D-Link dws-1008 User Manual

Table of Contents

Introducing the D-Link Mobility System .........................................................................................1

D-Link Mobility System .................................................................................................................1

Using the Command-Line Interface ................................................................................................2

Text and Syntax: Conventions ......................................................................................................2

CLI Conventions ...........................................................................................................................3

Command Prompts ................................................................................................................3

Syntax: Notations ...................................................................................................................4

Text Entry Conventions and Allowed Characters ...................................................................4

MAC Address Notation ..........................................................................................................5

IP Address and Mask Notation ..............................................................................................5

Globs .....................................................................................................................................6

User Globs .........................................................................................................................6

MAC Address Globs ..........................................................................................................7

VLAN Globs .......................................................................................................................7

Matching Order for Globs ..................................................................................................7

Port Lists ................................................................................................................................8

Command-Line Editing .................................................................................................................9

Keyboard Shortcuts ...............................................................................................................9

History Buffer .........................................................................................................................9

Tabs .......................................................................................................................................9

Single-Asterisk (*) Wildcard Character ................................................................................10

Double-Asterisk (**) Wildcard Characters ............................................................................10

Using CLI Help ...........................................................................................................................10

Understanding Command Descriptions ......................................................................................11

Access Commands ........................................................................................................................12

System Services Commands ........................................................................................................14

Port Commands ..............................................................................................................................33

VLAN Commands ...........................................................................................................................59

Quality of Service Commands.......................................................................................................73

IP Services Commands ..................................................................................................................77

AAA Commands ...........................................................................................................................170

Cryptography Commands ...........................................................................................................214

RADIUS and Server Groups Commands ....................................................................................227

802.1X Management Commands .................................................................................................240

Session Management Commands ..............................................................................................256

RF Detection Commands ............................................................................................................267

File Management Commands ......................................................................................................286

Access Point Commands ............................................................................................................307

STP Commands ............................................................................................................................428

D-Link DWS-1008 CLI Manual i

IGMP Snooping Commands ........................................................................................................450

Security ACL Commands.............................................................................................................469

Trace Commands ..........................................................................................................................490

Snoop Commands ........................................................................................................................496

System Log Commands ...............................................................................................................505

Boot Prompt Commands .............................................................................................................513

D-Link DWS-1008 CLI Manual ii

Introducing the D-Link Mobility System

Read this reference if you are a network administrator responsible for managing DWS-1008 switches and DWL-8220AP access points in a network.

D-Link Mobility System

The D-Link Mobility System is an enterprise-class WLAN solution that seamlessly integrates with an existing wired enterprise network. The D-Link system provides secure connectivity to both wireless and wired users in large environments such as ofﬁce buildings, hospitals, and university campuses and in small environments such as branch ofﬁces.

The D-Link Mobility System fulﬁlls the three fundamental requirements of an enterprise WLAN: It eliminates the distinction between wired and wireless networks, allows users to work safely from anywhere (secure mobility), and provides a comprehensive suite of intuitive tools for planning and managing the network before and after deployment, greatly easing the operational burden on IT resources.

The D-Link Networks Mobility System consists of the following components:

• One or more DWS-1008 switches—Distributed, intelligent machines for managing user connectivity, connecting and powering Mobility Point access points, and connecting the WLAN to the wired network backbone.

• Multiple DWL-8220AP access points—Wireless access points (APs) that transmit and receive radio frequency (RF) signals to and from wireless users and connect them to a DWS-1008 switch.

• Mobility System SoftwareTM —The operating system that runs all DWS switches and access points in a WLAN, and is accessible through a command-line interface (CLI) or the Web View interface. This software is built-in to the switch.

D-Link DWS-1008 CLI Manual 1

Text and Syntax: Conventions

This CLI manual uses the following text and syntax conventions:

Convention Use

Monospace Text

Bold Text

Italic Text

Menu Name > Command

[ ] (square brackets) Enclose optional parameters in command syntax.

{ } (curly brackets) Enclose mandatory parameters in command syntax.

| (vertical bar)

Sets off command syntax or sample commands and system responses.

Highlights commands that you enter or items you select.

Designates command variables that you replace with appropriate values, or highlights publication titles or words requiring special emphasis.

Indicates a menu item that you select. For example, File > New indicates that you select New from the File menu.

Separates mutually exclusive options in command syntax.

Using the Command-Line Interface

The Mobility System Software (MMS) has a command-line interface (CLI) on the DWS-1008 switch that you can use to conﬁgure and manage the switch and its attached access points.

You conﬁgure the DWS switch and AP access points primarily with set, clear, and show commands. Use set commands to change parameters. Use clear commands to reset parameters to their defaults. In many cases, you can overwrite a parameter with another set command.

Use show commands to display the current conﬁguration and monitor the status of network operations.

D-Link DWS-1008 CLI Manual 2

CLI Conventions

Be aware of the following MSS CLI conventions for command entry:

• “Command Prompts” on page 3

• “Syntax: Notation” on page 4

• “Text Entry Conventions and Allowed Characters” on page 4

• “User Globs, MAC Address Globs, and VLAN Globs” on page 6

• “Port Lists” on page 8

Command Prompts

By default, the MSS CLI provides the following prompt for restricted users. The mmmm portion shows the DWS switch model number (for example, 1008) and the nnnnnn portion shows the last 6 digits of the switch’s media access control (MAC) address.

DWS-mmmm-nnnnnn>

After you become enabled as an administrative user by typing enable and supplying a suitable password, MSS displays the following prompt:

DWS-mmmm-nnnnnn#

For ease of presentation, this manual shows the restricted and enabled prompts as follows:

DWS-1008>

DWS-1008#

For information about changing the CLI prompt on an DWS switch, see set prompt on page 22.

D-Link DWS-1008 CLI Manual 3

Syntax: Notations

The MSS CLI uses standard syntax notation:

• Bold monospace font identiﬁes the command and keywords you must type. For example:

set enable pass

• Italic monospace font indicates a placeholder for a value. For example, you replace vlan-id in the following command with a virtual LAN (VLAN) ID:

clear interface vlan-id ip

• Curly brackets ({ }) indicate a mandatory parameter, and square brackets ([ ]) indicate an optional parameter. For example, you must enter dynamic or port and a port list in the following command, but a VLAN ID is optional:

clear fdb {dynamic I port port-list} [v1 an vlan-id]

• A vertical bar (I) separates mutually exclusive options within a list of possibilities. For example, you enter either enable or disable, not both, in the following command:

set port {enable I disable} port-list

Text Entry Conventions and Allowed Characters

Unless otherwise indicated, the MSS CLI accepts standard ASCII alphanumeric characters, except for tabs and spaces, and is case-insensitive.

The CLI has speciﬁc notation requirements for MAC addresses, IP addresses, and masks, and allows you to group usernames, MAC addresses, virtual LAN (VLAN) names, and ports in a single command.

D-Link recommends that you do not use the same name with different capitalizations for VLANs or access control lists (ACLs). For example, do not conﬁgure two separate VLANs with the names red and RED.

The CLI does not support the use of special characters including the following in any named elements such as SSIDs and VLANs: ampersand (&), angle brackets (< >), number sign (#), question mark (?), or quotation marks (“ “).

In addition, the CLI does not support the use of international characters such as the accented E (é) in “décor”.

D-Link DWS-1008 CLI Manual 4

MAC Address Notation

MSS displays MAC addresses in hexadecimal numbers with a colon (:) delimiter between bytes—for example, 00:01:02:1a:00:01. You can enter MAC addresses with either hyphen (-) or colon (:) delimiters, but colons are preferred.

For shortcuts:

• You can exclude leading zeros when typing a MAC address. MSS displays of MAC addresses include all leading zeros.

• In some speciﬁed commands, you can use the single-asterisk (*) wildcard character to represent from 1 byte to 5 bytes of a MAC address. (For more information, see “MAC Address Globs” on page 7.)

IP Address and Mask Notation

MSS displays IP addresses in dotted decimal notation—for example, 192.168.1.11 MSS makes use of both subnet masks and wildcard masks.

Subnet Masks

Unless otherwise noted, use classless interdomain routing (CIDR) format to express subnet masks— for example, 192.168.1.112/24. You indicate the subnet mask with a forward slash (/) and specify the number of bits in the mask.

Wildcard Masks

Security access control lists (ACLs) use source and destination IP addresses and wildcard masks to determine whether the DWS switch ﬁlters or forwards IP packets. Matching packets are either permitted or denied network access. The ACL checks the bits in IP addresses that correspond to any Os (zeros) in the mask, but does not check the bits that correspond to Is (ones) in the mask. You specify the wildcard

mask in dotted decimal notation.

For example, the address 10.0.0.0 and mask 0.255.255.255 match all IP addresses that begin with 10 in the ﬁrst octet.

The ACL mask must be a contiguous set of zeroes starting from the ﬁrst bit. For example, 0.255.255.255,

0.0.255.255, and 0.0.0.255 are valid ACL masks. However, 0.255.0.255 is not a valid ACL mask.

D-Link DWS-1008 CLI Manual 5

Globs

Name “globbing” is a way of using a wildcard pattern to expand a single element into a list of elements that match the pattern. MSS accepts user globs, MAC address globs, and VLAN globs. The order in which globs appear in the conﬁguration is important, because once a glob is matched, processing stops on the list of globs

User Globs

A user glob is shorthand method for matching an authentication, authorization, and accounting (AAA) command to either a single user or a set of users.

A user glob can be up to 80 characters long and cannot contain spaces or tabs. The double-asterisk (**) wildcard characters with no delimiter characters match all usernames. The single-asterisk (*) wildcard character matches any number of characters up to, but not including, a delimiter character in the glob. Valid user glob delimiter characters are the at (@) sign and the period (.).

For example, the following globs identify the following users:

User Glob User(s) Designated

jose@example.com User jose at example.com

All users at example.com whose usernames do not contain

*@example.com

*@marketing.example.com

* .*@marketing.example.com

* All users with usernames that have no delimiters.

EXAMPLE\*

EXAMPLE\*.*

** All users

periods—for example, jose@example.com and tamara@example. com, but not nin.wong@example.com, because nin.wong contains a period.

All marketing users at example.com whose usernames do not contain periods.

All marketing users at example.com whose usernames contain a period.

All users in the Windows Domain EXAMPLE with usernames that have no delimiters.

All users in the Windows Domain EXAMPLE whose usernames contain a period.

D-Link DWS-1008 CLI Manual 6

MAC Address Globs

A media access control (MAC) address glob is a similar method for matching some authentication, authorization, and accounting (AAA) and forwarding database (FDB) commands to one or more 6-byte MAC addresses. In a MAC address glob, you can use a single asterisk (*) as a wildcard to match all MAC addresses, or as follows to match from 1 byte to 5 bytes of the MAC address:

00:* 00: 01: * 00:01:02:* 00: 01: 02 : 03:* 00: 01: 02 : 03 : 04:*

For example, the MAC address glob 02:06:8c* represents all MAC addresses starting with 02:06:8c. Specifying only the ﬁrst 3 bytes of a MAC address allows you to apply commands to MAC addresses based on an organizationally unique identity (OUI).

VLAN Globs

A VLAN glob is a method for matching one of a set of local rules on a DWS-1008 switch, known as the location policy, to one or more users. MSS compares the VLAN glob, which can optionally contain wildcard characters, against the VLAN-Name attribute returned by AAA, to determine whether to apply the rule.

To match all VLANs, use the double-asterisk (**) wildcard characters with no delimiters. To match any number of characters up to, but not including, a delimiter character in the glob, use the single-asterisk (*) wildcard. Valid VLAN glob delimiter characters are the at (@) sign and the period (.).

For example, the VLAN glob bldg4. * matches bldg4.security and bldg4.hr and all other VLAN names with bldg4. at the beginning.

Matching Order for Globs

In general, the order in which you enter AAA commands determines the order in which MSS matches the user, MAC address, or VLAN to a glob. To verify the order, view the output of the show aaa or show conﬁg command. MSS checks globs that appear higher in the list before items lower in the list and uses the ﬁrst successful match.

D-Link DWS-1008 CLI Manual 7

Port Lists

The physical Ethernet ports on a switch can be set for connection to access points, authenticated wired users, or the network backbone. You can include a single port or multiple ports in one MSS CLI command by using the appropriate list format.

The ports on a switch are numbered 1 through 8. No port 0 exists on the switch. You can include a single port or multiple ports in a command that includes port port-list. Use one of the following formats for port-list:

• A single port number. For example:

DWS-1008# set port enable 4

• A comma-separated list of port numbers, with no spaces. For example:

DWS-1008# show port poe 1,2,4,6

• A hyphen-separated range of port numbers, with no spaces. For example:

DWS-1008# reset port 1-4

• Any combination of single numbers, lists, and ranges. Hyphens take precedence over commas. For example:

DWS-1008# show port status 1-3,6

D-Link DWS-1008 CLI Manual 8

Command-Line Editing

MSS editing functions are similar to those of many other network operating systems.

Keyboard Shortcuts

The following keyboard shortcuts are available for entering and editing CLI commands:

Keyboard Shortcut(s) Function

Ctrl+A Jumps to the ﬁrst character of the command line.

Ctrl+B or Left Arrow key Moves the cursor back one character.

Ctrl+C Escapes and terminates prompts and tasks. Ctrl+D Deletes the character at the cursor. Ctrl+E Jumps to the end of the current command line.

Ctrl+F or Right Arrow key Moves the cursor forward one character.

Ctrl+K Deletes from the cursor to the end of the command line.

Ctrl+L or Ctrl+R Repeats the current command line on a new line.

Ctrl+N or Down Arrow key Enters the next command line in the history buffer.

Ctrl+P or Up Arrow key Enters the previous command line in the history buffer.

Ctrl+U or Ctrl+X

Ctrl+W Deletes the last word typed.

Esc B Moves the cursor back one word.

Esc D

Delete key or Backspace key

Deletes characters from the cursor to the beginning of the command line.

Deletes characters from the cursor forward to the end of the word.

Erases mistake made during command entry. Reenter the command after using this key.

History Buffer

The history buffer stores the last 63 commands you entered during a terminal session. You can use the Up Arrow and Down Arrow keys to select a command that you want to repeat from the history buffer.

Tabs

The MSS CLI uses the Tab key for command completion. You can type the ﬁrst few characters of a command and press the Tab key to display the command(s) that begin with those characters.

