile that manages the ssid must be set to web-portal. To use webaaa for a wired authentication port, edit the port configuration with the set port type wired-auth command. The web-portal authenticati...
Page 395
D-link dws-1008 cli manual set service-profile web-portal-session-timeout changes the number of seconds mss allows web portal webaaa sessions to remain in the deassociated state before being terminated automatically. Syntax: set service-profile name web-portal-session-timeout seconds name seconds de...
Page 396
D-link dws-1008 cli manual set service-profile wep active-multicast-index specifies the static wired-equivalent privacy (wep) key (one of four) to use for encrypting multicast frames. Syntax: set service-profile name wep active-multicast-index num name num defaults: if wep encryption is enabled and ...
Page 397
D-link dws-1008 cli manual access: enabled. Usage: before using this command, you must configure values for the wep keys you plan to use. Use the set service-profile wep key-index command. Examples: the following command configures service profile sp2 to use wep key 4 for encrypting unicast traffic:...
Page 398: Set Service-Profile Wpa-Ie
D-link dws-1008 cli manual examples: the following command configures a 5-byte wep key for key index 1 on service profile sp2 to aabbccddee: dws-1008# set service-profile sp2 wep key-index 1 key aabbccddee success: change accepted. See also: • set service-profile wep active-multicast-index • set ser...
Page 399
D-link dws-1008 cli manual list of ports connected to the dwl-8220ap access point(s) for which to display configuration settings. Number of a distributed ap for which to display configuration settings. Shows configuration information for radio 1. Shows configuration information for radio 2. (this op...
Page 400
D-link dws-1008 cli manual the following table describes the fields in this display. Field description port dws-1008 port number. Note: this field is applicable only if the dwl-8220ap is directly connected to the dws-1008 and the dws-1008’s port is configured as an ap access port. Dap connection id ...
Page 402
D-link dws-1008 cli manual txunipkt txunibyte rxpkt undcrptpkt txmultipkt txmultibyte rxbyte undcrptbyte phyerr 1.0: 1017 0 10170 0 14 8347 0 0 3964 2.0: 5643 55683 822545 8697520 3 1670 0 0 8695 5.5: 0 0 0 0 5 258 0 0 4 6.0: 0 0 0 0 0 0 0 0 51 9.0: 0 0 0 0 1 172 0 0 53 11.0: 0 0 0 0 17 998 0 0 35 1...
Page 403
D-link dws-1008 cli manual 00 field description tkip pkt replays number of tkip packets that were resent to the ap by a client. A low value (under about one hundred) does not necessarily indicate a problem. However, if this counter is increasing steadily or has a very high value (in the hundreds or ...
Page 404
D-link dws-1008 cli manual 01 field description user sessions number of clients currently associated with the radio. Generally, this counter is equal to the number of sessions listed for the radio in show sessions output. However, the counter can differ from the counter in show sessions output if a ...
Page 405
D-link dws-1008 cli manual 0 field description txunipkt number of unicast packets transmitted by the radio. Txmultipkt number of multicast packets transmitted by the radio. Txunibyte number of unicast bytes transmitted by the radio. Txmultibyte number of multicast bytes transmitted by the radio. Rxp...
Page 407
D-link dws-1008 cli manual 0 field description cos cos value associated with the forwarding queues. Queue forwarding queue. Dap or port distributed ap number or dwl-8220ap port number. Radio radio number. Tx number of packets transmitted to the air from the queue. Txdrop number of packets dropped fr...
Page 408
D-link dws-1008 cli manual 0 examples: the following command displays ethernet statistics for the ethernet ports on distributed ap 1: dws-1008# show dap etherstats 1 dap: 1 ether: 1 ================================= rxunicast: 75432 txgoodframes: 55210 rxmulticast: 18789 txsinglecoll: 32 rxbroadcast...
Page 409
D-link dws-1008 cli manual 0 field description rxoverruns number of frames known to be lost due to a temporary lack of hardware resources. Rxdiscards number of frames known to be lost due to a temporary lack of software resources. Txgoodframes number of frames transmitted properly on the link. Txsin...
