D-Link DES-3200 User Manual

Page 1

Page 2

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Table of Contents

Chapter 1 Using Command Line Interface............................................................................................. 1

Chapter 2 Basic Command List .............................................................................................................8

Chapter 3 802.1Q VLAN Command List..............................................................................................22

Chapter 4 802.1X Command List......................................................................................................... 36

Chapter 5 Access Authentication Control Command List....................................................................61

Chapter 6 Access Control List (ACL) Command List........................................................................... 82

Chapter 7 Address Resolution Protocol (ARP) Command List..........................................................102

Chapter 8 ARP Spoofing Prevention Command List .........................................................................107

Chapter 9 Auto-Configuration Command List....................................................................................109

Chapter 10 Basic Commands Command List......................................................................................112

Chapter 11 BPDU Attack Protection Command List............................................................................ 128

Chapter 12 Cable Diagnostics Command List .....................................................................................133

Chapter 13 Command Logging Command List....................................................................................136

Chapter 14 Compound Authentication Command List ........................................................................138

Chapter 15 Configuration Command List............................................................................................. 142

Chapter 16 Connectivity Fault Management (CFM) Command List....................................................147

Chapter 17 CPU Interface Filtering Command List..............................................................................174

Chapter 18 Debug Software Command List ........................................................................................ 183

Chapter 19 DHCP Local Relay Command List....................................................................................190

Chapter 20 DHCP Relay Command List..............................................................................................196

Chapter 21 DHCP Server Screening Command List ...........................................................................213

Chapter 22 Digital Diagnostic Monitoring (DDM) Commands .............................................................216

Chapter 23 D-Link Unidirectional Link Detection (DULD) Command List ........................................... 222

Chapter 24 DoS Attack Prevention Command List.............................................................................. 224

Chapter 25 Ethernet Ring Protection Switching (ERPS) Command List.............................................228

Chapter 26 Filter Command List .......................................................................................................... 237

Chapter 27 Filter Database (FDB) Command List...............................................................................240

Chapter 28 Flash File System (FFS) Command List ........................................................................... 250

Chapter 29 Gratuitous ARP Command List .........................................................................................259

Chapter 30 IGMP / MLD Snooping Command List..............................................................................265

Chapter 31 IP-MAC-Port Binding (IMPB) Command List .................................................................... 309

Chapter 32 IPv6 Neighbor Discover Command List ............................................................................ 325

Chapter 33 IPv6 Route Command List ................................................................................................329

Chapter 34 Jumbo Frame Command List............................................................................................ 332

Page 3

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Chapter 35

Chapter 36 Link Aggregation Command List .......................................................................................338

Chapter 37 Link Layer Discovery Protocol (LLDP) Command List......................................................345

Chapter 38 Loop Back Detection (LBD) Command List ...................................................................... 363

Chapter 39 MAC Notification Command List ....................................................................................... 369

Chapter 40 MAC-based Access Control Command List...................................................................... 374

Chapter 41 MAC-based VLAN Command List.....................................................................................390

Chapter 42 Mirror Command List......................................................................................................... 393

Chapter 43 MSTP debug enhancement Command List ......................................................................396

Chapter 44 Multicast Filter Command List...........................................................................................402

Chapter 45 Multicast VLAN Command List .........................................................................................413

Chapter 46 Multiple Spanning Tree Protocol (MSTP) Command List ................................................. 424

Chapter 47 Network Load Balancing (NLB) Command List ................................................................437

Chapter 48 Network Monitoring Command List...................................................................................442

Chapter 49 OAM Commands............................................................................................................... 449

Chapter 50 Peripherals Command List................................................................................................457

Layer 2 Protocol Tunneling (L2PT) Command List........................................................... 334

Chapter 51 Ping Command List...........................................................................................................462

Chapter 52 Port Security Command List .............................................................................................464

Chapter 53 Power over Ethernet (PoE) Command List (DES-3200-28P and DES-3200-52P Only) .. 472

Chapter 54 PPPoE Circuit ID Insertions Command List......................................................................478

Chapter 55 Protocol VLAN Command List ..........................................................................................482

Chapter 56 QinQ Command List.......................................................................................................... 488

Chapter 57 Quality of Service (QoS) Command List ........................................................................... 496

Chapter 58 Safeguard Engine Command List ..................................................................................... 512

Chapter 59 Secure Shell (SSH) Command List................................................................................... 514

Chapter 60 Secure Sockets Layer (SSL) Command List ....................................................................522

Chapter 61 Show Technical Support Command List...........................................................................528

Chapter 62 Simple Mail Transfer Protocol (SMTP) Command List .....................................................531

Chapter 63 Simple Network Management Protocol (SNMP) Command List ......................................536

Chapter 64 Single IP Management Command List .............................................................................561

Chapter 65 Syslog and Trap Source-interface Command List ............................................................ 571

Chapter 66 System Log Command List ...............................................................................................575

Chapter 67 System Severity Command List ........................................................................................586

Chapter 68 Telnet Client Command List..............................................................................................588

Chapter 69 TFTP/FTP Client Command List.......................................................................................589

Chapter 70 Time and SNTP Command List ........................................................................................599

Page 4

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Chapter 71

Chapter 72 Traffic Control Command List ...........................................................................................609

Chapter 73 Traffic Segmentation Command List................................................................................. 614

Chapter 74 Trusted Host Command List .............................................................................................616

Chapter 75 Unicast Routing Command List......................................................................................... 620

Chapter 76 VLAN Trunking Command List.......................................................................................... 623

Chapter 77 Password Recovery Command List..................................................................................628

Appendix A Password Recovery Procedure......................................................................................... 630

Appendix B System Log Entries ........................................................................................................... 632

Appendix C Trap Log Entries................................................................................................................642

Appendix D RADIUS Attributes Assignment.........................................................................................646

Trace Route Command List .............................................................................................. 606

III

Page 5

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Chapter 1

Using Command Line

Interface

The Switch can be managed through the Switch’s serial port, Telnet, SNMP or the Web-based management agent. The Command Line Interface (CLI) can be used to configure and manage the Switch via the serial port or Telnet interfaces.

This manual provides a reference for all of the commands contained in the CLI. Every command will be introduced in terms of purpose, format, description, parameters, and examples. Configuration and management of the Switch via the Web-based management agent are discussed in the Web UI Reference Guide. For detailed information on installing hardware please also refer to the Hardware Installation Guide.

1-1 Accessing the Switch via the Serial Port

The Switch’s serial port’s default settings are as follows:

• 115200 baud

• no parity

• 8 data bits

• 1 stop bit

A computer running a terminal emulation program capable of emulating a VT-100 terminal and a serial port configured as above are then connected to the Switch’s Console port via an included RS-232 to RJ-45 convertor cable.

With the serial port properly connected to a management computer, the following screen should be visible. If this screen does not appear, try pressing Ctrl+r to refresh the console screen.

Fast Ethernet Switch

Command Line Interface

Firmware: Build 4.04.004

:admin#

There is no initial username or password. Just press the Enter key twice to display the CLI input cursor  DES-3200-28P:admin#. This is the command line where all commands are input.

1-2 Setting the Switch’s IP Address

Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch’s default IP address is 10.90.90.90. You can change the default Switch IP address to meet the specification of your networking address scheme.

Page 6

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

The Switch is also assigned a unique MAC address by the factory. This MAC address cannot be changed, and can be found on the initial boot console screen – shown below.

Boot Procedure V4.00.002

-------------------------------------------------------------------------------

Power On Self Test ........................................ 100 %

MAC Address : 00-01-02-03-04-00 H/W Version : C1

Please Wait, Loading 4.04.004 Runtime Image .............. 100 %

UART init ................................................. 100 %

Starting runtime image

Device Discovery .......................................... 100 %

Configuration init ........................................ |

The Switch’s MAC address can also be found in the Web management program on the Switch Information (Basic Settings) window on the Configuration menu.

The IP address for the Switch must be set before it can be managed with the Web-based manager. The Switch IP address can be automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the Switch must be known.

Starting at the command line prompt, enter the commands config ipif System ipaddress xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy. Where the x’s represent the IP address to be assigned to the IP interface named System and the y’s represent the corresponding subnet mask.

Alternatively, you can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x’s represent the IP address to be assigned to the IP interface named System and the z represents

the corresponding number of subnets in CIDR notation.

The IP interface named System on the Switch can be assigned an IP address and subnet mask

which can then be used to connect a management station to the Switch’s Telnet or Web-based management agent.

:admin#config ipif System ipaddress 10.24.22.100/255.0.0.0 Command: config ipif System ipaddress 10.24.22.100/8

Success.

:admin#

In the above example, the Switch was assigned an IP address of 10.24.22.100 with a subnet mask

of 255.0.0.0. The system message Success indicates that the command was executed

successfully. The Switch can now be configured and managed via Telnet, SNMP MIB browser and the CLI or via the Web-based management agent using the above IP address to connect to the Switch.

Page 7

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

There are a number of helpful features included in the CLI. Entering the ? command will display a

list of all of the top-level commands.

.. ? cable_diag ports cd cfm linktrace cfm loopback clear clear address_binding dhcp_snoop binding_entry ports clear arptable clear attack_log clear cfm pkt_cnt clear counters clear ethernet_oam ports clear fdb clear igmp_snooping data_driven_group clear igmp_snooping statistics counter clear log clear mac_based_access_control auth_state clear mld_snooping data_driven_group clear mld_snooping statistics counter clear port_security_entry config 802.1p default_priority

CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All

When entering a command without its required parameters, the CLI will prompt you with a Next possible completions: message.

:admin#config account Command: config account Next possible completions: <username>

:admin#

In this case, the command config account was entered with the parameter <username>. The CLI will then prompt to enter the <username> with the message, Next possible completions:. Every

command in the CLI has this feature, and complex commands have several layers of parameter prompting.

In addition, after typing any given command plus one space, users can see all of the next possible

sub-commands, in sequential order, by repeatedly pressing the Tab key.

To re-enter the previous command at the command prompt, press the up arrow cursor key. The previous command will appear at the command prompt.

Page 8

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

:admin#config account Command: config account Next possible completions: <username>

:admin#config account

In the above example, the command config account was entered without the required parameter <username>, the CLI returned the Next possible completions: <username> prompt. The up

arrow cursor control key was pressed to re-enter the previous command (config account) at the command prompt. Now the appropriate username can be entered and the config accoun t

command re-executed.

All commands in the CLI function in this way. In addition, the syntax of the help prompts are the same as presented in this manual  angle brackets < > indicate a numerical value or character string, braces { } indicate optional parameters or a choice of parameters, and brackets [ ] indicate required parameters.

If a command is entered that is unrecognized by the CLI, the top-level commands will be displayed

under the Available commands: prompt.

:admin#the Available commands: .. ? cable_diag cd cfm clear config copy create debug del delete dir disable download enable erase login logout md move no ping ping6 rd reboot reconfig rename reset save show smtp telnet traceroute traceroute6 upload

:admin#

The top-level commands consist of commands such as show or config. Most of these commands require one or more parameters to narrow the top-level command. This is equivalent to show what? or config what? Where the what? is the next parameter.

For example, entering the show command with no additional parameters, the CLI will then display

all of the possible next parameters.

Page 9

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

:admin#show Command: show Next possible completions:

802.1p 802.1x access_profile account accounting acct_client address_binding arp_spoofing_prevention arpentry attack_log auth_client auth_diagnostics auth_session_statistics auth_statistics authen authen_enable authen_login authen_policy authentication authorization autoconfig bandwidth_control boot_file bpdu_protection cfm command command_history config cpu cpu_filter current_config ddm device_status dhcp_local_relay dhcp_relay dos_prevention dot1v_protocol_group dscp duld environment erps error ethernet_oam fdb filter flow_meter gratuitous_arp greeting_message gvrp igmp igmp_snooping ipif ipif_ipv6_link_local_auto iproute ipv6 ipv6route jumbo_frame l2protocol_tunnel lacp_port limited_multicast_addr link_aggregation lldp log log_save_timing log_software_module loopdetect mac_based_access_control mac_based_access_control_local mac_based_vlan mac_notification max_mcast_group mcast_filter_profile mirror mld_snooping multicast multicast_fdb nlb packet password_recovery per_queue poe port port_security port_security_entry port_vlan ports power_saving pppoe pvid qinq radius rmon router_ports safeguard_engine scheduling scheduling_mechanism serial_port session sim smtp snmp sntp ssh ssl storage_media_info stp switch syslog system_severity tech_support terminal tftp time time_range traffic traffic_segmentation trap trusted_host utilization vlan vlan_translation vlan_trunk

:admin#

In the above example, all of the possible next parameters for the show command are displayed. At the next command prompt, the up arrow was used to re-enter the show command, followed by the account parameter. The CLI then displays the user accounts configured on the Switch.

1-3 Command Syntax Symbols

Syntax Description

angle brackets < > Encloses a variable or value. Users must specify the variable or value.

For example, in the syntax

Page 10

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

create ipif <ipif_name 12> {<network_address>} <vlan_name 32>

{secondary | state [enable | disable] | proxy_arp [enable | disable] {local [enable | disable]}}

users must supply an IP interface name for <ipif_name 12> ,a VLAN name for <vlan_name 32> and an address for <network_address>

when entering the command. DO NOT TYPE THE ANGLE BRACKETS.

square brackets [ ] Encloses a required value or list of required arguments. Only one

value or argument must be specified. For example, in the syntax

create account [admin | operator | power_user | user] <username

15> {encrypt [plain_text | sha_1] <password>}

users must specify either the admin-level or user-level account when entering the command. DO NOT TYPE THE SQUARE BRACKETS.

vertical bar | Separates mutually exclusive items in a list, one of which must be

entered. For example, in the syntax

create ipif <ipif_name 12> {<network_address>} <vlan_name 32>

{secondary | state [enable | disable] | proxy_arp [enable | disable] {local [enable | disable]}}

users must specify either the community or trap receiver in the command. DO NOT TYPE THE VERTICAL BAR.

braces { } Encloses an optional value or a list of optional arguments. One or

more values or arguments can be specified. For example, in the syntax

reset {[config | system]} {force_agree}

users may choose configure or system in the command. DO NOT TYPE THE BRACES.

parentheses ( ) Indicates at least one or more of the values or arguments in the

preceding syntax enclosed by braces must be specified. For example, in the syntax

config bpdu_protection ports [<portlist> | all] {state [enable | disable] |

mode [drop | block | shutdown]}(1) users have the option to specify hops or time or both of them. The "(1)"

following the set of braces indicates at least one argument or value within the braces must be specified. DO NOT TYPE THE PARENTHESES.

ipif <ipif_name 12>

metric <value 1-31>

12 means the maximum length of the IP interface name. 1-31 means the legal range of the metric value.

1-4 Line Editing Keys

Keys Description

Delete Delete character under cursor and shift remainder of line to left.

Backspace Delete character to left of cursor and shift remainder of line to left.

Page 11

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Insert Toggle on and off. When toggled on, inserts text and shifts previous

text to right.

Left Arrow Move cursor to left.

Right Arrow Move cursor to right

Tab Help user to select appropriate token.

P Display the previous page.

N or Space Display the next page.

CTRL+C Escape from displayed pages.

ESC Escape from displayed pages.

Q Escape from displayed pages.

R refresh the displayed pages

a Display the remaining pages. (The screen display will not pause again.)

Enter Display the next line.

The screen display pauses when the show command output reaches the end of the page.

Page 12

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Chapter 2

show session show serial_port config serial_port {baud_rate [9600 | 19200 | 38400 | 115200] | auto_logout [never | 2_minutes |

5_minutes | 10_minutes | 15_minutes]}

enable clipaging disable clipaging login logout ? clear show command_history config command_history <value 1-40> config greeting_message {default} show greeting_message config command_prompt [<string 16> | username | default] config terminal width [default | <value 80-200>] show terminal width config ports [<portlist> | all ] {medium_type [fiber | copper]} {speed [auto | 10_half | 10_full |

100_half | 100_full | 1000_full {[master | slave]} ] | flow_control [enable | disable] | learning [enable | disable ] | state [enable | disable] | mdix [auto | normal | cross] | [description <desc 132> | clear_description]}

show ports {<portlist>} {[description | err_disabled | details | media_type]}

Basic Command List

2-1 show session

Description

This command is used to display a list of currently users which are login to the Switch.