D-Link DWS-1008 CLI Manual 9

Single-Asterisk (*) Wildcard Character

You can use the single-asterisk (*) wildcard character in globbing. For details, see “User Globs, MAC Address Globs, and VLAN Globs” on page 7.

Double-Asterisk (**) Wildcard Characters

The double-asterisk (**) wildcard character matches all usernames. For details, see “User Globs” on page 6.

Using CLI Help

The CLI provides online help. To see the full range of commands available at your access level, type the following command:

DWS-1008# help Commands: ------------------------------------------------------------------------------------------------------

clear commit copy crypto delete dir disable exit help history load logout monitor ping quit reset rollback save set show telnet traceroute

Clear, use ‘clear help’ for more information Commit the content of the ACL table Copy from ﬁlename (or url) to ﬁlename (or url) Crypto, use ‘crypto help’ for more information Delete url Show list of ﬁles on ﬂash device Disable privileged mode Exit from the Admin session Show this help screen Show contents of history substitution buffer Load, use ‘load help’ for more information Exit from the Admin session Monitor, use ‘monitor help’ for more information Send echo packets to hosts Exit from the Admin session Reset, use ‘reset help’ for more information Remove changes to the edited ACL table Save the running conﬁguration to persistent storage Set, use ‘set help’ for more information Show, use ‘show help’ for more information telnet IP address [server port] Print the route packets take to network host

To see a subset of the online help, type the command for which you want more information.

D-Link DWS-1008 CLI Manual 10

Understanding Command Descriptions

Each command description in the D-Link Command Reference contains the following elements:

• A command name, which shows the keywords but not the variables. For example, the following command name appears at the top of a command description and in the index:

set {ap | dap} name

The set {ap | dap} name command has the following complete syntax:

set {ap port-list | dap dap-num} name name

• A brief description of the command’s functions.

• The full command syntax.

• Any command defaults.

• The command access, which is either enabled or all.

All indicates that anyone can access this command.

Enabled indicates that you must enter the enable password before entering the

command.

• The command history, which identiﬁes the MSS version in which the command was introduced and the version numbers of any subsequent updates.

D-Link DWS-1008 CLI Manual 11

Access Commands

Use access commands to control access to the Mobility Software System (MSS) (CLI). This chapter presents access commands alphabetically. Use the following table to locate commands in this chapter based on their use.

disable

Defaults: None.

Access: Enabled.

enable

Places the CLI session in enabled mode, which provides access to all commands required for conﬁguring and monitoring the system.

Syntax: enable

Access: All.

Usage: MSS displays a password prompt to challenge you with the enable password. To enable

a session, your or another administrator must have conﬁgured the enable password to this switch with the set enablepass command.

Examples: The following command plus the enable password provides enabled access to the CLI for the current sessions:

DWS-1008> enable

Enter password: password DWS-1008#

D-Link DWS-1008 CLI Manual 12

quit

Exit from the CLI session.

Syntax: quit

Defaults: None.

Access: All.

Examples: To end the administrator’s session, type the following command:

DWS-1008> quit

set enablepass

Sets the password that provides enabled access (for conﬁguration and monitoring) to the switch.

Syntax: set enablepass

Defaults: None.

Access: Enabled.

Usage: After typing the set enablepass command, press Enter. If you are entering the ﬁrst

enable password on this switch, press Enter at the Enter old password prompt. Otherwise, type the old password. Then type a password of up to 32 alphanumeric characters with no spaces, and reenter it at the retype new password prompt.

Examples: The following example illustrates the prompts that the system displays when the enable password is changed. The passwords you enter are not displayed.

DWS-1008# set enablepass

Enter old password: old-password Enter new password: new-password Retype new password: new-password

Password changed

D-Link DWS-1008 CLI Manual 13

System Services Commands

Use system services commands to conﬁgure and monitor system information for a DWS-1008 switch. This chapter presents system services commands alphabetically. Use the following table to located commands in this chapter based on their use.

Conﬁguration

Auto-Conﬁg

Display

System Identiﬁcation

quickstart on page 18

set auto-conﬁg on page 27

clear banner motd on page 15 set banner motd on page 19 show banner motd on page 28 set conﬁrm on page 20 set length on page 20

set prompt on page 22 set system name on page 27 set system location on page 27 set system contact on page 23 set system countrycode on page 23 set system idle-timeout on page 25 set system ip-address on page 26 show load on page 29 show system on page 30 clear system on page 16 clear prompt on page 15

Help

History

License

Technical Support

D-Link DWS-1008 CLI Manual 14

help on page 17

history on page 18 clear history on page 15

set license on page 21 show licenses on page 29

show tech-support on page 32

clear banner motd

Syntax: clear banner motd

Defaults: None.

Access: Enabled.

Examples: To clear a banner, type the following command:

DWS-1008> clear banner motd success: change accepted

Note: As an alternative to clearing the banner, you can overwrite the existing banner with an empty banner by typing the following command:

set banner motd ^^

clear history

Deletes the command history buffer for the current CLI session.

Syntax: clear history

Defaults: None.

Access: All.

Examples: To clear the history buffer, type the following command:

DWS-1008# clear history success: command buffer was ﬂushed.

clear prompt

Syntax: clear prompt

Defaults: None.

Access: Enabled.

Examples: To reset the prompt, type the following command:

wildebeest# clear prompt success: change accepted. DWS-1008#

D-Link DWS-1008 CLI Manual 15

clear system

Clears the system conﬁguration of the speciﬁed information.

contact

countrycode

idle-timeout

ip-address

location

name

Defaults: None.

Access: All.

Examples: To clear the location of the switch, type the following command:

Resets the name of contact person for the DWS-1008 switch to null.

Resets the country code for the DWS-1008 switch to null.

Resets the number of seconds a CLI management session can remain idle to the default value (3600 seconds).

Resets the IP address of the DWS-1008 switch to null.

Resets the location of the DWS-1008 switch to null.

Resets the name of the DWS-1008 switch to the default system name, which is DWS-mmmm-nnnnnn, where mmmm is the model number and nnnnnn is the last 6 digits of the switch’s MAC address.

DWS-1008# clear system location success: change accepted

D-Link DWS-1008 CLI Manual 16

help

Syntax: clear history

Defaults: None.

Access: All.

Examples: Use this command to see a list of available commands. If you have restricted

access, you see fewer commands than if you have enabled access. To display a list of CLI commands available at the enabled access level, type the following command at the enabled access level:

D-Link DWS-1008 CLI Manual 17

history

Syntax: clear history

Defaults: None.

Access: All.

Examples: To show the history of your session, type the following command:

DWS-1008# history

quickstart

Runs a script that interactively helps you conﬁgure a new switch.

Caution! The quickstart command is for conﬁguration of a new switch only. After prompting you for veriﬁcation, the command erases the switch’s conﬁguration before continuing. If you run this command on a switch that already has a conﬁguration, the conﬁguration will be erased. In addition, error messages such as Critical AP Notice for directly connected APs can appear.

D-Link DWS-1008 CLI Manual 18

set banner motd

Conﬁgures the banner string that is displayed before the beginning of each login prompt for each CLI session on the DWS-1008 switch.

Syntax: set banner motd ^text^

Defaults: None.

Access: Enabled.

Usage: Type a caret (^), then the message, then another caret.

Do not use the following characters with commands in which you set text to be displayed on the DWS-1008 switch, such as message-of-the-day (MOTD) banners:

• Ampersand (&)

• Angle brackets (< >)

• Double quotation marks (“ ”)

• Number sign (#)

• Question mark (?)

• Single quotation mark (‘)

Examples: To create a banner that says Update meeting at 3 p.m., type the following command:

DWS-1008> set banner motd ^Update meeting at 3 p.m.^

success: change accepted.

D-Link DWS-1008 CLI Manual 19

set conﬁrm

Enables or disables the display of conﬁrmation messages for commands that might have a large impact on the network.

Syntax: set conﬁrm {on | off}

on Enables conﬁrmation messages.

off Disables conﬁrmation messages.

Defaults: Conﬁguration messages are enabled.

Access: Enabled.

Usage: This command remains in effect for the duration of the session, until you

enter an exit or quit command, or until you enter another set conﬁrm command.

MSS displays a message requiring conﬁrmation when you enter certain commands that can have a potentially large impact on the network. For example:

DWS-1008# clear vlan red This may disrupt user connectivity. Do you wish to continue? (y/n) [n]

Examples: To turn off these conﬁrmation messages, type the following command:

DWS-1008# set conﬁrm off success: Conﬁrm state is off

set length

Deﬁnes the number of lines of CLI output to display between paging prompts. MSS displays the set number of lines and waits for you to press any key to display another set, or type q to quit the display.

Syntax: set length number-of-lines

number-of-lines

Number of lines of text to display between paging prompts. You can specify from 0 to 512. The 0 value disables the paging prompt action entirely.

Defaults: MSS displays 24 lines by default.

Access: All.

D-Link DWS-1008 CLI Manual 20

Usage: Use this command if the output of a CLI command is greater than the number of lines allowed by default for a terminal type.

Examples: To set the number of lines displayed to 100, type the following command:

DWS-1008# set length 100 success: screen length for this session set to 100

set license

Installs an upgrade license key on a DWS-1008 switch.

The DWS-1008 can boot and manage up to 32 APs by default. You can increase the AP support to 64, 96, or 128 APs, by installing one or more activation keys. You can install a 32-AP upgrade, 64-AP upgrade, or 96-AP upgrade. If you have already installed a 32-AP or 64-AP upgrade, you can still install additional upgrades.

Syntax: set license activation-key

activation-key

Defaults: None.

Access: Enabled.

Usage: This command applies to the DWS-1008.

Examples: To install an activation key for an additional 80 APs, type the following command:

DWS-1008# set license 3B02-D821-6C19-CE8B-F20E success: license accepted

See Also:

• show licenses

Hexadecimal digits generated by the D-Link license server or otherwise provided by D-Link for your switch.

The activation key is based on the switch’s serial number. You can enter the number in either of the following formats:

xxxx-xxxx-xxxx-xxxx-xxxx xxxxxxxxxxxxxxxxxxxx

D-Link DWS-1008 CLI Manual 21

set prompt

Changes the CLI prompt for the DWS-1008 switch to a string you specify.

Syntax: set prompt string

string

Defaults: The factory default for the DWS switch prompt is DWS-mm-nnnnnn, where mm is the model number and nnnnnn is the last 6 digits of the 12-digit system MAC address.

Access: Enabled.

Usage: When you ﬁrst log in for the initial conﬁguration of the DWS switch, the

CLI provides an DWS-mmmm-nnnnnn> prompt. After you become enabled by typing enable and giving a suitable password, the DWS-mmmm-nnnnnn# prompt is displayed.

If you use the set system name command to change the default system name, MSS uses that name in the prompt, unless you also change the prompt with set

prompt.

Examples: The following example sets the prompt from DWS to happy_days:

DWS-1008# set prompt happy_days success: change accepted.

happy_days#

Alphanumeric string up to 32 characters long. To include spaces in the prompt, you must enclose the string in double quotation marks (“”).

See Also:

• clear prompt

• set system name

• show conﬁg

D-Link DWS-1008 CLI Manual 22

set system contact

Stores a contact name for the DWS-1008 switch.

Syntax: set system contact string

string

Defaults: None.

Access: Enabled.

To view the system contact string, type the show system command.

Examples: The following command sets the system contact information to

tamara@example.com:

DWS-1008# set system contact tamara@example.com success: change accepted.

See Also:

• clear system

• set system location

• set system name

• show system

Alphanumeric string up to 256 characters long, with no blank spaces.

set system country code

Deﬁnes the country-speciﬁc IEEE 802.11 regulations to enforce on the DWS-1008 switch.

Syntax: set system countrycode code

code

D-Link DWS-1008 CLI Manual 23

Two-letter code for the country of operation for the DWS switch. You can specify one of the codes listed in the table below

D-Link DWS-1008 CLI Manual 24

Defaults: None.

Access: Enabled.

Usage: You must set the system county code to a valid value before using any set ap commands

to conﬁgure an access point.

Examples: To set the country code to Canada, type the following command:

DWS-1008# set system country code CA success: change accepted.

See Also:

• show conﬁg

set system idle-timeout

Speciﬁes the maximum number of seconds a CLI management session with the switch can remain idle before MSS terminates the session.

Syntax: set system idle-timeout seconds

seconds

Defaults: 3600 seconds (one hour).

Number of seconds a CLI management session can remain idle before MSS terminates the session. You can specify from 0 to 86400 seconds (one day). If you specify 0, the idle timeout is disabled.

The timeout interval is in 30-second increments. For example, the interval can be 0, or 30 seconds, or 60 seconds, or 90 seconds, and so on. If you enter an interval that is not divisible by 30, the CLI rounds up to the next 30-second increment. For example, if you enter 31, the CLI rounds up to 60.

D-Link DWS-1008 CLI Manual 25

Access: Enabled.

Usage: This command applies to all types of CLI management sessions: console,

Telnet, and SSH. The timeout change applies to existing sessions only, not to new sessions.

Examples: The following command sets the idle timeout to 1800 seconds (one half hour):

DWS-1008# set system idle-timeout 1800 success: change accepted.

See Also:

• clear system

• show system

set system ip-address

Sets the system IP address so that it can be used by various services in the DWS-1008 switch.

Syntax: set system ip-address ip-addr

ip-addr IP address, in dotted decimal notation.

Defaults: None.

Access: Enabled.

Examples: The following command sets the IP address of the DWS switch to 192.168.253.1:

DWS-1008# set system ip-address 192.168.253.1 success: change accepted.

See Also:

• clear system

• set interface

• show system

D-Link DWS-1008 CLI Manual 26

set system location

Stores location information for the DWS-1008 switch.

Syntax: set system location string

string

Defaults: None.

Access: Enabled.

To view the system location string, type the show system command.

Examples: To store the location of the switch in the switch’s conﬁguration, type the following

command:

DWS-1008# set system location ﬁrst-ﬂoor-bldg3

success: change accepted.

See Also:

• clear system

• set system contact

• set system name

• show system

Alphanumeric string up to 256 characters long, with no blank spaces.

set system name

Changes the name of the switch from the default system name and also provides content for the CLI prompt, if you do not specify a prompt.

