DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
Table of Contents
Chapter 1 Using Command Line Interface ........................................................................................... 1
Chapter 2 Basic Management Commands .......................................................................................... 8
Chapter 3 Basic IP Commands .......................................................................................................... 32
Chapter 4 802.1X Commands............................................................................................................ 41
Chapter 5 Access Authentication Control (AAC) Commands ............................................................ 67
Chapter 6 Access Control List (ACL) Commands.............................................................................. 87
Chapter 7 ARP Commands.............................................................................................................. 114
Chapter 8 ARP Spoofing Prevention Commands ............................................................................ 119
Chapter 9 Auto Config Commands .................................................................................................. 121
Chapter 10 BPDU Attack Protection Commands........................................................................... 123
Chapter 11 Cable Diagnostics Commands .................................................................................... 128
Chapter 12 CFM Commands ......................................................................................................... 130
Chapter 13 Command List History Commands ............................................................................. 159
Chapter 14 Command Logging Command List.............................................................................. 163
Chapter 15 Compound Authentication Commands ....................................................................... 165
Chapter 16 Debug Software Command List .................................................................................. 173
Chapter 17 DHCP Local Relay Commands ................................................................................... 194
Chapter 18 DHCP Relay Commands ............................................................................................ 197
Chapter 19 DHCP Server Commands ........................................................................................... 212
Chapter 20 DHCPv6 Relay Command List .................................................................................... 231
Chapter 21 Digital Diagnostics Monitoring (DDM) Commands ...................................................... 236
Chapter 22 DNS Relay Commands ............................................................................................... 242
Chapter 23 D-Link Unidirectional Link Detection (DULD) Commands .......................................... 247
Chapter 24 Ethernet Ring Protection Switching (ERPS) Commands ............................................ 249
Chapter 25 FDB Commands .......................................................................................................... 260
Chapter 26 Filter Commands ......................................................................................................... 268
Chapter 27 IGMP Snooping Commands ....................................................................................... 273
Chapter 28 IGMP Snooping Multicast (ISM) VLA N Commands .................................................... 296
Chapter 29 IP Routing Commands ................................................................................................ 307
Chapter 30 IP-MAC-Port Binding (IMPB) Commands ................................................................... 312
Chapter 31 IPv6 NDP Commands ................................................................................................. 335
Chapter 32 Jumbo Frame Commands ........................................................................................... 339
Chapter 33 Layer 2 Protocol Tunneling (L2PT) Command List ..................................................... 341
Chapter 34 Limited Multicast IP Address Commands ................................................................... 346
I
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
Chapter 35
Chapter 36 LLDP Commands ........................................................................................................ 362
Chapter 37 Local Loopback Commands ........................................................................................ 385
Chapter 38 Loopback Detection Commands ................................................................................. 388
Chapter 39 MAC-based Access Control Commands .................................................................... 394
Chapter 40 MAC Notification Commands ...................................................................................... 410
Chapter 41 Mirror Commands........................................................................................................ 415
Chapter 42 MLD Snooping Commands ......................................................................................... 418
Chapter 43 MLD Snooping Multicast (MSM) VLAN Com mands ................................................... 440
Chapter 44 Modify Banner and Prompt Commands ...................................................................... 451
Chapter 45 MSTP commands ........................................................................................................ 454
Chapter 46 Network Management Commands .............................................................................. 467
Chapter 47 Network Monitoring Commands .................................................................................. 482
Chapter 48 OAM Commands ......................................................................................................... 504
Chapter 49 Packet Storm Commands ........................................................................................... 512
Chapter 50 Port Security Commands ............................................................................................ 517
Link Aggregation Commands ...................................................................................... 355
Chapter 51 Power Saving Commands ........................................................................................... 525
Chapter 52 Protocol VLAN Commands ......................................................................................... 529
Chapter 53 QoS Commands .......................................................................................................... 535
Chapter 54 Q-in-Q Command ........................................................................................................ 555
Chapter 55 RSPAN Commands..................................................................................................... 563
Chapter 56 Safeguard Engine Commands .................................................................................... 569
Chapter 57 sFlow Commands........................................................................................................ 571
Chapter 58 Simple RED Commands ............................................................................................. 583
Chapter 59 Single IP Management Commands ............................................................................ 588
Chapter 60 SSH Commands.......................................................................................................... 598
Chapter 61 SSL Commands .......................................................................................................... 606
Chapter 62 SNMPv1/v2/v3 Commands ......................................................................................... 612
Chapter 63 Static MAC-based VLAN Commands ......................................................................... 627
Chapter 64 Subnet VLAN Commands ........................................................................................... 630
Chapter 65 Switch Port Commands ............................................................................................... 636
Chapter 66 Synchronous Ethernet Commands ............................................................................. 640
Chapter 67 System Severity Commands ....................................................................................... 642
Chapter 68 Tech Support Commands ........................................................................................... 644
Chapter 69 Time and SNTP Commands ....................................................................................... 646
Chapter 70 Traffic Segmentation Commands ................................................................................ 653
II
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
Chapter 71
Chapter 72 VLAN Commands........................................................................................................ 667
Chapter 73 Voice VLAN Commands ............................................................................................. 688
Chapter 74 Web-based Access Control (WAC) Commands ......................................................... 697
Appendix A - Pass word Re covery Procedure ..................................................................................... 710
Appendix B - System Log Entries ....................................................................................................... 712
Appendix C - Trap Entries ................................................................................................................... 732
Appendix D - RADIUS Attr i butes As s ignment ..................................................................................... 737
Utility Commands ........................................................................................................ 655
III
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#
Note: By default, there is one administrator account already created. The username
Chapter 1 Using Command Line
Interface
The Switch can be managed through the Switch’s serial port, Telnet, SNMP or the Web-based
management agent. The Command Line Interface (CLI) can be used to configure and manage the
Switch via the serial port or Telnet interfaces.
This manual provides a reference for all of the commands contained in the CLI. Every command
will be introduced in terms of purpose, format, description, parameters, and examples.
Configuration and management of the Switch via the Web-based management agent are
discussed in the User Manual. For detailed information on installing hardware please also refer to
the User Manual.
1-1 Accessing the Switch via the Ser ial Port
The Switch’s serial port’s default settings are as follows:
• 115200 baud
• no parity
• 8 data bits
• 1 stop bit
A computer running a terminal emulation program capable of emulating a VT-100 terminal and a
serial port configured as above is then connected to the Switch’s serial port via an RS-232 DB-9
cable. With the serial port properly connected to a management computer, the following message
will be displayed, “Press any key to login…”. After pressing any key on the keyboard, the
following scr ee n should be visi bl e.
DGS-3710-12C Gigabit Ethernet Switch
Command Line Interface
Firmware: Build 1.00.029
Copyright(C) 2012 D-Link Corporation. All rights reserved.
UserName:admin
PassWord:****
Enter the UserName and Password her e and press the Enter key, after each entry, to display the
CLI input cursor − DGS-3710-12C:admin#. This is the command line where all commands are
input.
for this default account is admin and the password is 1234.
1
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin# config ipif System ipaddress 10.90.90.1/8
DGS-3710-12C:admin#
1-2 Setting the Switch’s IP Address
Each Switch must be assigned its own IP Address, which is used for communication with an
SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch’s
default IP address is 10.90.90.9 0. You can change the default Switch IP address to meet the
specification of your networking address scheme.
The Switch is also assigned a unique MAC address by the factory. This MAC address cannot be
changed, and can be found on the initial boot console screen – shown below.
Boot Procedure V1.00.001
-------------------------------------------------------------------------------
Power On Self Test ........................................ 100 %
MAC Address : F0-7D-68-25-CB-40
H/W Version : A1
Please Wait, Loading V1.00.029 Runtime Image ............. 100 %
UART init ................................................. 100 %
Device Discovery .......................................... 100 %
Configuration init ........................................ 100 %
The Switch’s MAC address can also be found in the Web management program on the Switch
Information (Basic Settings) window on the Configuration menu.
The IP address for the S wit c h must be set before it ca n be managed with the Web-based manager.
The Switch IP address can be automatically set using BOOTP or DHCP protocols, in which case
the actual address assigned to the Switch must be known.
Starting at the command line prompt, enter the commands config ipif System ipaddress
xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy. Where the x’s represent the IP address to be assigned to the
IP interface named System and the y’s represent the corresponding subnet mask.
Alternatively, you can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x’s
represent the IP address to be assigned to the IP interface named System and th e z represents
the corresponding number of subnets in CIDR notation.
The IP interface named System on the Switch can be assigned an IP address and subnet mask
which can then be used to connect a management station to the Switch’s Telnet or Web-based
management agent
Command: config ipif System ipaddress 10.90.90.1/8
Success.
2
In the above example, the Switch was assigned an IP address of 10.90.90.1 with a subnet mask of
DGS-3710-12C:admin#?
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
DGS-3710-12C:admin#config account
DGS-3710-12C:admin#
255.0.0.0. The system message Success indicates that the command was executed successfully.
The Switch can now be configured and managed via Telnet, SNMP MIB browser and the CLI or
via the Web-based management agent using the above IP address to connect to the Switch.
There are a number of helpful features included in the CLI. Entering the ? com mand will display a
list of all of the top-level commands.
Command: ?
Option Description
-----------------------------------------------------------------------------.. go to parent directory
? Used to display all commands and specific command usage,
descriptions.
cable_diag cable diagnostic
cfm
clear
config
create
debug
delete
disable
download
enable
login Used to log in a user to the switch's console.
logout Used to log out a user from the switch's console.
no Close IP-MAC Binding debug event and DHCP.
ping Used to test the connectivity between network devices.
ping6
reboot Used to restart the switch.
reconfig Used to re-telnet to member.
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
When entering a command without its required parameters, the CLI will prompt you with a Next
possible completions: message.
Command: config account
Next possible completions:
Option Description
-----------------------------------------------------------------------------<username> The username is between 1 and 15 characters
In this case, the command config account was entered with the parameter <username>. The CLI
will then prompt to enter the <username> with the message, Next possible completions:. Every
3
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#config account
DGS-3710-12C:admin#
DGS-3710-12C:admin#the
ping6
command in the CLI has this feature, and complex commands have several layers of parameter
prompting.
In addition, after typing any given command plus one space, users can see all of the next possible
sub-commands, in sequential order, by repeatedly pressing the Tab key.
To re-enter the previous command at the command prompt, press the up arrow cursor key. The
previous command will appear at the command prompt.
Command: config account
Next possible completions:
Option Description
-----------------------------------------------------------------------------<username> The username is between 1 and 15 characters
In the above example, the command config account was entered without the required parameter
<username>, the CLI returned the Next possible completions: <username> prompt. The up
arrow cursor control key was pressed to re-enter the previous command (config account) at the
command prompt. Now the appropriate username can be entered and the config account
command re-executed.
If a command is entered, that is not recognized by the CLI, the top-level commands will be
displayed under the Available commands: prompt.
Available commands:
Option Description
-----------------------------------------------------------------------------.. go to parent directory
? Used to display all commands and specific command usage,
descriptions.
cable_diag cable diagnostic
cfm
clear
config
create
debug
delete
disable
download
enable
login Used to log in a user to the switch's console.
logout Used to log out a user from the switch's console.
no Close IP-MAC Binding debug event and DHCP.
ping Used to test the connectivity between network devices.
4
reboot Used to restart the switch.
reconfig Used to re-telnet to member.
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
DGS-3710-12C:admin#show
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
Syntax
Description
angle brackets < >
Encloses a variable or value. Users must specify the variable or value.
create ipif <ipif_name 12> {<network_address>} <vlan_name 32>
The top-level commands consist of commands such as show or config. Most of these commands
require one or more param eter s to narr o w the top-level command. T his is equival ent to show what?
or config what? Where the what? is the next parameter.
For example, entering the show command with no additional parameters, the CLI will then display
all of the possible next parameters.
Command: show
Next possible completions:
Option Description
------------------------------------------------------------------------------
802.1p
802.1x
access_profile Used to display current access list table.
account Used to display user accounts.
accounting Used to show accounting state
acct_client Used to show RADIUS accounting client.
address_binding
arp_spoofing_prevention Show ARP spoofing prevention status.
arpentry Used to display the ARP table.
attack_log Show attack log messages.
auth_client Used to show RADIUS authentication client.
auth_diagnostics Used to show authentication diagnostics.
auth_session_statistics Used to show session statistics.
auth_statistics Used to show authentication statistics.
authen
authen_enable Used to show a user-defined or default or all method
lists for promoting user's privilege to Admin level
authen_login Used to show a user-defined or default or all method
lists of authentication methods for user login
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
In the above example, all of the possible next parameters for the show command are displayed. At
the next command prompt, the up arrow was used to re-enter the show command, followed by the
account parameter. The CLI then displays the user accounts configured on the Switch.
1-3 Command Syntax Symbols
For example, in the syntax
5
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
{state [enable | disable]}
square brackets [ ]
Encloses a required value or list of required arguments. Only on e
vertical bar |
Separates mutually exclusive items in a list, one of which must be
braces { }
Encloses an optional value or a list of optional arguments. One or
parentheses ( )
Indicates at least one or more of the values or arguments in the
ipif <ipif_name 12>
12 means the maximum length of the IP interface name.
Keys
Description
Delete
Delete character under cursor and shift remainder of line to left.
Backspace
Delete character to left of cursor and shift remainder of line to left.
CTRL+R
Toggle on and off. When toggled on, inserts text and shifts previous
Left Arrow
Move cursor to left.
Right Arrow
Move cursor to right
users must supply an IP interface name for <ipif_name 12> ,and a
VLAN name for <vlan_name 32> when entering the command. DO
NOT TYPE THE ANGLE BRACKETS.
value or argument must be specified. For example, in the syntax
create account [admin | operator | user] <username 15>
users must specify either the admin-level, operator-level, or user-level
account when entering t he com mand. DO NOT TYPE THE SQUARE
BRACKETS.
entered. For example, in the syntax
create account [admin | operator | user] <username 15>
users must specify either the admin, operator or user parameter in the
command. DO NOT TYPE THE VERTICAL BAR.
more values or arguments can be specified. For example, in the syntax
reset {[config | system {default}]} {force_agree}
users may choose configure or system in the command. DO NOT
TYPE THE BRACES.
preceding syntax enclosed by braces must be specified. For example,
in the syntax
config dhcp_relay {hops <value 1-16> | time <sec 0-65535>} (1)
users have the option to specify hops or time or both of them. The "(1)"
following the set of braces indicates at least one argum ent or value
within the braces must be specified. DO NOT TYPE THE
PARENTHESES.
metric <value 1-31>
1-31 means the legal range of the metric value.
1-4 Line Editing Keys
text to right.
6
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
Tab
Help user to select appropriate token.
P or p
Display the previous page.
N or n or Space
Display the next page.
CTRL+C
Escape from displayed pages.
ESC
Escape from displayed pages.
Q or q
Escape from displayed pages.
R or r
refresh the displayed pages
A or a
Display the remaining pages. (The screen display will not pause again.)
Enter
Display the next line.
The screen display pauses when the show command output reaches the end of the page.
In the above example, all of the possible next parameters for the show command are displayed. At
the next command prompt, the up arrow was used to re-enter the show command, followed by the
account parameter. The CLI then displays the user accounts configured on the Switch.