Page 410
D-link dws-1008 cli manual 0 examples: the following command displays information for dwl-8220ap access point group loadbalance1: dws-1008# set service-profile sp2 wpa-ie enable the following table describes the fields in this display: field description load balance grp name of the dwl-8220ap access...
Page 412
D-link dws-1008 cli manual 0 the following command displays the status of a distributed ap access point: dws-1008# show ap status 1 the following command uses the terse option to display brief information for distributed aps: dws-1008# show dap status terse the following table describe the fields in...
Page 413
D-link dws-1008 cli manual 10 field description dap connection id for the distributed ap. Note: this field is applicable only if the ap is configured on the dws-1008 as a distributed ap. Port dws-1008 port number. Note: this field is applicable only if the ap is directly connected to the dws- 1008 a...
Page 414
D-link dws-1008 cli manual 11 field description radio 1 type radio 2 type 802.11 type and configuration state of the radio. • the configure succeed state indicates that the ap has received configuration parameters for the radio and the radio is ready to accept client connections. • 802.11b protect i...
Page 415: Show Auto-Tune Attributes
D-link dws-1008 cli manual 1 output for show ap status terse and show dap status terse field description port dws-1008ap port number connected to the ap. Flg operational status flags for the ap. For flag definitions, see the key in the command output. Ip address ip address of the ap. The address is ...
Page 418: Show Dap Boot-Configuration
D-link dws-1008 cli manual 1 the following table describes the fields in the display: field description channel channel on which the bssid is detected. Neighbor bss/mac bssid detected by the radio. Rssi received signal strength indication (rssi), in decibels referred to 1 milliwatt (dbm). A higher v...
Page 419
D-link dws-1008 cli manual 1 examples: the following command displays static ip configuration information for distributed ap 1: dws-1008# show dap boot-configuration 1 field description dap distributed ap number. Ip address whether static ip address assignment is enabled for this distributed ap. Vla...
Page 422
D-link dws-1008 cli manual 1 to show information only for distributed aps that have active connections, use the show dap connection command. Examples: to show information only for distributed aps that have active connections, use the show dap connection command. Dws-1008# show dap global total numbe...
Page 423: Show Dap Unconfigured
D-link dws-1008 cli manual 0 show dap unconfigured displays distributed aps that are physically connected to the network but that are not configured on any dws-1008s. Syntax: show dap unconfigured defaults: none. Access: enabled. Usage: this command also displays an ap that is directly connected to ...
Page 425
D-link dws-1008 cli manual field description rts threshold minimum length (in bytes) a frame can be for a radio in the radio profile to use the rts/cts method to send the frame. The rts/cts method clears the air of other traffic to avoid corruption of the frame due to a collision with another frame....
Page 426
D-link dws-1008 cli manual see also: • set radio-profile active-scan • set radio-profile auto-tune channel-config • set radio-profile auto-tune channel-holddown • set radio-profile auto-tune channel-interval • set radio-profile auto-tune channel-lockdown • set radio-profile auto-tune power-config • ...
Page 428
D-link dws-1008 cli manual field description ssid-name service set identifier (ssid) managed by this service profile. Ssid-type ssid type: • crypto—wireless traffic for the ssid is encrypted. • clear—wireless traffic for the ssid is unencrypted. Beacon indicates whether the radio sends beacons, to a...
Page 429
D-link dws-1008 cli manual field description custom logout web-page the name of the user-specified page that the client loads upon logging out of the network, either by closing the soda virtual desktop, or by requesting the page. If no page is specified, then the client is disconnected without loadi...
Page 430
D-link dws-1008 cli manual field description shared key auth indicates whether shared-key authentication is enabled. Wpa enabled or rsn enabled indicates that the wi-fi protected access (wpa) or robust security network (rsn) information element (ie) is enabled. Additional fields display the settings...
Page 431: Stp Commands
D-link dws-1008 cli manual 8 stp commands use spanning tree protocol (stp) commands to configure and manage spanning trees on the virtual lans (vlans) configured on a switch, to maintain a loop-free network. This chapter presents stp commands alphabetically. Use the following table to locate command...