Syntax: set system name string

string

Defaults: By default, the system name and command prompt have the same value. The factory default for both is DWS-mmmm-nnnnnn, where mmmm is the model number and nnnnnn is the last 6 digits of the 12-digit system MAC address.

Access: Enabled.

Alphanumeric string up to 256 characters long, with no blank spaces.

D-Link DWS-1008 CLI Manual 27

Usage: Entering set system name with no string resets the system name to the factory default.

To view the system name string, type the show system command.

Examples: The following example sets the system name to a name that identiﬁes the DWS switch:

DWS-1008# set system name DWS-bldg3 success: change accepted.

DWS-1008-bldg3#

See Also:

• clear system

• set prompt

• set system contact

• set system location

• show system

show banner motd

Shows the banner that was conﬁgured with the set banner motd command.

Syntax: show banner motd

Defaults: None.

Access: Enabled.

Examples: To display the banner with the message of the day, type the following command:

DWS-1008# show banner motd hello world

See Also:

• clear banner motd

D-Link DWS-1008 CLI Manual 28

show licenses

Displays information about the license key(s) currently installed on an DWS-1008 switch.

Syntax: show licenses

Defaults: None.

Access: All

Examples: To view license keys, type the following command:

DWS-1008# show licenses Feature : 80 additional APs

See Also:

• set license

show load

Displays CPU usage on a DWS-1008 switch.

Syntax: show load

Defaults: None.

Access: Enabled.

Examples: To display the CPU load recorded from the time the switch was booted, as well as

from the previous time the show load command was run, type the following command:

DWS-1008# show load System Load: overall: 2% delta: 5%

The overall ﬁeld shows the CPU load as a percentage from the time the switch was booted. The delta ﬁeld shows CPU load as a percentage from the last time the show load command was entered.

D-Link DWS-1008 CLI Manual 29

show system

Displays system information.

Syntax: show system

Defaults: None.

Access: Enabled.

Examples: To show system information, type the following command:

DWS-1008# show system

The table on the next page describes the ﬁelds of show system output.

D-Link DWS-1008 CLI Manual 30

Field Description

Product Name DWS model number.

System Name System name (factory default, or optionally conﬁgured with set system

name).

System Countrycode Country-speciﬁc 802.11 code required for AP operation.

(conﬁgured with set system countrycode)

Total Power Over Ethernet

System Location Record of the DWS switch’s physical location (optionally conﬁgured

System Contact Contact information about the system administrator or another person to

System IP Common interface, source, and default IP address for the DWS-1008, in

System idle timeout Number of seconds MSS allows a CLI management session (console, Telnet,

System MAC DWS-1008 media access control (MAC) machine address set at the factory,

Boot Time Date and time of the last system reboot. Uptime Number of days, hours, minutes, and seconds that the switch has been

Fan status Operating status of the three switch cooling fans:

Total power that the DWS-1008 is currently supplying to its directly connected access points, in watts.

with set system location).

contact about the system (optionally conﬁgured with set system contact).

dotted decimal notation (conﬁgured with set system ip-address).

or SSH) to remain idle before terminating the session. (The system idle timeout can be conﬁgured using the set system idle-timeout command.)

in 6-byte hexadecimal format.

operating since its last restart.

• OK—Fan is operating.

• Failed—Fan is not operating. MSS sends an alert to the system log every 5 minutes until this condition is corrected. Fan 1 is located nearest the front of the chassis, and fan 3 is located nearest the back.

Temperature Status of temperature sensors at three locations in the DWS-1008 switch:

• ok—Temperature is within the acceptable range of 0° C to 50° C (32° F to 122° F).

• Alarm—Temperature is above or below the acceptable range. MSS sends an alert to the system log every 5 minutes until this condition is corrected.

PSU Status Status of the lower and upper power supply units:

• missing—Power supply is not installed or is inoperable.

• DC ok—Power supply is producing DC power.

• DC output failure—Power supply is not producing DC power. MSS sends an alert to the system log every 5 minutes until this condition is corrected.

• AC ok—Power supply is receiving AC power.

• AC not present—Power supply is not receiving AC power.

D-Link DWS-1008 CLI Manual 31

Field Description

Memory Current size (in megabytes) of nonvolatile memory (NVRAM) and

synchronous dynamic RAM (SDRAM), plus the percentage of total memory space in use, in the following format: NVRAM size /SDRAM size (percent of total)

Total Power Over Ethernet

See Also:

• clear system

• set system contact

• set system countrycode

• set system idle-timeout

• set system ip-address

• set system location

• show system name

Total power that the DWS-1008 is currently supplying to its directly connected access points, in watts.

show tech-support

Provides an in-depth snapshot of the status of the DWS switch, which includes details about the boot image, the version, ports, and other conﬁguration values. This command also displays the last 100 log messages.

Syntax: show tech-support [ﬁle [subdirname/] ﬁlename]

[subdirname/]ﬁlename

Defaults: None.

Access: Enabled.

Usage: Enter this command before calling D-Link Technical Support.

Examples: To store the location of the DWS-1008 switch in the switch’s conﬁguration, type the

following command:

DWS-1008# set system location ﬁrst-ﬂoor-bldg3 success: change accepted.

See Also:

• show boot

• show conﬁg

• set licenses

Optional subdirectory name, and a string up to 32 alphanumeric characters. The command’s output is saved into a ﬁle with the speciﬁed name in nonvolatile storage.

D-Link DWS-1008 CLI Manual 32

Port Commands

Use port commands to conﬁgure and manage individual ports and load-sharing port groups. This chapter presents port commands alphabetically. Use the following table to locate commands in this chapter based on their use.

Port Type

Name

State

Interface Type

Speed

Autonegotiation

PoE

set port type ap on page 51 set dap on page 42 set port type wired-auth on page 53 clear dap on page 34 clear port type on page 36 show port status on page 58

set port name on page 46 clear port name on page 36

set port on page 43 reset port on page 42

set port media-type on page 35 clear port media-type on page 36

set port speed on page 49

set port negotiation on page 47

set port poe on page 48 show port poe on page 57

SNMP

Port Groups

Port Mirroring

Statistics

D-Link DWS-1008 CLI Manual 33

set port trap on page 50

set port-group on page 44

clear port-group on page 35 set port mirror on page 46

clear port mirror on page 35 show port counters on page 58 monitor port counters on page 38 clear port counters on page 34

clear dap

Caution: When you clear a Distributed AP, MSS ends user sessions that are using the AP.

Removes a Distributed AP.

Syntax: clear dap dap-num

dap-num

Defaults: None.

Access: Enabled.

Examples: The following command clears Distributed AP 1:

DWS-1008# clear dap 1 This will clear speciﬁed DAP devices. Would you like to continue? (y/n)

[n]y

See Also:

• set dap

• set port type ap

Number of the Distributed AP(s) you want to remove.

clear port counters

Clears port statistics counters and resets them to 0.

Syntax: clear port counters

Defaults: None.

Access: Enabled.

Examples: The following command clears all port statistics counters and resets them to 0:

DWS-1008# clear port counters success: cleared port counters

See Also:

• monitor port counters

• set port counters

D-Link DWS-1008 CLI Manual 34

clear port-group

Removes a port group

Syntax: clear port-group name name

name

Defaults: None.

Access: Enabled.

Examples: The following command clears port group server1:

DWS-1008# clear port-group name server1 success: change accepted.

See Also:

• set port-group

Name of the port group.

clear port mirror

Removes a port mirroring conﬁguration.

Syntax: clear port mirror

Defaults: None.

Access: Enabled.

Examples: The following command clears the port mirroring conﬁguration from the switch:

DWS-1008# clear port mirror

See Also:

• set port mirror

D-Link DWS-1008 CLI Manual 35

clear port name

Removes the name assigned to a port.

Syntax: clear port port-list name

port-list

Defaults: None.

Access: Enabled.

Examples: The following command clears the names of ports 1 through 4:

DWS-1008# clear port 1-4 name

See Also:

• set port name

List of physical ports. MSS removes the names from all the speciﬁed ports.

clear port type

Caution: When you clear a port, MSS ends user sessions that are using the port.

Removes all conﬁguration settings from a port and resets the port as a network port.

Syntax: clear port type port-list

port-list

Defaults: The cleared port becomes a network port but is not placed in any VLANs.

Access: Enabled.

Usage: Use this command to change a port back to a network port. All conﬁguration settings

speciﬁc to the port type are removed. For example, if you clear an access point port, all APspeciﬁc settings are removed. The following table lists the default network port settings that MSS applies when you clear a port’s type:

List of physical ports. MSS resets and removes the conﬁguration from all the speciﬁed ports.

D-Link DWS-1008 CLI Manual 36

Port Parameter Setting

VLAN membership None.

Note: Although the command changes a port to a network port, the command does not place the port in any VLAN. To use the port in a VLAN, you must add the port to the VLAN.

Spanning Tree Protocol (STP)

802.1X No authorization. Port groups None. Internet Group

Management Protocol (IGMP) snooping

Access: point and radio parameters

Maximum user sessions Not applicable.

Examples: The following command clears port 5:

DWS-1008# clear port type 5

This may disrupt currently authenticated users. Are you sure? (y/n) [n]y success: change accepted.

See Also:

• set port type ap

• set port type wired-auth

Based on the VLAN(s) you add the port to.

Enabled as port is added to VLANs.

Not applicable.

D-Link DWS-1008 CLI Manual 37

monitor port counters

Displays and continually updates port statistics.

octets

packets

recieve-errors

transmit-errors

collisions

receive-etherstats

transmit-etherstats

Defaults: All types of statistics are displayed for all ports. MSS refreshes the

statistics every 5 seconds. This interval cannot be conﬁgured. Statistics types are displayed in the following order by default:

• Octets

• Packets

• Receive errors

• Transmit errors

• Collisions

• Receive Ethernet statistics

• Transmit Ethernet statistics

Displays octet statistics ﬁrst.

Displays packet statistics ﬁrst.

Displays errors in received packets ﬁrst.

Displays errors in transmitted packets ﬁrst.

Displays collision statistics ﬁrst.

Displays Ethernet statistics for received packets ﬁrst.

Displays Ethernet statistics for transmitted packets ﬁrst.

Access: All.

D-Link DWS-1008 CLI Manual 38

Usage: Each type of statistic is displayed separately. Press the Spacebar to cycle through the displays for each type.

If you use an option to specify a statistic type, the display begins with that statistic type. You can use one statistic option with the command.

Use the keys listed the following table to control the monitor display

Key Effect on monitor display

Spacebar Advances to the next statistic type.

Esc Exits the monitor. MSS stops displaying the statistics and displays a new command

prompt.

c Clears the statistics counters for the currently displayed statistics type. The counters

begin incrementing again.

For error reporting, the cyclic redundancy check (CRC) errors include misalignment errors. Jumbo packets with valid CRCs are not counted. A short packet can be reported as a short packet, a CRC error, or an overrun. In some circumstances, the transmitted octets counter might increment a small amount for a port with nothing attached.

Examples: The following command starts the port statistics monitor beginning with octet statistics (the default):

Syntax: monitor port counters

As soon as you press Enter, MSS clears the window and displays statistics at the top of the window.

Port Status Rx Octets Tx Octets ========================================= 1 Up 27965420 34886544 ...

To cycle the display to the next set of statistics, press the Spacebar. In this example, packet statistics are displayed next:

Port Status Rx Unicast Rx NonUnicast Tx Unicast Tx NonUnicast =========================================================== 1 Up 54620 62144 58318 62556 ...

The following table describes the port statistics displayed by each statistics option. The Port and Status ﬁelds are displayed for each option.

D-Link DWS-1008 CLI Manual 39

Table: Output for monitor port counters

Statistics Option Field Description

Displayed for All Options

octets

packets

Port Port the statistics are displayed for.

Status Port status. The status can be Up or Down.

Total numbewr of octets reveived by the port.

Rx Octets

Tx Octets

Rx Unicast

Rx NonUnicast

Tx Unicast

This number includes octets received in frames that contained errors.

Total number of octets transmitted.

This number includes octets transmitted in frames that contained errors.

Number of unicast packets received.

This number does not include packets that contain errors.

Number of broadcast and multicast packets received.

This number does not include packets that contain errors.

Number of unicast packets transmitted.

This number does not include packets that contain errors.

receive-errors

Tx NonUnicast

Rx Crc

Rx Error

Rx Short

Rx Overrun

Number of broadcast and multicast packets transmitted.

This number does not include packets that contain errors.

Number of frames received by the port that had the correct length but contained an invalid frame check sequence (FCS) value. This statistic includes frames with misalignment errors.

Total number of frames received in which the Physical layer (PHY) detected an error.

Number of frames received by the port that were fewer than 64 bytes long.

Number of frames received by the port that were valid but were longer than 1518 bytes.

This statistic does not include jumbo packets with valid CRCs.

D-Link DWS-1008 CLI Manual 40

Statistics Option Field Description

Transmit-errors

collisions

Tx Crc

Tx Short

Tx Fragment

Tx Abort Total number of frames that had a link pointer parity error.

Single Coll

Multiple Coll

Excessive Coll

Total Coll

Number of frames transmitted by the port that had the correct length but contained an invalid FCS value.

Number of frames transmitted by the port that were fewer than 64 bytes long.

Total number of frames transmitted that were less than 64 octets long and had invalid CRCs.

Total number of frames transmitted that experienced one collision before 64 bytes of the frame were transmitted on the network.

Total number of frames transmitted that experienced more than 1 collision before 64 bytes of the frame were transmitted on the network.

Total number of frames that experienced more than 16 collisions during transmit attempts. These frames are dropped and not transmitted.

Best estimate of the total number of collisions on this Ethernet segment.

receive-etherstats

transmit-etherstats

Rx 64 Number of packets received that were 64 bytes long.

Rx 127 Number of packets received that were 65-127 bytes long.

Rx 255 Number of packets received that were 128-255 bytes long.

Rx 511 Number of packets received that were 256-511 bytes long.

Rx 1023 Number of packets received that were 512-1023 bytes long.

Rx 1518 Number of packets received that were 1024-1518 bytes long.

Tx 64 Number of packets transmitted that were 64 bytes long.

Tx 127 Number of packets transmitted that were 65-127 bytes long.

Tx 255 Number of packets transmitted that were 128-255 bytes long.

Tx 511 Number of packets transmitted that were 256-511 bytes long.

Tx 1023

Tx 1518

Number of packets transmitted that were 512-1023 bytes long.