Format

show session

Parameters

None.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example

To display the session entries:

Page 13

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

ID Live Time From Level Name

--- ------------ --------------------------------------- ----- -------------- 0 00:01:46.360 10.90.90.10 puser puser 8 00:05:49.340 Serial Port admin admin

Total Entries: 2

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

2-2 show serial_port

Description

This command is used to display the current serial port settings.

Format

show serial_port

Parameters

None.

Restrictions

None.

Example

To display the serial port setting:

:admin#show serial_port Command: show serial_port

Baud Rate : 115200 Data Bits : 8 Parity Bits : None Stop Bits : 1 Auto-Logout : 10 mins

:admin#

2-3 config serial_port

Description

This command is used to configure the serial bit rate that will be used to communicate with the management host and the auto logout time for idle connections.

Page 14

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

config serial_port {baud_rate [9600 | 19200 | 38400 | 115200] | auto_logo ut [never | 2_minutes | 5_minutes | 10_minutes | 15_minutes]}

Parameters

baud_rate - (Optional) The serial bit rate that will be used to communicate with the management

host. The default baud rate is 115200.

9600 - Specify the serial bit rate to be 9600. 19200 - Specify the serial bit rate to be 19200. 38400 - Specify the serial bit rate to be 38400. 115200 - Specify the serial bit rate to be 115200.

auto_logout - (Optional) The auto logout time out setting.

never - Never timeout. 2_minutes - When idle over 2 minutes, the device will auto logout. 5_minutes - When idle over 5 minutes, the device will auto logout. 10_minutes - When idle over 10 minutes, the device will auto logout. 15_minutes - When idle over 15 minutes, the device will auto logout.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example

To configure baud rate:

:admin#config serial_port baud_rate 9600 Command: config serial_port baud_rate 9600

Success.

:admin#

2-4 enable clipaging

Description

This command is used to enable the pausing of the screen display when the show command output reaches the end of the page. The default setting is enabled.

Format

enable clipaging

Parameters

None.

Restrictions

Only Administrator and Operator-level users can issue this command.

Page 15

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Example

To enable pausing of the screen display when show command output reaches the end of the page:

:admin#enable clipaging Command: enable clipaging

Success.

:admin#

2-5 disable clipaging

Description

This command is used to disable the pausing of the screen display when the show command output reaches the end of the page. The default setting is enabled.

Format

disable clipaging

Parameters

None.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example

To disable pausing of the screen display when show command output reaches the end of the page:

:admin#disable clipaging Command: disable clipaging

Success.

:admin#

2-6 login

Description

This command is used to allow user login to the Switch.

Format

Page 16

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

None.

Restrictions

None.

Example

To login the Switch with a user name dlink:

:admin#login Command: login

UserName:dlink PassWord:****

:admin#

2-7 logout

Description

This command is used to logout the facility.

Format

logout

Parameters

None.

Restrictions

None.

Example

To logout current user:

Page 17

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

:admin#logout Command: logout

********** * Logout * **********

Fast Ethernet Switch

Command Line Interface

Firmware: Build 4.04.004

2-8 ?

Description

This command is used to display the usage description for all commands or the specific one.

Format

Parameters

None.

Restrictions

None.

Example

To get “ping” command usage, descriptions:

:admin#? ping Command: ? ping

Command: ping Usage: <ipaddr> { times <value 1-255> | timeout <sec 1-99>} Description: Used to test the connectivity between network devices.

:admin#

2-9 clear

Description

The command is used to clear screen.

Page 18

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

clear

Parameters

None.

Restrictions

None.

Example

To clear screen:

:admin#clear Command: clear

:admin#

2-10 show command_history

Description

The command is used to display command history.

Format

show command_history

Parameters

None.

Restrictions

None.

Example

To display command history:

Page 19

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

:admin#show command_history Command: show command_history

? ping login show serial_port show session ? config bpdu_protection ports ? reset ? create account ? create ipif show the ?

:admin#

2-11 config command_history

Description

This command is used to configure the number of commands that the Switch can recall. The Switch “remembers” upto the last 40 commands you entered.

Format

config command_history <value 1-40>

Parameters

<value 1-40> - Enter the number of commands that the Switch can recall. This value must be

between 1 and 40.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example

To configure the number of command history:

:admin#config command_history 25 Command: config command_history 25

Success.

:admin#

2-12 config greeting_message

Description

This command is used to configure the greeting message (or banner).

Page 20

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

config greeting_message {default}

Parameters

default - (Optional) Adding this parameter to the “config greeting_message” command will return

the greeting message (banner) to its original factory default entry.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example

To edit the banner:

:admin#config greeting_message Command: config greeting_message

Greeting Messages Editor ===============================================================================

Fast Ethernet Switch Command Line Interface

<Function Key> <Control Key> Ctrl+C Quit without save left/right/ Ctrl+W Save and quit up/down Move cursor Ctrl+D Delete line Ctrl+X Erase all setting Ctrl+L Reload original setting

-------------------------------------------------------------------------------

2-13 show greeting_message

Description

The command is used to display greeting message.

Format

show greeting_message

Page 21

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

None.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example

To display greeting message:

:admin#show greeting_message Command: show greeting_message

=============================================================================== =

Fast Ethernet Switch Command Line Interface

:admin#

2-14 config command_prompt

Description

This command is used to modify the command prompt.

The current command prompt consists of four parts: “product name” + “:” + ”user level” + ”#” (e.g. “:admin#”). This command is used to modify the first part (1. “product name”) with a string consisting of a maximum of 16 characters, or to be replaced with the users’ login user name.

When users issue the “reset” command, the current command prompt will remain in tact. Yet, issuing the “reset system” will return the command prompt to its original factory default value.

Format

config command_prompt [<string 16> | username | default]

Parameters

<string 16> - Enter the new command prompt string of no more than 16 characters. username - Enter this command to set the login username as the command prompt. default - Enter this command to return the command prompt to its original factory default value.

Restrictions

Only Administrator and Operator-level users can issue this command.

Page 22

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Example

To edit the command prompt:

:admin#config command_prompt Prompt# Command: config command_prompt Prompt#

Success.

Prompt#:admin#

2-15 config terminal width

Description

The command is used to set current terminal width.

The usage is described as below:

1. Users login and configure the terminal width to 120, this configuration take effect on this login section. If users implement “save” command, the configuration is saved. After users log out and log in again, the terminal width is 120.

2. If user did not save the configuration, another user login, the terminal width is default value.

3. If at the same time, two CLI sessions are running, once section configure to 120 width and save it, the other section will not be effected, unless it log out and then log in.

Format

config terminal width [default | <value 80-200>]

Parameters

default - The default setting of terminal width. The default value is 80. <value 80-200> - The terminal width which will be configured. The width is between 80 and 200

characters.

Restrictions

None.

Example

To configure the current terminal width:

:admin#config terminal width 120 Command: config terminal width 120

Success.

:admin#

Page 23

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

2-16 show terminal width

Description

The command is used to display the configuration of current terminal width.

Format

show terminal width

Parameters

None.

Restrictions

None.

Example

To display the configuration of current terminal width:

:admin#show terminal width Command: show terminal width

Global terminal width : 80 Current terminal width : 80

:admin#

2-17 config ports

Description

This commands is used to configure the Switch's port settings.

Format

config ports [<portlist> | all ] {medium_type [fiber | copper]} {speed [auto | 10_half | 10_full | 100_half | 100_full | 1000_full {[master | slave]} ] | flow_control [enable | disable] | learning [enable | disable ] | state [enable | disable] | mdix [auto | normal | cross] | [description <desc 1-32> | clear_description]}

Parameters

<portlist> - Enter a list of ports used here. all - Specify that all the ports will be used for this configuration. medium_type - (Optional) Specify the medium type while the configure ports are combo ports

fiber - Specify that the medium type will be set to fiber. copper - Specify that the medium type will be set to copper.

speed - (Optional) Specify the port speed of the specified ports .

auto - Set port speed to auto negotiation. 10_half - Set port speed to 10_half.

Page 24

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

10_full - Set port speed to 10_full. 100_half - Set port speed to 100_half. 100_full - Set port speed to 100_full._ 1000_full - 1000_full set port speed to 1000_full. While set port speed to 1000_full,user

should specify master or slave mode for 1000 base TX interface, and leave the 1000_full without any master or slave setting for other interface.

master - Specify that the port(s) will be set to master. slave - Specify that the port(s) will be set to slave.

flow_control - (Optional) You can turn on or turn off flow control on one or more ports. By set

flow_control to enable or disable.

enable - Specify that the flow control option will be enabled. disable - Specify that the flow control option will be disabled.

learning - (Optional) You can turn on or turn off MAC address learning on one or more ports.

enable - Specify that the learning option will be enabled. disable - Specify that the learning option will be disabled.

state - (Optional) Enables or disables the specified port. If the specificed ports are in error-

disabled status , configure their state to enable will recover these ports from disabled to enable state.

enable - Specify that the port state will be enabled. disable - Specify that the port state will be disabled.

mdix - (Optional) MDIX mode can be specified as auto, normal, and cross. If set to normal state,

the port is in MDIX mode and can be connected to PC NIC using a straight cale. If set to cross state, the port is in mdi mode, and can be connected to a port (in mdix mode) on another switch thru a straight cabe.

auto - Specify that the MDIX mode for the port will be set to auto. normal - Specify that the MDIX mode for the port will be set to normal. cross - Specify that the MDIX mode for the port will be set to cross.

description - (Optional) Specify the description of the port interface.

<desc 1-32> - Enter the port interface description here. This value can be up to 32 characters

long.

clear_description - (Optional) Specify that the description field will be cleared.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example

To configure the ports:

:admin#config ports all medium_type copper speed auto Command: config ports all medium_type copper speed auto

Success.

:admin#

2-18 show ports

Description

This command is used to display the current configurations of a range of ports.

Format

show ports {<portlist>} {[description | err_disabled | details | media_type]}

Page 25

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

ports - Specify a range of ports to be displayed.

<portlist> - (Optional) Enter the list of ports to be configured here. description - (Optional) Indicates if port description will be included in the display . err_disabled - (Optional) Indicates if ports are disabled by some reasons will be displayed. details - (Optional) Displays the port details. media_type - (Optional) Displays port transceiver type.

Restrictions

None.

Example

To display the port details:

:admin#show ports details Command: show ports details

Port : 1

-------------------Port Status : Link Up Description : HardWare Type : Fast Ethernet MAC Address : 00-01-02-03-04-01 Bandwidth : 100000Kbit Auto-Negotiation : Enabled Duplex Mode : Full Duplex Flow Control : Disabled MDI : Normal Address Learning : Enabled Last Clear of Counter : 2 hours 43 mins ago BPDU Hardware Filtering Mode: Disabled Queuing Strategy : FIFO TX Load : 0/100, 0 bits/sec, 0 packets/sec RX Load : 0/100, 0 bits/sec, 0 packets/sec

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

Page 26

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Chapter 3

create vlan <vlan_name 32> tag <vlanid 2-4094> {type 1q_vlan advertisement} create vlan vlanid <vidlist> {advertisement} delete vlan <vlan_name 32> delete vlan vlanid <vidlist> config vlan <vlan_name 32> {[add [tagged | untagged | forbidden] | delete] <portlist> |

advertisement [enable | disable]}(1)

config vlan vlanid <vidlist> {[add [tagged | untagged | forbidden] | delete] <portlist> |

advertisement [enable | disable] | name <vlan_name 32>}(1)

config port_vlan [<portlist> | all] {gvrp_state [enable | disable] | ingress_checking [enable |

disable] | acceptable_frame [tagged_only | admit_all] | pvid <vlanid 1-4094>}(1)

show vlan {<vlan_name 32>} show vlan ports {<portlist>} show vlan vlanid <vidlist> show port_vlan {<portlist>} enable pvid auto_assign disable pvid auto_assign show pvid auto_assign config gvrp [timer {join < value 100-100000> | leave < value 100-100000> | leaveall <value 100-

100000>} | nni_bpdu_addr [dot1d | dot1ad]]

show gvrp enable gvrp disable gvrp

802.1Q VLAN Command List

3-1 create vlan

Description

This command is used to create a VLAN on the Switch. The VLAN ID must be always specified for creating a VLAN.

Format

create vlan <vlan_name 32> tag <vlanid 2-4094> {type 1q_vlan advertisement}

Parameters

vlan - The name of the VLAN to be created.

<vlan_name 32> - Enter the VLAN name here. The VLAN name can be up to 32 characters

long.

tag - The VLAN ID of the VLAN to be created.

<vlanid 2-4094> - Enter the VLAN ID here. The VLAN ID value must be between 2 and 4094. type 1q_vlan advertisement - (Optional) Specify the VLAN type used is based on the 802.1Q

standard and being able to be advertised out.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Page 27

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Example

To create a VLAN with name “v2” and VLAN ID 2:

:admin#create vlan v2 tag 2 type 1q_vlan advertisement Command: create vlan v2 tag 2 type 1q_vlan advertisement

Success.

:admin#

3-2 create vlan vlanid

Description

This command is used to create more than one VLANs at a time. A unique VLAN name (e.g. VLAN10) will be automatically assigned by the system. The automatic assignment of VLAN name is based on the following rule: “VLAN”+ID. For example, for VLAN ID 100, the VLAN name will be VLAN100. If this VLAN name is conflict with the name of an existing VLAN, then it will be renamed based on the following rule: “VLAN”+ID+”ALT”+ collision count. For example, if this conflict is the second collision, then the name will be VLAN100ALT2.

Format

create vlan vlanid <vidlist> {advertisement}

Parameters

vlanid - The VLAN ID list to be created.

<vidlist> - Enter the VLAN ID list here. advertisement - (Optional) Specify the VLAN as being able to be advertised out.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To create some VLANs using VLAN ID:

:admin#create vlan vlanid 10-30 Command: create vlan vlanid 10-30

Success.

:admin#

3-3 delete vlan

Description

This command is used to delete a previously configured VLAN by the name on the Switch.

Page 28

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

delete vlan <vlan_name 32>

Parameters

vlan - The VLAN name of the VLAN to be deleted.

<vlan_name 32> - Enter the VLAN name here. This name can be up to 32 characters long.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To remove a vlan v1:

:admin#delete vlan v1 Command: delete vlan v1

Success.

:admin#

3-4 delete vlan vlanid

Description

This command is used to delete one or a number of previously configured VLAN by VID list.

Format

delete vlan vlanid <vidlist>

Parameters

vlanid - The VLAN ID list to be deleted.

<vidlist> - Enter the VLAN ID list here.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To remove VLANs from 10-30:

:admin#delete vlan vlanid 10-30 Command: delete vlan vlanid 10-30

Success.

:admin#

Page 29

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

3-5 config vlan

Description

This command is used to configure a VLAN based on the name.

Format

config vlan <vlan_name 32> {[add [tagged | untagged | forbidden] | delete] <portlist> | advertisement [enable | disable]}(1)

Parameters

<vlan_name 32> - Enter the VLAN name you want to add ports to. This name can be up to 32

characters long.

add - (Optional) Specify to add tagged, untagged or forbidden ports to the VLAN.

tagged - Specify the additional ports as tagged.

untagged - Specify the additional ports as untagged.

forbidden - Specify the additional ports as forbidden. delete - (Optional) Specify to delete ports from the VLAN. <portlist> - (Optional) Enter the list of ports used for the configuration here. advertisement - (Optional) Specify the GVRP state of this VLAN.

enable - Specify to enable advertisement for this VLAN.

disable - Specify to disable advertisement for this VLAN.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To add 4 through 8 as tagged ports to the VLAN v2:

DES-3200-28/ME:admin#config vlan v2 add tagged 4-8 Command: config vlan v2 add tagged 4-8

Success.

DES-3200-28/ME:admin#

3-6 config vlan vlanid

Description

This command allows you to configure multiple VLANs at one time. But conflicts will be generated if you configure the name of multiple VLANs at one time.