7
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
create account [admin | operator | user] <username 15>
enable password encryption
disable password encryption
config account <username> {encrypt [plain_t ex t | sha_1] <pas sw ord>}
show account
delete account <username>
show session
show switch
show environment
config temperature [trap | log] state [enable | disable]
config temperature threshold {high <temperature> | low <temperature>}(1)
show serial_port
config serial_port { baud_rate [ 9600 | 19200 | 38400 | 115200] | auto_logout [never | 2_minutes |
5_minutes | 10_minutes |15_minutes]}(1)
enable clipaging
disable clipaging
enable telnet {<tcp_port_number 1-65535>}
disable telnet
enable web {<tcp_port_number 1-65535>}
disable web
save {[config <config_id 1-2> | log | all]}
reboot {force_agree}
reset {[config | system {default}]} {force_agree}
login
logout
clear
config terminal width [default | <value 80-200>]
show terminal width
config external_alarm channel <value 1-4> message <sentence 1-128>
show external_alarm
show device_status
show current_alarm
Chapter 2 Basic Management
Commands
2-1 create account
Description
This command creates user accounts. The username is between 1 and 15 characters, the
password is between 0 and 15 characters. The number of accounts (including admin, operator,
and user) is up to eight. By default, there is one administrator account already created. The
username for this default account is admin and the password is 1234.
Format
create account [admin | operator |user] <username 15>
8
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
admin - Specifies the name of the admin account.
operator - Specifies the name of the operator account.
user - Specifies the name of the user account.
<username 15> - Specifies a username of up to 15 characters.
DGS-3710-12C:admin#create account admin dlink
DGS-3710-12C:admin#
DGS-3710-12C:admin##create account operator Sales
DGS-3710-12C:admin#
DGS-3710-12C:admin##create account user System
DGS-3710-12C:admin#
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example
To create the admin-level user “dlink”:
Command: create account admin dlink
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
To create the operator-level user “Sales”:
Command: create account operator Sales
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
To create the user-level user “System”:
Command: create account user System
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
2-2 enable password encryption
Description
The user account configuration information will be stored in the configuration file, and can be
applied to the system later. If the password encryption is enabled, the password will be in
encrypted form when it is stored in the configuration file. When password encryption is disabled,
the password will be in plain text form when it is stored in the configuration file. However, if the
9
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#enable password encryption
DGS-3710-12C:admin#
created user account directly uses the encrypted password, the password will still be in the
encrypted form.
Format
enable password encryption
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To enable password encryption:
Command: enable password encryption
Success.
2-3 disable password encryption
Description
The user account configuration information will be stored in the configuration file, and can be
applied to the system later. If the password encryption is enabled, the password will be in
encrypted form when it is stored in the configuration file. When password encryption is disabled,
the password will be in plain text form when it is stored in the configuration file. However, if the
created user account directly uses the encrypted password, the password will still be in the
encrypted form.
Format
disable password encryption
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
10
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#disable password encryption
DGS-3710-12C:admin#
<username 15> - Specifies the name of the account. The account must already be defined.
encrypt - (Optional) Specifies the encryption type, plain_text or sha_1.
password, the length is fixed to 35 bytes long. The password is case-sensitive.
<password> - Specifies the password.
DGS-3710-12C:admin#config account dlink
DGS-3710-12C:admin#
Example
To disable password encryption:
Command: disable password encryption
Success.
2-4 config account
Description
When the password information is not specified in the command, the system will prompt the user
to input the password interactively. For this case, the user can only input the plain text password.
If the password is present in the command, the user can select to input the password in the plain
text form or in the encrypted form. The encryption algorithm is based on SHA-1.
Format
config account <username> {encrypt [plain_text | sha_1] <password>}
Parameters
plain_text - Specifies the password in plain text form. For the plain text form, passwords must
have a minimum of 0 and a maximum of 15 characters. The password is case-sensitive
sha_1 - Specifies the password in the SHA-1 encrypted form. For the encrypted form
Restrictions
Only Administrator-level users can issue this command.
Example
To configure the user password of the “dlink” account:
Command: config account dlink
Enter a old password:****
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
To configure the user password of the “administrator” account:
11
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#config account administrator encrypt sha_1
DGS-3710-12C:admin#
DGS-3710-12C:admin#show account
DGS-3710-12C:admin#
*@&NWoZK3kTsExUV00Ywo1G5jlUKKv+toYg
Command: config account administrator encrypt sha_1
*@&NWoZK3kTsExUV00Ywo1G5jlUKKv+toYg
Success.
2-5 show account
Description
This command is used to display user accounts that have been created.
Format
show account
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To display accounts that have been created:
Command: show account
Current Accounts:
Username Access Level
--------------- -----------System User
Sales Operator
dlink Admin
2-6 delete account
Description
This command is used to delete an existing account.
Format
delete account <username>
12
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<username> - Specifies the name of the user who will be deleted.
DGS-3710-12C:admin#delete account System
DGS-3710-12C:admin#
DGS-3710-12C:admin#show session
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
Parameters
Restrictions
Only Administrator-level users can issue this command. One acti ve admin user must exist.
Example
To delete the user account “System”:
Command: delete account System
Success.
2-7 show session
Description
This command is used to display a list of current users which are logged in to CLI sessions.
Format
show session
Parameters
None.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To display accounts a list of currently logged-in users:
Command: show session
ID Live Time From Level User
--- ------------ --------------------------------------- ----- -------------- 8 00:09:59.090 Serial Port admin Anonymous
Total Entries: 1
13
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#show switch
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
2-8 show switch
Description
This command is used to display the switch information.
Format
show switch
Parameters
None.
Restrictions
None.
Example
To display the switch information:
Command: show switch
Device Type : DGS-3710-12C Gigabit Ethernet Switch
MAC Address : F0-7D-68-25-CB-40
IP Address : 10.90.90.90 (Manual)
VLAN Name : default
Subnet Mask : 255.0.0.0
Default Gateway : 0.0.0.0
Boot PROM Version : Build 1.00.001
Firmware Version : Build 1.00.029
Hardware Version : A1
Customer ID : World-Wide
System Name :
System Location :
System Uptime : 0 days, 1 hours, 35 minutes, 8 seconds
System Contact :
Spanning Tree : Disabled
GVRP : Disabled
IGMP Snooping : Disabled
MLD Snooping : Disabled
Telnet : Enabled (TCP 23)
Web : Enabled (TCP 80)
SNMP : Disabled
SSL Status : Disabled
14
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#show environment
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
trap - Specifies to configure the warning temperature trap.
log - Specifies to configure t he war ning temperature log.
state - Enable or disable either the trap or log state for a warning temperature event. The default
2-9 show environment
Description
This command is used to display the device internal and external power and internal temperature
status.
Format
show environment
Parameters
None.
Restrictions
None.
Example
To display the switch hardware status:
Command: show environment
Left Fan 1 : Speed 0
Left Fan 2 : Speed 0
Left Fan 3 : Reserved
Current Temperature(Celsius) : 28
Fan High Temperature Threshold(Celsius) : 51
Fan Low Temperature Threshold(Celsius) : 40
High Warning Temperature Threshold(Celsius) : 70
Low Warning Temperature Threshold(Celsius) : 5
2-10 config temperature
Description
This command is used to configure the warning trap or log state of the system internal temperature.
Format
config temperature [trap | log] state [enable | disable]
Parameters
15
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
is enable.
disable - Disable either the trap or log state for a warning temperature event.
DGS-3710-12C:admin#config temperature trap state enable
DGS-3710-12C:admin#
DGS-3710-12C:admin#config temperature log state enable
DGS-3710-12C:admin#
high - Specifies the high threshold value. The high threshold must bigger than the low threshold.
<temperature> - Specifies the high threshold value.
low - Specifies the lo w thres hold va lue .
<temperature>
enable - Enable either the trap or log state for a warning temperature event.
Restrictions
None.
Example
To enable the warning temperature trap state:
Command: config temperature trap state enable
Success.
To enable the warning temperature log state:
Command: config temperature log state enable
Success.
2-11 config temperature threshold
Description
This command is used to configure the warning temperature high threshold or low threshold. When
temperature is above the high threshold or below the low threshold, SW will send alarm traps or
keep the logs.
Format
config temperature threshold {high <temperature> | low <temperature>}(1)
Parameters
- Specifies the low threshold value.
Restrictions
None.
16
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#config temperature threshold high 80
DGS-3710-12C:admin#
DGS-3710-12C:admin#show serial_port
DGS-3710-12C:admin#
Example
To configure the alarm temperature threshold high of 80:
Command: config temperature threshold high 80
Success.
2-12 show serial_port
Description
This command is used to display the current console port setting.
Format
show serial_port
Parameters
None.
Restrictions
None.
Example
To display the console port setting:
Command: show serial_port
Baud Rate : 115200
Data Bits : 8
Parity Bits : None
Stop Bits : 1
Auto-Logout : 10 mins
2-13 config serial_port
Description
This command is used to configure the serial bit rate that will be used to communicate with the
management host and the auto logout time for idle connections.
17
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
baud_rate - Specifies the baud rate value. The default baud rate is 115200.
115200 - Specifies a baud rate of 115200.
auto_logout - Specifies the timeout value. The default timeout is 10_minutes.
15_minutes - Specifies when the idle value is over 15 minutes, the device will auto logout.
DGS-3710-12C:admin# config serial_port baud_rate 9600
DGS-3710-12C:admin#
Format
config serial_port {baud_rate [9600 | 19200 | 38400 | 115200] | auto_logout [never |
2_minutes | 5_minutes | 10_minutes | 15_minutes]}(1)
Parameters
9600 - Specifies a baud rate of 9600.
19200 - Specifies a baud rate of 19200.
38400 - Specifies a baud rate of 38400.
never - Specifies to never timeout.
2_minutes - Specifies when the idle value is over 2 m inutes, the de vic e will auto l ogou t .
5_minutes - Specifies when the idle value over 5 minutes, the device will auto logout.
10_minutes - Specifies when the idle value is over 10 minutes, the device will auto logout.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure the baud rate:
Command: config serial_port baud_rate 9600
Success.
2-14 enable clipaging
Description
This command is used to enable pausing of the screen display when show command output
reaches the end of the page. The default setting is enabled.
Format
enable clipaging
Parameters
None.
Restrictions
Only Administrator and Operator-level users can issue this command.
18
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#enable clipaging
DGS-3710-12C:admin#
DGS-3710-12C:admin#disable clipaging
DGS-3710-12C:admin#
Example
To enable pausing of the screen display when show command output reaches the end of the page:
Command: enable clipaging
Success.
2-15 disable clipaging
Description
This command is used to disable pausing of the screen display when show command output
reaches the end of the page. The default setting is enabled.
Format
disable clipaging
Parameters
None.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To disable pausing of the screen display when show comm and output r eac hes t h e end of the p ag e:
Command: disable clipaging
Success.
2-16 enable telnet
Description
This command is used to enable Telnet and configure a por t number. The default setting is
enabled and the port number is 23.
Format
enable telnet {<tcp_port_number 1-65535>}
19
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<tcp_port_number 1-65535> - (Optional) Specifies the TCP port number. TCP ports are
numbered between 1 and 65535. The “well-known” TCP port for the Telnet protocol is 23.
DGS-3710-12C:admin#enable telnet 23
DGS-3710-12C:admin#
DGS-3710-12C:admin#disable telnet
DGS-3710-12C:admin#
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To enable Telnet and configure a port number:
Command: enable telnet 23
Success.
2-17 disable telnet
Description
This command is used to disable Telnet.
Format
disable telnet
Parameters
None.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To disable Telnet:
Command: disable telnet
Success.
20
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<tcp_port_number 1-65535> - (Optional) Specifies the TCP port number. TCP ports are
numbered between 1 and 65535. The “well-know” TCP port for the Web protocol is 80.
DGS-3710-12C:admin#enable web 80
DGS-3710-12C:admin#
2-18 enable web
Description
This command is used to enable Web UI and configure the port number. The default setting is
enabled and the port number is 80.
Format
enable web {<tcp_port_number 1-65535>}
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To enable HTTP and configure port number:
Command: enable web 80
Note: SSL will be disabled if web is enabled.
Success.
2-19 disable web
Description
This command is used to disable Web UI.
Format
disable web
Parameters
None.
Restrictions
Only Administrator and Operator-level users can issue this command.
21
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#disable web
DGS-3710-12C:admin#
config - (Optional) Specifies to save configuration.
<config_id 1-2> - Enter the configuration ID used here. This value can either be 1 or 2.
log - (Optional) Specifies to save log.
all - (Optional) Specifies to save changes to currently active configuration and save logs.
Note: If no keyword is specified, all changes will be saved to bootup configuration file.
DGS-3710-12C:admin#save
DGS-3710-12C:admin#
Example
To disable HTTP:
Command: disable web
Success.
2-20 save
Description
This command is used to save the current configuration or log in non-volatile RAM.
Format
save {[config <config_id 1-2> | log | all]}
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To save the current configuration to the bootup configuration file:
Command: save
Saving all configurations to NV-RAM.......... Done.
To save the current configuration to destination file, named 1:
22
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#save config 1
DGS-3710-12C:admin#
DGS-3710-12C:admin#save log
DGS-3710-12C:admin#
DGS-3710-12C:admin#save all
DGS-3710-12C:admin#
force_agree – (Optional) Specifies to immediately execute the reboot command without further
confirmation.
Command: save config 1
Saving all configurations to NV-RAM.......... Done.
To save a log to NV-RAM:
Command: save log
Saving all system logs to NV-RAM............. Done.
To save all the configurations and logs to NV-RAM:
Command: save all
Saving configuration and logs to NV-RAM...... Done.
2-21 reboot
Description
This command is used to restart the switch.
Format
reboot {force_agree}
Parameters
Restrictions
Only Administrator -level users can issue this command.
Example
To restart the switch:
23
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#reboot
Please wait, the switch is rebooting…
config - (Optional) Specifies this keyword and all parameters are reset to default settings.
However, the device will neither save nor reboot.
system - (Optional) Specifies this keyword and all parameters are reset to default settings. Then
the switch will do factory reset, save, and reboot.
default – (Optional) Specifies that the System will reset to factory defaults.
force_agree - (Optional) Specifies and the reset command will be executed imm edi ate l y without
further confirmation.
Note: If no keyword is specified, all parameters will be reset to default settings except
DGS-3710-12C:admin#reset
DGS-3710-12C:admin#
Command: reboot
Are you sure you want to proceed with the system reboot?(y/n)
2-22 reset
Description
This command is used to reset all switch parameters to the factory defaults.
Format
reset {[config | system {default}]} {force_agree}
Parameters
IP address, user account, and history log, but the device will neither save nor
reboot.
Restrictions
Only Administrator-level users can issue this command.
Example
To reset all the switch parameters except the IP address:
Command: reset
Are you sure to proceed with system reset except IP address?(y/n)
Success.
To reset the system configuration settings:
24
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#reset config
DGS-3710-12C:admin#
DGS-3710-12C:admin#reset system
Please wait, the switch is rebooting…
DGS-3710-12C:admin#login
UserName:
Command: reset config
Are you sure to proceed with system reset?(y/n)
Success.
To reset all system parameters, save, and restart the switch:
Command: reset system
Are you sure to proceed with system reset, save and reboot?(y/n)
Loading factory default configuration… Done.
Saving all configuration to NV-RAM… Done.
2-23 login
Description
This command is used to log in to the switch.
Format
login
Parameters
None.
Restrictions
None.
Example
To login to the switch:
Command: login
2-24 logout
Description
This command is used to log out of the switch.
25
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#logout
Username:
Format
logout
Parameters
None.
Restrictions
None.
Example
To logout of the switch:
Command: logout
***********
* Logout *
***********
Copyright(C) 2012 D-Link Corporation. All rights reserved.
DGS-3710-12C Fast Ethernet Switch
Command Line Interface
Firmware: Build 1.00.029
2-25 clear
Description
This command is used to clear the terminal screen.