Number of packets transmitted that were 1024-1518 bytes long.

D-Link DWS-1008 CLI Manual 41

reset port

Resets a port by toggling its link state and Power over Ethernet (PoE) state.

Syntax: reset port port-list

port-list

Defaults: None.

Access: Enabled.

Usage: The reset command disables the port’s link and PoE (if applicable) for at least 1 second,

then reenables them. This behavior is useful for forcing an AP access point that is connected to two DWS-1008 switches to reboot over the link to the other switch.

Examples: The following command resets port 5:

DWS-1008# reset port 5

See Also:

• set port

List of physical ports. MSS resets all the speciﬁed ports.

set dap

Conﬁgures a Distributed AP for an access point that is indirectly connected to the DWS-1008 switch through an intermediate Layer 2 or Layer 3 network.

Note. Before conﬁguring a Distributed AP, you must use the set system countrycode command to set the IEEE 802.11 country-speciﬁc regulations on the DWS-1008 switch. See set system

countrycode.

Syntax: set dap dap-num serial-id serial-ID model {DWL-8220AP} [radiotype {11a | 11b| 11g}]

dap-num

serial id serial ID

model

Defaults: The default vales are the same as the defaults for the set port type ap command.

Number for the Distributed AP. AP access point serial ID. The serial ID is listed on the AP case.

To display the serial ID using the CLI, use the show version details command.

AP access point model.

D-Link DWS-1008 CLI Manual 42

Access: Enabled.

Examples: The following command conﬁgures Distributed AP 1 for AP model MP-372 with

serial-ID 0322199999:

DWS-1008# set dap 1 serial-id 0322199999 model mp-372

success: change accepted.

The following command removes Distributed AP 1:

DWS-1008# clear dap 1

This will clear speciﬁed DAP devices. Would you like to continue? (y/n) [n]y

See Also:

• clear dap

• clear port type

• set port type ap

• set system countrycode

set port

Administratively disables or reenables a port.

Syntax: set port {enable | disable} port-list

enable disable

port-list

Defaults: All ports are enabled.

Access: Enabled.

Usage: A port that is administratively disabled cannot send or receive packets. This command

does not affect the link state of the port.

Examples: The following command disables port 4:

DWS-1008# set port disable 4

success: set “disable” on port 4

Enables the speciﬁed ports. Disables the speciﬁed ports. List of physical ports. MSS disables or reenables all the speciﬁed ports.

D-Link DWS-1008 CLI Manual 43

The following command reenables the port:

DWS-1008# set port enable 4

success: set “enable” on port 4

See Also:

• set reset port

set port-group

Administratively disables or reenables a port.

Syntax: set port-group name group-name port-list mode {on | off}

name group-name

port-list

mode {on | off}

Defaults: Once conﬁgured, a group is enabled by default.

Access: Enabled.

Usage: Do not use dashes or hyphens in a port group name. If you do, MSS will

not display or save the port group.

You can conﬁgure up to 8 ports in a port group, in any combination of ports. The port numbers do not need to be contiguous and you can use 10/100 Ethernet ports in the same port group.

After you add a port to a port group, you cannot conﬁgure port parameters on the individual port. Instead, change port parameters on the entire group. Specify the group name instead of an individual port name or number in port conﬁguration commands.

Alphanumeric string of up to 255 characters, with no spaces. List of physical ports. All the ports you specify are conﬁgured together

as a single logical link. State of the group. Use on to enable the group or off to disable the

group. The group is enabled by default.

To add or remove ports in a group that is already conﬁgured, change the mode to off, add or remove the ports, then change the mode to on.

Examples: The following command conﬁgures a port group named server1 containing ports 1 through 5, and enables the link:

DWS-1008# port-group name server1 1-5 mode on

success: change accepted.

D-Link DWS-1008 CLI Manual 44

The following commands disable the link for port group server1, change the list of ports in the group, and reenable the link:

DWS-1008# set port-group name server1 1-5 mode off

success: change accepted.

DWS-1008# set port-group name server1 1-4,7 mode on success: change accepted.

See Also:

• clear port-group

D-Link DWS-1008 CLI Manual 45

set port mirror

Conﬁgures port mirroring. Port mirroring is a troubleshooting feature that copies (mirrors) trafﬁc sent or received by a DWS-1008 port (the source port) to another port (the observer) on the same DWS-1008. You can attach a protocol analyzer to the observer port to examine the source port’s trafﬁc. Both trafﬁc directions (send and receive) are mirrored.

Syntax: set port mirror source-port observer observer-port

source-port

Number of the port whose trafﬁc you want to analyze. You can specify only one port.

observer-port

Defaults: None

Access: Enabled.

Usage: The switch can have one port mirroring pair (one source port and one observer port)

at a time. The source port can be a network port, AP access port, or wired authentication port. However, the observer port must be a network port, and cannot be a member of any VLAN or port group.

Examples: The following command sets port 2 to monitor port 1’s trafﬁc:

DWS-1008# set mirror port 1 observer 2

See Also:

• clear port mirror

Number of the port to which you want the switch to copy the source port’s trafﬁc.

set port name

Assigns a name to a port. After naming a port, you can use the port name or number in other CLI commands.

Syntax: set port port name name

port name name

D-Link DWS-1008 CLI Manual 46

Number of a physical port. You can specify only one port. Alphanumeric string of up to 16 characters, with no spaces.

Defaults: None

Access: Enabled.

Usage: To simplify conﬁguration and avoid confusion between a port’s number and its name,

D-Link recommends that you do not use numbers as port names.

Examples: The following command sets the name of port 4 to adminpool:

DWS-1008# set port 4 name adminpool

success: change accepted.

See Also:

• clear port name

set port negotiation

Disables or reenables autonegotiation on gigabit Ethernet or 10/100 Ethernet ports.

Syntax: set port negotiation port-list {enable | disable}

port-list

List of physical ports. MSS disables or reenablesautonegotiation on all the

enable disable

Defaults: Autonegotiation is enabled on all Ethernet ports by default.

Access: Enabled.

Usage: The gigabit Ethernet ports operate at 1000 Mbps only. They do not change speed to

match 10-Mbps or 100-Mbps links.

The DWS-1008 Ethernet ports support half-duplex and full-duplex operation.

D-Link recommends that you do not conﬁgure the mode of a DWS-1008 port so that one side of the link is set to autonegotiation while the other side is set to full-duplex. Although MSS allows this conﬁguration, it can result in slow throughput on the link. The slow throughput occurs because the side that is conﬁgured for autonegotiation falls back to half-duplex.

speciﬁed ports. Enables autonegotiation on the speciﬁed ports. Disables autonegotiation on the speciﬁed ports.

D-Link DWS-1008 CLI Manual 47

A stream of large packets sent to an DWS-1008 port in such a conﬁguration can cause forwarding on the link to stop.

Examples: The following command disables autonegotiation on ports 1, 2, and 4 through 6:

DWS-1008# set port negotiation 1,2,4-6 disable

The following command enables autonegotiation on port 5:

DWS-1008# set port negotiation 5 enable

set port poe

Enables or disables Power over Ethernet (PoE) on ports connected to AP access points.

Caution! When you set the port type for AP use, you can enable PoE on the port. Use the DWS-1008’s PoE to power D-Link access points or PoE enabled devices only. If you enable PoE on ports connected to other devices, damage can result.

Syntax: set port poe port-list enable | disable

port-list

enable disable

Defaults: PoE is disabled on network and wired authentication ports. The state on access point ports depends on whether you enabled or disabled PoE when setting the port type. See set port type ap.

Access: Enabled.

Usage: This command does not apply to any gigabit Ethernet ports or to port 3 on the

DWS-1008 switch.

Examples: The following command disables PoE on ports 3 and 5, which are connected to an access point:

List of physical ports. MSS disables or reenables PoE on all the speciﬁed ports.

Enables PoE on the speciﬁed ports. Disables PoE on the speciﬁed ports.

D-Link DWS-1008 CLI Manual 48

DWS-1008# set port poe 3,5 disable If you are enabling power on these ports, they must be connected only to approved PoE devices with the correct wiring. Do you wish to continue? (y/n) [n]y

The following command enables PoE on ports 2 and 4:

DWS-1008# set port poe 2,4 enable

If you are enabling power on these ports, they must be connected only to approved PoE devices with the correct wiring. Do you wish to continue? (y/n) [n]y

See Also:

• set port type ap

• set port type wired-auth

set port speed

Changes the speed of a port.

Syntax: set port speed port-list {10 | 100 | auto}

port-list

100

auto

Defaults: All ports are set to auto.

Access: Enabled.

Usage: D-Link recommends that you do not conﬁgure the mode of a switch port so that one

side of the link is set to autonegotiation while the other side is set to full-duplex. Although MSS allows this conﬁguration, it can result in slow throughput on the link. The slow throughput occurs because the side that is conﬁgured for autonegotiation falls back to half-duplex. A stream of large packets sent to a switch port in such a conﬁguration can cause forwarding on the link to stop.

List of physical ports. MSS sets the port speed on all the speciﬁed ports.

Sets the port speed of a 10/100 Ethernet port to 10 Mbps and sets the operating mode to full-duplex.

Sets the port speed of a 10/100 Ethernet port to 100 Mbps and sets the operating mode to full-duplex.

Enables a port to detect the speed and operating mode of the trafﬁc on the link and set itself accordingly.

D-Link DWS-1008 CLI Manual 49

Examples: The following command sets the port speed on ports 1, 3 through 5, and 8 to 10 Mbps and sets the operating mode to full-duplex:

DWS-1008# set port speed 1,3-5,8 10

set port trap

Enables or disables Simple Network Management Protocol (SNMP) linkup and linkdown traps on an individual port.

Syntax: set port trap port-list {enable | disable}

port-list

enable disable

Defaults: SNMP linkup and linkdown traps are disabled by default.

List of physical ports. Enables the Telnet server. Disables the Telnet server.

Access: Enabled.

Usage: The set port trap command overrides the global setting of the set snmp trap

command.

The set port type command does not affect the global trap information displayed by the show snmp conﬁguration command. For example, if you globally enable linkup and linkdown traps but then disable the traps on a single port, the show snmp conﬁguration command still indicates that the traps are globally enabled.

Examples: The following command enables SNMP linkup and linkdown traps on ports 5 and 6:

DWS-1008# set port trap 5-6 enable

See Also:

• set ip snmp server

• set snmp community

• set snmp trap

• set snmp trap receiver

D-Link DWS-1008 CLI Manual 50

set port type ap

Conﬁgures a DWS-1008 switch port for an (AP) access point.

Caution! When you set the port type for AP use, you must specify the PoE state (enable or disable) of the port. Use the DWS-1008’s PoE to power D-Link access points or PoE enabled devices only. If you enable PoE on a port connected to another device, physical damage to the device can result.

Note: Before conﬁguring a port as an AP port, you must use the set system countrycode command to set the IEEE 802.11 country-speciﬁc regulations on the DWS-1008. See set

system countrycode.

Note: For an AP that is indirectly connected to the DWS-1008 through an intermediate Layer 2 or Layer 3 network, use the set dap command to conﬁgure a Distributed AP.

Note: Before changing the port type from ap to wired-auth or from wired-auth to ap, you must reset the port with the clear port type command.

Syntax: set port type ap port-list model {DWL-8200} poe {enable | disable} [radiotype {11a | 11b| 11g}]

port-list

model poe enable | disable radiotype 11a | 11b | 11g

Defaults: All DWS-1008 ports are network ports by default.

Access: Enabled.

Usage: You cannot set a port’s type if the port is a member of a port VLAN. To remove a port from a VLAN, use the clear vlan command. To reset a port as a network port, use the clear port type command.

When you change port type, MSS applies default settings appropriate for the port type. The following Table lists the default settings that MSS applies when you set a port’s type to ap.

List of physical ports. Access: point model. Power over ethernet (PoE) state.

Radio type:

• 11a - 802.11a

• 11b - 802.11b

• 11g - 802.11g

Note: This option applies only to single radio models.

D-Link DWS-1008 CLI Manual 51

Port Parameter Setting

VLAN Membership

Spanning Tree Protocol

(STP)

802.1x Uses authentication parameters conﬁgured for users.

Port Groups Not applicable.

IGMP Snooping Enabled as users are authenticated and join VLANs.

Maximum user sessions Not applicable

Removed from all VLANs. You cannot assign an AP access port to a VLAN. MSS automatically assigns AP access ports to VLANs based on user trafﬁc.

Not applicable.

Examples: The following commands set port 2 for access point model DWL-8220AP, enables PoE on the port:

DWS-1008# set port type ap 2 model DWL-8220AP poe enable

This may affect the power applied on the conﬁgured ports. Would you like to continue? (y/n) [n]y success: change accepted.

See Also:

• clear dap

• clear port type

• set {ap | dap} radio antennatype

• set dap

• set port type wired-auth

• set system countrycode

D-Link DWS-1008 CLI Manual 52

set port type wired-auth

Conﬁgures an DWS-1008 port for a wired authentication user.

Syntax: set port type wired-auth port-list [tag tag-list] [max-sessions num] [auth-fall-thru {last-resort | none | web-portal}]

port-list tag-list

num

last-resort

none

web-portal

Defaults: The default tag-list is null (no tag values). The default number of sessions is 1. The

default fallthru authentication type is none.

List of physical ports. One or more numbers between 1 and 4094 that subdivide a wired

authentication port into virtual ports. Maximum number of simultaneous user sessions supported. Automatically authenticates the user without requiring a user name and

password. Denies authentication and prohibits the user from accessing the network

over this port. Serves the user a web page from the DWS-1008’s nonvolatile storage

for a secure login to the network.

Access: Enabled.

When you change port type, MSS applies default settings appropriate for the port type. The following Table lists the default settings that MSS applies when you set a port’s type to

wired-auth.

Wired Authentication Port Defaults:

Port Parameter Setting

Removed from all VLANs. You cannot assign an AP access port to a

VLAN Membership

Spanning Tree Protocol

(STP)

802.1x Uses authentication parameters conﬁgured for users.

VLAN. MSS automatically assigns AP access ports to VLANs based on user trafﬁc.

Not applicable.

Port Groups

IGMP Snooping

Maximum user

sessions

Fallthru Auth type None

D-Link DWS-1008 CLI Manual 53

Not applicable.