Format

config vlan vlanid <vidlist> {[add [tagged | untagged | forbidden] | delete] <portlist> | advertisement [enable | disable] | name <vlan_name 32>}(1)

Page 30

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

<vidlist> - Enter a list of VLAN IDs to configure. add - (Optional) Specify to add tagged, untagged or forbidden ports to the VLAN.

tagged - Specify the additional ports as tagged.

untagged - Specify the additional ports as untagged.

enable - Specify to enable advertisement for this VLAN.

disable - Specify to disable advertisement for this VLAN. name - (Optional) The new name of the VLAN.

<vlan_name 32> - Enter the VLAN name here. This name can be up to 32 characters long.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To add 4 through 8 as tagged ports to the VLAN ID from 10-20:

DES-3200-28/ME:admin#config vlan vlanid 10-20 add tagged 4-8 Command: config vlan vlanid 10-20 add tagged 4-8

Success.

DES-3200-28/ME:admin#

3-7 config port_vlan

Description

This command is used to set the ingress checking status, the sending and receiving GVRP information.

Format

config port_vlan [<portlist> | all] {gvrp_state [enable | disable] | ingress_checking [enable | disable] | acceptable_frame [tagged_only | admit_all] | pvid <vlanid 1-4 094>}(1)

Parameters

<portlist> - A range of ports for which you want ingress checking. The port list is specified by

listing the beginning port number on the Switch, separated by a colon. Then highest port

number of the range (also separated by a colon) are specified. The beginning and end of the

port list range are separated by a dash.

all - Specify all ports for ingress checking. gvrp_state - (Optional) Enabled or disables GVRP for the ports specified in the port list.

enable - Specify that GVRP for the specified ports will be enabled.

disable - Specify that GVRP for the specified ports will be disabled. ingress_checking - (Optional) Enables or disables ingress checking for the specified portlist.

enable - Specify that ingress checking will be enabled for the specified portlist.

disable - Specify that ingress checking will be disabled for the specified portlist.

Page 31

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

acceptable_frame - (Optional) The type of frame will be accepted by the port. There are two

types:

tagged_only - Only tagged packets can be accepted by this port.

admit_all - All packets can be accepted. pvid - (Optional) Specify the PVID of the ports.

<vlanid 1-4094> - Enter the VLAN ID here. The VLAN ID value must be between 1 and 4094.

Restrictions

Only Administrator and Operator-level users can issue this command.

Example

To sets the ingress checking status, the sending and receiving GVRP information:

DES-3200-28/ME:admin#config port_vlan 1-5 gvrp_state enable ingress_checking enabl

e acceptable_frame tagged_only pvid 2 Command: config port_vlan 1-5 gvrp_state enable ingress_checking enable acceptab le_frame tagged_only pvid 2

Success.

DES-3200-28/ME:admin#

3-8 show vlan

Description

This command is used to display the vlan information including of parameters setting and operational value.

Format

show vlan {<vlan_name 32>}

Parameters

<vlan_name 32> - (Optional) Enter the VLAN name to be displayed. The VLAN name can be up

to 32 characters long.

Restrictions

None.

Example

To display VLAN settings:

Page 32

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#show vlan Command: show vlan

VLAN Trunk State : Enabled VLAN Trunk Member Ports : 1-5

VID : 1 VLAN Name : default VLAN Type : Static Advertisement : Enabled Member Ports : 1-28 Static Ports : 1-28 Current Tagged Ports : Current Untagged Ports: 1-28 Static Tagged Ports : Static Untagged Ports : 1-28 Forbidden Ports :

VID : 2 VLAN Name : v2 VLAN Type : Static Advertisement : Enabled Member Ports : 4-8 Static Ports : 4-8 Current Tagged Ports : 4-8 Current Untagged Ports: Static Tagged Ports : 4-8

CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All

3-9 show vlan ports

Description

This command is used to display the vlan information per ports.

Format

show vlan ports {<portlist>}

Parameters

<portlist> - (Optional) Enter the list of ports for which the VLAN information will be displayed.

Restrictions

None.

Example

To display the VLAN configuration for port 6:

Page 33

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#show vlan ports 6 Command: show vlan ports 6

Port VID Untagged Tagged Dynamic Forbidden

----- ---- -------- ------ ------- -------- 6 1 X - - 6 2 - X - -

DES-3200-28/ME:admin#

3-10 show vlan vlanid

Description

This command is used to display the vlan information using the VLAN ID.

Format

show vlan vlanid <vidlist>

Parameters

<vidlist> - Enter the VLAN ID to be displayed.

Restrictions

None.

Example

To display the VLAN configuration for VLAN ID 1:

DES-3200-28/ME:admin#show vlan vlanid 1 Command: show vlan vlanid 1

Total Entries : 1

DES-3200-28/ME:admin#

Page 34

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

3-11 show port_vlan

Description

This command is used to display the ports’ VLAN attributes on the Switch.

Format

show port_vlan {<portlist>}

Parameters

<portlist> - (Optional) Specify a range of ports to be displayed.

If no parameter specified, system will display all ports gvrp information.

Restrictions

None.

Example

To display 802.1Q port setting:

DES-3200-28/ME:admin#show port_vlan Command: show port_vlan

Port PVID GVRP Ingress Checking Acceptable Frame Type

------- ---- -------- ---------------- -------------------------- 1 2 Enabled Enabled Only VLAN-tagged Frames 2 2 Enabled Enabled Only VLAN-tagged Frames 3 2 Enabled Enabled Only VLAN-tagged Frames 4 2 Enabled Enabled Only VLAN-tagged Frames 5 2 Enabled Enabled Only VLAN-tagged Frames 6 1 Disabled Enabled All Frames 7 1 Disabled Enabled All Frames 8 1 Disabled Enabled All Frames 9 1 Disabled Enabled All Frames 10 1 Disabled Enabled All Frames 11 1 Disabled Enabled All Frames 12 1 Disabled Enabled All Frames 13 1 Disabled Enabled All Frames 14 1 Disabled Enabled All Frames 15 1 Disabled Enabled All Frames 16 1 Disabled Enabled All Frames 17 1 Disabled Enabled All Frames 18 1 Disabled Enabled All Frames 19 1 Disabled Enabled All Frames 20 1 Disabled Enabled All Frames

CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All

Page 35

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

3-12 enable pvid auto assign

Description

This command is used to enable the auto-assignment of PVID.

If “Auto-assign PVID” is enabled, PVID will be possibly changed by PVID or VLAN configuration. When user configures a port to VLAN X’s untagged membership, this port’s PVID will be updated with VLAN X. In the form of VLAN list command, PVID is updated with last item of VLAN list. When user removes a port from the untagged membership of the PVID’s VLAN, the port’s PVID will be assigned with “default VLAN”.

The default setting is enabled.

Format

enable pvid auto_assign

Parameters

None.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To enable the auto-assign PVID:

DES-3200-28/ME:admin#enable pvid auto_assign Command: enable pvid auto_assign

Success.

DES-3200-28/ME:admin#

3-13 disable pvid auto assign

Description

This command is used to disable auto assignment of PVID.

Format

disable pvid auto_assign

Parameters

None.

Page 36

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To disable the auto-assign PVID:

DES-3200-28/ME:admin#disable pvid auto_assign Command: disable pvid auto_assign

Success.

DES-3200-28/ME:admin#

3-14 show pvid auto_assign

Description

This command is used to display the PVID auto-assignment state.

Format

show pvid auto_assign

Parameters

None.

Restrictions

None.

Example

To display PVID auto-assignment state:

DES-3200-28/ME:admin#show pvid auto_assign Command: show pvid auto_assign

PVID Auto-assignment: Enabled

DES-3200-28/ME:admin#

3-15 config gvrp

Description

The config gvrp timer command set the GVRP timer’s value. The default value for Join time is 200 milliseconds; for Leave time is 600 milliseconds; for LeaveAll time is 10000 milliseconds.

Page 37

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

config gvrp [timer {join < value 100-100000> | leave < value 100-100000> | leaveall <value 100-100000>} | nni_bpdu_addr [dot1d | dot1ad]]

Parameters

timer - Specify that the GVRP timer parameter will be configured. join - (Optional) Specify the Join time will be set.

<value 100-100000> - Enter the time used here. This value must be between 100 and

100000.

leave - (Optional) Specify the Leave time will be set.

<value 100-100000> - Enter the time used here. This value must be between 100 and

100000.

leaveall - (Optional) Specify the LeaveAll time will be set.

<value 100-100000> - Enter the time used here. This value must be between 100 and

100000.

nni_bpdu_addr - Used to determine the BPDU protocol address for GVRP in service provide

site. It can use 802.1d GVRP address, 802.1ad service provider GVRP address or a user

defined multicast address. The range of the user defined address is 0180C2000000 -

0180C2FFFFFF.

dot1d - Specify that the NNI BPDU protocol address value will be set to Dot1d.

dot1ad - Specify that the NNI BPDU protocol address value will be set to Dot1ad.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To set the Join time to 200 milliseconds:

DES-3200-28/ME:admin#config gvrp timer join 200 Command: config gvrp timer join 200

Success.

DES-3200-28/ME:admin#

3-16 show gvrp

Description

This command is used to display the GVRP global setting.

Format

show gvrp

Parameters

None.

Page 38

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Restrictions

None.

Example

To display the global setting of GVRP:

DES-3200-28/ME:admin#show gvrp Command: show gvrp

Global GVRP : Disabled Join Time : 200 Milliseconds Leave Time : 600 Milliseconds LeaveAll Time : 10000 Milliseconds NNI BPDU Address: dot1d

DES-3200-28/ME:admin#

3-17 enable gvrp

Description

This commands is used to enable the Generic VLAN Registration Protocol (GVRP).

Format

enable gvrp

Parameters

None.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To enable the generic VLAN Registration Protocol (GVRP):

DES-3200-28/ME:admin#enable gvrp Command: enable gvrp

Success.

DES-3200-28/ME:admin#

3-18 disable gvrp

Description

This command is used to disable the Generic VLAN Registration Protocol (GVRP).

Page 39

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

disable gvrp

Parameters

None.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To disable the Generic VLAN Registration Protocol (GVRP):

DES-3200-28/ME:admin#disable gvrp Command: disable gvrp

Success.

DES-3200-28/ME:admin#

Page 40

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Chapter 4

enable 802.1x disable 802.1x create 802.1x user <username 15> delete 802.1x user <username 15> show 802.1x user config 802.1x auth_protocol [local | radius_eap] config 802.1x fwd_pdu system [enable | disable] config 802.1x fwd_pdu ports [<portlist> | all] [enable | disable] config 802.1x authorization attributes radius [enable | disable] show 802.1x {[auth_state | auth_configuration] ports {<portlist>}} config 802.1x capability ports [<portlist> | all] [authenticator | none] config 802.1x max_users [<value 1–448> | no_limit] config 802.1x auth_parameter ports [<portlist> | all] [default | {direction [both | in] | port_control

[force_unauth | auto | force_auth] | quiet_period <sec 0-65535> | tx_period <sec 1-65535> | supp_timeout <sec 1-65535> | server_timeout <sec 1-65535> | max_req <value 1-10> | reauth_period <sec 1-65535> | max_users [<value 1-448> | no_limit] | enable_reauth [enable | disable]}(1)]

config 802.1x auth_mode [port_based | mac_based] config 802.1x init [port_based ports [<portlist> | all] | mac_based ports [<portlist> | all]

{mac_address <macaddr>}]

config 802.1x reauth [port_based ports [<portlist> | all] | mac_based ports [<portlist> | all]

{mac_address <macaddr>}]

create 802.1x guest_vlan {<vlan_name 32>} delete 802.1x guest_vlan {<vlan_name 32>} config 802.1x guest_vlan ports [<portlist> | all] state [enable | disable] show 802.1x guest_vlan config radius add <server_index 1-3> <server_ip> key <password 32> [default | {auth_port

<udp_port_number 1-65535 > | acct_port <udp_port_number 1-65535 > | timeout <sec 1255> | retransmit <int 1-20>}]

config radius delete <server_index 1-3> config radius <server_index 1-3> {ipaddress <server_ip> | key <password 32> | auth_port

[<udp_port_number 1-65535> | default] | acct_port [<udp_port_number 1-65535 > | default ] | timeout [<sec 1-255> | default] | retransmit [<int 1-20> | default]}

show radius show auth_statistics {ports <portlist>} show auth_diagnostics {ports <portlist>} show auth_session_statistics {ports <portlist>} show auth_client show acct_client config accounting service [network | shell | system] state [enable | disable] show accounting service

802.1X Command List

4-1 enable 802.1x

Description

This command is used to enable the 802.1X function.

Format

enable 802.1x

Page 41

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

None.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

Used to enable the 802.1X function:

DES-3200-28/ME:admin#enable 802.1x Command: enable 802.1x

Success.

DES-3200-28/ME:admin#

4-2 disable 802.1x

Description

This command is used to disable the 802.1X function.

Format

disable 802.1x

Parameters

None.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To disable the 802.1X function:

DES-3200-28/ME:admin#disable 802.1x Command: disable 802.1x

Success.

DES-3200-28/ME:admin#

Page 42

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

4-3 create 802.1x user

Description

This command is used to create an 802.1X user.

Format

create 802.1x user <username 15>

Parameters

<username 15> - Enter the username to be added. This value can be up to 15 characters long.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To create a 802.1x user “test”:

DES-3200-28/ME:admin#create 802.1x user test Command: create 802.1x user test

Enter a case-sensitive new password:**** Enter the new password again for confirmation:**** Success.

DES-3200-28/ME:admin#

4-4 delete 802.1x user

Description

This command is used to delete an 802.1X user.

Format

delete 802.1x user <username 15>

Parameters

<username 15> - Enter the username to be deleted. This value can be up to 15 characters long.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To delete user “test”:

Page 43

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#delete 802.1x user test Command: delete 802.1x user test

Success.

DES-3200-28/ME:admin#

4-5 show 802.1x user

Description

This command is used to display the 802.1X user.

Format

show 802.1x user

Parameters

None.

Restrictions

None.

Example

To display the 802.1X user information:

DES-3200-28/ME:admin#show 802.1x user Command: show 802.1x user

Current Accounts: Username Password

--------------- -------------- test test

Total Entries:1

DES-3200-28/ME:admin#

4-6 config 802.1x auth_protocol

Description

This command is used to configure the 802.1X auth protocol.

Format

config 802.1x auth_protocol [local | radius_eap]

Page 44

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

local - Specify the authentication protocol as local. radius_eap - Specify the authentication protocol as RADIUS EAP.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To configure the 802.1X authentication protocol to RADIUS EAP:

DES-3200-28/ME:admin#config 802.1x auth_protocol radius_eap Command: config 802.1x auth_protocol radius_eap

Success.

DES-3200-28/ME:admin#

4-7 config 802.1x fwd_pdu system

Description

This command is used to globally control the forwarding of EAPOL PDU. When 802.1X functionality is disabled globally or for a port, and if 802.1X fwd_pdu is enabled both globally and for the port, a received EAPOL packet on the port will be flooded in the same VLAN to those ports for which 802.1X fwd_pdu is enabled and 802.1X is disabled (globally or just for the port). The default state is disabled.

Format

config 802.1x fwd_pdu system [enable | disable]

Parameters

enable - Enable the forwarding of EAPOL PDU. disable - Disable the forwarding of EAPOL PDU.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To configure forwarding of EAPOL PDU system state enable:

Page 45

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#config 802.1x fwd_pdu system enable Command: config 802.1x fwd_pdu system enable

Success.

DES-3200-28/ME:admin#

4-8 config 802.1x fwd_pdu ports

Description

This command is used to control the forwarding of EAPOL PDU. When 802.1X functionality is disabled globally or for a port, and if 802.1X fwd_pdu is enabled both globally and for the port, a received EAPOL packet on the port will be flooded in the same VLAN to those ports for which

802.1X fwd_pdu is enabled and 802.1X is disabled (globally or just for the port). The default state is disabled.