Format
clear
Parameters
None.
Restrictions
None.
Example
To clear the terminal screan:
26
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#clear
default - Specifies the default terminal width value.
<value 80-200> - Specifies a terminal width value betwee n 80 and 200 characters. The default
value is 80.
DGS-3710-12C:admin#config terminal width 90
DGS-3710-12C:admin#
Command: clear
2-26 config terminal width
Description
This command is used to configure the terminal width.
Format
config terminal width [defa ult | < value 8 0-200>]
Parameters
Restrictions
None.
Example
To configure the terminal width:
Command: config terminal width 90
Success.
2-27 show terminal width
Description
This command is used to display the configuration of the current terminal width.
Format
show terminal width
Parameters
None.
27
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#show terminal width
DGS-3710-12C:admin#
channel - Specifies which channel number to use.
<value 1-4> - Enter the channel number used here. This value must be between 1 and 4.
message - Specifies the alarm messages that will be displayed on the console, log and trap.
characters long.
DGS-3710-12C:admin# config external_alarm channel 1 message External Alarm: UPS
DGS-3710-12C:admin#
Restrictions
None.
Example
To display the configuration of the current terminal width:
Command: show terminal width
Global terminal width : 80
Current terminal width : 80
2-28 config external_alarm channel
Description
This command is used to configure the external alarm message for a channel. The alarm port is
located outside of the switch. It is monitored via pre-defined connection channels, with each
channel representing a specific alarm event. This command allows the user to define the alarm
event associated with each channel.
Format
config external_alarm channel <value 1-4> message <sente nce 1-128>
Parameters
<sentence 1-128> - Enter the alarm message used here. This message can be up to 128
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure the external alarm channel used to ‘1’, with a user-defined message:
is exhausted!
Command: config external_alarm channel 1 message External Alarm: UPS is
exhausted!
Success.
28
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin# show external_alarm
DGS-3710-12C:admin#
2-29 show external_alarm
Description
This command is used to display the external alarm settings.
Format
show external_alarm
Parameters
None.
Restrictions
None.
Example
To display the external alarm setting and status:
Command: show external_alarm
Channel Status Alarm Message
----------- -------- ----------------------------------------------- 1 Normal External Alarm: UPS is exhausted!
2 Normal External Alarm: Back Fan is stopped!
3 Alarming External Alarm: Power is low!
4 Normal External Alarm: Device is over-heat!
2-30 show device_status
Description
This command displays current status of power(s) and fan(s) on the system.
Within fan(s) status display, for example, there are three fans on the left of the switch, if three fans
is working normally, there will display “OK” in the Left Fan field. If some fans work failed, such as
fan 1,3 , there will only display the failed fans in the Left Fan field, such as “1,3 Fail”.
In the same way, the Right Fan, Back Fan is same to Left Fan. Because there is only one CPU
Fan, if it is working failed, display “Fail”, otherwise display “OK”.
Format
show device_status
29
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#show device_status
DGS-3710-12C:admin#
Parameters
None.
Restrictions
None.
Example
To show device status, the number 1, 2, 3 etc represent the fan number:
Command: show device_status
FAN RPM MAX MIN Status ErrCount
-----------------------------------------------------------------------------1 0 4265 0 Stop 0
2 0 4265 0 Stop 0
Sensor degC MAX MIN Threshold(Hi/Lo) Status ErrCount
-----------------------------------------------------------------------------T1 35 36 26 65/0 Normal 0
2-31 show current_alarm
Description
This command displays the current alarm status of power and fans on the system.
Format
show current_alarm
Parameters
None.
Restrictions
None.
Example
To display the current alarm status:
30
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#show current_alarm
DGS-3710-12C:admin#
Command: show current_alarm
Ports
Link down: 1-12
31
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
config ipif <ipif_name 12> [{ipaddress <networ k _addr es s> | vlan <vlan_ name 32> | state [enable |
state [enable | disable] | dhcpv6_clie nt [ena bl e | disable] ]
create ipif <ipif_name 12> {<network_address>} <vlan_name 32> {state [enable | disable]}
delete ipif [<ipif_name 12> {ipv6address <ipv6networkaddr>} | all]
enable ipif [<ipif_name 12> | all]
disable ipif [<ipif_name 12> | all]
show ipif {<ipif_name 12>}
config out_band_ipif {ipaddress <network_address> | state [enab le | disable] | gate wa y
<ipaddr>}
show out_band_ipif
enable ipif_ipv6_link_local_auto [<ipif_name 12> | all]
disable ipif_ipv6_link_local_auto [<ipif _name 12> | all]
show ipif_ipv6_link_local_auto {<ipif_name 12>}
<ipif_name 12> - The name of the IP interface.
ipaddress - (Optional) The IP address and netmask of the IP interface to be created.
(for example, 10.1.2.3/255.0.0.0 or in CIDR format, 10.1.2.3/8).
vlan - (Optional) The name of the VLAN corresponding to the IP interface.
<vlan_name 32> - Specifies the VLAN name. The maximum length is 32 characters.
state - Enable or disable the IP interface.
disable - Disable the IP interface.
bootp - Allows the selection of the BOOTP protocol for the assignment of an IP address to the
switch’s System IP interface.
dhcp - Allows the selection of the DHCP protocol for the assignment of an IP address to the
switch’s Syste m.
ipv6 - The following are IPv6-related parameters.
ipv6address - The IPv6 address and subnet prefix of the IPV6 address to be created.
Chapter 3 Basic IP Commands
disable]} | bootp | dhcp | ipv6 [ipv6address <ipv6networkaddr> | state [enable | disable] ] | ipv4
3-1 config ipif
Description
Configure the parameters for an L3 interface. For IPv4, only the system interface can be specified
for the way to get the IP address. If the mode is set to BOOTP or DHCP, then the IPv4 address will
be obtained through the operation of protocols. The manual configuration of the IP address will be
of no use. If the mode is configured to BOOTP or DHCP first, and then the user configures IP
address later, the mode will be changed to manual configured mode. For IPv6, multiple addresses
can be defined on the same L3 interface. For IPv4, multi-netting must be done by creation of a
secondary interface.
Format
config ipif <ipif_name 12> [{ipaddress <network_address> | vlan <vlan_name 32> | state
[enable | disable]} | bootp | dhcp | ipv6 [ipv6address <ipv6networkaddr> | state [enable |
disable]] | ipv4 state [enable | disable] | dhcpv6_client [enable | disable]]
Parameters
<network_address> - Specifies the address and mask information using the traditional format
enable - Enable the IP interface.
32
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<ipv6networkaddr> - The IPv6 address and subnet prefix of the IPV6 address to be
disable - Disable the I P v6 state of the IP interf ac e.
ipv4 state - The state of the IPv4 interface.
disable - Disable the IPv4 state of the IP interf ace .
dhcpv6_client - Specifies the DHCPv6 client state of the interface.
disable - Specifies that the DHCPv6 client state of the interface will be disabled.
DGS-3710-12C:admin#config ipif System vlan v1
DGS-3710-12C:admin#
<ipif_name 12> - Specifies the name of the interface.
<network_address> - (Optional) Specifies a host address and length of network mask.
<vlan_name 32> - Specifies the name of the VLAN corresponding to the IP interface. The
maximum length is 32 characters.
state - The state of the IP interface.
disable - Disable the state setting.
created.
state - Enable or disable the IPv6 state of the IP interface.
enable - Enable the IPv6 state of the IP interface.
enable - Enable the IPv4 state of the IP interface.
enable - Specifies that the DHCPv6 client state of the interface will be enabled.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure the System IP interface:
Command: config ipif System vlan v1
Success.
3-2 create ipif
Description
This command is used to create an L3 interface. This interface can be configured with IPv4 or IPv6
addresses. Currently, it has a restriction: an interface can have only one IPv4 address defined. But
it can have multiple IPv6 addresses defined. Configuration of IPv6 addresses must be done
through the command config ipif.
Format
create ipif <ipif_name 12> {<network_address>} <vlan_name 32> {state [enable | disable]}
Parameters
enable - Enable the state setting.
Restrictions
Only Administrator and Operator-level users can issue this command.
33
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#create ipif ip petrovic1
DGS-3710-12C:admin#
<ipif_name 12> - The name of the interface.
<ipv6networkaddr> - The IPv6 network address to be deleted.
all - All IP interfaces except the System IP interface will be deleted.
DGS-3710-12C:admin#delete ipif petrovic1
DGS-3710-12C:admin#
Example
To create an IP interface petrovic1:
Command: create ipif ipif ip petrovic1
Success.
3-3 delete ipif
Description
This command is used to delete an interface or an IPv6 address.
Format
delete ipif [<ipif_name 12> {ipv6address <ipv6networkaddr>} | all]
Parameters
ipv6address - (Optional) The IPv6 network address to be deleted.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To delete interface petrovic1:
Command: delete ipif petrovic1
Success.
3-4 enable ipif
Description
This command is used to enable the state for an IPIF. When the state is enabled, the IPv4
processing will be started when an IPv4 address is configured on the IPIF. The IPv6 processing
will be started when an IPv6 address is explicitly configured on the IPIF.
Format
enable ipif [<ipif_name 12> | all]
34
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<ipif_name 12> - The name of the interface.
all - All of the IP interfaces.
DGS-3710-12C:admin#enable ipif petrovic1
DGS-3710-12C:admin#
<ipif_name 12> - The name of the interface.
all - All of the IP interfaces.
DGS-3710-12C:admin#disable ipif petrovic1
DGS-3710-12C:admin#
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To enable the state for interface petrovic1:
Command: enable ipif petrovic1
Success.
3-5 disable ipif
Description
This command is used to disable the state of an interface.
Format
disable ipif [<ipif_name 12> | all]
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To disable the state for an interface:
Command: disable ipif petrovic1
Success.
35
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<ipif_name 12> - (Optional) The name of the interface.
DGS-3710-12C:admin#show ipif
DGS-3710-12C:admin#
3-6 show ipif
Description
This command is used to display IP interface settings.
Format
show ipif {<ipif_name 12>}
Parameters
Restrictions
None.
Example
To display IP interface settings:
Command: show ipif
IP Interface : System
VLAN Name : default
Interface Admin State : Enabled
DHCPv6 Client State : Disabled
Link Status : LinkDown
IPv4 Address : 10.90.90.90/8 (Manual) Primary
IPv4 State : Enabled
IPv6 State : Enabled
IP Interface : mgmt_ipif
Status : Enable
IP Address : 192.168.0.1
Subnet Mask : 255.255.255.0
GateWay : 0.0.0.0
Link Status : LinkDown
Total Entries: 2
3-7 config out_band_ipif
Description
This command is used to configure the out of band management port settings.
36
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
ipaddress - Specifies the IP address of the interface. The parameter must include the mask.
the mask.
state – Specifies the interface status.
disable - Specifies to disable the interface.
gateway - Specifies the gateway IP address of the out-of-band management network.
<ipaddr> - Specifies the gateway IP address.
DGS-3710-12C:admin#config out_band_ipif state disable
DGS-3710-12C:admin#
Format
config out_band_ipif {ipaddress <network_address> | state [enable | disable] | g ateway
<ipaddr>} (1)
Parameters
<network_address> - Specifies the IP address of the interface. The parameter must include
enable - Specifies to enable the interface.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To disable the out-of-band management state:
Command: config out_band_ipif state disable
Success.
3-8 show out_band_ipif
Description
This command is used to display the current configurations of special out-of-ban d management
interfaces.
Format
show out_band_ipif
Parameters
None.
Restrictions
None.
Example
To display the configuration of out-of-band management interfaces:
37
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#show out_band_ipif
DGS-3710-12C:admin#
<ipif_name 12> - The name of the interface.
all - All of the IP interfaces.
DGS-3710-12C:admin#enable ipif_ipv6_link_local_auto interface1
DGS-3710-12C:admin#
Command: show out_band_ipif
Status : Enable
IP Address : 192.168.0.1
Subnet Mask : 255.255.255.0
Gateway : 0.0.0.0
Link Status : LinkDown
3-9 enable ipif_ipv6_link_local_auto
Description
This command is used to enable the auto configuration of link local address when there are no
IPv6 addresses explicitly configured. When an IPv6 address is explicitly configured, the link local
address will be automatically configured, and the IPv6 processing will be started. When there is no
IPv6 address explicitly configured, by default, link local address is not configured and the IPv6
processing will be disabled. By enabling this automatic configuration, the link local address will be
automatically configured and IPv6 processing will be started.
Format
enable ipif_ipv6_link_local_auto [<ipif_name 12> | all]
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To enable the automatic configuration of link local address for an interface:
Command: enable ipif_ipv6_link_local_auto interface1
Success.
3-10 disable ipif_ipv6_link_local_auto
Description
This command is used to disable the auto configuration of link local address when no IPv6 address
is explicitly configured.
38
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<ipif_name 12> - The name of the interface.
all - All of the IP interfaces.
DGS-3710-12C:admin#disable ipif_ipv6_link_local_auto interface1
DGS-3710-12C:admin#
<ipif_name 12> - (Optional) The name of the interface.
Format
disable ipif_ipv6_link_local_auto [<ipif_name 12> | all]
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To disable the automatic configuration of link local address for an interface:
Command: disable ipif_ipv6_link_local_auto interface1
Success.
3-11 show ipif_ipv6_link_local_auto
Description
This command is used to display the link local address automatic configuration state.
Format
show ipif_ipv6_link_local_auto {<ipif_name 12>}
Parameters
Restrictions
None.
Example
To display the link local address automatic configuration state:
39
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#show ipif_ipv6_link_local_auto
DGS-3710-12C:admin#
Command: show ipif_ipv6_link_local_auto
IPIF: System Automatic Link Local Address: Disabled
40
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
enable 802.1x
disable 802.1x
create 802.1x user <username 15>
delete 802.1x user <username 15>
show 802.1x user
config 802.1x auth_protocol [local | radius_eap]
show 802.1x {[auth_state | auth_configuration] ports {<portlist>}}
config 802.1x capability ports [<portlist> | all] [authenticator | none]
config 802.1x fwd_pdu ports [<portlist> | all] [enable | disable]
config 802.1x fwd_pdu system [enable | disable]
config 802.1x auth_parameter ports [<portlist> | all] [default | {direction [both | in] | port_contro l
| disable]}(1)]
config 802.1x auth_mode [port_based | mac_based]
config 802.1x authorization attributes radius [enable | disable]
config 802.1x init [port_based ports [<portlist> | all] | mac_based [ports] [<portlist> | all]
{mac_address <macaddr>}]
config 802.1x max_users [<value 1-1536> | no_lim it]
config 802.1x reauth [port_based ports [<portlist> | all] | mac_based [ports] [<portlist> | all]
{mac_address <macaddr>}]
create 802.1x guest_vlan <vlan_name 32>
delete 802.1x guest_vlan <vlan_name 32>
config 802.1x guest_vlan ports [<portlist> | all] state [enable | disable]
show 802.1x guest_vlan
config radius add <server_index 1-3> [<server_i p> | <ipv6ad dr >] key <passwd 32> [ default |
<int 1-255> | retransmit <int 1-20>}(1)]
config radius delete <server_index 1-3>
config radius <server_index 1-3> {ipaddress [<server_ip> | <ipv6addr>] | key <passwd 32> |
default] | timeout [<int 1-255> | default] | retransmit [<int 1-20> | default]}(1)
show radius
show auth_statistics {ports [<portlist> | all]}
show auth_diagnostics {ports [<portlist> | all]}
show auth_session_statistics {ports [<portlist> | all]}
show auth_client
show acct_client
config accounting service [network | shell | system] state [enable | disable]
show accounting service
Chapter 4 802.1X Commands
[force_unauth | auto | force_auth] | quiet_period <sec 0-655 35 > | tx_per iod <sec 1-655 35> |
supp_timeout <sec 1-65535> | server_timeout <sec 1-65535> | max_req <value 1-10> |
reauth_period <sec 1-65535> | max_users [<value 1-128> | no_limit] | enab le_re a uth [ena ble
{auth_port <udp_port_number 1-65535> | acct_port <udp_port_number 1-65535> | timeout
auth_port [<udp_port_number 1-65535> | default] | acct_port [<udp_port_number 1-65535> |
4-1 enable 802.1x
Description
This command is used to enable the 802.1X function.