Page 432: Clear Spantree Portcost
D-link dws-1008 cli manual clear spantree portcost resets to the default value the cost of a network port or ports on paths to the stp root bridge in all vlans on a dws-1008 switch. Syntax: clear spantree portcost port-list port-list list of ports. The port cost is reset on the specified ports. Defa...
Page 434: Clear Spantree Statistics
D-link dws-1008 cli manual 1 defaults: none. Access: enabled. Usage: mss does not change a port’s priority for vlans other than the one(s) you specify. Examples: the following command resets the stp priority for port 5 in vlan avocado: dws-1008# clear spantree portvlanpri 5 vlan avocado success: cha...
Page 436: Set Spantree Fwddelay
D-link dws-1008 cli manual defaults: stp backbone fast path convergence is disabled by default. Access: enabled. Usage: if you plan to use the backbone fast convergence feature, you must enable it on all the bridges in the spanning tree. Examples: the following command enables backbone fast converge...
Page 438: Set Spantree Portcost
D-link dws-1008 cli manual examples: the following command changes the maximum acceptable age for root bridge hello packets on all vlans to 15 seconds: dws-1008# set spantree maxage 15 all success: change accepted. See also: • show spantree set spantree portcost changes the cost that transmission th...
Page 441: Set Spantree Priority
D-link dws-1008 cli manual 8 defaults: the default stp priority for all network ports is 128. Access: enabled. Examples: the following command sets the priority of ports 3 and 4 to 48 on vlan mauve: dws-1008# set spantree portvlanpri 3-4 priority 48 vlan mauve success: change accepted. See also: • c...
Page 442: Set Spantree Uplinkfast
D-link dws-1008 cli manual set spantree uplinkfast enables or disables stp uplink fast convergence on a switch. This feature enables a switch with redundant links to the network backbone to immediately switch to the backup link to the root bridge if the primary link fails. Syntax: set spantree uplin...
Page 443
D-link dws-1008 cli manual 0 defaults: none. Access: all. Examples: the following command displays stp information for vlan default: dws-1008# show spantree vlan default vlan 1 spanning tree mode pvst+ spanning tree type ieee spanning tree enabled designated root 00-02-4a-70-49-f7 designated root pr...
Page 444
D-link dws-1008 cli manual 1 field description bridge id priority this switch’s bridge priority. Bridge max age this switch’s maximum acceptable age for hello packets. Bridge hello time this switch’s hello interval. Bridge forward delay this switch’s forwarding delay value. Port port number. Note: o...
Page 445: Show Spantree Backbonefast
D-link dws-1008 cli manual show spantree backbonefast indicates whether the stp backbone fast convergence feature is enabled or disabled. Syntax: show spantree backbonefast defaults: none. Access: all. Examples: the following example shows the command output on a switch with backbone fast convergenc...
Page 446: Show Spantree Portfast
D-link dws-1008 cli manual show spantree portfast displays stp uplink fast convergence information for all network ports or for one or more network ports. Syntax: show spantree portfast [port-list] port-list list of ports. If you do not specify any ports, mss displays uplink fast convergence informa...
Page 447: Show Spantree Portvlancost
D-link dws-1008 cli manual show spantree portvlancost displays the cost of a port on a path to the stp root bridge, for each of the port’s vlans. Syntax: show spantree portvlancost port-list port-list list of ports. Defaults: none. Access: all. Examples: the following command shows the stp port cost...
Page 448
D-link dws-1008 cli manual examples: the following command shows stp statistics for port 1: dws-1008# show spantree statistics 1 bpdu related parameters port 1 vlan 1 spanning tree enabled for vlan = 1 port spanning tree enabled state forwarding port_id 0x8015 port_number 0x15 path cost 0x4 message ...
Page 449
D-link dws-1008 cli manual vlan based information & statistics spanning tree type ieee spanning tree multicast address 01-00-0c-cc-cc-cd bridge priority 32768 bridge mac address 00-0b-0e-12-34-56 bridge hello time 2 bridge forward delay 15 topology change initiator: 0 last topology change occured: t...