Format

config 802.1x fwd_pdu ports [<portlist> | all] [enable | disable]

Parameters

<portlist> - Enter the list of ports used for the configuration. all - Specify that all the ports will be used. enable - Enable forwarding EAPOL PDU receive on the ports. disable - Disable forwarding EAPOL PDU receive on the ports.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To configure 802.1X fwd_pdu for ports:

DES-3200-28/ME:admin#config 802.1x fwd_pdu ports 1-2 enable Command: config 802.1x fwd_pdu ports 1-2 enable

Success.

DES-3200-28/ME:admin#

4-9 config 802.1x authorization attributes

Description

This command is used to enable or disable acception of authorized configuration.

When the authorization is enabled for 802.1X’s RADIUS authentication, the authorized attributes (for example VLAN, 802.1p default priority, and ACL) assigned by the RADUIS server will be accepted.

Page 46

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

config 802.1x authorization attributes radius [enable | disable]

Parameters

radius - If specified to enable, the authorization attributes (for example VLAN, 802.1p default

priority, and ACL) assigned by the RADUIS server will be accepted. The default state is

enabled.

enable - Specify to enable the authorization attributes.

disable - Specify to disable the authorization attributes.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

The following example will disable to accept the authorized data assigned from the RADIUS server:

:admin#config 802.1x authorization attributes radius disable Command: config 802.1x authorization attributes radius disable

Success.

:admin#

4-10 show 802.1x

Description

This command is used to display the 802.1X state or configurations.

Format

show 802.1x {[auth_state | auth_configuration] ports {<portlist>}}

Parameters

auth_state - (Optional) Used to display 802.1X authentication state machine of some or all ports auth_configuration - (Optional) Used to display 802.1X configurations of some or all ports. port - (Optional) Specify a range of ports to be displayed. If no port is specified, all ports will be

displayed.

<portlist> - Enter the list of ports used for the configuration here.

If no parameter is specified, the 802.1X system configurations will be displayed.

Restrictions

None.

Example

To display the 802.1X port level configurations:

Page 47

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

:admin#show 802.1x auth_configuration ports 1 Command: show 802.1x auth_configuration ports 1

Port Number : 1 Capability : None AdminCrlDir : Both OpenCrlDir : Both Port Control : Auto QuietPeriod : 60 sec TxPeriod : 30 sec SuppTimeout : 30 sec ServerTimeout : 30 sec MaxReq : 2 times ReAuthPeriod : 3600 sec ReAuthenticate : Disabled Forward EAPOL PDU On Port : Enabled Max User On Port : 16

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

4-11 config 802.1x capability

Description

This command is used to configure the port capability.

Format

config 802.1x capability ports [<portlist> | all] [authenticator | none]

Parameters

ports - Specify a range of ports to be configured.

<portlist> - Enter the list of ports used for the configuration here.

all - Specify all ports to be configured. authenticator - The port that wishes to enforce authentication before allowing access to services

that are accessible via that port adopts the authenticator role.

none - Disable authentication on the specified ports.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Page 48

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Example

To configure the port capability:

:admin#config 802.1x capability ports 1-10 authenticator Command: config 802.1x capability ports 1-10 authenticator

Success.

:admin#

4-12 config 802.1x max_users

Description

This command is used to limit the maximum number of users that can be learned via 802.1X authentication. In addition to the global limitation, maximum user for per port is also limited. It is specified by config 802.1x auth_parameter command.

Format

config 802.1x max_users [<value 1–448> | no_limit]

Parameters

<value 1-448> - Enter the maximum number of users. This value must be between 1 and 448. no_limit – Specify that the maximum user limit will be set to 448.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To configure 802.1X number of users to be limited to 200:

DES-3200-28/ME:admin#config 802.1x max_users 200 Command: config 802.1x max_users 200

Success.

DES-3200-28/ME:admin#

4-13 config 802.1x auth_parameter

Description

This command is used to configure the parameters that control the operation of the authenticator associated with a port.

Page 49

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

config 802.1x auth_parameter ports [<portlist> | all] [default | {direction [both | in] | port_control [force_unauth | auto | force_auth] | quiet_period <sec 0-65535> | tx_period <sec 1-65535> | supp_timeout <sec 1-65535> | server_timeout <sec 1-65535> | max_req <value 1-10> | reauth_period <sec 1-65535> | max_users [<value 1-448> | no_limit] | enable_reauth [enable | disable]}(1)]

Parameters

ports - Specify a range of ports to be configured.

<portlist> - Enter the list of ports used for the configuration here.

all - Specify that all the ports will be used. default - Sets all parameter to be default value. direction - (Optional) Sets the direction of access control.

both - For bidirectional access control.

in - For unidirectional access control. port_control - (Optional) You can force a specific port to be unconditionally authorized or

unauthorized by setting the parameter of port_control to be force_authorized or

force_unauthorized. Besides, the controlled port will reflect the outcome of authentication if

port_control is auto.

force_unauth - Force a specific port to be unconditionally unauthorized.

auto - The controlled port will reflect the outcome of authentication.

force_auth - Force a specific port to be unconditionally authorized. quiet_period - (Optional) It is the initialization value of the quietWhile timer. The default value is

60 seconds and can be any value among 0 to 65535.

<sec 0-65535> - Enter the quiet period value here. This value must be between 0 and 65535

seconds.

tx_period - (Optional) It is the initialization value of the transmit timer period. The default value is

30 seconds and can be any integer value among 1 to 65535.

<sec 1-65535> - Enter the tx period value here. This value must be between 1 and 65535

seconds.

supp_timeout - (Optional) The initialization value of the aWhile timer when timing out the

supplicant. Its default value is 30 seconds and can be any integer value among 1 to 65535.

<sec 1-65535> - Enter the supplicant timeout value here. This value must be between 1 and

65535 seconds.

server_timeout - (Optional) The initialization value of the aWhile timer when timing out the

authentication server. Its default value is 30 seconds and can be any integer value among 1 to

65535.

<sec 1-65535> - Enter the server timeout value here. This value must be between 1 and

65535 seconds.

max_req - (Optional) The maximum number of times that the authentication PAE state machine

will retransmit an EAP Request packet to the supplicant. Its default value is 2 and can be any

integer number among 1 to 10.

<value 1-10> - Enter the maximum required value here. This value must be between 1 and

10.

reauth_period - (Optional) It’s a nonzero number of seconds, which is used to be the re-

authentication timer. The default value is 3600.

<sec 1-65535> - Enter the re-authentication period value here. This value must be between 1

and 65535 seconds.

max_users - (Optional) Specify per port maximum number of users. The default value is 16.

<value 1-448> - Enter the maximum users value here. This value must be between 1 and

448.

no_limit - Specify that no limit is enforced on the maximum users used. enable_reauth - (Optional) You can enable or disable the re-authentication mechanism for a

specific port.

enable - Specify to enable the re-authentication mechanism for a specific port.

disable - Specify to disable the re-authentication mechanism for a specific port.

Page 50

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To configure the parameters that control the operation of the authenticator associated with a port:

DES-3200-28/ME:admin#config 802.1x auth_parameter ports 1-20 direction both Command: config 802.1x auth_parameter ports 1-20 direction both

Success.

DES-3200-28/ME:admin#

4-14 config 802.1x auth_mode

Description

This command is used to configure 802.1X authentication mode.

Format

config 802.1x auth_mode [port_based | mac_based]

Parameters

port_based - Configure the authentication as port based mode. mac_based - Configure the authentication as MAC based mode.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To configure the authentication mode:

DES-3200-28/ME:admin#config 802.1x auth_mode port_based Command: config 802.1x auth_mode port_based

Success.

DES-3200-28/ME:admin#

4-15 config 802.1x init

Description

This command is used to initialize the authentication state machine of some or all ports.

Page 51

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

config 802.1x init [port_based ports [<portlist> | all] | mac_based ports [<portlist> | all] {mac_address <macaddr>}]

Parameters

port_based ports- Configure the authentication as port based mode.

<portlist> - Enter the list of ports used for the configuration here.

all - Specify that all ports will be used. mac_based ports - Configure the authentication as MAC based mode.

<portlist> - Enter the list of ports used for the configuration here.

all - Specify that all ports will be used. mac_address - (Optional) Specify the MAC address of client.

<macaddr> - Enter the MAC address used here.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To initialize the authentication state machine of some or all:

DES-3200-28/ME:admin#config 802.1x init port_based ports all Command: config 802.1x init port_based ports all

Success.

DES-3200-28/ME:admin#

4-16 config 802.1x reauth

Description

This command is used to re-authenticate the device connected to the port. During the reauthentication period, the port status remains authorized until failed re-authentication.

Format

config 802.1x reauth [port_based ports [<portlist> | all] | mac_based ports [<portlist> | all] {mac_address <macaddr>}]

Parameters

port_based ports - Configure the authentication as port based mode.

<portlist> - Enter the list of ports used for the configuration here.

all - Specify that all ports will be used. mac_based ports - Configure the authentication as MAC based mode.

<portlist> - Enter the list of ports used for the configuration here.

all - Specify that all ports will be used. mac_address - (Optional) Specify the MAC address of client.

<macaddr> - Enter the MAC address used here.

Page 52

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To re-authenticate the device connected to the port:

DES-3200-28/ME:admin#config 802.1x reauth port_based ports all Command: config 802.1x reauth port_based ports all

Success.

DES-3200-28/ME:admin#

4-17 create 802.1x guest_vlan

Description

This command is used to assign a static VLAN to be guest VLAN. The specific VLAN which assigned to guest VLAN must be existed. The specific VLAN which assigned to guest VLAN can’t be deleting.

Format

create 802.1x guest_vlan {<vlan_name 32>}

Parameters

<vlan_name 32> - (Optional) Specify the VLAN to be guest VLAN. The VLAN name can be up to

32 characters long.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To create a VLAN named “guestVLAN” as 802.1X guest VLAN:

DES-3200-28/ME:admin#create 802.1x guest_vlan guestVLAN Command: create 802.1x guest_vlan guestVLAN

Success.

DES-3200-28/ME:admin#

4-18 delete 802.1x guest_vlan

Description

This command is used to delete guest VLAN setting, but not delete the static VLAN. All ports which enabled guest VLAN will remove to original VLAN after deleted guest VLAN.

Page 53

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

delete 802.1x guest_vlan {<vlan_name 32>}

Parameters

<vlan_name 32> - (Optional) Enter the VLAN name here. The VLAN name can be up to 32

characters long.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To delete the guest VLAN named “guestVLAN”:

DES-3200-28/ME:admin#delete 802.1x guest_vlan guestVLAN Command: delete 802.1x guest_vlan guestVLAN

Success.

DES-3200-28/ME:admin#

4-19 config 802.1x guest_vlan

Description

This command is used to configure guest VLAN setting. If the specific port state is changed from enabled state to disable state, this port will move to its original VLAN.

Format

config 802.1x guest_vlan ports [<portlist> | all] state [enable | disable]

Parameters

ports - A range of ports enable or disable guest VLAN function.

<portlist> - Enter the list of ports used for the configuration here.

all - Specify that all the port will be included in this configuration. state - Specify the guest VLAN port state of the configured ports.

enable - Specify to join the guest VLAN.

disable - Specify to be removed from the guest VLAN.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

Enable on port 2 to 8 to configure 802.1X guest VLAN:

Page 54

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#config 802.1x guest_vlan ports 2-8 state enable Command: config 802.1x guest_vlan ports 2-8 state enable

Warning, The ports are moved to Guest VLAN.

Success.

DES-3200-28/ME:admin#

4-20 show 802.1x guest_vlan

Description

This command is used to show the information of guest VLANs.

Format

show 802.1x guest_vlan

Parameters

None.

Restrictions

None.

Example

To show 802.1X guest VLAN on the Switch:

DES-3200-28/ME:admin#show 802.1x guest_vlan Command: show 802.1x guest_vlan

Guest VLAN Setting

----------------------------------------------------------Guest VLAN : guestVLAN Enabled Guest VLAN Ports : 2-8

DES-3200-28/ME:admin#

4-21 config radius add

Description

This command is used to add a new RADIUS server. The server with lower index has higher authenticative priority.

Page 55

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

config radius add <server_index 1-3> <server_ip> key <password 32> [def ault | {auth_port <udp_port_number 1-65535 > | acct_port <udp_po r t_number 1-65535 > | timeout <sec 1255> | retransmit <int 1-20>}]

Parameters

<server_index 1-3> - Enter the RADIUS server index. This value must be between 1 and 3. <server_ip> - Enter the IP address of the RADIUS server here. key - The key pre-negotiated between switch and the RADIUS server. It is used to encrypt user’s

authentication data before being transmitted over internet. The maximum length of the key is

32.

<password 32> - Enter the password here. The password can be up to 32 characters long. default - Sets the authentication UDP port number to 1812 accounting UDP port number to 1813,

timeout to 5 seconds and retransmit to 2.

auth_port - (Optional) Specify the UDP port number which is used to transmit RADIUS

authentication data between the Switch and the RADIUS server. The range is 1 to 65535.

<udp_port_number 1-65535> - Enter the authentication port number here. This value must

be between 1 and 65535.

acct_port - (Optional) Specify the UDP port number which is used to transmit RADIUS

accounting statistics between the Switch and the RADIUS server. The range is 1 to 65535.

<udp_port_number 1-65535> - Enter the accounting port number here. This value must be

between 1 and 65535.

timeout - (Optional) The time in second for waiting server reply. The default value is 5 seconds.

<sec 1-255> - Enter the timeout value here. This value must be between 1 and 255 seconds. retransmit - (Optional) The count for re-transmitting. The default value is 2.

<int 1-20> - Enter the re-transmit value here. This value must be between 1 and 20.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To add a new RADIUS server:

DES-3200-28/ME:admin#config radius add 1 10.48.74.121 key dlink default Command: config radius add 1 10.48.74.121 key dlink default

Success.

DES-3200-28/ME:admin#

4-22 config radius delete

Description

This command is used to delete a RADIUS server.

Format

config radius delete <server_index 1-3>

Page 56

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

<server_index 1-3> - Specify to delete a RADIUS server.Enter the RADIUS server index.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To delete a radius server:

DES-3200-28/ME:admin#config radius delete 1 Command: config radius delete 1

Success.

DES-3200-28/ME:admin#

4-23 config radius

Description

This command is used to configure a RADIUS server.

Format

config radius <server_index 1-3> {ipaddress <server_ip> | key <password 32> | auth_port [<udp_port_number 1-65535> | default] | acct_port [<udp_por t_number 1-65535 > | default ] | timeout [<sec 1-255> | default] | retransmit [<int 1-20> | default]}

Parameters

<server_index 1-3> - Enter the RADIUS server index here. This value must be between 1 and 3. ipaddress - (Optional) The IP address of the RADIUS server.

<server_ip> - Enter the RADIUS server IP address here. key - (Optional) The key pre-negotiated between switch and RADIUS server. It is used to encrypt

user’s authentication data before being transmitted over internet. The maximum length of the

key is 32.

<password 32> - Enter the key here. The key can be up to 32 characters long. auth_port - (Optional) Specify the UDP port number which is used to transmit RADIUS

authentication data between the Switch and the RADIUS server. The range is 1 to 65535. The

default value is 1812.

<udp_port_number 1-65535> - Enter the authentication port number here. This value must

be between 1 and 65535.

default - Specify that the default port number will be used. acct_port - (Optional) Specify the UDP port number which is used to transmit RADIUS

accounting statistics between the Switch and the RADIUS server. The range is 1 to 65535.

The default value is 1813.

<udp_port_number 1-65535> - Enter the accounting port number here. This value must be

between 1 and 65535.

default - Specify that the default port number will be used. timeout - (Optional) The time in second for waiting server reply. The default value is 5 seconds.

<sec 1-255> - Enter the timeout value here. This value must be between 1 and 255 seconds.

default - Specify that the default timeout value will be used.

Page 57

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

retransmit - (Optional) The count for re-transmitting. The default value is 2.

<int 1-20> - Enter the re-transmit value here. This value must be between 1 and 20.

default - Specify that the default re-transmit value will be used.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To configure a radius server:

DES-3200-28/ME:admin#config radius 1 auth_port 60 Command: config radius 1 auth_port 60

Success.

DES-3200-28/ME:admin#

4-24 show radius

Description

This command is used to display RADIUS server configurations.