Format
enable 802.1x
41
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#enable 802.1x
DGS-3710-12C:admin#
DGS-3710-12C:admin#disable 802.1x
DGS-3710-12C:admin#
Parameters
None.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To enable the 802.1X function:
Command: enable 802.1x
Success.
4-2 disable 802.1x
Description
This command is used to disable the 802.1X function.
Format
disable 802.1x
Parameters
None.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To disable the 802.1Xfunction:
Command: disable 802.1x
Success.
42
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<username 15> - Specifies to add a user name.
DGS-3710-12C:admin#create 802.1x user ctsnow
DGS-3710-12C:admin#
<username 15> - Specifies to delete a user name.
4-3 create 802.1x user
Description
This command is used to create an 802.1X user.
Format
create 802.1x user <username 15>
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To create a user named “ctsnow”:
Command: create 802.1x user ctsnow
Enter a case-sensitive new password:
Enter the new password again for confirmation:
Success.
4-4 delete 802.1x user
Description
This command is used to delete a specified user.
Format
delete 802.1x user <username 15>
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
43
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#delete 802.1x user Tiberius
DGS-3710-12C:admin#
DGS-3710-12C:admin#show 802.1x user
DGS-3710-12C:admin#
Example
To delete the user named “Tiberius”:
Command: delete 802.1x user Tiberius
Success.
4-5 show 802.1x user
Description
This command is used to display 802.1X local user account information.
Format
show 802.1x user
Parameters
None.
Restrictions
None.
Example
To display 802.1X user information:
Command: show 802.1x user
Current Accounts:
Username Password
--------------- -----------ctsnow gallinari
Total Entries : 1
4-6 config 802.1x auth_protocol
Description
This command is used to configure the 802.1X authentication protocol.
44
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
local - Specifiy the authentication protocol as local.
radius_eap - Specifies the authentication protocol as RADIU S EA P.
DGS-3710-12C:admin#config 802.1x auth_protocol radius_eap
DGS-3710-12C:admin#
auth_state - (Optional) Specifies to display the 802.1X authentication state of some or all ports.
auth_configuration - (Optional) Specifies to display 802.1X configuration of some or all ports.
ports - (Optional) Specifies a range of ports to be displayed.
<portlist> - Specifies a range of ports to be displayed.
DGS-3710-12C:admin#show 802.1x
802.1X : Disabled
Format
config 802.1x auth_protocol [l o cal | radius_eap]
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure the 802.1X RADIUS EAP:
Command: config 802.1x auth_protocol radius_eap
Success.
4-7 show 802.1x
Description
This command is used to display the 802.1X state or configurations.
Format
show 802.1x {[auth_state | auth_configuration] ports {<portlist>}}
Parameters
Restrictions
None.
Example
To display 802.1X information:
Command: show 802.1x
45
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
Authentication Mode : None
DGS-3710-12C:admin#
DGS-3710-12C:admin#show 802.1x auth_state ports 1-5
DGS-3710-12C:admin#
DGS-3710-12C:admin#show 802.1x auth_configuration ports 1
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
Authentication Protocol : RADIUS_EAP
Forward EAPOL PDU : Disabled
Max User : 1536
RADIUS Authorization : Enabled
To display the 802.1x state for ports 1 to 5:
Command: show 802.1x auth_state ports 1-5
Status: A - Authorized; U - Unauthorized; (P): Port-Based 802.1X
Port MAC Address PAE State Backend State Status VID Priority
---- -------------------- -------------- ------------- ------ ---- --------
1 00-00-00-00-00-01 Authenticated Idle A 4004 3
1 00-00-00-00-00-02 Authenticated Idle A 1234 -
1 00-00-00-00-00-03 Held Fail U - -
1 00-00-00-00-00-04 Authenticating Response U - -
2 00-00-00-00-00-10(P) Authenticating Request U - -
3 00-00-00-00-00-20(P) Connecting Idle U - -
4 00-00-00-00-00-21(P) Held Fail U - -
Total Authorized Hosts :2
Total Unauthorized Hosts :5
To display the 802.1x configuration for port 1:
Command: show 802.1x auth_configuration ports 1
Port Number : 1
Capability : None
AdminCrlDir : Both
OpenCrlDir : Both
Port Control : Auto
QuietPeriod : 60 sec
TxPeriod : 30 sec
SuppTimeout : 30 sec
ServerTimeout : 30 sec
MaxReq : 2 times
ReAuthPeriod : 3600 sec
ReAuthenticate : Disabled
Forward EAPOL PDU On Port : Disabled
Max User On Port : 16
46
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<portlist> - Specifies a range of ports to be configured.
all - Specifies to configure all ports.
authenticator - The port that wishes to enforce authentication before allowing access to services
none – Disable authentication on specified port.
DGS-3710-12C:admin#config 802.1x capability ports 1-10 authenticator
DGS-3710-12C:admin#
<portlist> - Specifies a range of ports to be configured.
all - Specifies all ports.
enable - Enable the 802.1X PDU forwarding state.
disable - Disable the 802.1X PDU forwarding state.
4-8 config 802.1x capability port s
Description
This command is used to configure port capability.
Format
config 802.1x capability ports [< p o rtlist> | all] [authenticator | none]
Parameters
that are accessible via that port adopts the authenticator role.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure port capability for ports 1 to 10:
Command: config 802.1x capability ports 1-10 authenticator
Success.
4-9 config 802.1x fwd_pdu ports
Description
This command is used to configure the 802.1X PDU forwarding state on specific ports on the
switch.
Format
config 802.1x fwd_pdu ports [<portlist> | all] [enable | disable]
Parameters
47
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#config 802.1x fwd_pdu ports 1-2 enable
DGS-3710-12C:admin#
enable - Enable the 802.1X PDU forwarding state.
disable - Disable the 802.1X PDU forwarding state.
DGS-3710-12C:admin#config 802.1x fwd_pdu system enable
DGS-3710-12C:admin#
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure the 802.1X PDU forwarding state on ports 1 to 2:
Command: config 802.1x fwd_pdu ports 1-2 enable
Success.
4-10 config 802.1x fwd_pdu system
Description
This command is used to configure the 802.1X PDU forwarding state.
Format
config 802.1x fwd_pdu system [enable | disable]
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure the 802.1X PDU forwarding state:
Command: config 802.1x fwd_pdu system enable
Success.
4-11 config 802.1x auth_parameter ports
Description
This command is used to configure the parameters that control the operation of the authenticator
associated with a port.
48
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<portlist> - Specifies a range of ports to be configured.
all - Specifies to configure all ports.
default - Set all parameters to the default val ue.
direction - (Optional) Set the direction of access control.
in - For ingress access control.
port_control - (Optional) Force a specific port to be unconditionally authorized or unauthorized
the client to authenticate.
quiet_period - (Optional) The initialization value of the quietWhile timer. The default value is 60 s
<sec 0-65535> - The quiet period value must be between 0 an 65535 seconds.
tx_period - (Optional) The initialization value of the txWhen timer. The default value is 30 s and
<sec 1-65535> - The transmit period value must be between 1 an 65535 seconds.
supp_timeout - (Optional) The initialization value of the aWhile timer when timing out the
<sec 1-65535> - The timeout value must be between 1 an 65535 seconds.
server_timeout - (Optional) The initialization value of the aWhile timer when timing out the
<sec 1-65535> - The server timeout value must be between 1 an 65535 seconds.
max_req - (Optional) The maximum number of times that the authenitcation PAE state machine
<value 1-10> - The maximum require number must be between 1 and 10.
reauth_period - (Optional) It's a non-zero number of seconds, which is used to be the re-
<sec 1-65535> - The reauthentication period value must be between 1 an 65535 seconds.
max_users - (Optional) Set the maximum number of users between 1 and 128.
no_limit - Set an unlimited number of users.
enable_reauth - (Optional) Enable or disable the re-authentication mechanism for a specific port.
disable - Disable the re-authentication mechanism for a specific port.
Format
config 802.1x auth_parameter ports [<portlist> | all] [default | {direction [both | in] |
port_control [force_unauth | auto | force_auth] | quiet_period <sec 0-65535> | tx_period
<sec 1-65535> | supp_timeout <sec 1-65535> | server_timeout <sec 1-65535> | max_req
<value 1-10> | reauth_period <sec 1-65535> | max_users [<value 1-128> | no_limit] |
enable_reauth [enable | disable]}(1)]
Parameters
both - For bidirectional access control.
by setting the parameter of port_control to be force_authorized or force_unauthorized.
Besides, the controlled port will reflect the outcome of authentication if port_control is auto.
force_authorized - The port transmits and receives normal traffic without 802.1X-based
authentication of the client.
auto - The port begins in the unauthorized state, and relays authentication messages between
the client and the authentication server.
force_unauthorized - The port will remain in the unauthorized state, ignoring all attempts by
and can be any value from 0 to 65535.
can be any value from 1 to 65535.
supplicant. Its default value is 30 s and can be any value from 1 to 65535.
authentication server. Its default value is 30 and can be any value from 1 to 65535.
will retransmit an EAP Request packet to the supplicant. Its default value is 2 and can be any
number from 1 to 10.
authentication timer. The default value is 3600.
<value 1-128> - The maximum users value must be between 1 and 128.
enable - Enable the re-authentication mechanism for a specific port.
Restrictions
Only Administrator and Operator-level users can issue this command.
49
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin# config 802.1x auth_parameter ports 1-2 direction both
DGS-3710-12C:admin#
port_based - Used to configure authentication in port-based mode.
mac_based - Used to co nf igur e auth ent ic ation in M AC-based (host-based) mode.
DGS-3710-12C:admin#config 802.1x auth_mode port_based
DGS-3710-12C:admin#
Example
To configure the parameters that control the operation of the authenticator associated with a port:
Command: config 802.1x auth_parameter ports 1-2 direction both
Success.
4-12 config 802.1x auth_mode
Description
This command is used to configure the authentication mode.
Format
config 802.1x auth_mode [port_based | mac_based]
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure the authentication mode:
Command: config 802.1x auth_mode port_based
Success.
4-13 config 802.1x authorization attributes radius
Description
This command is used to enable or disable the acceptation of an authorized configuration.
Format
config 802.1x authorization attributes radius [enable | disable]
50
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
enable - The authorization attributes such as VLAN, 802.1p default priority, and ACL assigned by
state is enabled.
disable - The authorization attributes assigned by the RADUIS server will not be accepted.
DGS-3710-12C:admin#config 802.1x authorization attributes radius enable
DGS-3710-12C:admin#
port_based ports - Used to configure authentication in port-based mode.
all - Specifies to configure all ports.
mac_based ports - To configure authentication in host-based 802.1X mode.
all - Specifies to configure all ports.
mac_address - (Optional) Specifies the MAC address of the host.
<macaddr> - Enter the MAC address here.
Parameters
the RADUIS server will be accepted if the global authorization status is enabled. The default
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure the 802.1X state of acceptation of an authorized configuration:
Command: config 802.1x authorization attributes radius enable
Success.
4-14 config 802.1x init
Description
This command is used to initialize the authentication state machine of some or all.
Format
config 802.1x init [port_based ports [<portlist> | all] | mac_based [ports] [<portlist> | all]
{mac_address <macaddr >}]
Parameters
<portlist> - Specifies a range of ports to be configured.
<portlist> - Specifies a range of ports to be configured.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To initialize the authentication state machine on all the ports :
51
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin# config 802.1x init port_based ports all
DGS-3710-12C:admin#
<value 1-1536> - Enter the maximum number of users value here. This value must be between 1
and 1536.
no_limit - Specifies an unlimited number of users.
DGS-3710-12C:admin# config 802.1x max_users 2
DGS-3710-12C:admin#
Command: config 802.1x init port_based ports all
Success.
4-15 config 802.1x max_users
Description
This command is used to configure the 802.1X maximum number of users of the system.
Format
config 802.1x max_users [<value 1-1536> | no_limit]
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure the 820.1X maximum numbers of the system:
Command: config 802.1x max_users 2
Success.
4-16 config 802.1x reauth
Description
This command is used to reauthenticate the device connected with the port. During the
reauthentication period, the port status remains authorized until failed reauthentication.
Format
config 802.1x reauth [port_based ports [<portlist> | all] | mac_based [ports] [<portlist> | all]
{mac_address <macaddr >}]
52
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
port_based ports - The switch passes data based on its authenticated port.
all - Specifies to configure all ports.
mac_based ports - The switch passes data based on the MAC address of authenticated
all - Specifies to configure all ports.
mac_address - (Optional) Specifies the MAC address of the authenticated RADIUS client.
<macaddr> - Enter the MAC address here.
DGS-3710-12C:admin# config 802.1x reauth port_based ports all
DGS-3710-12C:admin#
<vlan_name 32> - Specifies the static VLAN to be a guest VLAN.
DGS-3710-12C:admin# create 802.1x guest_vlan guestVLAN
Parameters
<portlist> - Specifies a range of ports to be configured.
RADIUS client.
<portlist> - Specifies a range of ports to be configured.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To reauthenticate the device connected with the port:
Command: config 802.1x reauth port_based ports all
Success.
4-17 create 802.1x guest_vlan
Description
This command is used to assign a static VLAN to be a guest VLAN. The specific VLAN which is
assigned to a guest VLAN must already exist. The specific VLAN which is assigned to the guest
VLAN can’t be deleted.
Format
create 802.1x guest_vlan <vlan_name 32>
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To assign a static VLAN to be a guest VLAN:
Command: create 802.1x guest_vlan guestVLAN
53
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
Success.
DGS-3710-12C:admin#
<vlan_name 32> - Specifies the guest VLAN name.
DGS-3710-12C:admin# delete 802.1x guest_vlan guestVLAN
DGS-3710-12C:admin#
<portlist> - Specifies a range of ports to be configured.
all - Specifies to configure all ports.
state - Specifies the guest VLAN port state of the configured ports.
disable - Remove from guest VLAN.
4-18 delete 802.1x guest_vlan
Description
This command is used to delete a guest VLAN setting, but not to delete the static VLAN itself.
Format
delete 802.1x guest_vlan <vlan_name 32>
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command. All ports which are enabled
as guest VLAN will return to the original VLAN after the guest VLAN is deleted.
Example
To delete a guest VLAN configuration:
Command: delete 802.1x guest_vlan guestVLAN
Success.
4-19 config 802.1x guest_vlan ports
Description
This command is used to configure a guest VLAN setting.
Format
config 802.1x guest_vlan ports [<po rtlist> | all] state [enable | disable]
Parameters
enable - Join the guest VLAN.
54
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#config 802.1x guest_vlan ports 1-8 state enable
DGS-3710-12C:admin#
DGS-3710-12C:admin#show 802.1x guest_vlan
DGS-3710-12C:admin#
Restrictions
Only Administrator and Operator-level users can issue this command. If the specific port state is
changed from the enabled state to the disabled state, this port will move to its original VLAN.
Example
To configure a guest VLAN setting for ports 1 to 8:
Command: config 802.1x guest_vlan ports 1-8 state enable
Warning, The ports are moved to Guest VLAN.