Page 450
D-link dws-1008 cli manual field description message age age of the protocol information for a port and the value of the maximum age parameter (shown in parenthesis) recorded by the switch. Designated_root mac address of the root bridge. Designated cost total path cost to reach the root bridge. Desi...
Page 451: Show Spantree Uplinkfast
D-link dws-1008 cli manual 8 field description bridge forward delay value of the forwarding delay interval, in seconds, when this switch is the root or is attempting to become the root. Topology change initiator port number that initiated the most recent topology change. Last topology change occurre...
Page 452
D-link dws-1008 cli manual examples: the following command shows uplink fast convergence information for all vlans: dws-1008# show spantree uplinkfast vlan port list ----------------------------------------- 1 1(fwd),2,3 the table below describes the fields in this display. Field description vlan vl...
Page 453: Igmp Snooping Commands
D-link dws-1008 cli manual 0 igmp snooping commands use internet group management protocol (igmp) snooping commands to configure and manage multicast traffic reduction on a switch. This chapter presents igmp snooping commands alphabetically. Use the following table to locate commands in this chapter...
Page 454: Clear Igmp Statistics
D-link dws-1008 cli manual 1 clear igmp statistics clears igmp statistics counters on one vlan or all vlans on a switch and resets them to 0. Syntax: clear igmp statistics [vlan vlan-id] vlan vlan-id vlan name or number. If you do not specify a vlan, igmp statistics are cleared for all vlans. Defaul...
Page 455: Set Igmp Lmqi
D-link dws-1008 cli manual set igmp lmqi changes the igmp last member query interval timer on one vlan or all vlans on a switch. Syntax: set igmp lmqi tenth-seconds [vlan vlan-id] lmqi tenth-seconds amount of time (in tenths of a second) that the switch waits for a response to a group-specific query...
Page 456: Set Igmp Mrsol
D-link dws-1008 cli manual defaults: by default, no ports are static multicast router ports. Access: enabled. Usage: you cannot add ap access ports or wired authentication ports as static multicast ports. However, mss can dynamically add these port types to the list of multicast ports based on multi...
Page 457: Set Igmp Mrsol Mrsi
D-link dws-1008 cli manual set igmp mrsol mrsi changes the interval between multicast router solicitations by a switch on one vlan or all vlans. Syntax: set igmp mrsol mrsi seconds [vlan vlan-id] seconds number of seconds between multicast router solicitations. You can specify a value from 1 through...
Page 458: Set Igmp Proxy-Report
D-link dws-1008 cli manual examples: the following command changes the other-querier-present interval on vlan orange to 200 seconds: dws-1008# set igmp oqi 200 vlan orange success: change accepted. See also: • set igmp lmqi • set igmp qi • set igmp qri • set igmp querier • set igmp mrouter • set igm...
Page 459: Set Igmp Qi
D-link dws-1008 cli manual set igmp qi changes the igmp query interval timer on one vlan or all vlans on a switch. Syntax: set igmp qi seconds [vlan vlan-id] qi seconds number of seconds that elapse between general queries sent by the switch when the switch is the querier for the subnet. You can spe...
Page 460: Set Igmp Qri
D-link dws-1008 cli manual set igmp qri changes the igmp query response interval timer on one vlan or all vlans on a switch. Syntax: set igmp qri tenth-seconds [vlan vlan-id] qri tenth-seconds amount of time (in tenths of a second) that the switch waits for a receiver to respond to a group-specific ...
Page 462: Set Igmp Rv
D-link dws-1008 cli manual usage: you cannot add ap access ports or wired authentication ports as static multicast ports. However, mss can dynamically add these port types to the list of multicast ports based on multicast traffic. Examples: the following command adds port 7 as a static multicast rec...
Page 463: Show Igmp
D-link dws-1008 cli manual 0 show igmp displays igmp configuration information and statistics for one vlan or all vlans. Syntax: show igmp [vlan vlan-id] vlan vlan-id vlan name or number. If you do not specify a vlan, mss displays igmp information for all vlans. Defaults: none. Access: all. Examples...