Enabled as users are authenticated and join VLANs.

One (1)

For 802.1X clients, wired authentication works only if the clients are directly attached to the wired authentication port, or are attached through a hub that does not block forwarding of packets from the client to the PAE group address (01:80:c2:00:00:03). Wired authentication works in accordance with the 802.1X speciﬁcation, which prohibits a client from sending trafﬁc directly to an authenticator’s MAC address until the client is authenticated. Instead of sending trafﬁc to the authenticator’s MAC address, the client sends packets to the PAE group address. The 802.1X speciﬁcation prohibits networking devices from forwarding PAE group address packets, because this would make it possible for multiple authenticators to acquire the same client.

For non-802.1X clients, who use MAC authentication, WebAAA, or last-resort authentication, wired authentication works if the clients are directly attached or indirectly attached.

Examples: The following command sets port 5 for a wired authentication user:

DWS-1008# set port type wired-auth 5 success: change accepted.

Examples: The following command sets port 6 for a wired authentication user and speciﬁes a maximum of three simultaneous user sessions:

DWS-1008# set port type wired-auth 6 max-sessions 3 success: change accepted.

See Also:

• clear port type

• set port type

D-Link DWS-1008 CLI Manual 54

show port counters

Displays port statistics.

octets Displays octet statistics. packets Displays packet statistics. receive-errors Displays errors in received packets. transmit-errors Displays errors in transmitted packets. collisions Displays collision statistics. receive-etherstats Displays Ethernet statistics for received packets. transmit-etherstats Displays Ethernet statistics for transmitted packets.

port port-list List of physical ports. If you do not specify a port list, MSS displays

statistics for all ports.

Defaults: None.

Access: All.

Usage: You can specify one statistic type with the command.

Examples: The following command shows octet statistics for port 3:

DWS-1008> show port counters octets port 3 Port Status Rx Octets Tx Octets ==================================== 3 Up 27965420 34886544

This command’s output has the same ﬁelds as the monitor port counters command.

See Also:

• clear port counters

• monitor port counters

D-Link DWS-1008 CLI Manual 55

show port-group

Displays port group information.

Syntax: show port-group [name group-name]

name group-name Displays information for the speciﬁed port group.

Defaults: None.

Access: All.

Examples: The following command displays the conﬁguration of port group server2:

DWS-1008# show port-group name server2 Port group: server2 is up Ports: 3, 5

The table below describes the ﬁelds in the show port-group output.

Field Description

Port group Name and state (enabled or disabled) of the port group. Ports Ports contained in the port group.

See Also:

• clear port-group

• set port-group

show port mirror

Displays the port mirroring conﬁguration.

Syntax: show port mirror

Defaults: None.

Access: Enabled.

Examples: The following command displays the port mirroring conﬁguration on the switch:

DWS-1008# show port mirror Port 1 is mirrored to port 2

If port mirroring is not conﬁgured, the message in the following example is displayed instead:

DWS-1008# show port mirror No ports are mirrored

D-Link DWS-1008 CLI Manual 56

show port poe

Displays status information for ports on which Power over Ethernet (PoE) is enabled.

Syntax: show port poe [port-list]

port-list List of physical ports. If you do not specify a port list, PoE information is displayed

for all ports.

Defaults: None.

Access: All.

Examples: The following command displays PoE information for all ports on a DWS-1008: DWS-1008# show port poe

Link Port PoE PoE Port Name Status Type conﬁg Draw ============================================================== 1 1 up - disabled off 2 2 down - disabled off 3 3 down - disabled off 4 4 down - disabled off 5 5 down - disabled off 6 6 up AP enabled 1.44 7 7 down - disabled invalid 8 8 down - disabled invalid

The table below describes the ﬁelds in this display.

Field Description

Port Port number. Name Port name. If the port does not have a name, the port number is listed. Link status Link status of the port:

• up—The port is connected.

• down—The port is not connected. Port type Port type:

• AP—The port is an AP access port.

• - (The port is not an AP access port.) PoE conﬁg PoE state:

• enabled

• disabled PoE Draw Power draw on the port, in watts. For 10/100 Ethernet ports on which PoE is disabled, this ﬁeld displays off. The value overcurrent indicates a PoE problem such as a short in the cable.

D-Link DWS-1008 CLI Manual 57

show port status

Displays conﬁguration and status information for ports.

Syntax: show port status [port-list]

port-list List of physical ports. If you do not specify a port list, information is displayed for

all ports.

Defaults: None.

Access: All.

Examples: The following command displays information for all ports on a DWS-1008:

DWS-1008# show port status Port Name Admin Oper Conﬁg Actual Type Media =============================================================== 1 1 up up auto 100/full network 10/100BaseTx 2 2 up down auto network 10/100BaseTx 3 3 up down auto network 10/100BaseTx 4 4 up down auto network 10/100BaseTx 5 5 up down auto network 10/100BaseTx 6 6 up down auto network 10/100BaseTx 7 7 up down auto network no connector 8 8 up down auto network no connector

The table below describes the ﬁelds in this display.

Field Description

Port

Name Port name. If the port does not have a name, the port number is listed.

Administrative status of the port:

Admin

Oper

Conﬁg

Actual Speed and operating mode in effect on the port.

Type

Media

• up—The port is enabled.

• down—The port is disabled.

Operational status of the port:

• up—The port is operational.

• down—The port is not operational.

Port speed conﬁgured on the port:

• 10—10 Mbps.

• 100—100 Mbps.

• auto—The port sets its own speed.

Port type:

• ap—AP access point port

• network—Network port

• wa—Wired authentication port

Link type:

• 10/100BaseTX—10/100BASE-T.

Port number.

D-Link DWS-1008 CLI Manual 58

VLAN Commands

Use virtual LAN (VLAN) commands to conﬁgure and manage parameters for individual port VLANs on network ports, and to display information about clients within a network. This chapter presents VLAN commands alphabetically. Use the following table to locate commands in this chapter based on their use.

Creation set vlan name on page 66

Ports set vlan port on page 67

clear vlan on page 62 show vlan conﬁg on page 71

Restriction of Client Layer 2 Forwarding set security l2-restrict on page 65

show security l2-restrict on page 70 clear security l2-restrict on page 61 clear security l2-restrict counters on page 62

FDB Entries set fdb on page 64 show fdb on page 68 show fdb count on page 70 clear fdb on page 60

FDB Aging Timeout set fdb agingtime on page 65 show fdb agingtime on page 69

D-Link DWS-1008 CLI Manual 59

clear fdb

Deletes an entry from the forwarding database (FDB).

Syntax: clear fdb {perm | static | dynamic | port port-list} [vlan vlan-id] [tag tag-value]

perm Clears permanent entries. A permanent entry does not age out and remains

static Clears static entries. A static entry does not age out, but is removed from

dynamic Clears dynamic entries. A dynamic entry is automatically removed through

port port-lis Clears dynamic entries that match destination ports in the port list. You are

vlan vlan-id VLAN name or number—required for removing permanent and static entries.

in the database even after a reboot, reset, or power cycle. You must specify a VLAN name or number with this option.

the database after a reboot, reset, or power cycle. You must specify a VLAN name or number with this option.

aging or after a reboot, reset, or power cycle. You are not required to specify a VLAN name or number with this option.

not required to specify a VLAN name or number with this option.

For dynamic entries, specifying a VLAN removes entries that match only that VLAN. Otherwise, dynamic entries that match all VLANs are removed.

tag tag-value VLAN tag value that identiﬁes a virtual port. If you do not specify a tag

value, MSS deletes only entries that match untagged interfaces. Specifying a tag value deletes entries that match only the speciﬁed tagged interface.

Defaults: None.

Access: Enabled.

Usage: You can delete forwarding database entries based on entry type, port, or VLAN. A VLAN

name or number is required for deleting permanent or static entries.

Examples: The following command clears all static forwarding database entries that match VLAN blue:

dws-1008# clear fdb static vlan blue success: change accepted.

The following command clears all dynamic forwarding database entries that match all VLANs:

dws-1008# clear fdb dynamic success: change accepted.

The following command clears all dynamic forwarding database entries that match ports 3 and 5:

dws-1008# clear fdb port 3,5

success: change accepted.

D-Link DWS-1008 CLI Manual 60

clear security l2-restrict

Removes one or more MAC addresses from the list of destination MAC addresses to which clients in a VLAN are allowed to send trafﬁc at Layer 2.

Syntax: clear security l2-restrict vlan vlan-id [permit-mac mac-addr [mac-addr] | all]

vlan-id VLAN name or number.

permit-mac List of MAC addresses. MSS no longer allows clients in the VLAN to mac-addr [mac-addr] send trafﬁc to the MAC addresses at Layer 2.

all Removes all MAC addresses from the list.

Defaults: If you do not specify a list of MAC addresses or all, all addresses are removed.

Access: Enabled.

Usage: If you clear all MAC addresses, Layer 2 forwarding is no longer restricted in the VLAN.

Clients within the VLAN will be able to communicate directly. There can be a slight delay before functions such as pinging between clients become available again after Layer 2 restrictions are lifted. Even though packets are passed immediately once Layer 2 restrictions are gone, it can take 10 seconds or more for upper-layer protocols to update their ARP caches and regain their functionality.

To clear the statistics counters without removing any MAC addresses, use the clear security l2restrict counters command instead.

Examples: The following command removes MAC address aa:bb:cc:dd:ee:ff from the list of addresses to which clients in VLAN abc_air are allowed to send trafﬁc at Layer 2:

DWS-1008# clear security l2-restrict vlan abc_air permit-mac aa:bb:cc:dd:ee:ff success: change accepted.

See Also:

• clear security l2-restrict counters

• set security l2-restrict

• show security l2-restrict

D-Link DWS-1008 CLI Manual 61

clear security l2-restrict counters

Clear statistics counters for Layer 2 forwarding restriction.

Syntax: clear security l2-restrict counters [vlan vlan-id | all]

vlan-id VLAN name or number.

all Clears Layer 2 forwarding restriction counters for all VLANs.

Defaults: If you do not specify a VLAN or all, counters for all VLANs are cleared.

Access: Enabled.

Usage: To clear MAC addresses from the list of addresses to which clients are allowed to send data, use the clear security l2-restrict command instead.

Examples: The following command clears Layer 2 forwarding restriction statistics for

VLAN abc_air:

DWS-1008# clear security l2-restrict counters vlan abc_air success: change accepted.

See Also:

• clear security l2-restrict

• set security l2-restrict

• show security l2-restrict

clear vlan

Removes physical or virtual ports from a VLAN or removes a VLAN entirely.

Caution: When you remove a VLAN, MSS completely removes the VLAN from the conﬁguration and also removes all conﬁguration information that uses the VLAN. If you want to remove only a speciﬁc port from the VLAN, make sure you specify the port number in the command.

Syntax: clear vlan vlan-id [port port-list [tag tag-value]]

vlan-id VLAN name or number.

port port-list List of physical ports. MSS removes the speciﬁed ports from the VLAN. If you do not specify a list of ports, MSS removes the VLAN entirely.

tag tag-value Tag number that identiﬁes a virtual port. MSS removes only the speciﬁed virtual port from the speciﬁed physical ports.

D-Link DWS-1008 CLI Manual 62

Defaults: None.

Access: Enabled.

Usage: If you do not specify a port-list, the entire VLAN is removed from the conﬁguration.

Note: You cannot delete the default VLAN but you can remove ports from it. To remove ports from the default VLAN, use the port port-list option.

Examples: The following command removes port 1 from VLAN green:

DWS-1008# clear vlan green port 1 This may disrupt user connectivity. Do you wish to continue? (y/n) [n]y success: change accepted.

The following command removes port 4, which uses tag value 69, from VLAN red:

DWS-1008# clear vlan red port 4 tag 69 This may disrupt user connectivity. Do you wish to continue? (y/n) [n]y success: change accepted.

The following command completely removes VLAN marigold:

DWS-1008# clear vlan marigold This may disrupt user connectivity. Do you wish to continue? (y/n) [n]y success: change accepted.

See Also:

• set vlan port

• show vlan conﬁg

D-Link DWS-1008 CLI Manual 63

set fdb

Adds a permanent or static entry to the forwarding database.

Syntax: set fdb {perm | static} mac-addr port port-list vlan vlan-id [tag tag-value]

perm Adds a permanent entry. A permanent entry does not age out and remains in the

static Adds a static entry. A static entry does not age out, but is removed from the

mac-addr Destination MAC address of the entry. Use colons to separate the octets (for

port port-list List of physical destination ports for which to add the entry. A separate entry is

vlan vlan-id Name or number of a VLAN of which the port is a member. The entry is added

database even after a reboot, reset, or power cycle.

database after a reboot, reset, or power cycle.

example, 00:11:22:aa:bb:cc).

added for each port you specify.

only for the speciﬁed VLAN.

tag tag-value VLAN tag value that identiﬁes a virtual port. You can specify a number from 1

through 4093. If you do not specify a tag value, an entry is created for an untagged interface only. If you specify a tag value, an entry is created only for the speciﬁed tagged interface.

Defaults: None.

Access: Enabled.

Usage: You cannot add a multicast or broadcast address as a permanent or static FDB entry.

Examples: The following command adds a permanent entry for MAC address 00:11:22:aa:bb:cc

on ports 3 and 5 in VLAN blue:

DWS-1008# set fdb perm 00:11:22:aa:bb:cc port 3,5 vlan blue success: change accepted.

The following command adds a static entry for MAC address 00:2b:3c:4d:5e:6f on port 1 in the default VLAN:

DWS-1008# set fdb static 00:2b:3c:4d:5e:6f port 1 vlan default success: change accepted.

set fdb agingtime

Changes the aging timeout period for dynamic entries in the forwarding database.

Syntax: set fdb agingtime vlan-id age seconds

vlan-id VLAN name or number. The timeout period change applies only to entries

that match the speciﬁed VLAN.

age seconds Value for the timeout period, in seconds. You can specify a value from

0 through 1,000,000. If you change the timeout period to 0, aging is disabled.

Defaults: The aging timeout period is 300 seconds (5 minutes).

Access: Enabled.

Examples: The following command changes the aging timeout period to 600 seconds for entries

that match VLAN orange:

DWS-1008# set fdb agingtime orange age 600 success: change accepted.