Format

show radius

Parameters

None.

Restrictions

None.

Example

To display RADIUS server configurations:

Page 58

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#show radius Command: show radius

Index IP Address Auth-Port Acct-Port Timeout Retransmit Key (sec)

----- --------------- --------- --------- ------- ---------- ---------------1 10.48.74.121 60 1813 5 2 dlink

Total Entries : 1

DES-3200-28/ME:admin#

4-25 show auth_statistics

Description

This command is used to display information of authenticator statistics.

Format

show auth_statistics {ports <portlist>}

Parameters

ports - (Optional) Specify a range of ports to be displayed.

<portlist> - Enter the list of ports that will be displayed here.

Restrictions

None.

Example

To display authenticator statistics information for port 1:

Page 59

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#show auth_statistics ports 1 Command: show auth_statistics ports 1

Port Number : 1

EapolFramesRx 0 EapolFramesTx 9 EapolStartFramesRx 0 EapolReqIdFramesTx 6 EapolLogoffFramesRx 0 EapolReqFramesTx 0 EapolRespIdFramesRx 0 EapolRespFramesRx 0 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0

LastEapolFrameVersion 0 LastEapolFrameSource 00-00-00-00-00-00

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

4-26 show auth_diagnostics

Description

This command is used to display information of authenticator diagnostics.

Format

show auth_diagnostics {ports <portlist>}

Parameters

ports - (Optional) Specify a range of ports to be displayed.

<portlist> - Enter the list of ports that will be displayed here.

Restrictions

None.

Example

To display authenticator diagnostics information for port 1:

Page 60

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#show auth_diagnostics ports 1 Command: show auth_diagnostics ports 1

Port Number : 1

EntersConnecting 11 EapLogoffsWhileConnecting 0 EntersAuthenticating 0 SuccessWhileAuthenticating 0 TimeoutsWhileAuthenticating 0 FailWhileAuthenticating 0 ReauthsWhileAuthenticating 0 EapStartsWhileAuthenticating 0 EapLogoffWhileAuthenticating 0 ReauthsWhileAuthenticated 0 EapStartsWhileAuthenticated 0 EapLogoffWhileAuthenticated 0 BackendResponses 0 BackendAccessChallenges 0 BackendOtherRequestsToSupplicant 0 BackendNonNakResponsesFromSupplicant 0 BackendAuthSuccesses 0 BackendAuthFails 0

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

4-27 show auth_session_statistics

Description

This command is used to display information of authenticator session statistics.

Format

show auth_session_statistics {ports <portlist>}

Parameters

ports - (Optional) Specify a range of ports to be displayed.

<portlist> - Enter the list of ports that will be displayed here.

Restrictions

None.

Example

To display authenticator session statistics information for port 1:

Page 61

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#show auth_session_statistics ports 1 Command: show auth_session_statistics ports 1

Port Number : 1

SessionOctetsRx 0 SessionOctetsTx 0 SessionFramesRx 0 SessionFramesTx 0 SessionId SessionAuthenticMethod Remote Authentication Server SessionTime 0 SessionTerminateCause SupplicantLogoff SessionUserName

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

4-28 show auth_client

Description

This command is used to display information of RADIUS authentication client.

Format

show auth_client

Parameters

None.

Restrictions

None.

Example

To display authentication client information:

Page 62

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#show auth_client Command: show auth_client

radiusAuthClient ==> radiusAuthClientInvalidServerAddresses 0 radiusAuthClientIdentifier

radiusAuthServerEntry ==> radiusAuthServerIndex :1

radiusAuthServerAddress 0.0.0.0 radiusAuthClientServerPortNumber 0 radiusAuthClientRoundTripTime 0 radiusAuthClientAccessRequests 0 radiusAuthClientAccessRetransmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radiusAuthClientPendingRequests 0 radiusAuthClientTimeouts 0 radiusAuthClientUnknownTypes 0 radiusAuthClientPacketsDropped 0

DES-3200-28/ME:admin#

4-29 show acct_client

Description

This command is used to display information of RADIUS accounting client.

Format

show acct_client

Parameters

None.

Restrictions

None.

Example

To display information of RADIUS accounting client:

Page 63

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#show acct_client Command: show acct_client

radiusAcctClient ==> radiusAcctClientInvalidServerAddresses 0 radiusAcctClientIdentifier

radiusAuthServerEntry ==> radiusAccServerIndex : 1

radiusAccServerAddress 0.0.0.0 radiusAccClientServerPortNumber 0 radiusAccClientRoundTripTime 0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0

DES-3200-28/ME:admin#

4-30 config accounting service

Description

This command is used to configure the state of the specified RADIUS accounting service.

Format

config accounting service [network | shell | system] state [enable | disable]

Parameters

network - Accounting service for 802.1X port access control. By default, the service is disabled. shell - Accounting service for shell events: When user logs on or out the Switch (via the console,

Telnet, or SSH) and timeout occurs, accounting information will be collected and sent to

RADIUS server. By default, the service is disabled.

system - Accounting service for system events: reset, reboot. By default, the service is disabled. state - Specify the state of the specified service.

enable - Specify to enable the specified accounting service.

disable - Specify to disable the specified accounting service.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Page 64

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Example

Enable it to configure accounting shell state:

DES-3200-28/ME:admin#config accounting service shell state enable Command: config accounting service shell state enable

Success.

DES-3200-28/ME:admin#

4-31 show accounting service

Description

This command is used to show the status of RADIUS accounting services.

Format

show accounting service

Parameters

None.

Restrictions

None.

Example

To show information of RADIUS accounting services:

DES-3200-28/ME:admin#show accounting service Command: show accounting service

Accounting Service

------------------Network : Enabled Shell : Enabled System : Enabled

DES-3200-28/ME:admin#

Page 65

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Chapter 5

Access Authentication Control Command List

enable password encryption disable password encryption enable authen_policy disable authen_policy show authen_policy create authen_login method_list_name <string 15> config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+

| radius | server_group <string 15> | local | none}

delete authen_login method_list_name <string 15> show authen_login [default | method_list_name <string 15> | all] create authen_enable method_list_name <string 15> config authen_enable [default | method_list_name <string 15>] method {tacacs | xtacacs |

tacacs+ | radius | server_group <string 15> | local _enable | none}

method_list_name <string 15>]

server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

delete authen server_group <string 15> show authen server_group {<string 15>} create authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] { port <int 1-

65535> | key [<key_string 254> | none] | timeout <int 1-255> | retransmit <int 1-20> }

config authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+| radius] {port <int 1-

65535> | key [<key_string 254> | none] | timeout <int 1-255> | retransmit <int 1-20>}

delete authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] show authen server_host config authen parameter response_timeout <int 0-255> config authen parameter attempt <int 1-255> show authen parameter enable admin config admin local_enable {encrypt [plain_text | sha_1] <password>}

5-1 enable password encryption

Description

This command is used to enable password encryption. The user account configuration information will be stored in the configuration file, and can be applied to the system later.

If the password encryption is enabled, the password will be in encrypted form.

Format

enable password encryption

Page 66

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To enable the password encryption:

DES-3200-28/ME:admin#enable password encryption Command: enable password encryption

Success.

DES-3200-28/ME:admin#

5-2 disable password encryption

Description

This command is used to disable password encryption. The user account configuration information will be stored in the configuration file, and can be applied to the system later.

When password encryption is disabled, if the user specifies the password in plain text form, the password will be in plan text form. However, if the user specifies the password in encrypted form, or if the password has been converted to encrypted form by the last enable password encryption command, the password will still be in the encrypted form. It can not be reverted to the plaintext.

Format

disable password encryption

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To disable the password encryption:

DES-3200-28/ME:admin#disable password encryption Command: disable password encryption

Success.

DES-3200-28/ME:admin#

Page 67

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

5-3 enable authen_policy

Description

This command is used to enable system access authentication policy.

Enable system access authentication policy. When authentication is enabled, the device will adopt the login authentication method list to authenticate the user for login, and adopt the enable authentication method list to authenticate the enable password for promoting the user‘s privilege to Admin level.

Format

enable authen_policy

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To enable system access authentication policy:

DES-3200-28/ME:admin#enable authen_policy Command: enable authen_policy

Success.

DES-3200-28/ME:admin#

5-4 disable authen_policy

Description

This command is used to disable system access authentication policy.

Disable system access authentication policy. When authentication is disabled, the device will adopt the local user account database to authenticate the user for login, and adopt the local enable password to authenticate the enable password for promoting the user‘s privilege to Admin level.

Format

disable authen_policy

Parameters

None.

Page 68

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command.

Example

To disable system access authentication policy:

DES-3200-28/ME:admin#disable authen_policy Command: disable authen_policy

Success.

DES-3200-28/ME:admin#

5-5 show authen_policy

Description

This command is used to display that system access authentication policy is enabled or disabled.

Format

show authen_policy

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To display system access authentication policy:

DES-3200-28/ME:admin#show authen_policy Command: show authen_policy

Authentication Policy : Enabled

DES-3200-28/ME:admin#

5-6 create authen_login

Description

This command is used to create a user-defined method list of authentication methods for user

Page 69

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

create authen_login method_list_name <string 15>

Parameters

<string 15> - The user-defined method list name. This value can be up to 15 characters long.

Restrictions

Only Administrator-level users can issue this command.

Example

To create a user-defined method list for user login:

DES-3200-28/ME:admin#create authen_login method_list_name login_list_1 Command: create authen_login method_list_name login_list_1

Success.

DES-3200-28/ME:admin#

5-7 config authen_login

Description

Configure a user-defined or default method list of authentication methods for user login. The sequence of methods will effect the altercation result. For example, if the sequence is tacacs+ first, then tacacs and local, when user trys to login, the authentication request will be sent to the first server host in tacacs+ built-in server group. If the first server host in tacacs+ group is missing, the authentication request will be sent to the second server host in tacacs+ group, and so on. If all server hosts in tacacs+ group are missing, the authentication request will be sent to the first server host in tacacs group…If all server hosts in tacacs group are missing, the local account database in the device is used to authenticate this user. When user logins the device successfully while using methods like tacacs/xtacacs/tacacs+/radius built-in or user-defined server groups or none, the “user” privilege level is assigned only. If user wants to get admin privilege level, user must use the “enable admin” command to promote his privilege level. But when local method is used, the privilege level will depend on this account privilege level stored in the local device.

Format

config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+ | radius | server_group <string 15> | local | none}

Parameters

default - The default method list of authentication methods. method_list_name - The user-defined method list of authentication methods.

<string 15> - Enter the method list name here. This value can be up to 15 characters long. method - Specify the authentication method used.

tacacs - (Optional) Authentication by the built-in server group “tacacs”.

xtacacs - (Optional) Authentication by the built-in server group “xtacacs”.

Page 70

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

tacacs+ - (Optional) Authentication by the built-in server group “tacacs+”.

radius - (Optional) Authentication by the built-in server group “radius”.

server_group - (Optional) Authentication by the user-defined server group.

<string 15> - Enter the server group value here. This value can be up 15 characters long. local - (Optional) Authentication by local user account database in device. none - (Optional) No authentication.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure a user-defined method list for user login:

DES-3200-28/ME:admin#config authen_login method_list_name login_list_1 method tacacs+ tacacs local

Command: config authen_login method_list_name login_list_1 method tacacs+ tacacs local

Success.

DES-3200-28/ME:admin#

5-8 delete authen_login

Description

This command is used to delete a user-defined method list of authentication methods for user login.

Format

delete authen_login method_list_name <string 15>

Parameters

<string 15> - The user-defined method list name. This value can be up to 15 characters long.

Restrictions

Only Administrator-level users can issue this command.

Example

To delete a user-defined method list for user login:

DES-3200-28/ME:admin#delete authen_login method_list_name login_list_1 Command: delete authen_login method_list_name login_list_1

Success.

DES-3200-28/ME:admin#

Page 71

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

5-9 show authen_login

Description

This command is used to display the method list of authentication methods for user login.

Format

show authen_login [default | method_list_name <string 15> | all]

Parameters

default - Display default user-defined method list for user login. method_list_name - Display the specific user-defined method list for user login.

<string 15> - Enter the method list name here. This value can be up to 15 characters long.

all - Display all method lists for user login.

Restrictions

Only Administrator-level users can issue this command.

Example

To display a user-defined method list for user login:

DES-3200-28/ME:admin#show authen_login method_list_name login_list_1 Command: show authen_login method_list_name login_list_1

Method List Name Priority Method Name Comment

---------------- -------- --------------- -----------------login_list_1 1 tacacs+ Built-in Group 2 tacacs Built-in Group 3 mix_1 User-defined Group 4 local Keyword

DES-3200-28/ME:admin#

5-10 create authen_enable

Description

This command is used to create a user-defined method list of authentication methods for promoting user's privilege to Admin level.

Format

create authen_enable method_list_name <string 15>

Parameters

<string 15> - The user-defined method list name. This value can be up to 15 characters long.

Page 72

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command.

Example

To create a user-defined method list for promoting user's privilege to Admin level:

DES-3200-28/ME:admin#create authen_enable method_list_name enable_list_1 Command: create authen_enable method_list_name enable_list_1

Success.

DES-3200-28/ME:admin#

5-11 config authen_enable

Description

This command is used to configure a user-defined or default method list of authentication methods for promoting user's privilege to Admin level. The sequence of methods will affect the altercation result. For example, if the sequence is tacacs+ first, then tacacs and local_enable, when user try to promote user's privilege to Admin level, the authentication request will be sent to the first server host in tacacs+ built-in server group. If the first server host in tacacs+ group is missing, the authentication request will be sent to the second server host in tacacs+ group, and so on. If all server hosts in tacacs+ group are missing, the authentication request will be sent to the first server host in tacacs group…If all server hosts in tacacs group are missing, the local enable password in the device is used to authenticate this user’s password.

Format

config authen_enable [default | method_list_name <string 15>] method {tacacs | xtacac s | tacacs+ | radius | server_group <string 15> | local _enable | none}

Parameters

default - The default method list of authentication methods. method_list_name - The user-defined method list of authentication methods.

<string 15> Enter the method list name here. This value can be up to 15 characters long.

method - Specify the authentication method used.

tacacs - (Optional) Authentication by the built-in server group “tacacs”. xtacacs - (Optional) Authentication by the built-in server group “xtacacs”. tacacs+ - (Optional) Authentication by the built-in server group “tacacs+”. radius - (Optional) Authentication by the built-in server group “radius”. server_group - (Optional) Authentication by the user-defined server group.

<string 15> - Enter the server group name here. This value can be up to 15 characters

long.

local_enable - (Optional) Authentication by local enable password in device. none - (Optional) No authentication.

Restrictions

Only Administrator-level users can issue this command.

Page 73

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Example

To configure a user-defined method list for promoting user's privilege to Admin level:

DES-3200-28/ME:admin#config authen_enable method_list_name enable_list_1 method tacacs+ tacacs local_enable

Command: config authen_ enable method_list_name enable_list_1 method tacacs+ tacacs local_enable

Success.

DES-3200-28/ME:admin#

5-12 delete authen_enable

Description

This command is used to delete a user-defined method list of authentication methods for promoting user's privilege to Admin level.

Format

delete authen_enable method_list_name <string 15>

Parameters

<string 15> - The user-defined method list name. This value can be up to 15 characters long.

Restrictions

Only Administrator-level users can issue this command.

Example

To delete a user-defined method list for promoting user's privilege to Admin level:

DES-3200-28/ME:admin#delete authen_enable method_list_name enable_list_1 Command: delete authen_enable method_list_name enable_list_1

Success.

DES-3200-28/ME:admin#

5-13 show authen_enable

Description

This command is used to display the method list of authentication methods for promoting user's privilege to Admin level.

Format

show authen_enable [default | method_list_name <string 15> | all]

Page 74

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

default - Display default user-defined method list for promoting user's privilege to Admin level. method_list_name - Display the specific user-defined method list for promoting user's privilege

to Admin level.

<string 15> - Enter the method list name here. This value can be up to 15 characters long.

all - Display all method lists for promoting user's privilege to Admin level.

Restrictions

Only Administrator-level users can issue this command.