Success.
4-20 show 802.1x guest_vlan
Description
This command is used to display guest VLAN information.
Format
show 802.1x guest_vlan
Parameters
None.
Restrictions
None.
Example
To display guest VLAN information:
Command: show 802.1x guest_vlan
Guest Vlan Setting
----------------------------------------------------------Guest VLAN : guest
Enabled Guest VLAN Ports : 1-10
55
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<server_index 1-3> - Specifies the RADI US server index.
<server_ip> - Specifies the IP address of the RADIUS server.
<ipv6addr> - Specifies the IPv6 address of the RADIUS server.
key - Specifies the key pre-negotiated between switch and the RADIUS server. It is used to
<passwd 32> - The maximum length of the password is 32 characters long.
default - Sets the auth_port to be 1812 and acct_port to be 1813.
auth_port - Specifies the UDP port number which is used to transmit RADIUS authentication
<udp_port_number 1-65535> - The authentication port value must be between 1 and 65535.
acct_port - Specifies the UDP port number which is used to transmit RADIUS accounting
65535.
timeout - Specifies the time, in seconds ,for waiting server reply. The default value is 5 seconds.
<int 1-255> - The timeout value must be between 1 and 255.
retransmit - Specifies the count for re-transmit. The default value is 2.
<int 1-20> - The re-transmit value must be between 1 and 20.
DGS-3710-12C:admin#config radius add 1 10.48.74.121 key dlink default
DGS-3710-12C:admin#
4-21 config radius add
Description
This command is used to add a new RADIUS server. The server with a lower index has higher
authenticative priority.
Format
config radius add <server_index 1-3> [<server_ip> | <ipv6addr>] key <passwd 32> [ default |
{auth_port <udp_port_number 1-65535> | acct_port <udp_port_number 1-65535> | timeout
<int 1-255> | retransmit <int 1-20>}(1)]
Parameters
encrypt user’s authentication data before being transmitted over the Internet. The maximum
length of the key is 32.
data between the switch and the RADIUS server.The range is 1 to 65535.
statistics between the switch and the RADIUS server. The range is 1 to 65535.
<udp_port_number 1-65535> - The accounting statistics value must be between 1 and
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To add a new RADIUS server:
Command: config radius add 1 10.48.74.121 key dlink default
Success.
4-22 config radius delete
Description
This command is used to delete a RADIUS server.
56
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<server_index 1-3> - Specifies the RADI U S ser ver ind ex . The range is from 1 to 3.
DGS-3710-12C:admin#config radius delete 1
DGS-3710-12C:admin#
<server_index 1-3> - Specifies the RADI U S ser ver ind ex .
ipaddress - Specifies the IP address of the RADIUS server.
<ipv6addr> - Enter the RADIUS server IPv6 address here.
key - Specifies the key pre-negotiated between the switch and the RADIUS server. It is used to
The maximum length of the key is 32.
auth_port - Specifies the UDP port number which is used to transmit RADIUS authentication
default - Specifies to use the default value.
acct_port - Specifies the UDP port number which is used to transmit RADIUS accounting
statistics between the switch and the RADIUS server. The default is 1813.
Format
config radius delete <server_index 1-3>
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To delete a RADIUS server:
Command: config radius delete 1
Success.
4-23 config radius
Description
This command is used to configure a RADIUS server.
Format
config radius <server_index 1-3> {ipaddress [<server_ip> | <ipv6addr>] | key <passwd 32> |
auth_port [<udp_port_number 1-65535> | default] | acct_port [<udp_port_number 1-65535> |
default] | timeout [<int 1-255> | default] | retransmit [<int 1-20> | default]}(1)
Parameters
<server_ip> - Enter the RADIUS server IP address here.
encrypt user’s authentication data before being transmitted over the Internet. The maximum
length of the key is 32.
<passwd 32> - Specifies the key pre-negotiated between the switch and the RADIUS server.
It is used to encrypt user’s authentication data before being transmitted over the Internet.
data between the switch and the RADIUS server. The default is 1812.
<udp_port_number 1-65535> - The authentication port value must be between 1 and 65535.
57
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<udp_port_number 1-65535> - The accounting statistics value must be between 1 and
default - Specifies to use the default value.
timeout - Specifies the time in seconds for waiting for a server reply. The default value is 5
default - Specifies to use the default value.
retransmit - Specifies the count for re-transmission. The default value is 2.
default - Specifies to use the default value.
DGS-3710-12C:admin#config radius add 1 10.48.74.121 key dlink default
DGS-3710-12C:admin#
65535.
seconds.
<int 1-255> - Specifies the time in seconds for waiting for a server reply. The timeout value
must be between 1 and 255. The default value is 5 seconds.
<int 1-20> - The re-transmit value must be between 1 and 20.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure a RADIUS server:
Command: config radius add 1 10.48.74.121 key dlink default
Success.
4-24 show radius
Description
This command is used to display RADIUS server configurations.
Format
show radius
Parameters
None.
Restrictions
None.
Example
To display RADIUS server configurations:
58
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#show radius
DGS-3710-12C:admin#
ports - (Optional) Specifies a range of ports to be displayed.
all – Specifies that all the ports will be used for the display.
DGS-3710-12C:admin#show auth_statistics ports 1
EapolRespFramesRx 0
Command: show radius
Index 1
IP Address : 10.48.74.121
Auth-Port : 1812
Acct-Port : 1813
Timeout : 5
Retransmit : 2
Key : dlink
Total Entries : 1
4-25 show auth_statistics
Description
This command is used to display authenticator statistics information
Format
show auth_statistics {ports [<portlist> | all]}
Parameters
<portlist> - Specifies a range of ports to be displayed.
Restrictions
None.
Example
To display authenticator statistics information for port 1:
Command: show auth_statistics ports 1
Port Number : 1
EapolFramesRx 0
EapolFramesTx 6
EapolStartFramesRx 0
EapolReqIdFramesTx 6
EapolLogoffFramesRx 0
EapolReqFramesTx 0
EapolRespIdFramesRx 0
59
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
InvalidEapolFramesRx 0
DGS-3710-12C:admin#
ports - (Optional) Specifies a range of ports to be displayed.
all – Specifies that all the ports will be used for the display.
DGS-3710-12C:admin# show auth_diagnostics ports 1
BackendNonNakResponsesFromSupplicant 0
EapLengthErrorFramesRx 0
LastEapolFrameVersion 0
LastEapolFrameSource 00-00-00-00-00-00
4-26 show auth_diagnostics
Description
This command is used to display authenticator diagnostics information.
Format
show auth_diagnostics {ports [<portlist> | all]}
Parameters
<portlist> - Specifies a range of ports to be displayed.
Restrictions
None.
Example
To display authenticator diagnostics information for port 1:
Command: show auth_diagnostics ports 1
Port Number : 1
EntersConnecting 20
EapLogoffsWhileConnecting 0
EntersAuthenticating 0
SuccessWhileAuthenticating 0
TimeoutsWhileAuthenticating 0
FailWhileAuthenticating 0
ReauthsWhileAuthenticating 0
EapStartsWhileAuthenticating 0
EapLogoffWhileAuthenticating 0
ReauthsWhileAuthenticated 0
EapStartsWhileAuthenticated 0
EapLogoffWhileAuthenticated 0
BackendResponses 0
BackendAccessChallenges 0
BackendOtherRequestsToSupplicant 0
60
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
BackendAuthSuccesses 0
DGS-3710-12C:admin#
ports - (Optional) Specifies a range of ports to be displayed.
all – Specifies that all the ports will be used for the display.
DGS-3710-12C:admin#show auth_session_statistics ports 1
DGS-3710-12C:admin#
BackendAuthFails 0
4-27 show auth_session_statistics
Description
This command is used to display authenticator session statistics information.
Format
show auth_session_statistics {ports [<portlist> | all]}
Parameters
<portlist> - Specifies a range of ports to be displayed.
Restrictions
None.
Example
To display authenticator session statistics information for port 1:
Command: show auth_session_statistics ports 1
Port Number : 1
SessionOctetsRx 0
SessionOctetsTx 0
SessionFramesRx 0
SessionFramesTx 0
SessionId
SessionAuthenticMethod Remote Authentication Server
SessionTime 0
SessionTerminateCause SupplicantLogoff
SessionUserName
4-28 show auth_client
Description
This command is used to display authentication client information.
61
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin# show auth_client
radiusAuthClientServerPortNumber X
Format
show auth_client
Parameters
None.
Restrictions
None.
Example
To display authentication client information:
Command: show auth_client
radiusAuthClient ==>
radiusAuthClientInvalidServerAddresses 0
radiusAuthClientIdentifier D-Link
radiusAuthServerEntry ==>
radiusAuthServerIndex :1
radiusAuthServerAddress 0.0.0.0
radiusAuthClientServerPortNumber X
radiusAuthClientRoundTripTime 0
radiusAuthClientAccessRequests 0
radiusAuthClientAccessRetransmissions 0
radiusAuthClientAccessAccepts 0
radiusAuthClientAccessRejects 0
radiusAuthClientAccessChallenges 0
radiusAuthClientMalformedAccessResponses 0
radiusAuthClientBadAuthenticators 0
radiusAuthClientPendingRequests 0
radiusAuthClientTimeouts 0
radiusAuthClientUnknownTypes 0
radiusAuthClientPacketsDropped 0
radiusAuthClient ==>
radiusAuthClientInvalidServerAddresses 0
radiusAuthClientIdentifier D-Link
radiusAuthServerEntry ==>
radiusAuthServerIndex :2
radiusAuthServerAddress 0.0.0.0
62
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
radiusAuthClientRoundTripTime 0
DGS-3710-12C:admin#
radiusAuthClientAccessRequests 0
radiusAuthClientAccessRetransmissions 0
radiusAuthClientAccessAccepts 0
radiusAuthClientAccessRejects 0
radiusAuthClientAccessChallenges 0
radiusAuthClientMalformedAccessResponses 0
radiusAuthClientBadAuthenticators 0
radiusAuthClientPendingRequests 0
radiusAuthClientTimeouts 0
radiusAuthClientUnknownTypes 0
radiusAuthClientPacketsDropped 0
radiusAuthClient ==>
radiusAuthClientInvalidServerAddresses 0
radiusAuthClientIdentifier D-Link
radiusAuthServerEntry ==>
radiusAuthServerIndex :3
radiusAuthServerAddress 0.0.0.0
radiusAuthClientServerPortNumber X
radiusAuthClientRoundTripTime 0
radiusAuthClientAccessRequests 0
radiusAuthClientAccessRetransmissions 0
radiusAuthClientAccessAccepts 0
radiusAuthClientAccessRejects 0
radiusAuthClientAccessChallenges 0
radiusAuthClientMalformedAccessResponses 0
radiusAuthClientBadAuthenticators 0
radiusAuthClientPendingRequests 0
radiusAuthClientTimeouts 0
radiusAuthClientUnknownTypes 0
radiusAuthClientPacketsDropped 0
4-29 show acct_client
Description
This command is used to display account client information
Format
show acct_client
Parameters
None.
63
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin# show acct_client
Restrictions
None.
Example
To display account client information:
Command: show acct_client
radiusAcctClient ==>
radiusAcctClientInvalidServerAddresses 0
radiusAcctClientIdentifier D-Link
radiusAuthServerEntry ==>
radiusAccServerIndex : 1
radiusAccServerAddress 0.0.0.0
radiusAccClientServerPortNumber X
radiusAccClientRoundTripTime 0
radiusAccClientRequests 0
radiusAccClientRetransmissions 0
radiusAccClientResponses 0
radiusAccClientMalformedResponses 0
radiusAccClientBadAuthenticators 0
radiusAccClientPendingRequests 0
radiusAccClientTimeouts 0
radiusAccClientUnknownTypes 0
radiusAccClientPacketsDropped 0
radiusAcctClient ==>
radiusAcctClientInvalidServerAddresses 0
radiusAcctClientIdentifier D-Link
radiusAuthServerEntry ==>
radiusAccServerIndex : 2
radiusAccServerAddress 0.0.0.0
radiusAccClientServerPortNumber X
radiusAccClientRoundTripTime 0
radiusAccClientRequests 0
radiusAccClientRetransmissions 0
radiusAccClientResponses 0
radiusAccClientMalformedResponses 0
radiusAccClientBadAuthenticators 0
radiusAccClientPendingRequests 0
radiusAccClientTimeouts 0
radiusAccClientUnknownTypes 0
radiusAccClientPacketsDropped 0
64
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
radiusAcctClient ==>
DGS-3710-12C:admin#
network - Specifies the accounting service for 802.1X port access control. By default, the service
is disabled.
shell - Specifies the accounting service for shell events. When a user logins or logouts of the
be collected and sent to the RADIUS server. By default, the service is disabled.
system - Specifies the accounting service for system events: reset and reboot. By default, the
service is disabled.
state - Specifies the state of the accounting service.
disable - Disable the specified accounting service.
radiusAcctClientInvalidServerAddresses 0
radiusAcctClientIdentifier D-Link
radiusAuthServerEntry ==>
radiusAccServerIndex : 3
radiusAccServerAddress 0.0.0.0
radiusAccClientServerPortNumber X
radiusAccClientRoundTripTime 0
radiusAccClientRequests 0
radiusAccClientRetransmissions 0
radiusAccClientResponses 0
radiusAccClientMalformedResponses 0
radiusAccClientBadAuthenticators 0
radiusAccClientPendingRequests 0
radiusAccClientTimeouts 0
radiusAccClientUnknownTypes 0
radiusAccClientPacketsDropped 0
4-30 config accounting service
Description
This command is used to configure the state of the specified RADIUS accounting service.
Format
config accounting service [network | s h ell | system] state [enable | disable]
Parameters
switch (via the console, Telnet, or SSH) and when timeout occurs, accounting information will
enable - Enable the specified accounting service.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure the state of the RADIUS accounting service shell to enable:
65
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:config accounting service shell state enable
DGS-3710-12C:admin#
DGS-3710-12C:admin#show accounting service
DGS-3710-12C:admin#
Command: config accounting service shell state enable
Success
4-31 show accounting service
Description
This command is used to display RADIUS accounting service information.
Format
show accounting service
Parameters
None.
Restrictions
None.
Example
To display accounting service information:
Command: show accounting service
Accounting State
------------------Network : Disabled
Shell : Disabled
System : Disabled
66
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
enable authen_policy
disable authen_policy
show authen_policy
create authen_login method_list_name <string 15>
config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+
| radius | server_group <string 15> | local | none}(1)
delete authen_login method_list_name <string 15>
show authen_login [default | method_list_name <string 15> | all]
create authen_enable method_list_name <string 15>
config authen_enable [default | method_list_name <string 15>] method {tacacs | xtacacs |
tacacs+ | radius | server_group <string 15> | loca l_e na ble | none} (1)
delete authen_enable method_list_name <string 15>
show authen_enable [default | method_list_name <string 15> | all]
config authen application [console | telnet | ssh | http | all] [login | enable] [defaul t |
method_list_name <string 15>]
show authen application
create authen server_group <string 15>
config authen server_group [tacacs | xtacacs | tacacs+ | radius | <string 15>] [add | delete]
server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
delete authen server_group <string 15>
show authen server_group {<string 15>}
create authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int 1-
65535> | key [<key_string 254> | none] | timeout <int 1-255> | retransmit <int 1-20>}
config authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int 1-
65535> | key [<key_string 254> | none] | timeout <int 1-255> | retransmit <int 1-20>}(1)
delete authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
show authen server_host
config authen parameter response_ti m eout <int 0-255>
config authen parameter attempt <int 1-255>
show authen parameter
enable admin
config admin local_enable
Chapter 5 Access Authenticat ion
Control (AAC)
Commands
5-1 enable authen_policy
Description
This command is used to enable system access authentication policy. When enabled, the device
will adopt the login authentication method list to authenticate the user for login, and adopt the
enable authentication mothod list to authenticate the enable password for promoting the user‘s
privilege to Administrator leve l.