See Also:

• show fdb agingtime

set security l2-restrict

Restricts Layer 2 forwarding between clients in the same VLAN. When you restrict Layer 2 forwarding in a VLAN, MSS allows Layer 2 forwarding only between a client and a set of MAC addresses, generally the VLAN’s default routers. Clients within the VLAN are not permitted to communicate among themselves directly. To communicate with another client, the client must use one of the speciﬁed default routers.

Syntax: set security l2-restrict vlan vlan-id [mode {enable | disable}] [permit-mac mac-addr [mac-addr]]

vlan-id VLAN name or number.

mode {enable | disable} Enables or disables restriction of Layer 2 forwarding.

permit-mac mac-addr MAC addresses to which clients are allowed to forward data at [mac-addr] Layer 2. You can specify up to four addresses.

D-Link DWS-1008 CLI Manual 65

Defaults: Layer 2 restriction is disabled by default.

Access: Enabled.

Usage: You can specify multiple addresses by listing them on the same command line or by entering

multiple commands. To change a MAC address, use the clear security l2-restrict command to remove it, then use the set security l2-restrict command to add the correct address.

Restriction of client trafﬁc does not begin until you enable the permitted MAC list. Use the mode enable option with this command.

Examples: The following command restricts Layer 2 forwarding of client data in VLAN abc_air to the default routers with MAC address aa:bb:cc:dd:ee:ff and 11:22:33:44:55:66:

DWS-1008# set security l2-restrict vlan abc_air mode enable permit-mac aa:bb:cc:dd:ee:ff 11:22:33:44:55:66

success: change accepted.

See Also:

• clear security l2-restrict

• clear security l2-restrict counters

• show security l2-restrict

set vlan name

Creates a VLAN and assigns a number and name to it.

Syntax: set vlan vlan-num name name

vlan-num VLAN number. You can specify a number from 2 through 4093.

name String up to 16 alphabetic characters long.

Defaults: VLAN 1 is named default by default. No other VLANs have default names.

Access: Enabled.

Usage: You must assign a name to a VLAN (other than the default VLAN) before you can add

ports to the VLAN.

D-Link recommends that you do not use the name default. This name is already used for VLAN

1. D-link also recommends that you do not rename the default VLAN. You cannot use a number as the ﬁrst character in the VLAN name. D-Link recommends that you do not use the same name with different capitalizations for VLANs. For example, do not conﬁgure two separate VLANs with the names red and RED.

D-Link DWS-1008 CLI Manual 66

VLAN names are case-sensitive for RADIUS authorization when a client roams to a switch. If the switch is not conﬁgured with the VLAN the client is on, but is conﬁgured with a VLAN that has the same spelling but different capitalization, authorization for the client fails. For example, if the client is on VLAN red but the switch to which the client roams has VLAN RED instead, RADIUS authorization fails.

Examples: The following command assigns the name marigold to VLAN 3:

DWS-1008# set vlan 3 name marigold success: change accepted.

See Also:

• set vlan port

set vlan port

Assigns one or more network ports to a VLAN. You also can add a virtual port to each network port by adding a tag value to the network port.

Syntax: set vlan vlan-id port port-list [tag tag-value]

vlan-id VLAN name or number.

port port-list List of physical ports.

tag tag-value Tag value that identiﬁes a virtual port. You can specify a value from 1 through

4093.

Defaults: By default, no ports are members of any VLANs. A switch cannot forward trafﬁc on the network until you conﬁgure VLANs and add network ports to the VLANs.

Access: Enabled.

Usage: You can combine this command with the set port name command to assign the name

and add the ports at the same time. If you do not specify a tag value, the switch sends untagged frames for the VLAN. If you do specify a tag value, the switch sends tagged frames only for the VLAN.

If you do specify a tag value, D-Link recommends that you use the same value as the VLAN number. MSS does not require the VLAN number and tag value to be the same but some other vendors’ devices do.

Examples: The following command assigns the name beige to VLAN 11 and adds ports 1 through 3 to the VLAN:

DWS-1008# set vlan 11 name beige port 1-3 success: change accepted.

The following command adds port 5 to VLAN beige and assigns tag value 86 to the port:

DWS-1008# set vlan beige port 5 tag 86 success: change accepted.

D-Link DWS-1008 CLI Manual 67

show fdb

Displays entries in the forwarding database.

Syntax: show fdb [mac-addr-glob [vlan vlan-id]] show fdb {perm | static | dynamic | system | all} [port port-list | vlan vlan-id]

mac-addr-glob A single MAC address or set of MAC addresses. Specify a MAC address, or use the wildcard character (*) to specify a set of MAC addresses.

vlan vlan-id Name or number of a VLAN for which to display entries.

perm Displays permanent entries. A permanent entry does not age out and

remains in the database even after a reboot, reset, or power cycle.

static Displays static entries. A static entry does not age out, but is removed from the database after a reboot, reset, or power cycle.

dynamic Displays dynamic entries. A dynamic entry is automatically removed through aging or after a reboot, reset, or power cycle.

system Displays system entries. A system entry is added by MSS. For example, the authentication protocols can add entries for wired and wireless authentication users.

all Displays all entries in the database, or all the entries that match a particular port or ports or a particular VLAN.

port port-list Destination port(s) for which to display entries.

Defaults: None.

Access: All.

Usage: To display the entire forwarding database, enter the show fdb command without options.

To display only a portion of the database, use optional parameters to specify the types of entries you want to display.

Examples: The following command displays all entries in the forwarding database:

DWS-1008# show fdb all * = Static Entry. + = Permanent Entry. # = System Entry. VLAN TAG Dest MAC/Route Des [CoS] Destination Ports [Protocol Type]

------------------------------------------------------------------------------------------------------------------------1 00:01:97:13:0b:1f 1 [ALL] 1 aa:bb:cc:dd:ee:ff * 3 [ALL] 1 00:0b:0e:02:76:f5 1 [ALL] Total Matching FDB Entries Displayed = 3

D-Link DWS-1008 CLI Manual 68

The top line of the display identiﬁes the characters to distinguish among the entry types.

The following command displays all entries that begin with the MAC address glob 00:

DWS-1008# show fdb 00:* * = Static Entry. + = Permanent Entry. # = System Entry. VLAN TAG Dest MAC/Route Des [CoS] Destination Ports [Protocol Type]

----------------------------------------------------------------------------------------------------------------------1 00:01:97:13:0b:1f 1 [ALL] 1 00:0b:0e:02:76:f5 1 [ALL] Total Matching FDB Entries Displayed = 2

The table below describes the ﬁelds in the show fdb output.

Field Description

VLAN VLAN number.

TAG VLAN tag value. If the interface is untagged, the TAG ﬁeld is blank.

Dest MAC/Route Des MAC address of this forwarding entry’s destination.

Type of entry. The entry types are explained in the ﬁrst row of the ommand

CoS

Destination Ports

Protocol Type Layer 3 protocol address types that can be mapped to this entry.

Total Matching FDB Entries Displayed Number of entries displayed by the command.

output. Note: This Class of Service (CoS) value is not associated with MSS quality of service (QoS) features.

Switch port associated with the entry. A switch sends trafﬁc to the destination MAC address through this port.

show fdb agingtime

Displays the aging timeout period for forwarding database entries.

Syntax: show fdb agingtime [vlan vlan-id]

vlan vlan-id VLAN name or number. If you do not specify a VLAN, the aging timeout period for

each VLAN is displayed.

Defaults: None.

Access: All.

Examples: The following command displays the aging timeout period for all VLANs:

DWS-1008# show fdb agingtime VLAN 2 aging time = 600 sec VLAN 1 aging time = 300 sec

Because the forwarding database aging timeout period can be conﬁgured only on an individual VLAN basis, the command lists the aging timeout period for each VLAN separately.

D-Link DWS-1008 CLI Manual 69

show fdb count

Lists the number of entries in the forwarding database.

Syntax: show fdb count {perm | static | dynamic} [vlan vlan-id]

perm Lists the number of permanent entries. A permanent entry does not age out and

remains in the database even after a reboot, reset, or power cycle.

static Lists the number of static entries. A static entry does not age out, but is removed from the database after a reboot, reset, or power cycle.

dynamic Lists the number of dynamic entries. A dynamic entry is automatically removed through aging or after a reboot, reset, or power cycle.

vlan vlan-id VLAN name or number. Entries are listed for only the speciﬁed VLAN.

Defaults: None.

Access: All.

Examples: The following command lists the number of dynamic entries that the forwarding

database contains:

DWS-1008# show fdb count dynamic Total Matching Entries = 2

See Also:

• show fdb

show security l2-restrict

Displays conﬁguration information and statistics for Layer 2 forwarding restriction.

Syntax: show security l2-restrict [vlan vlan-id | all]

vlan-id VLAN name or number.

all Displays information for all VLANs.

Defaults: If you do not specify a VLAN name or all, information is displayed for all VLANs.

Access: Enabled.

D-Link DWS-1008 CLI Manual 70

Examples: The following command shows Layer 2 forwarding restriction information for all VLANs:

DWS-1008# show security l2-restrict VLAN Name En Drops Permit MAC Hits

------------------------------------------------------------------------------------------------1 default Y 0 00:0b:0e:02:53:3e 5947 00:30:b6:3e:5c:a8 9 2 vlan-2 Y 0 04:04:04:04:04:04 0

The table describes the ﬁelds in the display.

Field Discription

VLAN VLAN number.

Name VLAN name.

Enabled state of the feature for the VLAN:

Drops

Permit MAC MAC addresses to which clients in the VLAN are allowed to send trafﬁc at Layer 2.

Hits

• Y—Enabled. Forwarding of Layer 2 trafﬁc from clients is restricted to the MAC address(es) listed under Permit MAC.

• N—Disabled. Layer 2 forwarding is not restricted.

Number of packets dropped because the destination MAC address was not one of the addresses listed under Permit MAC.

Number of packets whose source MAC address was a client in this VLAN, and whose destination MAC address was one of those listed under Permit MAC.

See Also:

• clear security l2-restrict

• clear security l2-restrict counters

• set security l2-restrict

show vlan conﬁg

Displays VLAN information.

Syntax: show vlan conﬁg [vlan-id]

vlan-id VLAN name or number. If you do not specify a VLAN, information for all VLANs is

displayed.

Defaults: None.

Access: All.

D-Link DWS-1008 CLI Manual 71

Examples: The following command displays information for VLAN burgundy:

DWS-1008# show vlan conﬁg burgundy Admin VLAN Tunl Port VLAN Name Status State Afﬁn Port Tag State

------------------------------------------------------------------------------------------------------2 burgundy Up Up 5 2 none Up 3 none Up 4 none Up 5 none Up 6 none Up t:10.10.40.4 none Up

The table below describes the ﬁelds in this display.

Field Description

VLAN VLAN number.

Name VLAN name.

Administrative status of the VLAN:

Admin Status

VLAN State

Tunl Afﬁn Tunnel afﬁnity value assigned to the VLAN.

Port

Tag Tag value assigned to the port.

Port State

• Down—The VLAN is disabled.

• Up—The VLAN is enabled.

Link status of the VLAN:

• Down—The VLAN is not connected.

• Up—The VLAN is connected.

Member port of the VLAN. The port can be a physical port or a virtual port.

• Physical ports are 10/100 Ethernet on the switch, and are listed by port number.

• Virtual ports are tunnels to other switches in a mobility domain, and are listed as follows: t:ip-addr, where ip-addr is the system IP address of the switch at the other end of the tunnel. Note: This ﬁeld can include AP access ports and wired authentication ports, because MSS dynamically adds these ports to a VLAN when handling user trafﬁc for the VLAN.

Link state of the port:

• Down—The port is not connected.

• Up—The port is connected.

See Also:

• clear vlan

• set vlan name

• set vlan port

D-Link DWS-1008 CLI Manual 72

Quality of Service Commands

Use Quality of Service (QoS) commands to conﬁgure packet prioritization in MSS. Packet prioritization ensures that DWS-1008 switches and DWL-8220AP access points give preferential treatment to highpriority trafﬁc such as voice and video.

This chapter presents QoS commands alphabetically. Use the following table to locate commands in this chapter based on their use.

QoS Settings show qos on page 75 show qos dscp-table on page 76 set qos cos-to-dscp-map on page 74 set qos dscp-to-cos-map on page 75 clear qos on page 74

clear qos

Resets the switch’s mapping of Differentiated Services Code Point (DSCP) values to internal QoS values.

The switch’s internal QoS map ensures that prioritized trafﬁc remains prioritized while transiting through the DWS-1008 switch. A switch uses the QoS map to do the following:

• Classify inbound packets by mapping their DSCP values to one of eight internal QoS values

• Classify outbound packets by marking their DSCP values based on the switch’s internal QoS values

Syntax: clear qos [cos-to-dscp-map [from-qos] | dscp-to-cos-map [from-dscp]]

cos-to-dscp-map Resets the mapping between the speciﬁed internal QoS value and the

[from-qos] DSCP values with which MSS marks outbound packets. QoS values are from 0 to 7.

dscp-to-cos-map Resets the mapping between the speciﬁed range of DSCP values and [from-dscp] internal QoS value with which MSS classiﬁes inbound packets.

D-Link DWS-1008 CLI Manual 73

Defaults: None.

Access: Enabled.

Usage: To reset all mappings to their default values, use the clear qos command without the

optional parameters.

Examples: The following command resets all QoS mappings:

DWS-1008# clear qos success: change accepted.

The following command resets the mapping used to classify packets with DSCP value 44:

DWS-1008# clear qos dscp-to-qos-map 44 success: change accepted.

set qos cos-to-dscp-map

Changes the value to which MSS maps an internal QoS value when marking outbound packets.

Syntax: set qos cos-to-dscp-map level dscp dscp-value

level Internal CoS value. You can specify a number from 0 to 7.

dscp dscp-value DSCP value. You can specify the value as a decimal number. Valid values

are 0 to 63.

Defaults: The defaults are listed by the show qos command.

Access: Enabled.

Examples: The following command maps internal CoS value 5 to DSCP value 50:

DWS-1008# set qos cos-to-dscp-map 5 dscp 50 warning: cos 5 is marked with dscp 50 which will be classiﬁed as cos 6

If the change results in a change to CoS, MSS displays a warning message indicating the change. In this example, packets that receive CoS 5 upon ingress will be marked with a DSCP value equivalent to CoS 6 upon egress.