Example

To display all method lists for promoting user's privilege to Admin level:

DES-3200-28/ME:admin#show authen_enable method_list_name enable_list_1 Command: show authen_enable method_list_name enable_list_1

Method List Name Priority Method Name Comment

---------------- -------- --------------- -----------------enable_list_1 1 tacacs+ Built-in Group 2 tacacs Built-in Group 3 mix_1 User-defined Group 4 local Keyword

DES-3200-28/ME:admin#

5-14 config authen application

Description

This command is used to configure login or enable method list for all or the specified application.

Format

Parameters

console - Application: console. telnet - Application: telnet. ssh - Application: SSH. http - Application: web. all - Application: console, telnet, SSH, and web. login - Select the method list of authentication methods for user login. enable - Select the method list of authentication methods for promoting user's privilege to Admin

level.

default - Default method list. method_list_name - The user-defined method list name.

<string> - Enter the method list name here. This value can be up to 15 characters long.

Page 75

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command.

Example

To configure the login method list for telnet:

DES-3200-28/ME:admin#config authen application telnet login method_list_name login_list_1

Command: config authen application telnet login method_list_name login_list_1

Success.

DES-3200-28/ME:admin#

5-15 show authen application

Description

This command is used to display the login/enable method list for all applications.

Format

show authen application

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To display the login/enable method list for all applications:

DES-3200-28/ME:admin#show authen application Command: show authen application

Application Login Method List Enable Method List

----------- ----------------- -----------------Console default default Telnet login_list_1 default SSH default default HTTP default default

DES-3200-28/ME:admin#

Page 76

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

5-16 create authen server_group

Description

This command is used to create a user-defined authentication server group. The maximum supported number of server groups including built-in server groups is 8. Each group consists of 8 server hosts as maximum.

Format

create authen server_group <string 15>

Parameters

<string 15> - The user-defined server group name. This value can be up to 15 characters long.

Restrictions

Only Administrator-level users can issue this command.

Example

To create a user-defined authentication server group:

DES-3200-28/ME:admin#create authen server_group mix_1 Command: create authen server_group mix_1

Success.

DES-3200-28/ME:admin#

5-17 config authen server_group

Description

This command is used to add or remove an authentication server host to or from the specified server group. Built-in server group “tacacs”, “xtacacs”, “tacacs+”, “radius” accepts the server host with the same protocol only, but user-defined server group can accept server hosts with different protocols.

Format

Parameters

server_group - User-defined server group.

tacacs - Built-in server group “tacacs”. xtacacs - Built-in server group “xtacacs”. tacacs+ - Built-in server group “tacacs+”. radius - Built-in server group “radius”. <string 15> - Enter the server group name here. This value can be up to 15 characters long.

Page 77

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

add - Add a server host to a server group. delete - Remove a server host from a server group. server_host - Server host’s IP address.

<ipaddr> - Enter the server host IP address here.

protocol - Specify the authentication protocol used.

tacacs - Specify that the TACACS authentication protocol will be used. xtacacs - Specify that the XTACACS authentication protocol will be used. tacacs+ - Specify that the TACACS+ authentication protocol will be used. radius - Specify that the radius authentication protocol will be used.

Restrictions

Only Administrator-level users can issue this command.

Example

To add an authentication server host to an server group:

DES-3200-28/ME:admin#config authen server_group mix_1 add server_host

10.1.1.222 protocol tacacs+ Command: config authen server_group mix_1 add server_host 10.1.1.222 protocol

ta cacs+

Success.

DES-3200-28/ME:admin#

5-18 delete authen server_group

Description

This command is used to delete a user-defined authentication server group.

Format

delete authen server_group <string 15>

Parameters

<string 15> - The user-defined server group name. This value can be up to 15 characters long.

Restrictions

Only Administrator-level users can issue this command.

Example

To delete a user-defined authentication server group:

Page 78

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#delete authen server_group mix_1 Command: delete authen server_group mix_1

Success.

DES-3200-28/ME:admin#

5-19 show authen server_group

Description

This command is used to display the authentication server groups.

Format

show authen server_group {<string 15>}

Parameters

<string 15> - (Optional) The built-in or user-defined server group name. This value can be up to

15 characters long.

Restrictions

Only Administrator-level users can issue this command.

Example

To display all authentication server groups:

DES-3200-28/ME:admin#show authen server_group Command: show authen server_group

Group Name IP Address Protocol

--------------- --------------- -------mix_1 10.1.1.222 TACACS+

10.1.1.223 TACACS radius 10.1.1.224 RADIUS tacacs 10.1.1.225 TACACS tacacs+ 10.1.1.226 TACACS+ xtacacs 10.1.1.227 XTACACS

Total Entries : 5

DES-3200-28/ME:admin#

5-20 create authen server_host

Description

This command is used to create an authentication server host. When an authentication server host is created, IP address and protocol are the index. That means over 1 authentication protocol

Page 79

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

services can be run on the same physical host. The maximum supported number of server hosts is

16.

Format

create authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int 1-65535> | key [<key_string 254> | none] | timeout <int 1-255> | retransmit <int 1-20> }

Parameters

<ipaddr> - Enter the server host IP address. protocol - Specify the host's authentication protocol.

tacacs - Server host’s authentication protocol. xtacacs - Server host’s authentication protocol. tacacs+ - Server host’s authentication protocol. radius - Server host’s authentication protocol.

port - (Optional) The port number of authentication protocol for server host. Default value for

TACACS/XTACACS/TACACS+ is 49. Default value for RADIUS is 1812.

<int 1-65535> - Enter the authentication protocol port number here. This value must be

between 1 and 65535.

key - (Optional) The key for TACACS+ and RADIUS authentication. If the value is null, no

encryption will apply. This value is meaningless for TACACS and XTACACS.

<key_string 254> - Enter the TACACS+ or the RADIUS key here. This key can be up to 254

characters long.

none - No encryption for TACACS+ and RADIUS authentication. This value is meaningless

for TACACS and XTACACS.

timeout - (Optional) The time in second for waiting server reply. Default value is 5 seconds.

<int 1-255> - Enter the timeout value here. This value must be between 1 and 255 seconds.

retransmit - (Optional) The count for re-transmit. This value is meaningless for TACACS+.

Default value is 2.

<int 1-20> - Enter the re-transmit value here. This value must be between 1 and 20.

Restrictions

Only Administrator-level users can issue this command.

Example

To create a TACACS+ authentication server host, its listening port number is 15555 and timeout value is 10 seconds:

DES-3200-28/ME:admin#create authen server_host 10.1.1.222 protocol tacacs+ port 15555 timeout 10

Command: create authen server_host 10.1.1.222 protocol tacacs+ port 15555 timeout 10

Key is empty for TACACS+ or RADIUS. Success.

DES-3200-28/ME:admin#

Page 80

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

5-21 config authen server_host

Description

This command is used to configure an authentication server host.

Format

config authen server_host <ipaddr> protocol [tacacs | xtaca cs | tacacs+ | radius] {port <int 1-65535> | key [<key_string 254> | none ] | timeout <int 1-255> | retransmit <int 1-20>}

Parameters

<ipaddr> - Enter the server host IP address. protocol - Specify the server host's authentication protocol.

port - (Optional) The port number of authentication protocol for server host. Default value for

TACACS/XTACACS/TACACS+ is 49. Default value for RADIUS is 1812.

<int 1-65535> - Enter the port number here. This value must be between 1 and 65535.

key - (Optional) The key for TACACS+ and RADIUS authentication. If the value is null, no

encryption will apply. This value is meaningless for TACACS and XTACACS.

<key_string 254> - Enter the TACACS+ key here. This value can be up to 254 characters

long.

none - No encryption for TACACS+ and RADIUS authentication. This value is meaningless

for TACACS and XTACACS.

timeout - (Optional) The time in second for waiting server reply. Default value is 5 seconds.

<int 1-255> - Enter the timeout value here. This value must be between 1 and 255 seconds.

retransmit - (Optional) The count for re-transmit. This value is meaningless for TACACS+.

Default value is 2.

<int 1-20> - Enter the re-transmit value here. This value must be between 1 and 20.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure a TACACS+ authentication server host’s key value:

DES-3200-28/ME:admin#config authen server_host 10.1.1.222 protocol tacacs+ key "This is a secret."

Command: config authen server_host 10.1.1.222 protocol tacacs+ key "This is a secret."

Success.

DES-3200-28/ME:admin#

5-22 delete authen server_host

Description

This command is used to delete an authentication server host.

Page 81

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Format

delete authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

Parameters

<ipaddr> - Enter the server host's IP address. protocol - Specify that server host's authentication protocol.

Restrictions

Only Administrator-level users can issue this command.

Example

To delete an authentication server host:

DES-3200-28/ME:admin#delete authen server_host 10.1.1.222 protocol tacacs+ Command: delete authen server_host 10.1.1.222 protocol tacacs+

Success.

DES-3200-28/ME:admin#

5-23 show authen server_host

Description

This command is used to display the authentication server hosts.

Format

show authen server_host

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To display all authentication server hosts:

Page 82

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#show authen server_host Command: show authen server_host

IP Address Protocol Port Timeout Retransmit Key

--------------- -------- ----- ------- ---------- -------------------------

10.1.1.222 TACACS+ 15555 10 ------ This is a secret.

Total Entries : 1

DES-3200-28/ME:admin#

5-24 config authen parameter response_timeout

Description

This command is used to configure the amount of time waiting or user input on console, telnet, SSH application.

Format

config authen parameter response_timeout <int 0-255>

Parameters

<int 0-255> - The amount of time for user input on console or telnet or SSH. 0 means there is no

time out. This value must be between 0 and 255. Default value is 30 seconds.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure the amount of time waiting or user input to be 60 seconds:

DES-3200-28/ME:admin#config authen parameter response_timeout 60 Command: config authen parameter response_timeout 60

Success.

DES-3200-28/ME:admin#

5-25 config authen parameter attempt

Description

This command is used to configure the maximum attempts for user's trying to login or promote the privilege on console, telnet, SSH application.

Format

config authen parameter attempt <int 1-255>

Page 83

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

<int 1-255> - The amount of attempts for user's trying to login or promote the privilege on console

or telnet or SSH. This value must be between 1 and 255. Default value is 3.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure the maximum attempts for user's trying to login or promote the privilege to be 9:

DES-3200-28/ME:admin#config authen parameter attempt 9 Command: config authen parameter attempt 9

Success.

DES-3200-28/ME:admin#

5-26 show authen parameter

Description

This command is used to display the parameters of authentication.

Format

show authen parameter

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To display the parameters of authentication:

DES-3200-28/ME:admin#show authen parameter Command: show authen parameter

Response Timeout : 60 seconds User Attempts : 9

DES-3200-28/ME:admin#

Page 84

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

5-27 enable admin

Description

This command is used to enter the administrator level privilege. Promote the "user" privilege level to "admin" level. When the user enters this command, the authentication method tacacs, xtacacs, tacacs+, user-defined server groups, local_enable or none will be used to authenticate the user. Because TACACS, XTACACS and RADIUS don't support "enable" function in itself, if user wants to use either one of these 3 protocols to do enable authentication, user must create a special account on the server host first, which has a username "enable" and then configure its password as the enable password to support "enable" function.

This command can not be used when authentication policy is disabled.

Format

enable admin

Parameters

None.

Restrictions

None.

Example

To enable administrator lever privilege:

DES-3200-28/ME:puser#enable admin Command: enable admin

PassWord:****** Success.

DES-3200-28/ME:admin#

5-28 config admin local_enable

Description

This command is used to config the local enable password of administrator level privilege. When the user chooses the “local_enable” method to promote the privilege level, the enable password of local device is needed. When the password information is not specified in the command, the system will prompt the user to input the password interactively. For this case, the user can only input the plain text password. If the password is present in the command, the user can select to input the password in the plain text form or in the encrypted form. The encryption algorithm is based on SHA-I.

Format

config admin local_enable {encrypt [plain_text | sha_1] <password>}

Page 85

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Parameters

encrypt - (Optional) Specify the password form.

plain_text - Specify the password in plain text form. sha_1 - Specify the password in SHA-1 encrypted form.

<password> - (Optional) The password for promoting the privilege level. The length for a

password in plain-text form and SHA-1 encrypted form are different. plain-text: Passwords can be from a minimum of 0 to a maximum of 15 characters. SHA-1: The length of Encrypted passwords is fixed to 35 bytes longand the password is case-

sensitive.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure the administrator password:

DES-3200-28/ME:admin#config admin local_enable Command: config admin local_ebable

Enter the old password: Enter the case-sensitive new password:****** Enter the new password again for confirmation:****** Success.

DES-3200-28/ME:admin#

Page 86

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Chapter 6

Access Control List (ACL) Command List

create access_profile profile_id <value 1-4> profile_name <name 32> [ethernet {vlan {<hex 0x0-

0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac <macmask000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip { vlan {<hex 0x0-0x0fff>} | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code } | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex 0x0-0xffffffff>}]} | packet_content_mask {offset_chunk_1 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31> <hex 0x00xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>} | ipv6 {class | flowlabel | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask> | [tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code}]}]

delete access_profile [profile_id <value 1-4> | profile_name <name 32> | all] config access_profile [profile_id <value 1-4> | profile_name <name 32>] [add access_id

[auto_assign | <value 1-256>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac <macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>} | ip {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-0x0fff>} | source_ip <ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>} | dscp <value 0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-255>} | tcp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>} | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535> {mask <hex 0x00xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id <value 0-255> {user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}]} | packet_content {offset_chunk_1 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_2 <hex 0x00xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_3 <hex 0x0-0xffffffff> {mask <hex 0x00xffffffff>} | offset_chunk_4 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}} | ipv6 {class <value 0-255> | flowlabel <hex 0x0-0xfffff> | source_ipv6 <ipv6addr> {mask <ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>} | [tcp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | udp {src_port <value 065535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | icmp {type<value 0-255> | code <value 0-255>}]}] [ port [<portlist> | all] | vlan_based [vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]] [permit {priority <value 0-7> {replace_priority} | [replace_dscp_with <value 0-63> | replace_tos_precedence_with <value 0-7>] | counter[enable | disable]} | mirror | deny] {time_range <range_name 32>} | delete access_id <value1-256>]

show access_profile {[profile_id <value 1-4> | profile_name <name 32>]} config flow_meter [profile_id <value 1-4> | profile_name <name 32>] access_id <value 1-256>

[rate [<value 1-1048576>] {burst_size [<value 1-262144>]} rate_exceed [drop_packet | remark_dscp <value 0-63>] | tr_tcm cir <value 1-1048576> {cbs <value 1-262144>} pir <value 1-1048576> {pbs <value 1-262144>} {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | sr_tcm cir <value 1-1048576> cbs <value 1-262144> ebs <value 1-262144> {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | delete]

show flow_meter {[profile_id <value 1-4> | profile_name <name 32>] {access_id <value 1-256>}} config time_range <range_name 32> [hours start_time <time hh:mm:ss> end_time <time

Page 87

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

hh:mm:ss> weekdays <daylist> | delete]

show time_range show current_config access_profile

6-1 create access_profile

Description

This command is used to create access control list profiles.

When creating ACL, each profile can have 256 rules/access IDs. However, when creating ACL type as Ethernet or IPv4 at the first time, 62 rules are reserved for the system. In this case, only

194 rules are available to configure. You can use the show access_prfile command to see the

available rules.

Support for field selections can have additional limitations that are project dependent.

For example, for some hardware, it may be invalid to specify a destination and source IPv6 address at the same time. The user will be prompted with these limitations.