Page 464
D-link dws-1008 cli manual 1 igmp message type received transmitted dropped ---------------------------------------------------------------------------------------- general-queries 0 0 0 gs-queries 0 0 0 report v1 0 0 0 report v2 5 1 4 leave 0 0 0 mrouter-adv 0 0 0 mrouter-term 0 0 0 mrouter-sol 50 ...
Page 465: Show Igmp Mrouter
D-link dws-1008 cli manual field description ttl number of seconds before this entry ages out if not refreshed. For static multicast router entries, the time-to-live (ttl) value is undef. Static multicast router entries do not age out. Group ip address of a multicast group. The show igmp receiver-ta...
Page 466
D-link dws-1008 cli manual vlan vlan-id vlan name or number. If you do not specify a vlan, mss displays the multicast routers in all vlans. Defaults: none. Access: all. Examples: the following command displays the multicast routers in vlan orange: dws-1008# show igmp mrouter vlan orange multicast ro...
Page 467: Show Igmp Querier
D-link dws-1008 cli manual show igmp querier displays information about the active multicast querier, on one vlan or all vlans. Queriers are listed separately for each vlan. Each vlan can have only one querier. Syntax: show igmp querier [vlan vlan-id] vlan vlan-id vlan name or number. If you do not ...
Page 468: Show Igmp Receiver-Table
D-link dws-1008 cli manual the table below describes the fields in the display when a querier other than the switch is present. Field description querier for vlan vlan containing the querier. Information is listed separately for each vlan. Querier-ip ip address of the querier interface. Querier-mac ...
Page 469: Show Igmp Statistics
D-link dws-1008 cli manual the following command lists all receivers for multicast groups 237.255.255.1 through 237.255.255.255, in all vlans: dws-1008# show igmp receiver-table group 237.255.255.0/24 vlan: red session port receiver-ip receiver-mac ttl -----------------------------------------------...
Page 470
D-link dws-1008 cli manual examples: the following command displays igmp statistics for vlan orange: dws-1008# show igmp statistics vlan orange igmp statistics for vlan orange: igmp message type received transmitted dropped ----------------------------------------------------------------------------...
Page 471
D-link dws-1008 cli manual 8 field description received number of packets received. Transmitted number of packets transmitted. This number includes both multicast packets originated by the switch and multicast packets received and then forwarded by the switch. Dropped number of igmp packets dropped ...
Page 472: Security Acl Commands
D-link dws-1008 cli manual security acl commands use security acl commands to configure and monitor security access control lists (acls). Security acls filter packets to restrict or permit network usage by certain users or traffic types, and can assign to packets a class of service (cos) to define t...
Page 474: Clear Security Acl Map
D-link dws-1008 cli manual 1 dws-1008# show security acl info all acl information for all set security acl ip acl_134 (hits #3 0) --------------------------------------------------------- 1. Permit ip source ip 192.168.0.1 0.0.0.0 destination ip any enable-hits set security acl ip acl_135 (hits #2 0...
Page 475: Commit Security Acl
D-link dws-1008 cli manual in removes the security acl from traffic coming into the switch. Out removes the security acl from traffic going out of the switch. Defaults: none. Access: enabled. Usage: to clear a security acl map, type the name of the acl with the vlan, physical port or ports, virtual ...
Page 476
D-link dws-1008 cli manual defaults: none. Access: enabled. Usage: use the commit security acl command to save security acls into, or delete them from, the permanent configuration. Until you commit the creation or deletion of a security acl, it is stored in an edit buffer and is not enforced. After ...
Page 477: Rollback Security Acl
D-link dws-1008 cli manual rollback security acl clears changes made to the security acl edit buffer since it was last saved. The acl is rolled back to its state after the last commit security acl command was entered. All uncommitted acls in the edit buffer are cleared. Syntax: rollback security acl...
Page 478: Set Security Acl
D-link dws-1008 cli manual set security acl in the edit buffer, creates a security access control list (acl), adds one access control entry (ace) to a security acl, and/or reorders aces in the acl. The aces in an acl filter ip packets by source ip address, a layer 4 protocol, or ip, icmp, tcp, or ud...
Page 479
D-link dws-1008 cli manual acl-name security acl name. Acl names must be unique within the switch, must start with a letter, and are case-insensitive. Specify an acl name of up to 32 of the following characters: • letters a through z and a through z • numbers 0 through 9 • hyphen (-), underscore (_)...