Format
enable authen_policy
67
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#enable authen_policy
DGS-3710-12C:admin#
DGS-3710-12C:admin#disable authen_policy
DGS-3710-12C:admin#
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To enable system access authentication policy:
Command: enable authen_policy
Success.
5-2 disable authen_policy
Description
This command is used to disable system access authentication policy. When authentication is
disabled, the device will adopt to the local user account database to authenticate the user for login.
Format
disable authen_policy
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To disable system access authentication policy:
Command: disable authen_policy
Success.
68
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#show authen_policy
DGS-3710-12C:admin#
<string 15> - Specifies the user-defined method list name.
5-3 show authen_policy
Description
This command is used to display whether system access authentication policy is enabled or
disabled.
Format
show authen_policy
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To display system access authentication policy:
Command: show authen_policy
Authentication Policy : Enabled
5-4 create authen_login method_li st_name
Description
This command is used to create a user-defined method list of authentication methods for user
login. The maximum supported number of the login method lists is eight.
Format
create authen_login method_list_name <string 15>
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example
To create a user-defined method list for user login:
69
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#create authen_login method_list_name login_list_1
DGS-3710-12C:admin#
default – Specifies the default method list of authentication methods.
method_list_name - Specifies the user-defined method list of authentication methods.
list name can be up to 15 characters long.
method - Choose the desired authentication method:
none - Specifies no authenticati on.
Command: create authen_login method_list_name login_list_1
Success.
5-5 config authen_login
Description
This command is used to configure a user-defined or default method list of authentication methods
for user login. The sequence of methods will affect the authentication result. For example, if the
sequence is TACACS+ first, then TACACS and local, when a user trys to login, the authentication
request will be sent to the first server host in the TACACS+ built-in server group. If the first server
host in the TACACS+ group is missing, the authentication request will be sent to the second server
host in the TACACS+ group, and so on. If all server hosts in the TACACS+ group are missing, the
authentication request will be sent to the first server host in the TACACS group. If all server hosts
in a TACACS group are missing, the local account database in the device is used to authenticate
this user. When a user logs in to the device successfully while using methods like
TACACS/XTACACS/TACACS+/RADIUS built-in or user-defined server groups or none, the “user”
privilege level is assigned only. If a user wants to get admin privilege level, the user must use the
“enable admin” command to promote his privilege level. But when the local method is used, the
privilege level will depend on this account privilege level stored in the local device.
Format
config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs |
tacacs+ | radius | server_group <string 15> | local | none}(1)
Parameters
<string 15> - Specifies the user-defined method list of authentication methods. The method
tacacs - Specifies authentication by the built-in server group TACACS.
xtacacs - Specifies authentication by the built-in server group XTACACS.
tacacs+ - Specifies authentication by the built-in server group TACACS+.
radius - Specifies authentication by the built-in server group RADIUS.
server_group - Specifies authentication by the user-defined server group.
<string 15> - Specifies authentication by the user-defined server group. The server group
value can be up to 15 characters long.
local - Specifies authentication by local user account database in the device.
Restrictions
Only Administrator-level users can issue this command.
70
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#config authen_login method_list_name login_list_1 method
DGS-3710-12C:admin#
<string 15> - Specifies the user-defined method list name.
DGS-3710-12C:admin#delete authen_login method_list_name login_list_1
DGS-3710-12C:admin#
Example
To configure a user-defined method list for user login:
tacacs+ tacacs local
Command: config authen_login method_list_name login_list_1 method tacacs+
tacacs local
Success.
5-6 delete authen_login method_list_name
Description
This command is used to delete a user-defined method list of authentication methods for user login.
Format
delete authen_login method_list_name <string 15>
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example
To delete a user-defined method list for user login:
Command: delete authen_login method_list_name login_list_1
Success.
5-7 show authen_login
Description
This command is used to display the method list of authentication methods for user login.
Format
show authen_login [default | method_list_name <string 15> | all]
71
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
default – Specifies to display the default method list for user login.
method_list_name - Specifies the user-defined method list for user login.
be up to 15 characters long.
all – Specifies to display all method lists for user login.
DGS-3710-12C:admin#show authen_login method_list_name login_list_1
DGS-3710-12C:admin#
<string 15> - Specifies the user-defined method list name.
Parameters
<string 15> - Specifies the user-defined method list for user login. The method list name can
Restrictions
Only Administrator-level users can issue this command.
Example
To display a user-defined method list for user login:
Command: show authen_login method_list_name login_list_1
Method List Name Priority Method Name Comment
---------------- -------- --------------- -----------------login_list_1 1 tacacs+ Built-in Group
2 tacacs Built-in Group
3 mix_1 User-defined Group
4 local Keyword
5-8 create authen_enable method_list_name
Description
This command is used to create a user-defined method list of authentication methods for
promoting a user's privilege to Admin level. The maximum supported number of the enable method
lists is eight.
Format
create authen_enable method_list_name <string 15>
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example
To create a user-defined method list for promoting a user's privilege to Admin level:
72
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#create authen_enable method_list_name enable_list_1
DGS-3710-12C:admin#
default - Specifies the default method list of authentication methods.
method_list_name - Specifies the user-defined method list of authentication methods.
list name can be up to 15 characters long.
method - Choose the desired authentication method:
none - Specifies no authenticati on.
Command: create authen_enable method_list_name enable_list_1
Success.
5-9 config authen_enable
Description
This command is used to configure a user-defined or default method list of authentication methods
for promoting a user's privilege to Admin level. The sequence of methods will effect the
authencation result. For example, if the sequence is TACACS+ first, then TACACS and
local_enable, when a user tries to promote a user's privilege to Admin level, the authentication
request will be sent to the first server host in the TACACS+ built-in server group. If the first server
host in the TACACS+ group is missing, the authentication request will be sent to the second server
host in the TACACS+ group, and so on. If all server hosts in the TACACS+ group are missing, the
authentication request will be sent to the first server host in the TACACS group. If all server hosts
in the TACACS group are missing, the local enable password in the device is used to authenticate
this user’s password. The local enable password in the device can be configured by the CLI
command config admin local_enable.
Format
config authen_enable [default | method_list_name <string 15>] method {tacacs | xtacacs |
tacacs+ | radius | server_group <string 15> | local_enable | none}(1)
Parameters
<string 15> - Specifies the user-defined method list of authentication methods. The method
tacacs - Specifies authentication by the built-in server group TACACS.
xtacacs - Specifies authentication by the built-in server group XTACACS.
tacacs+ - Specifies authentication by the built-in server group TACACS+.
radius - Specifies authentication by the built-in server group RADIUS.
server_group - Specifies authentication by the user-defined server group.
<string 15> - Specifies authentication by the user-defined server group. The server group
value can be up to 15 characters long.
local_enable - Specifies authentication by local enable password in the devic e.
Restrictions
Only Administrator-level users can issue this command.
Example
To configure a user-defined method list for promoting a user's privilege to Admin level:
73
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#config authen_enable method_list_name enable_list_1 method
DGS-3710-12C:admin#
<string 15> - Specifies the user-defined method list name.
DGS-3710-12C:admin#delete authen_enable method_list_name enable_list_1
DGS-3710-12C:admin#
tacacs+ tacacs local_enable
Command: config authen_enable method_list_name enable_list_1 method tacacs+
tacacs local_enable
Success.
5-10 delete authen_enable method_list_name
Description
This command is used to delete a user-defined method list of authentication methods for
promoting a user's privilege to Administrator level.
Format
delete authen_enable method_list_name <string 15>
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example
To delete a user-defined method list for promoting a user's privilege to Admin level:
Command: delete authen_enable method_list_name enable_list_1
Success.
5-11 show authen_enable
Description
This command is used to display the method list of authentication methods for promoting a user's
privilege to Administrator leve l.
Format
show authen_enable [default | method_list_name <string 15> | all]
74
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
default - Specifies to display the default method list for promoting a user's privilege to
Administrator level.
method_list_name - Specifies the user-defined method list for promoting a user's privilege to
Administrator level . The method list name value can be up to 15 characters long.
all - Specifies to dis play all method lists for promoting a user's privilege to Administrator level.
DGS-3710-12C:admin#show authen_enable all
DGS-3710-12C:admin#
console - Specifies an application: console.
all - Specifies all applications: console, Telnet, SSH, and Web.
Parameters
Administrator level.
<string 15> - Specifies the user-defined method list for a promoting a user's privilege to
Restrictions
Only Administrator-level users can issue this command.
Example
To display all method lists for promoting a user's privilege to Administrator level:
Command: show authen_enable all
Method List Name Priority Method Name Comment
---------------- -------- --------------- -----------------default 1 local_enable Keyword
enable_list_1 1 tacacs+ Built-in Group
2 tacacs Built-in Group
3 mix_1 User-defined Group
4 loca_enable Keyword
enable_list_2 1 tacacs+ Built-in Group
2 radius Built-in Group
Total Entries : 3
5-12 config authen application
Description
This command is used to configure login or enable method list for all or the specified application.
Format
config authen application [console | telnet | ssh | http | all] [login | enable] [default |
method_list_name <string 15>]
Parameters
telnet - Specifies an application: Telnet.
ssh - Specifies an application: SSH.
http - Specifies an application: Web.
75
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
login - Specifies the method list of authentication methods for user login.
Administrator level.
default - Specifies the default method list.
be up to 15 characters long.
DGS-3710-12C:admin#config authen application telnet login method_list_name
DGS-3710-12C:admin#
DGS-3710-12C:admin#show authen application
Telnet login_list_1 default
enable - Specifies the method list of authentication methods for promoting user privilege to
method_list_name - Specifies the user-defined method list name.
<string 15> - Specifies the user-defined method list name. The method list name value can
Restrictions
Only Administrator-level users can issue this command.
Example
To configure the login method list for Telnet:
login_list_1
Command: config authen application telnet login method_list_name login_list_1
Success.
5-13 show authen application
Description
This command is used to display the login/enable method list for all applications.
Format
show authen application
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To display the login and enable method list for all applications:
Command: show authen application
Application Login Method List Enable Method List
----------- ----------------- -----------------Console default default
76
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
SSH default default
DGS-3710-12C:admin#
<string 15> - Specifies the user-defined server group name.
DGS-3710-12C:admin#create authen server_group mix_1
DGS-3710-12C:admin#
HTTP default default
5-14 create authen server_group
Description
This command is used to create a user-defined authentication server group. The maximum
supported number of server groups including built-in server groups is eight. Each group consists of
eight server hosts as maximum.
Format
create authen server_group <string 15>
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example
To create a user-defined authentication server group:
Command: create authen server_group mix_1
Success.
5-15 config authen server_group
Description
This command is used to add or remove an authentication server host to or from the specified
server group. Built-in server group tacacs, xtacacs, tacacs+, and RADIUS accept the server host
with the same protocol only, but user-defined server group can accept server hosts with different
protocols. The server host must be created first by using the CLI command create authen
server_host.
Format
config authen server_group [tacacs | xtacacs | tacacs+ | radius | <string 15>] [add | delete]
server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
77
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
tacacs - Specifies the built-in server group TACACS.
<string 15> - Specifies a user-defined server group.
add - Specifies to add a server host to a server group.
delete - Specifies to remove a server host from a server group.
server_host - Specifies the server host’s IP address.
<ipaddr> - Specifies the server host’s IP address.
protocol - Specifies the server host’s type of authentication protocol.
radius - Specifies the server host’s authentication protocol RADIUS.
DGS-3710-12C:admin#config authen server_group mix_1 add server_host 10.1.1.222
DGS-3710-12C:admin#
<string 15> - Specifies the user-defined server group name.
Parameters
xtacacs - Specifies t he buil t-in server group XTACACS.
tacacs+ - Specifies the built-in server group TACACS+.
radius – Specifies the built-in server group RADIUS.
tacacs - Specifies the server host’s authentication protocol TACACS.
xtacacs - Specifies the server host’s authentication protocol XTACACS.
tacacs+ - Specifies the server host’s authentication protocol TACACS+.
Restrictions
Only Administrator-level users can issue this command.
Example
To add an authentication server host to a server group:
protocol tacacs+
Command: config authen server_group mix_1 add server_host 10.1.1.222 protocol
tacacs+
Success.
5-16 delete authen server_group
Description
This command is used to delete a user-defined authentication server group.
Format
delete authen server_group <string 15>
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example
To delete a user-defined authentication server group:
78
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#delete authen server_group mix_1
DGS-3710-12C:admin#
<string 15> - (Optional) Specifies the built-in or user-defined server group name.
DGS-3710-12C:admin#show authen server_group
DGS-3710-12C:admin#
Command: delete authen server_group mix_1
Success.
5-17 show authen server_group
Description
This command is used to display the authentication server groups.
Format
show authen server_group {<stri n g 15>}
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example
To display all authentication server groups:
Command: show authen server_group
Group Name IP Address Protocol
--------------- --------------- -------mix_1 10.1.1.222 TACACS+
radius 10.1.1.224 RADIUS
tacacs 10.1.1.225 TACACS
tacacs+ 10.1.1.226 TACACS+
xtacacs 10.1.1.227 XTACACS
Total Entries : 5
5-18 create authen server_host
Description
This command is used to create an authentication server host. When an authentication server host
is created, the IP address and protocol are the index. That means more than one authentication
protocol service can be run on the same physical host. The maximum supported number of server
hosts is 16.
79
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<ipaddr> - Specifies the server host’s IP address.
protocol - Specifies the server host’s type of authentication protocol.
radius - Specifies the server host’s authentication protocol RADIUS.
port - (Optional) Specifies the port number of the authentication protocol for the server host. The
is 1812. The port number must be between 1 and 65535.
key - (Optional) Specifies the key for TACACS+ and RADIUS authentication.
for TACACS and XTACACS.
timeout - (Optional) Specifies the time in seconds for waiting for a server reply. The default value
seconds. The timeout value must be between 1 and 255 seconds.
retransmit - (Optional) Specifies the count for re-transmit. This value is meaningless for
default value is 2. The re-transmit value must be between 1 and 20.
DGS-3710-12C:admin#create authen server_host 10.1.1.222 protocol tacacs+ port
DGS-3710-12C:admin#
Format
create authen server_host <ipaddr> p rotocol [tacacs | xtacacs | tacacs+ | radius] {port <int
1-65535> | key [<key_string 254> | none] | timeout <int 1-255> | retransmit <int 1-20>}
Parameters
tacacs - Specifies the server host’s authentication protocol TACACS.
xtacacs - Specifies the server host’s authentication protocol XTACACS.
tacacs+ - Specifies the server host’s authentication protocol TACACS+.
default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS is 1812.
<int 1-65535> - Specifies the port number of the authentication protocol for the server host.
The default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS
<key_string 254> - Specifies the key for TACACS+ and RADIUS authenticaiton. If the value
is null, no encryption will apply. This value is meaningless for TACACS and XTACACS.
none - No encryption for TACACS+ and RADIUS authenticaiton. This value is meaningless
is 5 seconds.
<int 1-255> - Specifies the time in seconds for waiting for a server reply. The default value is 5
TACACS+. The default value is 2.
<int 1-20> - Specifies the count for re-transmit. This value is meaningless for TACACS+. The
Restrictions
Only Administrator-level users can issue this command.