See Also:

• set qos dscp-to-cos-map

• show qos

D-Link DWS-1008 CLI Manual 74

set qos dscp-to-cos-map

Changes the internal QoS value to which MSS maps a packet’s DSCP value when classifying inbound packets.

Syntax: set qos dscp-to-cos-map dscp-range cos level

dscp-range DSCP range. You can specify the values as decimal numbers. Valid decimal

values are 0 to 63. To specify a range, use the following format: 40-56. Specify the lower number ﬁrst.

cos level Internal QoS value. You can specify a number from 0 to 7.

Defaults: The defaults are listed by the show qos command.

Access: Enabled.

Examples: The following command maps DSCP values 40-56 to internal CoS value 6:

DWS-1008# set qos dscp-to-cos-map 40-56 cos 6 warning: cos 5 is marked with dscp 63 which will be classiﬁed as cos 7 warning: cos 7 is marked with dscp 56 which will be classiﬁed as cos 6

As shown in this example, if the change results in a change to CoS, MSS displays a warning message indicating the change.

See Also:

• set qos cos-to-dscp-map

• show qos

show qos

Displays the switch’s QoS settings.

Syntax: show qos [default]

default Displays the default mappings.

Defaults: None.

Access: Enabled.

D-Link DWS-1008 CLI Manual 75

Examples: The following command displays the default QoS settings:

DWS-1008# show qos default

Ingress QoS Classiﬁcation Map (dscp-to-cos)

Ingress DSCP CoS Level =============================================================== 00-09 0 0 0 0 0 0 0 0 1 1 10-19 1 1 1 1 1 1 2 2 2 2 20-29 2 2 2 2 3 3 3 3 3 3 30-39 3 3 4 4 4 4 4 4 4 4 40-49 5 5 5 5 5 5 5 5 6 6 50-59 6 6 6 6 6 6 7 7 7 7 60-63 7 7 7 7

Egress QoS Marking Map (cos-to-dscp) CoS Level 0 1 2 3 4 5 6 7 =============================================================== Egress DSCP 0 8 16 24 32 40 48 56 Egress ToS byte 0x00 0x20 0x40 0x60 0x80 0xA0 0xC0 0xE0

See Also:

• show qos dscp-table

show qos dscp-table

Displays a table that maps Differentiated Services Code Point (DSCP) values to their equivalent combinations of IP precedence values and IP ToS values.

Syntax: show qos dscp-table

Defaults: None.

Access: Enabled.

Examples: The following command displays the table:

DWS-1008# show qos dscp-table DSCP TOS precedence tos dec hex dec hex

-------------------------------------------------------------------------------------------------------------------------

0 0x00 0 0x00 0 0 1 0x01 4 0x04 0 2 2 0x02 8 0x08 0 4 ... 63 0x3f 252 0xfc 7 14

See Also:

• show qos

D-Link DWS-1008 CLI Manual 76

IP Services Commands

Use IP services commands to conﬁgure and manage IP interfaces, management services, the Domain Name Service (DNS), Network Time Protocol (NTP), and aliases, and to ping a host or trace a route. This chapter presents IP services commands alphabetically.

clear interface

Removes an IP interface.

Syntax: clear interface vlan-id ip

vlan-id VLAN name or number.

Defaults: None.

Access: Enabled.

Usage: If the interface you want to remove is conﬁgured as the system IP address, removing the

address can interfere with system tasks that use the system IP address, including the following:

• Topology reporting for dual-homed access points

• Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP traps

Examples: The following command removes the IP interface conﬁgured on VLAN mauve:

DWS-1008# clear interface mauve ip success: cleared ip on vlan mauve

See Also:

• set interface

• set interface status

• show interface

D-Link DWS-1008 CLI Manual 77

clear ip alias

Removes an alias, which is a string that represents an IP address.

Syntax: clear ip alias name

name Alias name.

Defaults: None.

Access: Enabled.

Examples: The following command removes the alias server1:

DWS-1008# clear ip alias server1 success: change accepted.

See Also:

• set ip alias

• show ip alias

clear ip dns domain

Removes the default DNS domain name.

Syntax: clear ip dns domain

Defaults: None.

Access: Enabled.

Examples: The following command removes the default DNS domain name from a switch:

DWS-1008# clear ip dns domain Default DNS domain name cleared.

See Also:

• clear ip dns server

• set ip dns

• set ip dns domain

• set ip dns server

• show ip dns

D-Link DWS-1008 CLI Manual 78

clear ip dns server

Removes a DNS server from a DWS-1008 switch conﬁguration.

Syntax: clear ip dns server ip-addr

ip-addr IP address of a DNS server.

Defaults: None.

Access: Enabled.

Examples: The following command removes DNS server 10.10.10.69 from a switch’s

conﬁguration:

DWS-1008# clear ip dns server 10.10.10.69 success: change accepted.

See Also:

• clear ip dns domain

• set ip dns

• set ip dns domain

• set ip dns server

• show ip dns

clear ip route

Removes a route from the IP route table.

Syntax: clear ip route {default | ip-addr mask | ip-addr/mask-length} default-router

default Default route. Note: default is an alias for IP address 0.0.0.0/0.

ip-addr mask IP address and subnet mask for the route destination, in dotted decimal notation (for example, 10.10.10.10 255.255.255.0).

ip-addr/mask-length IP address and subnet mask length in CIDR format (for example, 10.10.10.10/24).

default-router IP address, DNS hostname, or alias of the next-hop router.

D-Link DWS-1008 CLI Manual 79

Defaults: None.

Access: Enabled.

Examples: The following command removes the route to destination 10.10.10.68/24 through

router 10.10.10.1:

DWS-1008# clear ip route 10.10.10.68/24 10.10.10.1 success: change accepted.

See Also:

• set ip route

• show ip route

clear ip telnet

Resets the Telnet server’s TCP port number to its default value. A DWS-1008 switch listens for Telnet management trafﬁc on the Telnet server port.

Syntax: clear ip telnet

Defaults: The default Telnet port number is 23.

Access: Enabled.

Examples: The following command resets the TCP port number for Telnet management trafﬁc

to its default:

DWS-1008# clear ip telnet

success: change accepted.

See Also:

• set ip https server

• set ip telnet

• set ip telnet server

• show ip https

• show ip telnet

D-Link DWS-1008 CLI Manual 80

clear ntp server

Removes an NTP server from a switch conﬁguration.

Syntax: clear ntp server {ip-addr | all}

ip-addr IP address of the server to remove, in dotted decimal notation.

all Removes all NTP servers from the conﬁguration.

Defaults: None.

Access: Enabled.

Examples: The following command removes NTP server 192.168.40.240 from a switch

conﬁguration:

DWS-1008# clear ntp server 192.168.40.240 success: change accepted.

See Also:

• clear ntp update-interval

• set ntp

• set ntp server

• set ntp update-interval

• show ntp

clear ntp update-interval

Resets the NTP update interval to the default value.

Syntax: clear ntp update-interval

Defaults: The default NTP update interval is 64 seconds.

Access: Enabled.

Examples: To reset the NTP interval to the default value, type the following command:

DWS-1008# clear ntp update-interval success: change accepted.

See Also:

• clear ntp server

• set ntp

• set ntp server

• set ntp update-interval

• show ntp

D-Link DWS-1008 CLI Manual 81

clear snmp community

Clears an SNMP community string.

Syntax: clear snmp community name comm-string

comm-string Name of the SNMP community you want to clear.

Defaults: None.

Access: Enabled.

Examples: The following command clears community string setswitch2:

DWS-1008# clear snmp community name setswitch2 success: change accepted.

See Also:

• set snmp community

• show snmp community

clear snmp notify proﬁle

Clears an SNMP notiﬁcation proﬁle.

Syntax: clear snmp notify proﬁle proﬁle-name

proﬁle-name Name of the notiﬁcation proﬁle you are clearing.

Defaults: None.

Access: Enabled.

Examples: The following command clears notiﬁcation proﬁle snmpprof_rfdetect:

DWS-1008# clear snmp notify proﬁle snmpprof_rfdetect success: change accepted.

See Also:

• set snmp notify proﬁle

• show snmp notify proﬁle

D-Link DWS-1008 CLI Manual 82

clear snmp notify target

Clears an SNMP notiﬁcation target.

Syntax: clear snmp notify target target-num

target-num ID of the target.

Defaults: None.

Access: Enabled.

Examples: The following command clears notiﬁcation target 3:

DWS-1008# clear snmp notify target 3 success: change accepted.

See Also:

• set snmp notify target

• show snmp notify target

clear snmp usm

Clears an SNMPv3 user.

Syntax: clear snmp usm usm-username

usm-username Name of the SNMPv3 user you want to clear.

Defaults: None.

Access: Enabled.

Examples: The following command clears SNMPv3 user snmpmgr1:

DWS-1008# clear snmp usm snmpmgr1 success: change accepted.

See Also:

• set snmp usm

• show snmp usm

D-Link DWS-1008 CLI Manual 83

clear summertime

Clears the summertime setting from a DWS-1008 switch.

Syntax: clear summertime

Defaults: None.

Access: Enabled.

Examples: To clear the summertime setting from a switch, type the following command:

DWS-1008# clear summertime success: change accepted.

See Also:

• clear timezone

• set summertime

• set timedate

• set timezone

• show summertime

• show timedate

• show timezone

clear system ip-address

Clears the system IP address.

Caution: Clearing the system IP address disrupts the system tasks that use the address.

Syntax: clear system ip-address

Defaults: None.

Access: Enabled.

Usage: Clearing the system IP address can interfere with system tasks that use the system IP

address, including the following:

• Topology reporting for dual-homed access points

• Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP traps

Examples: To clear the system IP address, type the following command:

DWS-1008# clear system ip-address success: change accepted.

See Also:

• set system ip-address

• show system

D-Link DWS-1008 CLI Manual 84

clear timezone

Clears the time offset for the switch’s real-time clock from Coordinated Universal Time (UTC). UTC is also know as Greenwich Mean Time (GMT).

Syntax: clear timezone

Defaults: None.

Access: Enabled.

Examples: To return the switch’s real-time clock to UTC, type the following command:

DWS-1008# clear timezone success: change accepted.

See Also:

• clear summertime

• set summertime

• set timedate

• set timezone

• show summertime

• show timedate

• show timezone

ping

Tests IP connectivity between a switch and another device. MSS sends an Internet Control Message Protocol (ICMP) echo packet to the speciﬁed device and listens for a reply packet.

Syntax: ping host [count num-packets] [dnf] [ﬂood] [interval time] [size size] [source-ip ip-addr | vlan-name]

host IP address, MAC address, hostname, alias, or user to ping.

count num-packets Number of ping packets to send. You can specify from 0 through 2,147,483,647. If you enter 0, MSS pings continuously until you interrupt the command.

dnf Enables the Do Not Fragment bit in the ping packet to prevent the packet from being fragmented.

ﬂood Sends new ping packets as quickly as replies are received, or 100 times per second, whichever is greater.

Note: Use the ﬂood option sparingly. This option creates a lot of trafﬁc and can affect other trafﬁc on the network.

D-Link DWS-1008 CLI Manual 85

interval time Time interval between ping packets, in milliseconds. You can specify from 100 through 10,000. size size Packet size, in bytes. You can specify from 56 through 65,507. Note: Because the switch adds header information, the ICMP packet size is 8 bytes larger than the size you specify.

source-ip ip-addr IP address, in dotted decimal notation, to use as the source IP address in the ping packets.

source-ip vlan-name VLAN name to use as the ping source. MSS uses the IP address conﬁgured on the VLAN as the source IP address in the ping packets.

Defaults:

• count—5.

• dnf—Disabled.

• interval—100 (one tenth of a second)

• size—56.

Access: Enabled.

Usage: To stop a ping command that is in progress, press Ctrl+C. A DWS-1008 switch cannot

ping itself. MSS does not support this.

Examples: The following command pings a device that has IP address 10.1.1.1:

DWS-1008# ping 10.1.1.1 PING 10.1.1.1 (10.1.1.1) from 10.9.4.34 : 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=0.769 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.628 ms 64 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.676 ms 64 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.619 ms 64 bytes from 10.1.1.1: icmp_seq=5 ttl=255 time=0.608 ms

--- 10.1.1.1 ping statistics ---

5 packets transmitted, 5 packets received, 0 errors, 0% packet loss

See Also:

• traceroute

D-Link DWS-1008 CLI Manual 86

set arp

Adds an ARP entry to the ARP table.

Syntax: set arp {permanent | static | dynamic} ip-addr mac-addr

permanent Adds a permanent entry. A permanent entry does not age out and remains

in the database even after a reboot, reset, or power cycle.

static Adds a static entry. A static entry does not age out, but the entry does not remain in the database after a reboot, reset, or power cycle.

dynamic Adds a dynamic entry. A dynamic entry is automatically removed if the entry ages out, or after a reboot, reset, or power cycle.

ip-addr IP address of the entry, in dotted decimal notation.

mac-addr MAC address to map to the IP address. Use colons to separate the octets

(for example, 00:11:22:aa:bb:cc).

Defaults: None.

Access: Enabled.

Examples: The following command adds a static ARP entry that maps IP address 10.10.10.1 to

MAC address 00:bb:cc:dd:ee:ff:

DWS-1008# set arp static 10.10.10.1 00:bb:cc:dd:ee:ff success: added arp 10.10.10.1 at 00:bb:cc:dd:ee:ff on VLAN 1

See Also:

• set arp agingtime

• show arp

set arp agingtime

Changes the aging timeout for dynamic ARP entries.

Syntax: set arp agingtime seconds

seconds Number of seconds an entry can remain unused before MSS removes the entry.

You can specify from 0 through 1,000,000. To disable aging, specify 0.

Defaults: The default aging timeout is 1200 seconds.

D-Link DWS-1008 CLI Manual 87

Access: Enabled.

Usage: Aging applies only to dynamic entries.

To reset the ARP aging timeout to its default value, use the set arp agingtime 1200 command.

Examples: The following command changes the ARP aging timeout to 1800 seconds:

DWS-1008# set arp agingtime 1800 success: set arp aging time to 1800 seconds

The following command disables ARP aging:

DWS-1008# set arp agingtime 0 success: set arp aging time to 0 seconds

See Also:

• set arp

• show arp

Set interface

Conﬁgures an IP interface on a VLAN.