Page 480
D-link dws-1008 cli manual source-ip-addr ip address and wildcard mask of the network or host from which the packet is being sent. Specify both address and mask in dotted decimal notation. To match on any address, specify any or 0.0.0.0 255.255.255.255. Operator port operand and port number(s) for m...
Page 481
D-link dws-1008 cli manual 8 dscp codepoint filters packets by differentiated services code point (dscp) value. You can specify a number from 0 to 63, in decimal or binary format. Note: you cannot use the dscp option along with the precedence and tos options in the same ace. The cli rejects an ace t...
Page 482: Set Security Acl Map
D-link dws-1008 cli manual the following command creates acl_125 by defining an ace that denies tcp packets from source ip address 192.168.0.1 to destination ip address 192.168.0.2 for established sessions only, and counts the hits: dws-1008# set security acl ip acl_125 deny tcp 192.168.0.1 0.0.0.0 ...
Page 483
D-link dws-1008 cli manual 80 tag tag-list one or more values that identify a virtual port in a vlan. Specify a single tag value from 1 through 4095. Or specify a comma-separated list of values, a hyphen-separated range, or any combination, with no spaces. Mss assigns the security acl to the specifi...
Page 484
D-link dws-1008 cli manual 81 set security acl hit-sample-rate specifies the time interval, in seconds, at which the packet counter for each security acl is sampled for display. The counter counts the number of packets filtered by the security acl—or “hits.” syntax: set security acl hit-sample-rate ...
Page 485: Show Security Acl
D-link dws-1008 cli manual 8 show security acl displays a summary of the security acls that are mapped. Syntax: show security acl defaults: none. Access: enabled. Usage: this command lists only the acls that have been mapped to something (a user, or vlan, or port, and so on). To list all committed a...
Page 486: Show Security Acl Editbuffer
D-link dws-1008 cli manual 8 show security acl editbuffer displays a summary of the security acls that have not yet been committed to the configuration. Syntax: show security acl [info all] editbuffer info all displays the aces in each uncommitted acl. Without this option, only the ace names are lis...
Page 487: Show Security Acl Hits
D-link dws-1008 cli manual 8 show security acl hits displays the number of packets filtered by security acls (“hits”) on the switch. Each time a packet is filtered by a security acl, the hit counter increments. Syntax: show security acl hits defaults: none. Access: enabled. Usage: for mss to count h...
Page 488
D-link dws-1008 cli manual 8 defaults: none. Access: enabled. Examples: to display the contents of all security acls committed on a switch, type the following command: dws-1008# show security acl info acl information for all set security acl ip acl_123 (hits #5 462) ---------------------------------...
Page 489: Show Security Acl Map
D-link dws-1008 cli manual 8 show security acl map displays the vlans, ports, and virtual ports on the switch to which a security acl is assigned. Syntax: show security acl map acl-name acl-name name of an existing security acl for which to show static mapping. Acl names must start with a letter and...
Page 490
D-link dws-1008 cli manual 8 examples to display security acl resource usage, type the following command: dws-1008# show security acl resource-usage acl resources classifier tree counters ------------------------------- number of rules: 2 number of leaf nodes: 1 stored rule count: 2 leaf chain count...
Page 491
D-link dws-1008 cli manual 88 field description number of rules number of security aces currently mapped to ports or vlans. Number of leaf nodes number of security acl data entries stored in the rule tree. Stored rule count number of security aces stored in the rule tree. Leaf chain count number of ...
Page 492
D-link dws-1008 cli manual 8 field description static default action definition of a default action: • true—a default action types is defined. • false—no default action type is defined. No per-user (mac) mapping per-user application of a security acl with the filter-id attribute, on the switch: • tr...
Page 493: Trace Commands
D-link dws-1008 cli manual 0 trace commands use trace commands to perform diagnostic routines. While mss allows you to run many types of traces, this chapter describes commands for those traces you are most likely to use. For a complete listing of the types of traces mss allows, type the set trace ?...