Example
To create a TACACS+ authentication server host with a listening port number of 15555 and a
timeout value of 10 seconds:
15555 timeout 10
Command: create authen server_host 10.1.1.222 protocol tacacs+ port 15555
timeout 10
Key is empty for TACACS+ or RADIUS.
Success.
80
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<ipaddr> - Specifies the server host’s IP address.
protocol - Specifies the server host’s type of authentication protocol.
radius - Specifies the server host’s authentication protocol RADIUS.
port - Specifies the port number of the authentication protocol for the server host. The default
is 1812. The port number must be between 1 and 65535.
key - Specifies the key for TACACS+ and RADIUS authentication.
meaningless for TACACS and XTACACS.
timeout - Specifies the time in seconds for waiting for a server reply. The default value is 5
seconds. The timeout value must be between 1 and 255 seconds.
retransmit - Specifies the count for re-transmit. This value is meaningless for TACACS+. The
default value is 2. The re-transmit value must be between 1 and 20.
DGS-3710-12C:admin#config authen server_host 10.1.1.222 protocol tacacs+ key
DGS-3710-12C:admin#
5-19 config authen server_host
Description
This command is used to configure an authentication server host.
Format
config authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int
1-65535> | key [<key_string 254> | none] | timeout <int 1-255> | retransmit <int 1-20>}(1)
Parameters
tacacs - Specifies the server host’s authentication protocol TACACS.
xtacacs - Specifies the server host’s authentication protocol XTACACS.
tacacs+ - Specifies the server host’s authentication protocol TACACS+.
value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS is 1812.
<int 1-65535> - Specifies the port number of the authentication protocol for the server host.
The default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS
<key_string 254> - Specifies the key for TACACS+ and RADIUS authentication. If the value
is null, no encryption will apply. This value is meaningless for TACACS and XTACACS.
none - Specifies no encryption for TACACS+ and RADIUS authentication. This value is
seconds.
<int 1-255> - Specifies the time in seconds for waiting for a server reply. The default value is 5
default value is 2.
<int 1-20> - Specifies the count for re-transmit. This value is meaningless for TACACS+. The
Restrictions
Only Administrator-level users can issue this command.
Example
To configure a TACACS+ authentication server host’s key value:
"This is a secret"
Command: config authen server_host 10.1.1.222 protocol tacacs+ key "This is a
secret"
Success.
81
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<ipaddr> - Specifies the server host’s IP address.
protocol - Specifies the server host’s type of authentication protocol.
radius - Specifies the server host’s authentication protocol RADIUS.
DGS-3710-12C:admin#delete authen server_host 10.1.1.222 protocol tacacs+
DGS-3710-12C:admin#
5-20 delete authen server_host
Description
This command is used to delete an authentication server host.
Format
delete authen server_host <ipad d r> protocol [tacacs | xtacacs | tacacs+ | radius]
Parameters
tacacs - Specifies the server host’s authentication protocol TACACS.
xtacacs - Specifies the server host’s authentication protocol XTACACS.
tacacs+ - Specifies the server host’s authentication protocol TACACS+.
Restrictions
Only Administrator-level users can issue this command.
Example
To delete an authentication server host:
Command: delete authen server_host 10.1.1.222 protocol tacacs+
Success.
5-21 show authen server_host
Description
This command is used to display authentication server hosts.
Format
show authen server_host
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
82
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#show authen server_host
DGS-3710-12C:admin#
<int 0-255> - Specifies the amount of time for user input on the Console, Telnet, SSH, or HTTP
interface. 0 means there is no time out. The default value is 30 seconds.
DGS-3710-12C:admin#config authen parameter response_timeout 60
DGS-3710-12C:admin#
Example
To display all authentication server hosts:
Command: show authen server_host
IP Address Protocol Port Timeout Retransmit Key
--------------- -------- ----- ------- ---------- ------------------------
-
10.1.1.222 TACACS+ 15555 10 --------- This is a secret
Total Entries : 1
5-22 config authen parameter response_timeout
Description
This command is used to configure the amount of time waiting for user to input on Console, Telnet,
SSH, and HTTP applications.
Format
config authen parameter response_ti m eout <int 0-255>
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example
To configure 60 seconds for user to input:
Command: config authen parameter response_timeout 60
Success.
5-23 config authen parameter attempt
Description
This command is used to configure the maximum attempts for users trying to login or promote the
privilege on Console, Telnet, SSH or HTTP applications. If the failure value is exceeded,
connection or access will be locked.
83
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<int 1-255> - Specifies the amount of attempts for users trying to login or promote the privilege
on Console, Telnet, SSH, or HTTP interface. The default value is 3.
DGS-3710-12C:admin#config authen parameter attempt 9
DGS-3710-12C:admin#
Format
config authen parameter attempt <int 1-255>
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example
To configure the maximum attempts for users trying to login or promote the privilege to be 9:
Command: config authen parameter attempt 9
Success.
5-24 show authen parameter
Description
This command is used to display the authentication parameters.
Format
show authen parameter
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To display the authentication parameters:
84
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin# show authen parameter
DGS-3710-12C:admin#
DGS-3710-12C:user#enable admin
DGS-3710-12C:admin#
Command: show authen parameter
Response Timeout : 60 seconds
User Attempts : 9
5-25 enable admin
Description
This command is used to promote the "user" privilege level to "admin" level. When the user enters
this command, the authentication method TACACS, XTACAS, TACACS+, user-defined server
groups, local enable, or none will be used to authenticate the user. Because TACACS, XTACACS
and RADIUS don't support the enable function by themselves, if a user wants to use either one of
these three protocols to enable authentication, the user must create a special account on the
server host first, which has a username enable and then configure its password as the enable
password to support the "enable" function. This command cannot be used when authenticati on
policy is disabled.
Format
enable admin
Parameters
None.
Restrictions
None.
Example
To enable administrator lever privilege:
PassWord: ********
Success.
5-26 config admin local_enable
Description
This command is used to configure the local enable password for the enable command. When the
user chooses the local_enable method to promote the privilege level, the enable password of the
local device is needed.
85
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
DGS-3710-12C:admin#config admin local_enable
DGS-3710-12C:admin#
Format
config admin local_enable
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To configure the administrator password:
Command: config admin local_enable
Enter the old password:
Enter the case-sensitive new password:******
Enter the new password again for confirmation:******
Success.
86
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
create access_profile profile_id <value 1-12> profile_name <name 1-32> [ethernet {vlan {<hex
destination_ipv6_mask <ipv6mask>]}(1)]
delete access_profile [profile_id <value 1-12> | profile_name <name 1-32> | all]
config access_profile [profile_id <value 1-12> | profile_name <name 1-32>] [add access_id
access_id <value 1-128>]
show access_profile {[profile_id <value 1-12> | profile_name <name 1-32>]}
config time_range <range_name 32> [hours start_time <time hh:mm:ss> end_time <time
hh:mm:ss> weekdays <daylist> |delete ]
show time_range
show current_config access_profile
delete cpu access_profile [profile_id <value 1-5> | all]
create cpu access_profile profile_id < va lue 1-5> [ethernet {vlan | source_mac <macmask> |
<hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
Chapter 6 Access Control List
(ACL) Commands
0x0-0x0fff>} | source_mac <macmask> | destination_mac <macmask> | 802.1p |
ethernet_type}(1) | ip {vlan {<hex 0x0-0x0fff>} | source_ip_mask <netmask> |
destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask
<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn |
fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff >} |
protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex 0x0-0xffffffff>}]}(1) |
packet_content_mask {offset_chunk_1 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_2
<value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31> <hex 0x0-0xffff ffff> |
offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>}(1) | ipv6 {[{class | flowlabel | [tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp {src_port_mask
<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>}]} | source_ipv6_mask <ipv6mask> |
[auto_assign | <value 1-128>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]
{mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac
<macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_t ype <hex 0x0-0xffff>}(1) | ip
{[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-0x0fff>} | source_ip
<ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>} | dscp <value 0-63>
| [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-255>} | tcp {src_port
<value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}
| flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535> {mask <hex 0x00xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id <value 0-255>
{user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}]}(1) | packet_content
{offset_chunk_1 <hex 0x0-0xffffffff> | offset_chunk_2 <hex 0x0-0xffffffff> | offset_chunk_3
<hex 0x0-0xffffffff> | offset_chunk_4 <hex 0x0-0xffffffff>}(1) | ipv6 {[{clas s <val ue 0-255> |
flowlabel <hex 0x0-0xfffff> | [tcp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port
<value 0-65535> {mask <hex 0x0-0xffff>}} | udp {src_port <value0-65535> {mask <hex 0x00xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}}]} | source_ipv6 <ipv6addr> {mask
<ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>}]}(1)] [port [<portlist> | all] |
vlan_based [vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]] [permit {priority <value 0-7>
{replace_priorit y} | [replace _dsc p_ with <v alue 0-63> | replace_tos_precedence_with <value 07>] | counter [enable | disable]} | mirror | deny] {time_range <range_name 32>} | delete
destination_mac <macmask> | 802.1p | ethernet_type}(1) | ip {vlan | source_ip_mask
<netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack
| psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>}
| protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex 0x0-0xffffffff>}]}(1) |
packet_content_mask {offset_0-15 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
87
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
<hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
destination_ipv6_mask <ipv6mask>]}(1)]
config cpu access_profile profi le_id <value 1-5> [add access_id <value 1-100> [ethernet {[vlan
100>]
show cpu access_profile {profile_id <value 1 -5>}
enable cpu_interface_filt erin g
disable cpu_interface_f ilterin g
config flow_meter [profile_id <value 1-12> | profile_name <name 1-32>] acc es s_id < va lue 1-
delete]
show flow_meter {[profile_id <value 1-12> | profile_name <name 1-32>] {access_id <value1-
128>}}
Note: Please see the “Error! Reference source not found. Error! Reference
<hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>
<hex 0x0-0xffffffff>}(1) | ipv6 {[{class | flowlabel} | source_ipv6_mask <ipv6mask> |
<vlan_name 32> | vlan_id <vlanid 1-4094>] | source_mac <macaddr> | destination_mac
<macaddr> | 802.1p <value 0-7> | ethernet_t ype <hex 0x 0-0xffff>} (1)| ip {[vlan <vlan_name
32> | vlan_id <vlanid 1-4094>] | source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 063> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-255>} | tcp
{src_port <value 0-65535> | dst_port <value 0-65535> | flag [all | {urg | ack | psh | rst | syn |
fin}]} | udp {src_port <value 0-65535 > | dst_por t <valu e 0-65535>} | protocol_id <value 0-255>
{user_define <hex 0x0-0xffffffff>}]}(1) | packet_content {offset_0-15 <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff> <hex
0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xff ffffff >}(1) | ipv6 {[{class <value 0-255> |
flowlabel <hex 0x0-0x f fff f >} | source_ipv6 <ip v6a ddr> | destinati on_ ip v6 <ip v6a ddr >]} (1) ] port
[<portlist> | all] [permit | deny] {time_r ange <ran ge_ na me 32>} | delete access_id <value 1-
128> [rate [<value 0-1000000>] {burst_size [<value 0-16384>]} rate_exceed [drop_pack e t |
remark_dscp <value 0-63>] | tr_tcm cir <value 0-1000000> {cbs <value 0-16384>} pir <value
0-1000000> {pbs <value 0-16384>} {[color_blind | color_aware]} {conform [permit |
replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit {replace_dscp <value
0-63>} | drop] {counter [enable | disable]} v iolate [ permit {replace_dscp <value 0-63>} | drop]
{counter [enable | disable]} | sr_tcm cir <value 0-1000000> cbs <value 0-16384> ebs <value
0-16384> {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>] {counter
[enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop] {counter [enable |
disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} |
6-1 create access_profile profile_id
Description
This command is used to create access list profiles.
source not found.” section for a configuration example and further information.
Format
create access_profile profile_id <value 1-12> profile_name <name 1-32> [ethernet {vlan
{<hex 0x0-0x0fff>} | source_mac <macmask> | destination_mac <macmask> | 802.1p |
ethernet_type}(1) | ip {vlan {< h ex 0x0-0x0fff>} | source_ip_mask <netmask> |
destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg |
ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x00xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex 0x0-0xffffffff>}]}(1) |
88
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
profile_id - Specifies the index of the access list profile.
<value 1-12> - Specifies the profile ID between 1 and 12.
profile_name - Specifies a profile name.
<name 1-32> - The maximum length is 32 characters.
ethernet - Specifies an Ethernet access control list rule.
ethernet_type - Specifies the Ethernet type.
ip - Specifies an IP access control list rule.
<hex 0x0-0xffffffff> - Specifies the L4 part mask .
packet_content - Specifies the packet content for the user defined mask.
packet_content_mask {offset_chunk_1 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_2
<value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31> <hex 0x0-0xffffffff> |
offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>}(1) | ipv6 {[{class | flowlabel | [tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp {src_port_mask
<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>}]} | source_ipv6_mask <ipv6mask> |
destination_ipv6_ma sk <i pv 6mask>]}(1)]
Parameters
vlan - Specifies a VLAN mask. Only the last 12 bits of the mask will be considered.
<hex 0x0-0x0fff> - (Optional) Specifies a VLAN mask.
source_mac - Specifies the source MAC mask.
<macmask> - Specifies the source MAC mask.
destination_mac - Specifies the destination MAC mask.
<macmask> - Specifies the destination MAC mask.
802.1p - Speciy the 802.1p priority tag mask.
vlan - Specifies a VLAN mask. Only the last 12 bits of the mask will be considered.
<hex 0x0-0x0fff> - (Optional) Specifies a VLAN mask.
source_ip_mask - Specifies an IP source submask.
<netmask> - Specifies an IP source submask.
destination_ip_mask - Specifies an IP destination submask.
<netmask> - Specifies an IP destination submask.
dscp - Specifies the DSCP mask.
icmp - Specifies that the rule applies to ICMP traffic.
type - (Optional) Specifies the ICMP packet type.
code - (Optional) Specifies the ICMP code.
igmp - Specifies that the rule applies to IGMP traffic.
type - (Optional) Specifies the IGMP packet type.
tcp - Specifies that the rule applies to TCP traffic.
src_port_mask - (Optional) Specifies the TCP source port mask.
<hex 0x0-0xffff> - Specifies the TCP source port mask.
dst_port_mask - (Optional) Specifies the TCP destination port mask.
<hex 0x0-0xffff> - Specifies the TCP destination port mask.
flag_mask - (Optional) Specifies the TCP flag field mask.
all – (Optional) Specifies to check all paramenters below.
urg - (Optional) Specifies Urgent Pointer field significant.
ack - (Optional) Specifies Acknowledgment field significant.
psh - (Optional) Specifies Push Function.
rst - (Optional) Specifies to reset the connection.
syn - (Optional) Specifies to synchronize sequence numbers.
fin - (Optional) No more data from sender.
udp - Specifies that the rule applies to UDP traffic.
src_port_mask - (Optional) Specifies the UDP source port mask.
<hex 0x0-0xffff> - Specifies the UDP source port mask.
dst_port_mask - (Optional) Specifies the UDP destination port mask.
<hex 0x0-0xffff> - Specifies the UDP destination port mask.
protocol_id_mask - Specifies that the rule applies to the IP protocol ID traffic.
<hex 0x0-0xff> - Specifies that the rule applies to the IP protocol ID traffic.
user_define_mask - (Optional) Specifies the L4 part mask.
89
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
offset_chunk_1 - (Optional) Specifies that the contents of the offset trunk 1 will be monitored.
<hex 0x0-0xffffffff> - Enter the offset trunk 4 mask used here.
ipv6 - Specifies the IPv6 filtering mask.