Syntax: set interface vlan-id ip {ip-addr mask | ip-addr/mask-length}

vlan-id VLAN name or number.

ip-addr mask IP address and subnet mask in dotted decimal notation (for example,

10.10.10.10 255.255.255.0).

ip-addr/mask-length IP address and subnet mask length in CIDR format (for example,

10.10.10.10/24).

Defaults: None.

Access: Enabled.

Usage: You can assign one IP interface to each VLAN.

If an interface is already conﬁgured on the VLAN you specify, this command replaces the interface. If you replace an interface that is in use as the system IP address, replacing the interface can interfere with system tasks that use the system IP address, including the following:

• Topology reporting for dual-homed access points

• Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP traps

D-Link DWS-1008 CLI Manual 88

Examples: The following command conﬁgures IP interface 10.10.10.10/24 on VLAN default:

DWS-1008# set interface default ip 10.10.10.10/24 success: set ip address 10.10.10.10 netmask 255.255.255.0 on vlan default

The following command conﬁgures IP interface 10.10.20.10 255.255.255.0 on VLAN mauve:

DWS-1008# set interface mauve ip 10.10.20.10 255.255.255.0 success: set ip address 10.10.20.10 netmask 255.255.255.0 on vlan mauve

See Also:

• clear interface

• set interface status

• show interface

set interface dhcp-client

Conﬁgures the DHCP client on a VLAN, to allow the VLAN to obtain its IP interface from a DHCP server.

Syntax: set interface vlan-id ip dhcp-client {enable | disable}

vlan-id VLAN name or number.

enable Enables the DHCP client on the VLAN.

disable Disables the DHCP client on the VLAN.

Defaults: The DHCP client is disabled by default on the DWS-1008.

Access: Enabled.

Usage: You can enable the DHCP client on one VLAN only. You can conﬁgure the DHCP client

on more than one VLAN, but the client can be active on only one VLAN.

MSS also has a conﬁgurable DHCP server. You can conﬁgure a DHCP client and DHCP server on the same VLAN, but only the client or the server can be enabled. The DHCP client and DHCP server cannot both be enabled on the same VLAN at the same time.

Examples: The following command enables the DHCP client on VLAN corpvlan:

DWS-1008# set interface corpvlan ip dhcp-client enable success: change accepted.

See Also:

• clear interface

• show dhcp-client

• show interface

D-Link DWS-1008 CLI Manual 89

set interface dhcp-server

Conﬁgures the MSS DHCP server.

Note: Use of the MSS DHCP server to allocate client addresses is intended for temporary, demonstration deployments and not for production networks. D-Link recommends that you do not use the MSS DHCP server to allocate client addresses in a production network.

Syntax: set interface vlan-id ip dhcp-server [enable | disable] [start ip-addr1 stop ip-addr2] [dns-domain domain-name] [primary-dns ip-addr [secondary-dns ip-addr]] [default-router ip-addr]

vlan-id VLAN name or number.

enable Enables the DHCP server.

disable Disables the DHCP server.

start ip-addr1 Speciﬁes the beginning address of the address range (also called

the address pool).

stop ip-addr2 Speciﬁes the ending address of the address range.

dns-domain domain-name Name of the DHCP client’s default DNS domain.

primary-dns ip-addr IP addresses of the DHCP client’s DNS servers. [secondary-dns ip-addr]

default-router ip-addr IP address of the DHCP client’s default router.

Defaults: The DHCP server is enabled by default on a new (unconﬁgured) DWS-1008 in order to

provide an IP address to the host connected to the switch for access to the Web Quick Start.

Access: Enabled.

Usage: By default, all addresses except the host address of the VLAN, the network broadcast

address, and the subnet broadcast address are included in the range. If you specify the range, the start address must be lower than the stop address, and all addresses must be in the same subnet. The IP interface of the VLAN must be within the same subnet but is not required to be within the range.

Speciﬁcation of the DNS domain name, DNS servers, and default router are optional. If you omit one or more of these options, the MSS DHCP server uses oath values conﬁgured elsewhere on the switch:

• DNS domain name—If this option is not set with the set interface dhcp-server command’s dns-domain option, the MSS DHCP server uses the value set by the set ip dns domain command.

D-Link DWS-1008 CLI Manual 90

• DNS servers—If these options are not set with the set interface dhcp-server command’s primary-dns and secondary-dns options, the MSS DHCP server uses the values set by the set ip dns server command.

• Default router—If this option is not set with the set interface dhcp-server command’s default-router option, the MSS DHCP server can use the value set by the set ip route command. A default route conﬁgured by set ip route can be used if the route is in the DHCP client’s subnet. Otherwise, the MSS DHCP server does not specify a router address.

Examples: The following command enables the DHCP server on VLAN red-vlan to serve addresses from the 192.168.1.5 to 192.168.1.25 range:

DWS-1008# set interface red-vlan ip dhcp-server enable start 192.168.1.5 stop

192.168.1.25

success: change accepted.

See Also:

• set ip dns domain

• set ip dns server

• show dhcp-server

set interface status

Administratively disables or reenables an IP interface.

Syntax: set interface vlan-id status {up | down}

vlan-id VLAN name or number.

up Enables the interface.

down Disables the interface.

Defaults: IP interfaces are enabled by default.

Access: Enabled.

Examples: The following command disables the IP interface on VLAN mauve:

DWS-1008# set interface mauve status down success: set interface mauve to down

See Also:

• clear interface

• set interface

• show interface

D-Link DWS-1008 CLI Manual 91

set ip alias

Conﬁgures an alias, which maps a name to an IP address. You can use aliases as shortcuts in CLI commands.

Syntax: set ip alias name ip-addr

name String of up to 32 alphanumeric characters, with no spaces.

ip-addr IP address in dotted decimal notation.

Defaults: None.

Access: Enabled.

Examples: The following command conﬁgures the alias HR1 for IP address 192.168.1.2:

DWS-1008# set ip alias HR1 192.168.1.2 success: change accepted.

See Also:

• clear ip alias

• show ip alias

set ip dns

Enables or disables DNS on a DWS-1008 switch.

Syntax: set ip dns {enable | disable}

enable Enables DNS.

disable Disables DNS.

Defaults: DNS is disabled by default.

Access: Enabled.

Examples: The following command enables DNS on a DWS-1008 switch:

DWS-1008# set ip dns enable Start DNS Client

See Also:

• clear ip dns domain

• clear ip dns server

• set ip dns domain

• set ip dns server

• show ip dns

D-Link DWS-1008 CLI Manual 92

set ip dns domain

Conﬁgures a default domain name for DNS queries. The switch appends the default domain name to domain names or hostnames you enter in commands.

Syntax: set ip dns domain name

name Domain name of between 1 and 64 alphanumeric characters with no spaces (for

example, example.org).

Defaults: None.

Access: Enabled.

Usage: To override the default domain name when entering a hostname in a CLI command,

enter a period at the end of the hostname. For example, if the default domain name is example. com, enter chris. if the fully qualiﬁed hostname is chris and not chris.example.com.

Aliases take precedence over DNS. When you enter a hostname, MSS checks for an alias with that name ﬁrst, before using DNS to resolve the name.

Examples: The following command conﬁgures the default domain name example.com:

DWS-1008# set ip dns domain example.com Domain name changed

See Also:

• clear ip dns domain

• clear ip dns server

• set ip dns

set ip dns server

Speciﬁes a DNS server to use for resolving hostnames you enter in CLI commands.

Syntax: set ip dns server ip-addr {primary | secondary}

ip-addr IP address of a DNS server, in dotted decimal or CIDR notation.

primary Makes the server the primary server, which MSS always consults ﬁrst for resolving DNS queries.

secondary Makes the server a secondary server. MSS consults a secondary server only if the primary server does not reply.

D-Link DWS-1008 CLI Manual 93

Defaults: None.

Access: Enabled.

Usage: You can conﬁgure a DWS-1008 switch to use one primary DNS server and up to ﬁve

secondary DNS servers.

Examples: The following commands conﬁgure a DWS-1008 switch to use a primary DNS server and two secondary DNS servers:

DWS-1008# set ip dns server 10.10.10.50/24 primary success: change accepted. DWS-1008# set ip dns server 10.10.20.69/24 secondary success: change accepted. DWS-1008# set ip dns server 10.10.30.69/24 secondary success: change accepted.

See Also:

• clear ip dns domain

• clear ip dns server

• set ip dns

• set ip dns domain

• show ip dns

set ip https server

Enables the HTTPS server on a DWS-1008 switch. The HTTPS server is required for Web View access to the switch.

Caution: If you disable the HTTPS server, Web View access to the switch is disabled.

Syntax: set ip https server {enable | disable}

enable Enables the HTTPS server.

disable Disables the HTTPS server.

Defaults: The HTTPS server is disabled by default.

Access: Enabled.

Examples: The following command enables the HTTPS server on a DWS-1008 switch:

DWS-1008# set ip https server enable success: change accepted.

See Also:

• clear ip telnet

• set ip telnet

• set ip telnet server

• show ip https

• show ip telnet

D-Link DWS-1008 CLI Manual 94

set ip route

Adds a static route to the IP route table.

Syntax: set ip route {default | ip-addr mask | ip-addr/mask-length} default-router metric

default Default route. A DWS-1008 switch uses the default route if an explicit route

is not available for the destination.

Note: default is an alias for IP address 0.0.0.0/0.

ip-addr mask IP address and subnet mask for the route destination, in dotted decimal notation (for example, 10.10.10.10 255.255.255.0).

ip-addr/mask-length IP address and subnet mask length in CIDR format (for example, 10.10.10.10/24).

default-router IP address, DNS hostname, or alias of the next-hop router.

metric Cost for using the route. You can specify a value from 0 through

2,147,483,647. Lower-cost routes are preferred over higher-cost routes.

Defaults: None.

Access: Enabled.

Usage: MSS can use a static route only if a direct route in the route table resolves the static

route. MSS adds routes with next-hop types Local and Direct when you add an IP interface to a VLAN, if the VLAN is up. If one of these added routes can resolve the static route, MSS can use the static route.

Before you add a static route, use the show interface command to verify that the switch has an IP interface in the same subnet as the route’s next-hop router. If not, the VLAN:Interface ﬁeld of the show ip route command output shows that the route is down.

You can conﬁgure a maximum of 4 routes per destination. This includes default routes, which have destination 0.0.0.0/0. Each route to a given destination must have a unique router address. When the route table contains multiple default or explicit routes to the same destination, MSS uses the route with the lowest cost. If two or more routes to the same destination have the lowest cost, MSS selects the ﬁrst route in the route table.

When you add multiple routes to the same destination, MSS groups the routes and orders them from lowest cost at the top of the group to highest cost at the bottom of the group. If you add a new route that has the same destination and cost as a route already in the table, MSS places the new route at the top of the group of routes with the same cost.

D-Link DWS-1008 CLI Manual 95

Examples: The following command adds a default route that uses default router 10.5.4.1 and gives the route a cost of 1:

DWS-1008# set ip route default 10.5.4.1 1 success: change accepted.

The following commands add two default routes, and conﬁgure MSS to always use the route through 10.2.4.69 when the switch interface to that default router is up:

DWS-1008# set ip route default 10.2.4.69 1 success: change accepted.

DWS-1008# set ip route default 10.2.4.17 2 success: change accepted.

The following command adds an explicit route from a DWS-1008 switch to any host on the

192.168.4.x subnet through the local router 10.5.4.2, and gives the route a cost of 1:

DWS-1008# set ip route 192.168.4.0 255.255.255.0 10.5.4.2 1 success: change accepted.

The following command adds another explicit route, using CIDR notation to specify the subnet mask:

DWS-1008# set ip route 192.168.5.0/24 10.5.5.2 1

success: change accepted.

See Also:

• clear ip route

• show interface

• show ip route

set ip snmp server

Enables or disables the SNMP service on the DWS-1008 switch.

Syntax: set ip snmp server {enable | disable}

enable Enables the SNMP service.

disable Disables the SNMP service.

Defaults: The SNMP service is disabled by default.

Access: Enabled.

D-Link DWS-1008 CLI Manual 96

Examples: The following command enables the SNMP server on a DWS-1008 switch:

DWS-1008# set ip snmp server enable

success: change accepted.

See Also:

• clear snmp trap receiver

• set port trap

• set snmp community

• set snmp trap

• set snmp trap receiver

• show snmp conﬁguration

set ip ssh

Changes the TCP port number on which a DWS-1008 switch listens for Secure Shell (SSH) management trafﬁc.

Caution: If you change the SSH port number from an SSH session, MSS immediately ends the session. To open a new management session, you must conﬁgure the SSH client to use the new TCP port number.

Syntax: set ip ssh port port-num

port-num TCP port number.

Defaults: The default SSH port number is 22.

Access: Enabled.

Examples: The following command changes the SSH port number on a DWS-1008 switch to

6000:

DWS-1008# set ip ssh port 6000 success: change accepted.

See Also:

• set ip ssh server

D-Link DWS-1008 CLI Manual 97

D-Link dws-1008 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Introducing the D-Link Mobility System

D-Link Mobility System

Text and Syntax: Conventions

Using the Command-Line Interface

CLI Conventions

Command Prompts

Syntax: Notations

Text Entry Conventions and Allowed Characters

MAC Address Notation

IP Address and Mask Notation

Globs

User Globs

MAC Address Globs

VLAN Globs

Matching Order for Globs

Port Lists

Command-Line Editing

Keyboard Shortcuts

History Buffer

Tabs

Single-Asterisk (*) Wildcard Character

Double-Asterisk (**) Wildcard Characters

Using CLI Help

Understanding Command Descriptions

Access Commands

disable

enable

quit

set enablepass

System Services Commands

clear banner motd

clear history

clear prompt

clear system

help

history

quickstart

set banner motd

set length

set license

set prompt

set system contact

set system country code

set system idle-timeout

set system location

set system name

show banner motd

show licenses

show load

show system

show tech-support

Port Commands

VLAN Commands

clear fdb

clear security l2-restrict

clear security l2-restrict counters

clear vlan

set fdb

set fdb agingtime

set security l2-restrict

set vlan name

set vlan port

show fdb

show fdb agingtime

show fdb count

show security l2-restrict

Quality of Service Commands

clear qos

set qos cos-to-dscp-map

set qos dscp-to-cos-map

show qos

show qos dscp-table

IP Services Commands

clear interface

clear ip alias

clear ip dns domain