Page 495: Save Trace
D-link dws-1008 cli manual save trace saves the accumulated trace data for enabled traces to a file in the switch’s nonvolatile storage. Syntax: save trace filename filename name for the trace file. To save the file in a subdirectory, specify the subdirectory name, then a slash. For example: traces/...
Page 496: Set Trace Authorization
D-link dws-1008 cli manual set trace authorization traces authorization information. Syntax: set trace authorization [mac-addr mac-address] [port port-num] [user username] [level level] mac-addr mac-address traces a mac address. Specify a mac address, using colons to separate the octets (for example...
Page 497: Set Trace Sm
D-link dws-1008 cli manual port port-num traces a port number. Specify a port number between 1 and 22. User username traces a user. Specify a username of up to 80 alphanumeric characters with no spaces. Level level determines the quantity of information included in the output. You can set the level ...
Page 498: Show Trace
D-link dws-1008 cli manual defaults: the default trace level is 5. Access: enabled. Examples: type the following command to trace session manager activity for mac address 00:01:02:03:04:05: dws-1008# set trace sm mac-addr 00:01:02:03:04:05: success: change accepted. See also: • clear trace • show tr...
Page 499: Snoop Commands
D-link dws-1008 cli manual snoop commands use snoop commands to monitor wireless traffic, by using a distributed ap as a sniffing device. The ap copies the sniffed 802.11 packets and sends the copies to an observer, which is typically a protocol analyzer such as ethereal or tethereal. This chapter p...
Page 501
D-link dws-1008 cli manual 8 condition-list match criteria for packets. Conditions in the list are anded. Therefore, to be copied and sent to an observer, a packet must match all criteria in the condition-list. You can specify up to eight of the following conditions in a filter, in any order or comb...
Page 502
D-link dws-1008 cli manual usage traffic that matches a snoop filter is copied after it is decrypted. The decrypted (clear) version is sent to the observer. For best results: • do not specify an observer that is associated with the ap where the snoop filter is running. This configuration causes an e...
Page 505: Show Snoop
D-link dws-1008 cli manual 0 show snoop displays the ap radio mapping for all snoop filters. Syntax: show snoop defaults: none. Access: enabled. Usage: to display the mappings for a specific ap radio, use the show snoop map command. Examples: the following command shows the ap radio mappings for all...
Page 506: Show Snoop Map
D-link dws-1008 cli manual 0 show snoop map shows the ap radios that are mapped to a specific snoop filter. Syntax: show snoop map filter-name filter-name name of the snoop filter. Defaults: none. Access: enabled. Usage: to display the mappings for all snoop filters, use the show snoop command. Exam...
Page 507
D-link dws-1008 cli manual 0 the table below describes the fields in this display. Field description filter name of the snoop filter. Dap distributed ap containing the radio to which the filter is mapped. Radio radio to which the filter is mapped. Rx match number of packets received by the radio tha...
Page 508: System Log Commands
D-link dws-1008 cli manual 0 system log commands use the system log commands to record information for monitoring and troubleshooting. Mss system logs are based on rfc 3164, which defines the log protocol. This chapter presents system log commands alphabetically. Use the following table to locate co...
Page 510
D-link dws-1008 cli manual 0 local-facility facility-level for messages sent to a syslog server, maps all messages of the severity you specify to one of the standard local log facilities defined in rfc 3164. You can specify one of the following values: • 0—maps all messages to local0. • 1—maps all m...
Page 511: Set Log Mark
D-link dws-1008 cli manual 08 set log mark configures mss to generate mark messages at regular intervals. The mark messages indicate the current system time and date. D-link can use the mark messages to determine the approximate time when a system restart or other event causing a system outage occur...
Page 512: Show Log Buffer
D-link dws-1008 cli manual 18 128
Page 513: Show Log Config
D-link dws-1008 cli manual 10 usage: the debug level produces a lot of messages, many of which can appear to be somewhat cryptic. Debug messages are used primarily by d-link for troubleshooting and are not intended for administrator use. Examples: type the following command to see the facilities for...