The Switch supports the following profile types:

1. MAC DA, MAC SA, Ethernet Type, Outer VLAN Tag

2. Outer VLAN Tag, Source IPv4, Destination IPv4, DSCP, Protocol ID, TCP/UDP Source Port, TCP/UDP Destination Port, ICMP type/code, IGMP type, TCP flags

3. Source IPv6 Address, Class, Flow Label, IPv6 Protocol (Next Header)

4. Destination IPv6 Address, Class, Flow Label, IPv6 Protocol (Next Header)

5. Class, Flow Label, IPv6 Protocol (Next Header), TCP/UDP source port, TCP/UDP destination port, ICMP type/code, Outer VLAN Tag

6. Packet Content, Outer VLAN Tag

7. MAC SA, Ethernet Type, Source IPv4/ARP sender IP, Outer VLAN Tag

8. LLC Header/SNAP Header, Outer VLAN Tag

9. Source IPv6 Address, Class, IPv6 Protocol (Next Header), Outer VLAN Tag

10. Destination IPv6 Address, Class, IPv6 Protocol (Next Header), Outer VLAN Tag

Note: Profile Types 7 and 8 are not user configurable. Only system applications are allowed to create

this type of profiles.

Format

create access_profile profile_id <value 1-4> profile_name <name 32> [ethernet {vlan {<hex 0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac <macmask000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip { v l an {<hex 0x0-0x0fff>} | source_ip_mask <netmask> | destination_ip_mask <n etmask> | dscp | [icmp {type | code } | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex 0x0-0xffffffff>}]} | packet_content_mask {offset_chunk_1 <value 0-31> <hex 0x00xffffffff> | offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | o ffset_chunk_3 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0x f fffffff>} | ipv6 {class |

Page 88

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

flowlabel | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask> | [tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code}]}]

Parameters

profile_id - Specify the index of the access list profile.

<value 1-4> - Enter the profile ID here. This value must be between 1 and 4.

profile_name - The name of the profile must be specified. The maximum length is 32 characters.

<name 32> - Enter the profile name here.

ethernet - Specify this is an ethernet mask.

vlan - (Optional) Specify a VLAN mask. Only the last 12 bits of the mask will be considered.

<hex 0x0-0x0fff> - Enter the VLAN mask value here.

source_mac - (Optional) Specify the source MAC mask.

<macmask> - Enter the source MAC address used here.

destination_mac - (Optional) Specify the destination MAC mask.

<macmask> - Enter the destination MAC address used here.

802.1p - (Optional) Specify the 802.1p priority tag mask. ethernet_type - (Optional) Specify the Ethernet type mask.

ip - Specify this is a IPv4 mask.

vlan - (Optional) Specify a VLAN mask. Only the last 12 bits of the mask will be considered.

<hex 0x0-0x0fff> -Enter the VLAN mask value here.

source_ip_mask - (Optional) Specify a source IP address mask.

<netmask> - Enter the source IP address mask here.

destination_ip_mask - (Optional) Specify a destination IP address mask.

<netmask> - Enter the destination IP address mask here. dscp - (Optional) Specify the DSCP mask. icmp - (Optional) Specify that the rule applies to ICMP traffic.

type - Specify the type of ICMP traffic.

code - Specify the code of ICMP traffic igmp - (Optional) Specify that the rule applies to IGMP traffic.

type - Specify the type of IGMP traffic. tcp - (Optional) Specify that the rule applies to TCP traffic.

src_port_mask - (Optional) Specify the TCP source port mask.

<hex 0x0-0xffff> - Enter the TCP source port mask here.

dst_port_mask - (Optional) Specify the TCP destination port mask.

<hex 0x0-0xffff> - Enter the TCP destination port mask here.

flag_mask - (Optional) Specify the TCP flag field mask.

all – Specify that all the flags will be used for the TCP mask. urg – (Optional) Specify that the TCP flag field will be set to ‘urg’. ack - (Optional) Specify that the TCP flag field will be set to ‘ack’. psh - (Optional) Specify that the TCP flag field will be set to ‘psh’. rst - (Optional) Specify that the TCP flag field will be set to ‘rst’. syn - (Optional) Specify that the TCP flag field will be set to ‘syn’. fin - (Optional) Specify that the TCP flag field will be set to ‘fin’.

udp - (Optional) Specify that the rule applies to UDP traffic.

src_port_mask - (Optional) Specify the UDP source port mask.

<hex 0x0-0xffff> - Enter the UDP source port mask here.

dst_port_mask - (Optional) Specify the UDP destination port mask.

<hex 0x0-0xffff> - Enter the UDP destination port mask here.

protocol_id_mask - (Optional) Specify that the rule applies to IP protocol ID traffic.

<0x0-0xff> - Enter the protocol ID mask here.

user_define_mask - (Optional) Specify that the rule applies to the IP protocol ID, and that

the mask option behind the IP header length is 4 bytes.

<hex 0x0-0xffffffff> - Enter a user-defined mask value here.

packet_content_mask - Specify the packet content mask. Only one packet_content_mask

profile can be created.

offset_chunk_1 - (Optional) Specify that the offset chunk 1 will be used.

Page 89

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

<value 0-31> - Enter the offset chunk 1 value here. This value must be between 0 and 31.

<hex 0x0-0xffffffff> - Enter the offset chunk 1 mask here. offset_chunk_2 - (Optional) Specify that the offset chunk 2 will be used.

<value 0-31> - Enter the offset chunk 2 value here. This value must be between 0 and 31.

<hex 0x0-0xffffffff> - Enter the offset chunk 2 mask here. offset_chunk_3 - (Optional) Specify that the offset chunk 3 will be used.

<value 0-31> - Enter the offset chunk 3 value here. This value must be between 0 and 31.

<hex 0x0-0xffffffff> - Enter the offset chunk 3 mask here. offset_chunk_4 - (Optional) Specify that the offset chunk 4 will be used.

<value 0-31> - Enter the offset chunk 4 value here. This value must be between 0 and 31.

<hex 0x0-0xffffffff> - Enter the offset chunk 4 mask here.

ipv6 - Specify this is the IPv6 mask.

class - (Optional) Specify the IPv6 class. flowlabel - (Optional) Specify the IPv6 flow label. source_ipv6_mask - (Optional) Specify an IPv6 source sub-mask.

<ipv6mask> - Enter the source IPv6 mask value here. destination_ipv6_mask - (Optional) Specify an IPv6 destination sub-mask.

<ipv6mask> -Enter the destination IPv6 mask value here. tcp - (Optional) Specify that the rule applies to TCP traffic.

src_port_mask - (Optional) Specify an IPv6 TCP source port mask.

<hex 0x0-0xffff> - Enter the TCP source port mask value here.

dst_port_mask - (Optional) Specify an IPv6 TCP destination port mask.

<hex 0x0-0xffff> - Enter the TCP destination port mask value here.

udp - (Optional) Specify that the rule applies to UDP traffic.

src_port_mask - Specify the UDP source port mask.

<hex 0x0-0xffff> - Enter the UDP source port mask value here.

dst_port_mask - Specify the UDP destination port mask.

<hex 0x0-0xffff> - Enter the UDP destination port mask value here.

icmp - (Optional) Specify a mask for ICMP filtering.

type - (Optional) Specify the inclusion of the ICMP type field in the mask.

code - (Optional) Specify the inclusion of the ICMP code field in the mask.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To create three access profiles:

Page 90

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#create access_profile profile_id 1 profile_name t1 ethernet vlan source_mac 00-00-00-00-00-01 destination_mac 00-00-00-00-00-02

802.1p ethernet_type Command: create access_profile profile_id 1 profile_name 1 ethernet vlan

source_mac 00-00-00-00-00-01 destination_mac 00-00-00-00-00-02 802.1p ethernet_type

Success.

DES-3200-28P:admin#create access_profile profile_id 2 profile_name 2 ip vlan source_ip_mask 20.0.0.0 destination_ip_mask 10.0.0.0 dscp icmp type code

Command: create access_profile profile_id 2 profile_name t2 ip vlan source_ip_mask 20.0.0.0 destination_ip_mask 10.0.0.0 dscp icmp type code

Success.

DES-3200-28P:admin#create access_profile profile_id 4 profile_name 4 packet_content_mask offset_chunk_1 3 0xFFFF offset_chunk_2 5 0xFF00 offset_chunk_3 14 0xFFFF0000 offset_chunk_4 16 0xFF000000

Command: create access_profile profile_id 4 profile_name 4 packet_content_mask offset_chunk_1 3 0xFFFF offset_chunk_2 5 0xFF00 offset_chunk_3 14 0xFFFF0000 offset_chunk_4 16 0xFF000000

Success.

DES-3200-28/ME:admin#

6-2 delete access_profile

Description

This command is used to delete access list profiles. This command can only delete profiles that were created using the ACL module.

Format

delete access_profile [profile_id <value 1-4> | profile_name <name 32> | all]

Parameters

profile_id - Specify the index of the access list profile.

<value 1-4> - Enter the profile ID value here. This value must be between 1 and 4.

profile_name - Specify the name of the profile.

<name 32> - Enter the profile name.. The maximum length is 32 characters.

all - Specify that the whole access list profile will be deleted.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To delete the access list rule with a profile ID of 1:

Page 91

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

DES-3200-28/ME:admin#delete access_profile profile_id 1 Command: delete access_profile profile_id 1

Success.

DES-3200-28/ME:admin#

6-3 config access_profile

Description

This command is used to configure an access list entry. The ACL mirror function works after the mirror has been enabled and the mirror port has been configured using the mirror command.

When applying an access rule to a target, the setting specified in the VLAN field will not take effect if the target is a VLAN.

Format

config access_profile [profile_id <value 1-4> | profile_name <name 32>] [add acces s_id [auto_assign | <value 1-256>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac <macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>} | ip {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-0x0fff>} | source_ip <ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>} | dscp <value 063> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <v alue 0-255>} | tcp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>} | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id <value 0-255> {user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}]} | packet_content {offset_chunk_1 <hex 0x0-0xffffffff> {mask <hex 0x0-0x ffffffff>} | offset_chunk_2 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_3 <hex 0x00xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_4 <hex 0x0-0xffffffff> {mask <hex 0x00xffffffff>}} | ipv6 {class <value 0-255> | flowlabel <hex 0x0-0xfffff> | source_ipv6 <ipv6addr> {mask <ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>} | [tcp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | udp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | ds t_port <value 0-65535> {mask <hex 0x0-0xffff>}} | icmp {type<value 0-255> | code <v alue 0-255>}]}] [ port [<portlist> | all] | vlan_based [vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]] [permit {priority <value 0-7> {replace_priority} | [replace_dscp_with <value 0-63> | replace_tos_precedence_with <value 0-7>] | counter[enable | disable]} | mirror | deny] {time_range <range_name 32>} | dele te access_id <value1-256>]

Parameters

profile_id - Specify the index of the access list profile.

<value 1-4> - Enter the profile ID value here. This value must be between 1 and 4.

profile_name - Specify the name of the profile.

<name 32> - Enter the profile name here. This name can be up to 32 characters long.

add - Specify that a profile or a rule will be added. access_id - Specify the index of the access list entry. The value range is 1-256, but the

supported maximum number of entries depends on the project. If the auto_assign option is selected, the access ID is automatically assigned, when adding multiple ports.

Page 92

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

auto_assign - Specify that the access ID will automatically be assigned. <value 1-256> - Enter the access ID used here. This value must be between 1 and 256.

ethernet - Specify to configure the ethernet access profile.

vlan - (Optional) Specify the VLAN name.

<vlan_name 32> - Enter the name of the VLAN here. This name can be up to 32

characters long.

vlan_id - (Optional) Specify the VLAN ID used.

<vlanid 1-4094> - Enter the VLAN ID used here. This value must be between 1 and 4094.

mask - (Optional) Specify an additional mask parameter that can be configured.

<hex 0x0-0x0fff> - Enter the mask value here.

source_mac - (Optional) Specify the source MAC address.

<macaddr> - Enter the source MAC address used for this configuration here.

mask - (Optional) Specify an additional mask parameter that can be configured.

<macmask> - Enter the source MAC mask used here.

destination_mac - (Optional) Specify the destination MAC address.

<macaddr> - Enter the destination MAC address used for this configuration here.

mask - (Optional) Specify an additional mask parameter that can be configured.

<macmask> - Enter the destination MAC mask here.

802.1p - (Optional) Specify the value of the 802.1p priority tag.

<value 0-7> - Enter the 802.1p priority tag value. The priority tag ranges from 1 to 7. ethernet_type - (Optional) Specify the Ethernet type.

<hex 0x0-0xffff> - Enter the Ethernet type mask here.

ip - Specify to configure the IP access profile.

vlan - (Optional) Specify a VLAN name.

<vlan_name 32> - Enter the name of the VLAN here. This name can be up to 32

characters long.

vlan_id - (Optional) Specify that VLAN ID used.

<vlanid 1-4094> - Enter the VLAN ID used here. This value must be between 1 and 4094.

mask – (Optional) Specify an additional mask parameter that can be configured.

<hex 0x0-0x0fff> - Enter the mask value here.

source_ip - (Optional) Specify an IP source address.

<ipaddr> - Enter the source IP address used for this configuration here.

mask - (Optional) Specify an additional mask parameter that can be configured.

<netmask> - Enter the source netmask used here.

destination_ip - (Optional) Specify an IP destination address.

<ipaddr> - Enter the destination IP address used for this configuration here.

mask - (Optional) Specify an additional mask parameter that can be configured.

<netmask> - Enter the destination netmask used here.

dscp - (Optional) Specify the value of DSCP. The DSCP value ranges from 0 to 63.

<value 0-63> - Enter the DSCP value here. icmp - (Optional) Specify to configure the ICMP parameters.

type - (Optional) Specify that the rule will apply to the ICMP Type traffic value.

<value 0-255> - Enter the ICMP type traffic value here. This value must be between 0

and 255.

code - (Optional) Specify that the rule will apply to the ICMP Code traffic value.

<value 0-255> - Enter the ICMP code traffic value here. This value must be between 0

and 255.

igmp - (Optional) Specify to configure the IGMP parameters.

type - (Optional) Specify that the rule will apply to the IGMP Type traffic value.

<value 0-255> - Enter the IGMP type traffic value here. This value must be between 0

and 255.

tcp - Specify to configure the TCP parameters.

src_port - (Optional) Specify that the rule will apply to a range of TCP source ports.

<value 0-65535> - Enter the TCP source port value here. This value must be between

0 and 65535.

mask - (Optional) Specify an additional mask parameter that can be configured.

<hex 0x0-0xffff> - Enter the source port mask here.

dst_port - (Optional) Specify that the rule will apply to a range of TCP destination ports.

<value 0-65535> - Enter the TCP destination port value here. This value must be

between 0 and 65535.

Page 93

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

mask - (Optional) Specify an additional mask parameter that can be configured.

<hex 0x0-0xffff> - Enter the destination port mask here.

flag - (Optional) Specify the TCP flag fields.

all - Specify that all the TCP flags will be used in this configuration. urg - (Optional) Specify that the TCP flag field will be set to 'urg'. ack - (Optional) Specify that the TCP flag field will be set to 'ack'. psh - (Optional) Specify that the TCP flag field will be set to 'psh'. rst - (Optional) Specify that the TCP flag field will be set to 'rst'. syn - (Optional) Specify that the TCP flag field will be set to 'syn'. fin - (Optional) Specify that the TCP flag field will be set to 'fin'.

udp - Specify to configure the UDP parameters.

src_port - (Optional) Specify the UDP source port range.

<value 0-65535> - Enter the UDP source port value here. This value must be between

0 and 65535.

mask - (Optional) Specify an additional mask parameter that can be configured.

<hex 0x0-0xffff> - Enter the source port mask here.

dst_port - (Optional) Specify the UDP destination port range.

<value 0-65535> - Enter the UDP destination port value here. This value must be

between 0 and 65535.

mask - (Optional) Specify an additional mask parameter that can be configured.

<hex 0x0-0xffff> - Enter the destination port mask here.

protocol_id - Specify that the rule will apply to the value of IP protocol ID traffic.

<value 0-255> - Enter the protocol ID used here.

user_define - (Optional) Specify that the rule will apply to the IP protocol ID and that the

mask options behind the first 4 bytes of the IP payload.

<hex 0x0-0xffffffff> - Enter the user-defined mask value here. mask - Specify an additional mask parameter that can be configured.

<hex 0x0-0xffffffff> - Enter the mask value here.

packet_content - A maximum of 4 offsets can be specified. Each offset defines 4 bytes of data

which is identified as a single UDF field.

offset_chunk_1 – (Optional) Specify the value of the packet bytes to be matched. Offset

chunk 1 will be used.