<ipv6mask> - (Optional) Specifies the IPv6 destination IP mask.
DGS-3710-12C:admin#create access_profile profile_id 1 profile_name 1 ethernet
DGS-3710-12C:admin#
<value 0-31> - Enter the offset 1 value used here. This value must be between 0 and 31.
<hex 0x0-0xffffffff> - Enter the offset trunk 1 mask used here.
offset_chunk_2 - (Optional) Specifies that the contents of the offset trunk 2 will be monitored.
<value 0-31> - Enter the offset 2 value used here. This value must be between 0 and 31.
<hex 0x0-0xffffffff> - Enter the offset trunk 2 mask used here.
offset_chunk_3 - (Optional) Specifies that the contents of the offset trunk 3 will be monitored.
<value 0-31> - Enter the offset 3 value used here. This value must be between 0 and 31.
<hex 0x0-0xffffffff> - Enter the offset trunk 3 mask used here.
offset_chunk_4 - (Optional) Specifies that the contents of the offset trunk 4 will be monitored.
<value 0-31> - Enter the offset 4 value used here. Thi s value must be between 0 and 31.
class - Specifies the IPv6 class mask.
flowlabel - Specifies the IPv6 flow label mask.
tcp - Specifies that the rule applies to TCP traffic.
src_port_mask - (Optional) Specifies the TCP source port mask.
<hex 0x0-0xffff> - Specifies the TCP source port mask.
dst_port_mask - (Optional) Specifies the TCP destination port mask.
<hex 0x0-0xffff> - Specifies the TCP destination port mask.
udp - Specifies that the rule applies to UDP traffic.
src_port_mask - (Optional) Specifies the UDP source port mask.
<hex 0x0-0xffff> - Specifies the UDP source port mask.
dst_port_mask - (Optional) Specifies the UDP destination port mask.
<hex 0x0-0xffff> - Specifies the UDP destination port m ask.
source_ipv6_mask - Specifies the IPv6 source IP mask.
<ipv6mask> - (Optional) Specifies the IPv6 source IP mask.
destination_ipv6_mask - Specifies the IPv6 destination IP mask.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To create access list profiles:
vlan source_mac FF-FF-FF-FF-FF-FF destination_mac 00-00-00-FF-FF-FF 802.1p
ethernet_type
Command: create access_profile profile_id 1 profile_name 1 ethernet vlan
source_mac FF-FF-FF-FF-FF-FF destination_mac 00-00-00-FF-FF-FF 802.1p
ethernet_type
Success.
DGS-3710-12C:admin#
DGS-3710-12C:admin#create access_profile profile_id 2 profile_name 2 ip vlan
source_ip_mask 255.255.255.255 destination_ip_mask 255.255.255.0 dscp icmp
Command: create access_profile profile_id 2 profile_name 2 ip vlan
source_ip_mask 255.255.255.255 destination_ip_mask 255.255.255.0 dscp icmp
Success.
90
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
profile_id - Specifies the index of the access list profile.
<value 1-12> - Specifies the index of the access list profile. Enter a value between 1 and 12.
profile_name - Specifies the profile name.
<name 1-32> - Specifies the profile name. The maximum length is 32 characters.
all - Specifies the whole access list profile to delete.
DGS-3710-12C:admin#delete access_profile profile_id 10
DGS-3710-12C:admin#
Note: Please see the “Erro r ! Referenc e source not found. Error! Reference
6-2 delete access_profile
Description
This command is used to delete access list profiles.
Format
delete access_profile [profile_id <value 1-12> | profile_name <name 1-32> | all]
Parameters
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To delete access list profiles:
Command: delete access_profile profile_id 10
Success.
6-3 config access_profile
Description
This command is used to configure access list entries.
source not found.” section for a configuration example and further information.
Format
config access_profile [profile_id <value 1-12> | profile_name <name 1-32>] [add access_id
[auto_assign | <value 1-128>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]
{mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac
<macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>}(1) | ip
{[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-0x0fff>} | source_ip
<ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>} | dscp <value 063> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-255>} | tcp
91
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
profile_id - Specifies the index of the access list profile.
<value 1-12> - Specifies the value between 1 and 12.
profile_name - Specifies the profile name.
<name 1-32> - Specifies the profile name. The maximum length is 32 characters.
add access_id - Specifies the index of the access list entry.
<value 1-128> - Specifies a value between 1 and 128.
ethernet - Specifies an Ethernet access control list rule.
<hex 0x0-0xffff> - Specifies the Ethernet type.
ip - Specifies an IP access control list rule.
<ipaddr> - Specifies an IP destination address .
{src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex
0x0-0xffff>} | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535>
{mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id
<value 0-255> {user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}]}(1) |
packet_content {offset_c hu nk_1 <hex 0x0-0xffffffff> | offset_chunk_2 <hex 0x0-0xffffffff> |
offset_chunk_3 <hex 0x0-0xffffffff> | offset_chunk_4 <hex 0x0-0xffffffff>}(1) | ipv6 {[{class
<value 0-255> | flowlabel <hex 0x0-0xfffff> | [tcp {src_port <value 0-65535> {mask <hex 0x00xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | udp {src_port <value0-65535>
{mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}}]} | source_ipv6
<ipv6addr> {mask <ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>}]}(1)]
[port [<portlist> | all] | vlan_based [vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]] [permit
{priority <value 0-7> {replace_priority} | [replace_dscp_with <value 0-63> |
replace_tos_precedence_with <value 0-7>] | counter [enable | disable]} | mirror | deny]
{time_range <range_name 32>} | delete access_id <value 1-128>]
Parameters
auto_assign - Specifies to automatically assign the access ID.
vlan - Specifies the VLAN name.
<vlan_name 32> -Specifies the VLAN name. The maximum length is 32 characters.
vlanid - Specifies the VLAN ID.
<vlanid 1-4094> - Specifies the VLAN ID between 1 and 4094.
mask - (Optional) Specifies the mask.
<hex 0x0-0x0fff> - Specifies the mask.
source_mac - Specifies the source MAC address.
<macaddr> - Specifies the source MAC address.
mask - (Optional) Specifies the mask.
<macmask> - Specifies the mask.
destination_mac - Specifies the destination MAC addres s.
<macaddr> - Specifies the destination MAC address .
mask - (Optional) Specifies the mask.
<macmask> - Specifies the mask.
802.1p - Specifies th e valu e of the 802.1p pr iori t y tag.
<value 0-7> - Specifies the value of the 802.1p priority tag. The priority tag ranges from 1
to 7.
ethernet_type - Specifies the Ethernet type.
vlan - Specifies the VLAN name.
<vlan_name 32> -Specifies the VLAN name. The maximum length is 32 characters.
vlanid - Specifies the VLAN ID.
<vlanid 1-4094> - Specifies the VLAN ID between 1 and 4094.
mask - (Optional)Specifies the mask.
<hex 0x0-0x0fff> - Specifies the mask.
source_ip - Specifies an IP source address.
<ipaddr> - Specifies an IP source address.
mask - (Optional) Specifies the mask.
<netmask> - Specifies the mask .
destination_ip - Specifies an IP destination address.
92
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
mask - (Optional) Specifies the mask.
<hex 0x0-0xffffffff> - Specifies the mask.
packet_content - Specifies the packet content for the user defined mask.
<hex 0x0-0xffffffff> - Enter the offset trunk 4 value used here.
ipv6 - Specifies that the rule applies to IPv6 fields.
<hex 0x0-0xfffff> - Specifies the value of the IPv6 flow label.
<netmask> - Specifies the mask .
dscp - Specifies the value of DSCP.
<value 0-63> - Specifies the value of DSCP. The DSCP value ranges from 0 to 63.
icmp - Specifies the ICMP.
type - (Optional) Specifies that the rule will apply to the ICMP Type traffic value.
<value 0-255> - Specifies the value between 0 and 25 5.
code - (Optional) Specifies that the rule will apply to the ICMP Code traffic value.
<value 0-255> - Specifies the value between 0 and 25 5.
igmp - Specifies the IGMP.
type - (Optional) Specifies that the rule will apply to the IGMP Type traffic value.
<value 0-255> - Specifies the value between 0 and 25 5.
tcp - Specifies TCP.
src_port - (Optional) Specifies that the rule will apply to a range of TCP source ports.
<value 0-65535> - Specifies the value bet w een 0 and 6553 5.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Specifies the mask.
dst_port - (Optional) Specifies that the rule will apply to a range of TCP destination ports.
<value 0-65535> - Specifies the value bet w een 0 and 6553 5.
mask - (Optional) Specifies the mask.
udp - Specifies UDP.
protocol_id - Specifies that the rule will apply to the value of IP protocol ID traffic.
<hex 0x0-0xffff> - Specifies the mask.
flag - Specifies the TCP flag field value.
all – (Optional) Specifies to check all paramenters below.
urg - (Optional) Specifies Urgent Pointer field significant.
ack - (Optional) Specifies Acknowledgment field significant.
psh - (Optional) Specifies Push Function.
rst - (Optional) Specifies to reset the connection.
syn - (Optional) Specifies to synchronize sequence numbers.
fin - (Optional) No more data from sender.
src_port - (Optional) Specifies the UDP source port range.
<value 0-65535> - Specifies the value bet w een 0 and 6553 5.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Specifies the mask.
dst_port - (Optional) Specifies the UDP destination port range.
<value 0-65535> - Specifies the value bet w een 0 and 6553 5.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Specifies the mask.
<value 0-255> - Specifies the value between 0 and 25 5.
user_define - (Optional) Specifies that the rule will apply to the IP protocol ID and that the
mask options behind the IP header, which has a length of 4 bytes.
<hex 0x0-0xffffffff> - Specifies that the rule will apply to the IP protocol ID and that the
mask options behind the IP header, which has a length of 4 bytes.
mask - (Optional) Specifies the mask.
offset_chunk_1 - (Optional) Specifies that the contents of the offset trunk 1 will be monitored.
<hex 0x0-0xffffffff> - Enter the offset trunk 1 value used here.
offset_chunk_2 - (Optional) Specifies that the contents of the offset trunk 2 will be monitored.
<hex 0x0-0xffffffff> - Enter the offset trunk 2 value used here.
offset_chunk_3 - (Optional) Specifies that the contents of the offset trunk 3 will be monitored.
<hex 0x0-0xffffffff> - Enter the offset trunk 3 value used here.
offset_chunk_4 - (Optional) Specifies that the contents of the offset trunk 4 will be monitored.
class - Specifies the value of the IPv6 class.
<value 0-255> - Specifies the value between 0 and 25 5.
flowlabel - Specifies the value of the IPv6 flow label.
93
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
tcp - Specifies TCP.
<ipv6mask> - Specifies the mask.
port - The access profile rule may be defined for each port on the switch.
32 characters.
src_port - (Optional) Specifies the TCP source port range.
<value 0-65535> - Specifies the value bet w een 0 and 6553 5.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Specifies the mask.
dst_port - (Optional) Specifies the TCP destination port range.
<value 0-65535> - Specifies the value bet w een 0 and 6553 5.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Specifies the mask.
udp - Specifies UDP.
src_port - (Optional) Specifies the UDP source port range.
<value 0-65535> - Specifies the value bet w een 0 and 6553 5.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Specifies the mask.
dst_port - (Optional) Specifies the UDP destination port range.
<value 0-65535> - Specifies the value bet w een 0 and 6553 5.
mask - Specifies the mask.
<hex 0x0-0xffff> - Specifies the mask.
source_ipv6 - Specifies the value of the IPv6 source address.
<ipv6addr> - Specifies the value of the IPv6 source address.
mask - (Optional) Specifies the mask.
<ipv6mask> - Specifies the mask.
destination_ipv6 - Specifies the value of the IPv6 destination address.
<ipv6addr> - Specifies the value of the IPv6 destination address.
mask - (Optional) Specifies the mask.
<portlist> - Specifies a list of ports.
all - Specifies that the access rule will apply to all ports.
vlan_based - Specifies the VLAN-based ACL rule. There are two conditions: this rule will
apply to all ports and packets must belong to the configured VLAN. It can be specified by
VLAN name or VLAN ID.
vlan_name - Specifies the VLAN name.
<vlan_name 32> - Specifies the VLAN name. The maximum length is 32 characters.
vlan_id - Specifies the VLAN ID.
<vlanid 1-4094> - Specifies the VLAN ID between 1 and 4094.
permit - Specifies the packets that match the access profile are permit by the switch.
priority - (Optional) Specifies the packets that match the access profile are remap the
802.1p priority tag field by the switch.
<value 0-7>- Specifies the value bet ween 0 and 7.
replace_priority - (Optional) Specifies the packets that match the access profile
remarking the 802.1p priority tag field by the switch.
replace_dscp_with - (Optional) Specifies the DSCP of the packets that match the access
profile are modified according to the value.
<value 0-63> - Specifies the value between 0 and 63.
replace_tos_precedence_with - (Optional) Specifies that the IP precedence of the
outgoing packet is changed with the new value. If used without an action priority, the
packet is sent to the default TC.
<value 0-7> - Specifies the value between 0 and 7.
counter - (Optional)
enable - Specifies whether the ACL counter feature is enabled. If the rule is not bound
with the flow meter, all matching packets are counted. If the rule is bound with the
flow meter, then the “counter” is overridden.
disable - Specifies whether the ACL counter feature is disabled. The default option is
disabled.
mirror - Specifies that packets matching the access profile are copied to the mirror port.
deny - Specifies the packets that match the access profile are filtered by the switch.
time_range - (Optional) Specifies the name of this time range entry.
<range_name 32> - Specifies the name of this time range entry. The maximum length is
94
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
delete access_id - Specifies to delete the access ID.
<value 1-128> - Specifies the value between 1 and 128.
DGS-3710-12C:admin#config access_profile profile_id 2 add access_id 1 ip vlan
DGS-3710-12C:admin#
profile_id - (Optional) Specifies the index of the access list profile.
<value 1-12> - Specifies the profile ID between 1 and 12.
profile_name - (Optional) Specifies the name of the access list profile.
<name 1-32> - Enter the profile name used here. This name can be up to 32 characters long.
DGS-3710-12C:admin#show access_profile
Total Available HW Entries : 1532
Restrictions
Only Administrator and Operator-level users can issue this command.
Example
To configure an access list entry:
default source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp port 1 permit
Command: config access_profile profile_id 2 add access_id 1 ip vlan default
source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp port 1 permit
Success.
6-4 show access_profile
Description
This command is used to display the current access list table.
Format
show access_profile {[profile_id <value 1-12> | profile_name <name 1-32>]}
Parameters
Restrictions
None.
Example
To display the current access list table:
Command: show access_profile
Access Profile Table
Total User Set Rule Entries : 4
Total Used HW Entries : 4
95
DGS-3710 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
===============================================================================
Profile ID: 1 Profile name: EtherACL Type: Ethernet
MASK on
VLAN : 0xFFF
802.1p
Ethernet Type
Available HW Entries : 127
------------------------------------------------------------------------------Access ID : 1 Ports: 2
Match on
VLAN ID : 1
Action:
Permit
===============================================================================
===============================================================================
Profile ID: 2 Profile name: IPv4ACL Type: IPv4
MASK on
VLAN : 0xFFF
Available HW Entries : 127
------------------------------------------------------------------------------Access ID : 1 Ports: 2
Match on
VLAN ID : 1
Action:
Permit
===============================================================================
===============================================================================
Profile ID: 3 Profile name: IPv6ACL Type: IPv6
MASK on
Class
Available HW Entries : 127
------------------------------------------------------------------------------Access ID : 1 Ports: 2
Match on
Class : 1
96
Loading...