Page 515
D-link dws-1008 cli manual 1 examples: type the following command to see the facilities for which you can view event messages archived in the buffer: dws-1008# show log trace facility ? Select one of: kernel, aaa, syslogd, acl, apm, arp, aso, boot, cli, cluster, crypto, dot1x, encap, ethernet, gatew...
Page 516: Boot Prompt Commands
D-link dws-1008 cli manual 1 boot prompt commands boot prompt commands enable you to perform basic tasks, including booting a system image file, from the boot prompt (boot>). A cli session enters the boot prompt if mss does not boot successfully or you intentionally interrupt the boot process. To in...
Page 518
D-link dws-1008 cli manual 1 ha=ip-addr host address (ip address) of a tftp server. This parameter applies only when the boot type is n (network). Fl=num number representing the bit settings of boot flags to pass to the booted system image. Use this parameter only if advised to do so by d-link. Opt=...
Page 519: Change
D-link dws-1008 cli manual 1 change changes parameters in the currently active boot profile. Syntax: change defaults: the default boot type is c (compact flash). The default filename is default. The default flags setting is 0x00000000 (all flags disabled) and the default options list is run=nos;boot...
Page 520: Create
D-link dws-1008 cli manual 1 create creates a new boot profile. Syntax: create defaults: the new boot profile has the same settings as the currently active boot profile by default. Access: boot prompt. Usage: a dws-1008 switch can have up to four boot profiles. The boot profiles are stored in slots,...
Page 521: Delete
D-link dws-1008 cli manual 18 delete removes the currently active boot profile. Syntax: delete defaults: none. Access: boot prompt. Usage: when you type the delete command, the next-lower numbered boot profile becomes the active profile. For example, if the currently active profile is number 3, prof...
Page 522: Diag
D-link dws-1008 cli manual 1 defaults: the dhcp option is disabled by default. Access: boot prompt. Examples: the following command displays the current setting of the dhcp option: boot> dhcp dhcp is currently enabled. The following command disables the dhcp option: boot> dhcp dhcp is currently disa...
Page 523: Fver
D-link dws-1008 cli manual 0 defaults: none. Access: boot prompt. Usage: to display the system image software versions, use the fver command. This command does not list the boot code versions. To display the boot code versions, use the version command. Examples: the following command displays all th...
Page 524: Help
D-link dws-1008 cli manual 1 examples: the following command displays the system image version installed in boot partition 1: boot> fver boot1 file boot1:default version is 1.1.0.98. See also: • dir • version help displays a list of all the boot prompt commands or detailed information for an individ...
Page 525
D-link dws-1008 cli manual ls displays a list of the boot prompt commands. Syntax: ls defaults: none. Access: boot prompt. Usage: to display help for an individual command, type help followed by the command name (for example, help boot). Examples: to display a list of the commands available at the b...
Page 526: Next
D-link dws-1008 cli manual next activates and displays the boot profile in the next boot profile slot. Syntax: next defaults: none. Access: boot prompt. Usage: a dws-1008 switch contains 4 boot profile slots, numbered 0 through 3. This command activates the boot profile in the next slot, in ascendin...
Page 527: Reset
D-link dws-1008 cli manual reset resets a dws-1008 switch’s hardware. Syntax: reset defaults: none. Access: boot prompt. Usage: after resetting the hardware, the reset command attempts to load a system image file only if other boot settings are configured to do so. Examples: to immediately reset the...
Page 528: Show
D-link dws-1008 cli manual show displays the currently active boot profile. A boot profile is a set of parameters that a switch uses to control the boot process. Each boot profile contains the following parameters: • boot type—either compact flash (local device on the switch) or network (tftp) • boo...
Page 529
D-link dws-1008 cli manual the table below describes the fields in the display. Field description boot index boot profile slot, which can be a number from 0 to 3. Boot type boot type: • c—compact flash. Boots using nonvolatile storage or a flash card. • n—network. Boots using a tftp server. Device l...
Page 531
D-link dws-1008 cli manual 8 examples: to display hardware and boot code version information, type the following command at the boot prompt: boot> version d-link systems bootstrap/bootloader version 1.6.5 release bootstrap 0 version: 1.17 active bootloader 0 version: 1.6.5 active bootstrap 1 version...