<hex 0x0-0xffffffff> - Enter the offset chunk 1 mask here. offset_chunk_2 - (Optional) Specify the value of the packet bytes to be matched. Offset

chunk 2 will be used.

<hex 0x0-0xffffffff> - Enter the offset chunk 2 mask here. offset_chunk_3 - (Optional) Specify the value of the packet bytes to be matched. Offset

chunk 3 will be used.

<hex 0x0-0xffffffff> - Enter the offset chunk 3 mask here. offset_chunk_4 - (Optional) Specify the value of the packet bytes to be matched. Offset

chunk 4 will be used.

<hex 0x0-0xffffffff> - Enter the offset chunk 4 mask here.

ipv6 - Specify that the rule applies to IPv6 fields.

class - (Optional) Specify the value of the IPv6 class.

<value 0-255> - Enter the IPv6 class value here. This value must be between 0 and 255. flowlabel - (Optional) Specify the value of the IPv6 flow label.

<hex 0x0-0xffff> - Enter the IPv6 flow label mask used here. source_ipv6 - (Optional) Specify the value of the IPv6 source address.

<ipv6addr> - Enter the source IPv6 address used for this configuration here.

mask - (Optional) Specify an additional mask parameter that can be configured.

<ipv6mask> - Enter the source IPv6 mask here.

destination_ipv6 - (Optional) Specify the value of the IPv6 destination address.

<ipv6addr> - Enter the destination IPv6 address used for this configuration here.

mask - (Optional) Specify an additional mask parameter that can be configured.

<ipv6mask> - Enter the destination IPv6 mask here. tcp - (Optional) Specify to configure the TCP parameters.

src_port - Specify the value of the IPv6 Layer 4 TCP source port.

<value 0-65535> - Enter the TCP source port value here. This value must be between

0 and 65535.

mask - Specify an additional mask parameter that can be configured.

Page 94

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

<hex 0x0-0xffff> - Enter the TCP source port mask value here.

dst_port - (Optional) Specify the value of the IPv6 Layer 4 TCP destination port.

<value 0-65535> - Enter the TCP destination port value here. This value must be

between 0 and 65535.

mask - Specify an additional mask parameter that can be configured.

<hex 0x0-0xffff> - Enter the TCP destination port mask value here.

udp - (Optional) Specify to configure the UDP parameters.

src_port - Specify the value of the IPv6 Layer 4 UDP source port.

<value 0-65535> - Enter the UDP source port value here. This value must be between

0 and 65535.

mask - Specify an additional mask parameter that can be configured.

<hex 0x0-0xffff> - Enter the UDP source port mask value here.

dst_port - Specify the value of the IPv6 Layer 4 UDP destination port.

<value 0-65535> - Enter the UDP destination port value here. This value must be

between 0 and 65535.

mask - Specify an additional mask parameter that can be configured.

<hex 0x0-0xffff> - Enter the UDP destination port mask value here.

icmp - (Optional) Specify to configure the ICMP parameters used.

type - (Optional) Specify that the rule applies to the value of ICMP type traffic.

<value 0-255> - Enter the ICMP type traffic value here. This value must be between 0

and 255.

code - (Optional) Specify that the rule applies to the value of ICMP code traffic.

<value 0-255> - Enter the ICMP code traffic value here. This value must be between 0

and 255.

port - Specify the port list used for this configuration.

<portlist> - Enter a list of ports used for the configuration here. all - Specify that all the ports will be used for this configuration. vlan_based - Specify that the rule will be VLAN based.

vlan - Specify the VLAN name used for this configuration.

<vlan_name> - Enter the VLAN name used for this configuration here.

vlan_id - Specify the VLAN ID used for this configuration.

<vlanid 1-4094> - Enter the VLAN ID used here. This value must be between 1 and

4094.

permit - Specify that packets matching the access rule are permitted by the Switch.

priority - (Optional) Specify that the priority of the packet will change if the packet matches

the access rule.

<value 0-7> - Enter the priority value here. This value must be between 0 and 7.

replace_priority - (Optional) Specify that the 802.1p priority of the outgoing packet will be

replaced.

replace_dscp_with - (Optional) Specify that the DSCP of the outgoing packet is changed with

the new value. If using this action without an action priority, the packet will be sent to the

default TC.

<value 0-63> - Enter the replace DSCP with value here. This value must be between 0

and 63.

replace_tos_precedence_with - (Optional) Specify that the IP precedence of the outgoing

packet is changed with the new value. If used without an action priority, the packet is sent

to the default TC.

<value 0-7> - Enter the replace ToS precedence with value here. This value must be

between 0 and 7.

counter - (Optional) Specify whether the ACL counter feature is enabled or disabled. This

parameter is optional. The default option is disabled. If the rule is not bound with the

flow_meter, all matching packets are counted. If the rule is bound with the flow_meter, then

the “counter” is overridden.

enable - Specify that the ACL counter feature will be enabled.

disable - Specify that the ACL counter feature will be disabled.

mirror - Specify that packets matching the access rules are copied to the mirror port. deny - Specify that packets matching the access rule are filtered by the Switch. time_range - (Optional) Specify the name of the time range entry.

<range_name 32> - Enter the time range name here. This name can be up to 32 characters

long.

Page 95

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

delete - Specify that a profile or a rule will be deleted. access_id - Specify the index of the access list entry. The value range is 1-256, but the

supported maximum number of entries depends on the project.

<value 1-256> - Enter the access ID used here. This value must be between 1 and 256.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Example

To configure a rule entry for a packet content mask profile:

DES-3200-28/ME:admin#config access_profile profile_id 3 add access_id auto_assign packet_content offset_chunk_3 0xF0 port all deny

Command: config access_profile profile_id 3 add access_id auto_assign packet_content offset_chunk_3 0xF0 port all deny

Success.

DES-3200-28/ME:admin#

6-4 show access_profile

Description

This command is used to display the current access list table.

Format

show access_profile {[profile_id <value 1-4> | profile_name <name 32>]}

Parameters

profile_id - (Optional) Specify the index of the access list profile.

<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.

profile_name - (Optional) Specify the name of the profile.

<name 32> - Enter the profile name used here. This name can be up to 32 characters long.

Restrictions

None.

Example

To display the current access list table:

DES-3200-28/ME:admin#show access_profile Command: show access_profile

Access Profile Table

Total User Set Rule Entries : 4

Page 96

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Total Used HW Entries : 128 Total Available HW Entries : 896

============================================================================== Profile ID: 1 Profile name: EtherACL Type: Ethernet

MASK on VLAN : 0xFFF

802.1p Ethernet Type

Available HW Entries : 193

-----------------------------------------------------------------------------Rule ID : 1 Ports: 1

Match on VLAN ID : 1

802.1p : 0 Ethernet Type : 0xFFFE

Action: Permit

==============================================================================

============================================================================== Profile ID: 2 Profile name: IPv4ACL Type: IPv4

MASK on VLAN : 0xFFF DSCP ICMP

Available HW Entries : 193

-----------------------------------------------------------------------------Rule ID : 1 Ports: 2

Match on VLAN ID : 1 DSCP : 0

Action: Permit

==============================================================================

============================================================================== Profile ID: 3 Profile name: IPv6ACL Type: IPv6

MASK on Class TCP

Page 97

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Available HW Entries : 255

-----------------------------------------------------------------------------Rule ID : 1 Ports: 3

Match on Class : 0

Action: Permit

==============================================================================

============================================================================== Profile ID: 4 Profile name: PCACL Type: User Defined

MASK on offset_chunk_1 : 0 value : 0x00000000 offset_chunk_2 : 1 value : 0x00000000 offset_chunk_3 : 2 value : 0x00000000 offset_chunk_4 : 3 value : 0x00000000

Available HW Entries : 255

-------------------------------------------------------------------------------

Rule ID : 1 Ports: 4

Match on offset_chunk_1 : 0 value : 0x0000FFEE Mask : 0x0000FFEE

Action: Permit Priority : 1 Replace DSCP : 1

==============================================================================

DES-3200-28/ME:admin#

The following example displays an access profile that supports an entry mask for each rule:

DES-3200-28/ME:admin#show access_profile profile_id 2 Command: show access_profile profile_id 2

Access Profile Table

Profile ID: 2 Profile Name: 2 Type : Ethernet Mask on VLAN : 0xF Source MAC : FF-FF-FF-00-00-00 Destination MAC : 00-00-00-FF-FF-FF Available HW Entries: 255

-------------------------------------------------------------------------------

Page 98

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

Rule ID : 22 Ports: 1-7 Match on VLAN ID : 8 Mask : 0xFFF Source MAC : 00-01-02-03-04-05 Mask : FF-FF-FF-FF-FF-FF Destination MAC :00-05-04-03-02-00 Mask : FF-FF-FF-FF-FF-00 Action: Deny

DES-3200-28/ME:admin#

The following example displays the packet content mask profile for the profile with an ID of 4:

DES-3200-28/ME:admin#show access_profile profile_id 4 Command: show access_profile profile_id 4

Access Profile Table

Profile ID: 4 Profile name:4 Type: User Defined

MASK on offset_chunk_1 : 3 value : 0x0000FFFF offset_chunk_2 : 5 value : 0x0000FF00 offset_chunk_3 : 14 value : 0xFFFF0000 offset_chunk_4 : 16 value : 0xFF000000

Available HW Entries : 255

-------------------------------------------------------------------------------

Rule ID : 1 Ports: 1-2

Match on offset_chunk_1 : 3 value : 0x000086DD offset_chunk_2 : 5 value : 0x00003A00 offset_chunk_3 : 14 value : 0x86000000

Action: Deny

DES-3200-28/ME:admin#

6-5 config flow_meter

Description

This command is used to configure the flow-based metering function. The metering function supports three modes: single rate two color, single rate three color, and two rate three color. The access rule must be created before the parameters of this function can be applied.

For the single rate two color mode, users may set the preferred bandwidth for this rule, in Kbps, and once the bandwidth has been exceeded, overflowing packets will either be dropped or have a drop precedence set, depending on the user configuration.

Page 99

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

For single rate three color mode, users need to specify the committed rate, in Kbps, the committed burst size, and the excess burst size.

For the two rate three color mode, users need to specify the committed rate in Kbps, the committed burst size, the peak rate and the peak burst size.

There are two cases for mapping the color of a packet: Color-blind mode and Color-aware mode. In the Color-blind case, the determination for the packet’s color is based on the metering result. In the Color-aware case, the determination for the packet’s color is based on the metering result and the ingress DSCP.

When color-blind or color-aware is not specified, color-blind is the default mode.

The green color packet will be treated as the conforming action, the yellow color packet will be treated as the exceeding action, and the red color packet will be treated as the violating action.

The replace DSCP action can be performed on packets that conform (GREEN) and packets that do not conform (YELLOW and RED). If drop YELLOW/RED is selected, the action to replace the DSCP will not take effect.

Format

config flow_meter [profile_id <value 1-4> | profile_name <name 32>] access_id <value 1256> [rate [<value 1-1048576>] {burst_size [<value 1-262144>]} rate_exceed [drop_packet | remark_dscp <value 0-63>] | tr_tcm cir <value 1-1048576> {cbs <value 1-262144>} pir <value 1-1048576> {pbs <value 1-262144>} {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | sr_tcm cir <value 1-1048576> cbs <value 1-262144> ebs <value 1-262144> {[color_blind | color_aware]} {conform [permit | replace_dscp <value 063>] {counter [enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | delete]

Parameters

profile_id - Specify the profile ID.

<value 1-4> - Enter the profile ID here. This value must be between 1 and 4.

profile_name - Specify the name of the profile. The maximum length is 32 characters.

<name 32> - Enter the profile name used here.

access_id - Specify the access ID.

<value 1-256> - Enter the access ID used here. This value must be between 1 and 256.

rate - This specifies the rate for single rate two color mode. Specify the committed bandwidth in

Kbps for the flow. The value m and n are determined by the project.

<value 1-1048576> - Enter the rate for single rate two color mode here. This value must be

between 1 and 1048576.

burst_size - (Optional) This specifies the burst size for the single rate two color mode. The unit is

Kbytes.

<value 1-262144> - Enter the burst size value here. This value must be between 1 and

262144.

rate_exceed - This specifies the action for packets that exceeds the committed rate in single

rate, two color mode.

drop_packet - Drop the packet immediately. remark_dscp - Mark the packet with a specified DSCP. The packet is set to have a high drop

precedence.

<value 0-63> - Enter the remark DSCP value here. This value must be between 0 and 63.

tr_tcm - Specify the “two rate three color mode”.

Page 100

xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

cir - Specify the Committed Information Rate. The unit is in Kbps. CIR should always be equal

or less than PIR.

<value 1-1048576> - Enter the commited information rate value here. This value must be

between 1 and 1048576.

cbs - (Optional) Specify the “Committed Burst Size”. The unit is Kbytes. That is to say, 1

means 1Kbytes. This parameter is an optional parameter. The default value is 4*1024.

<value 1-262144> - Enter the commited burst size value here. This value must be between

1 and 262144.

pir - Specify the “Peak Information Rate”. The unit is in Kbps. PIR should always be equal to

or greater than CIR.

<value 1-1048576> - Enter the peak information rate value here. This value must be

between 1 and 1048576.

pbs - (Optional) Specify the “Peak Burst Size”. The unit is in Kbytes. This parameter is an

optional parameter. The default value is 4*1024.

<value 1-262144> - Enter the peak burst size value here. This value must be between 1

and 262144.

color_blind - (Optional) Specify the meter mode as color-blind. The default is color-blind

mode.

color_aware - (Optional) Specify the meter mode as color-aware. The final color of the packet

is determined by the initial color of the packet and the metering result.

conform - (Optional) Specify the action when a packet is mapped to the “green” color.

permit - Permits the packet.

replace_dscp - Changes the DSCP of the packet.

<value 0-63> - Enter the replace DSCP value here. This value must be between 0 and

63.

counter - (Optional) Specify the ACL counter. This is optional. The default is “disable”. The

resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.

enable - Specify that the ACL counter option will be enabled. disable - Specify that the ACL counter option will be disabled.

exceed - Specify the action when a packet is mapped to the “yellow” color.

permit - Permits the packet.

replace_dscp - (Optional) Changes the DSCP of the packet.

<value 0-63> - Enter the replace DSCP value here. This value must be between 0 and

63.

drop - Drops the packet.

counter - (Optional) Specify the ACL counter. This is optional. The default is “disable”. The

resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.

enable - Specify that the ACL counter option will be enabled. disable - Specify that the ACL counter option will be disabled.

violate - Specify the action when a packet is mapped to the “red” color.

permit - Permits the packet.

replace_dscp - (Optional) Changes the DSCP of the packet.

<value 0-63> - Enter the replace DSCP value here. This value must be between 0 and

63.

drop - Drops the packet.

counter - (Optional) Specify the ACL counter. This is optional. The default is “disable”. The

resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.

enable - Specify that the ACL counter option will be enabled. disable - Specify that the ACL counter option will be disabled.

delete - Deletes the specified flow_meter.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

D-Link DES-3200 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

1-1 Accessing the Switch via the Serial Port

1-2 Setting the Switch’s IP Address

1-3 Command Syntax Symbols

1-4 Line Editing Keys

2-1 show session

Description

Format

Parameters

Restrictions

Example

2-2 show serial_port

Description

Format

Parameters

Restrictions

Example

2-3 config serial_port

Description

Format

Parameters

Restrictions

Example

2-4 enable clipaging

Description

Format

Parameters

Restrictions

Example

2-5 disable clipaging

Description

Format

Parameters

Restrictions

Example

2-6 login

Description

Format

Parameters

Restrictions

Example

2-7 logout

Description

Format

Parameters

Restrictions

Example

2-8 ?

Description

Format

Parameters

Restrictions

Example

2-9 clear

Description

Format

Parameters

Restrictions

Example

2-10 show command_history

Description

Format

Parameters

Restrictions

Example

2-11 config command_history

Description

Format

Parameters

Restrictions

Example

2-12 config greeting_message

Description

Format

Parameters

Restrictions

Example