D-Link DWL-8220AP - AirPremier Wireless Switch Dualband Access Point Manual do Utilizador

5DWS-1008 User’s Manual D-Link Systems, Inc.Installation OverviewInstallation OverviewCaution: The DWS-1008 switch has been designed and tested to be

95DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesYou must generate an SSH authentication key befo

96DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesChanging the SSH Service Port NumberTo change the SS

97DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesManaging TelnetTelnet requires a valid username and pas

98DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesChanging the Telnet Service Port NumberTo change the

99DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesConguring and Managing DNSYou can congure an Swit

100DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesEnabling or Disabling the DNS ClientThe DNS client is

101DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesAdding the Default Domain NameTo add the default domai

102DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesAdding an AliasTo add an alias, use the following comm

103DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesTo statically set the time and date: • Set the time z

104DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesClearing the Time ZoneTo clear the time zone, use the

6DWS-1008 User’s Manual D-Link Systems, Inc.Installation Hardware and ToolsCaution: To reduce the risk of equipment damage, make sure the switch is in

105DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesClearing the Summertime PeriodTo clear the summertime

106DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesMSS adjusts the NTP reply according to the followi

107DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesResetting the Update Interval to the DefaultTo reset t

108DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesDisplaying ARP Table EntriesTo display ARP table entri

109DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesTo change the aging timeout, use the following command

110DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesTo establish a Telnet session from the switch to 10.10

111DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesThe traceroute facility determines the address of the

112DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and Services* = From DHCPVLAN Name Address Mask Enabled

113DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesDWS-1008# show ip routeRouter table for IPv4Destinatio

114DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesDWS-1008# show summertimeSummertime is enabled, and se

7DWS-1008 User’s Manual D-Link Systems, Inc.Please read the following before you begin:Mobility System Software* (MSS) operates a D-Link Mobility Syst

115DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPConfiguring SNMPOverviewThe MSS SNMP engine (also called the SNMP server or agent) can ru

116DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPSetting the System Location and Contact StringsTo set the location and contact strings f

117DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPConguring Community Strings (SNMPv1 and SNMPv2c Only)To congure a community string for

118DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPCreating a USM User for SNMPv3 To create a USM user for SNMPv3, use the following comman

119DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPThe auth-type option species the authentication type used to authenticate communication

120DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPSetting SNMP SecurityBy default, MSS allows nonsecure SNMP message exchanges. You can co

121DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPConguring a Notication ProleA notification profile is a named list of all the

122DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMP • ClientDot1xFailureTraps - Generated when a client experiences an 802.1X failure

123DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMP • RFDetectClientViaRogueWiredAPTraps - Generated when MSS detects, on the wired p

124DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPCommand ExamplesThe following command changes the action in the default notication p

8DWS-1008 User’s Manual D-Link Systems, Inc.InstallationInstallationEquipment Rack Installation1. Remove the four bracket screws from each side of the

125DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPDWS-1008 set snmp notify prole snmpprof_rfdetect sendRFDetectSpoofedSsidAPTrapssuccess:

126DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPTo congure a notication target for informs from SNMPv2c, use the following command:set

127DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPThe security option species the security level, and is applicable only when

128DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPDisplaying SNMP InformationYou can display the following SNMP information: • Version a

129DWS-1008 User’s Manual D-Link Systems, Inc.Conguring SNMPDisplaying SNMP Statistics CountersTo display SNMP statistics counters, use the followin

130DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsConfiguring DWL-8220AP Access PointsDWL-8220AP access points contai

131DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsDirectly Connected DWL-8220APs and Distributed APsTo congure the swi

132DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Pointssubnet. If the AP is unable to locate an DWS-1008 on the subnet it is

133DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Pointson the other device:• Disable STP on the other device’s port.• Enable

134DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsAP ParametersThe table below summarizes parameters that apply to indi

9DWS-1008 User’s Manual D-Link Systems, Inc.Installation (continued)InstallationPowering On a DWS-1008 Switch (continued)4. Observe the power supply L

135DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsResiliency and Dual-Homing Options for APsAPs can support a wide vari

136DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsAP Boot ProcessA DWL-8220AP access point brings up the link on the AP

137DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Points• If an switch that receives the Find DWS-1008 message does not have

138DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Points6. The DNS server replies with the system IP address of an switch. •

139DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsSession Load BalancingYou can assign DWL-8220AP access points t

140DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Pointsauth-fallthru none Denies access to users who do not match an 802.1X

141DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Pointsshared-key-auth disable Does not use shared-key authentication.This p

142DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsPublic and Private SSIDsEach radio can support the following types of

143DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsEncryptionEncrypted SSIDs can use the following encryption methods:•

144DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Pointscountermeasures Not conguredDoes not issue countermeasures against a

10DWS-1008 User’s Manual D-Link Systems, Inc.Connecting to the NetworkUse the following procedures to connect a DWS-1008 switch to DWL-8220AP access p

145DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Pointsrts-threshold 2346 Transmits frames longer than 2346 bytes by means o

146DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Pointsvalues for each radio for optimal performance. For example, leaving t

147DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsTo verify the conguration change, use the following command:show sys

148DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Points============================================================= Fan sta

149DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsTo display the AP settings in the template, type the following comman

150DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsAPs that receive their congurations from the template also receive t

151DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsDisplaying Status Information for APs Congured by the TemplateTo dis

152DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsConguring AP Port ParametersTo congure a switch for connection to a

153DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Points802.1X Port uses authentication parameters congured for users.Port g

154DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsThe dap-num parameter identies the Distributed AP connection for

11DWS-1008 User’s Manual D-Link Systems, Inc.ConfigurationCongurationYou can use CLI (Command Line Interface) to congure a new switch or

155DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsChanging BiasThe CLI commands described in this section enable you to

156DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsTo enable or disable LED blink mode, use the following command:set {a

157DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsAP Security Requirements AP Security SettingAP Has FingerprintFingerp

158DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsThe ngerprint is displayed regardless of whether it has been veried

159DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsConguring a Service ProleA service prole is a set of parameters th

160DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsChanging the Fallthru Authentication TypeBy default, MSS denies acces

161DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsChanging the Beacon IntervalThe beacon interval is the rate at which

162DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsWhen a frame is long enough for the RTS/CTS method to be applicabl

163DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsChanging the Long Retry ThresholdThe long retry threshold species th

164DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsDisabling 802.11b Client Associations on 802.11b/g RadiosBy default,

12DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationCLI Quickstart CommandThe quickstart command runs a script that in

165DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsGenerally, clients assume access points require long preambles and

166DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsRemoving a Radio ProleTo remove a radio prole, use the following co

167DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsThe parameters are shown in separate commands for simplicity. However

168DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsTo map a radio prole to a service prole, use the following command:

169DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsDisabling or Reenabling All Radios Using a ProleTo disable or reenab

170DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsRestarting an APTo restart an access point, use the following command

171DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsTo display conguration information for a Distributed AP access point

172DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsDisplaying Connection Information for Distributed APsA Distributed AP

173DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsTo display radio prole information for the default radio prole, typ

174DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access PointsRadio 2 type: 802.11a, state: configure succeed [Enabled] operati

13DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationTo run the quickstart command:1. Attach a PC to the DWS-1008 sw

175DWS-1008 User’s Manual D-Link Systems, Inc.Conguring DWL-8220AP Access Points TxUniPkt TxUniByte RxPkt RxByte Un

176DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User EncryptionConfiguring User EncryptionMobility System Software (MSS) encrypts wireless use

177DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption177D-Link Systems, Inc.The table below lists the encryption types supported by

178DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption178D-Link Systems, Inc.Conguring WPAWi-Fi Protected Access (WPA) is a s

179DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption179D-Link Systems, Inc.• If the recalculated MIC does not match the MIC receiv

180DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption180D-Link Systems, Inc.Note: For a MAC client that authenticates using a PSK,

181DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption181D-Link Systems, Inc.The table below lists the encryption support for WPA an

182DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption182D-Link Systems, Inc.To create a new service prole named wpa, type the foll

183DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption183D-Link Systems, Inc.set service-prole name tkip-mc-time wait-timeTo change

184DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption184D-Link Systems, Inc.Examples: To congure service prole wpa to use

14DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)Conguration • Administrative user admin1, with password letmein. The only manag

185DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption185D-Link Systems, Inc.Assigning the Service Prole to Radios and Enabling the

186DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption186D-Link Systems, Inc.If you plan to use PSK authentication, you also need to

187DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption187D-Link Systems, Inc.After you type this command, the service prole support

188DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption188D-Link Systems, Inc.Conguring WEPWired-Equivalent Privacy (WEP) is a secur

189DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption189D-Link Systems, Inc.The key value parameter specifies the hexadecimal value

190DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption190D-Link Systems, Inc.Encryption Conguration ScenariosThe following scenario

191DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption191D-Link Systems, Inc.6. Map service prole wpa to radio prole rp1. Type the

192DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption192D-Link Systems, Inc.2. Create a service prole named wpa-wep for the SSID.

193DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption193D-Link Systems, Inc.8. Apply radio prole rp2 to radio 1 on port 5 and to r

194DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption194D-Link Systems, Inc.3. Add MAC users to MAC user group wpa-for-mac. Type th

DWS-1008 User’s Manual D-Link Systems, Inc.ITable of ContentsTable of ContentsProduct ContentsSystem RequirementsIntroductionHardware OverviewFeatures

15DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationDWS-1008-aabbcc# quickstartThis will erase any existing config. Contin

195DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption195D-Link Systems, Inc.8. Enable the WEP40 cipher suite in service prole wpa-

196DWS-1008 User’s Manual D-Link Systems, Inc.Conguring User Encryption196D-Link Systems, Inc.DWS-1008# show ap congPort 4: AP model: DWL-8220AP, P

197DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-TuningConfiguring RF Auto-TuningRF AutoTuning OverviewThe RF AutoTuning feature dynami

198DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-TuningChannel and Power TuningRF AutoTuning can change the channel or power of a radi

199DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-Tuning• Utilization, calculated based on the number of multicast packets per second t

200DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-Tuningchannel-interval 3600 Every 3600 seconds, MSS examines the RF information gathe

201DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-Tuningmax-retransmissions 10 If more than 10% of the packets received by the radio fr

202DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-TuningChanging RF AutoTuning Settings

203DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-TuningChanging Power Tuning SettingsEnabling Power TuningRF AutoTuning for power is d

204DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-TuningChanging the Maximum Default Power Allowed On a RadioBy default, the maximum de

16DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)Conguration6. Optionally, enable Telnet.DWS-1008-aabbcc# set ip telnet server e

205DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-TuningDisplaying RF AutoTuning InformationYou can display the RF AutoTuning congurat

206DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-TuningTo display the RF AutoTuning and other individual radio settings on b

207DWS-1008 User’s Manual D-Link Systems, Inc.Conguring RF Auto-TuningDisplaying RF AttributesTo display the current values of the RF attributes RF A

208DWS-1008 User’s Manual D-Link Systems, Inc.Wi-Fi MultimediaWi-Fi MultimediaMSS supports Wi-Fi Multimedia (WMM). WMM provides wireless Quali

209DWS-1008 User’s Manual D-Link Systems, Inc.Wi-Fi MultimediaQoS on a DWL-8220APDWL-8220AP access points use forwarding queues to prioritize t

210DWS-1008 User’s Manual D-Link Systems, Inc.Wi-Fi MultimediaDisplaying the WMM StateTo display the WMM state for a radio prole, use the following c

211DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STPConfiguring and Managing Spanning Tree ProtocolThe purpose of the Spanning

212DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP212D-Link Systems, Inc.Bridge PriorityThe bridge priority determines the swit

213DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP213D-Link Systems, Inc.Changing the Bridge PriorityTo change the bridge prior

214DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP214D-Link Systems, Inc.The command applies only to the ports you specify. The

17DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationAccessing the CLITo enter the conguration commands in this section,

215DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP215D-Link Systems, Inc.Changing Spanning Tree TimersYou can change the follow

216DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP216D-Link Systems, Inc.Changing the STP Maximum AgeTo change the maximum age,

217DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP217D-Link Systems, Inc.Uplink Fast ConvergenceUplink fast convergence enables

218DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP218D-Link Systems, Inc.Conguring Backbone Fast ConvergenceTo enable or disab

219DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP219D-Link Systems, Inc.Displaying Spanning Tree InformationYou can use CLI co

220DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP220D-Link Systems, Inc.Displaying the STP Port Cost on a VLAN BasisTo display

221DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP221D-Link Systems, Inc.To display STP statistics for port 1, type the followi

222DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP222D-Link Systems, Inc.bridge forward delay 15topology change initiator

223DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP223D-Link Systems, Inc.DWS-1008# show port statusPort Name Admin Oper

224DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing STP224D-Link Systems, Inc.Bridge ID Priority 32768Bridge Max Age 20 se

18DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguration OverviewTo congure a DWS-1008 switch for basic s

225DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IGMP SnoopingConfiguring and ManagingIGMP SnoopingInternet Group Management Pr

226DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IGMP SnoopingDWS-1008 User’s Manual Note: D-Link recommends that you use the pse

227DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IGMP SnoopingDWS-1008 User’s Manual Changing the Query Response IntervalTo set t

228DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IGMP SnoopingDWS-1008 User’s Manual Conguring Static Multicast PortsA DWS-1008

229DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IGMP SnoopingDWS-1008 User’s Manual To display multicast information for VLAN or

230DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IGMP SnoopingDWS-1008 User’s Manual Displaying Multicast Statistics OnlyTo displ

231DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IGMP SnoopingDWS-1008 User’s Manual Displaying Multicast ReceiversTo display inf

232DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsConfiguring and ManagingSecurity ACLsAbout Security Access Control L

233DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsOverview of Security ACL CommandsThe gure below provides a visual

234DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsCreating and Committing a Security ACLThe security ACLs you create

19DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguring an Enable PasswordD-Link recommends that you congure

235DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsCommon IP Protocol NumbersNumber IP Protocol1 Internet Message Cont

236DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsClass of ServiceClass-of-service (CoS) assignment determines the pr

237DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsThe before 1 portion of the ACE places it before any others in the

238DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsSetting a TCP ACLThe following command lters TCP packets: set secu

239DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsCommitting a Security ACLTo put the security ACLs you have created

240DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsViewing Committed Security ACLsTo view a summary of the committed s

241DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsDisplaying Security ACL HitsOnce you map an ACL, you can view the n

242DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsMapping Security ACLsUser-based security ACLs are mapped to an

243DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsMapping Target CommandsUser authenticated by a passwordset user use

244DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsDisplaying ACL Maps to Ports, VLANs, and Virtual PortsTwo commands

20DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguring the Time and DateTo set the system time and date:1. Set th

245DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsconguration in the local database on the switch or on the RADIUS s

246DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLs DWS-1008# set security acl ip acl-violet permit 192.168.123.11 0.

247DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLs DWS-1008# show security acl info all ACL information for all se

248DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLs DWS-1008# show security acl info all ACL information for all se

249DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLs DWS-1008# show security acl info all editbuffer ACL edit-buffer

250DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsDWS-1008# set security acl map acl1 dap 2 outsuccess: change accept

251DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsWMM Priority DesiredCLI CoS Value to EnterBackground 1 or 2Best eff

252DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLs DWS-1008# commit security acl voip4. Map the ACL to the outbound

253DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLsSecurity ACL Conguration ScenarioThe following scenario illustrate

254DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Security ACLs7. To save your conguration, type the following command: DWS-1008

21DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationAdditional commands congure an NTP server and enable the switch’s NT

255DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and CerticatesA digital certicate is a form of electronic identication for computers.

256DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and Certicates2. Inside the switch’s digital certicate is the switch’s public key, which

257DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and CerticatesPublic Key InfrastructuresA public-key infrastructure (PKI) is a system of

258DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and CerticatesPKCS #7, PKCS #10, and PKCS #12 Object FilesPublic-Key Cryptography Standar

259DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and CerticatesPKCS #12 Personal Information Exchange Syntax StandardContains a certicate

260DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and Certicates• PKCS #12 object le certicate - More secure than using self-signed certi

261DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and CerticatesYou must include a common name (string) when you generate a self-signed cer

262DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and Certicates3. Unpack the PKCS #12 object le into the certicate and key storage area

263DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and CerticatesInstalling a CA’s Own CerticateIf you installed a CA-signed certicate fro

264DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and CerticatesKey and Certicate Conguration ScenariosThe rst scenario shows how to gen

22DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguring IP ConnectivityTo congure IP connectivity:1. Congure a V

265DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and Certicates4. Display certicate information for verication:DWS-1008# show crypto cer

266DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and CerticatesInstalling CA-Signed Certicates from PKCS #12 Object FilesThis scenario

267DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and CerticatesInstalling CA-Signed Certicates Using a PKCS #10 Object File (CSR) and a P

268DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and Certicates8. Paste the signed certicate text block into the switch’s CLI, below the

269DWS-1008 User’s Manual D-Link Systems, Inc.Managing Keys and CerticatesNotes

270DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersConfiguring AAA for Network UsersAbout AAA for Network UsersNetwork users

271DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersThe username or MAC address can be an exact match or can match a usergl

272DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersLast-resort is described in Authentication Types. None means the

273DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network Users• For a user to be successfully authenticated by an 802.1X rule, the us

274DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network Users• Mobility-Prole - Controls the switch ports a user can access. For wi

23DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationNote: To avoid confusion, do not assign numbers as VLAN nam

275DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersAAA for network users controls and monitors their use of the network:•

276DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network Users“Globs” and Groups for Network User Classication“Globbing” lets you cla

277DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersLocal Override ExceptionThe one exception to the operation described in

278DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network Users3. If server-2 does not respond, because the switch has no more servers

279DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersPEAP-MS-CHAP-V2(Protected EAP with Microsoft Challenge Handshake Authent

280DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersEffects of Authentication Type on Encryption MethodWireless users who ar

281DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network Users2. The rst command whose SSID and user glob matches the SSID and incomi

282DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersFor example, the following command authenticates 802.1X user Jose for wi

283DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersThe authentication rule for the machine must be higher up in the list of

284DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersIf a Bonded Auth user’s session is ended due to 802.1X reauthenti

24DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationVerifying IP ConnectivityTo verify that the switch can send and recei

285DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersThe following command sets the Bonded Auth period to 60 seconds, to allo

286DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersUsers authorized by MAC address require a MAC authorization pas

287DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersFor example, the following command removes MAC user 01:0f:03:04:05:06 fr

288DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersFor example, to add the MAC user 00:01:02:03:04:05 to VLAN red:DWS-1008#

289DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersConguring Last-Resort AccessUsers who are not authenticated and authori

290DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersConguring AAA for Users of Third-Party APsA switch can provide netw

291DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersRequirementsThird-Party AP Requirements• The third-party AP must be con

292DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersConguring Authentication for 802.1X Users of a Third-Party AP with Tagg

293DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersThe following command congures a MAC authentication rule that matches o

294DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersConguring Access for Any Users of a Non-Tagged SSIDIf SSID trafc from

DWS-1008 User’s Manual D-Link Systems, Inc.IILogging In to a Remote DeviceTracing a RouteIP Interfaces and Services Conguration ScenarioConguring SN

25DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationSpecifying the Country of OperationYou must specify the country in wh

295DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersAuthentication Attributes for Local Users Attribute Description Valid V

296DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network Userslter-id(network access mode only)Security access control list (ACL), to

297DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network Usersservice-type Type of access the user is requesting.One of the following

298DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network Usersssid(network access mode only)SSID the user is allowed to access after a

299DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network Usersvlan-name(network access mode only)Virtual LAN (VLAN) assignment.Note:

300DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersAssigning a Security ACL to a User or a GroupOnce a security access

301DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersThe following command applies the incoming lters of acl-101 to the user

302DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersAssigning and Clearing Encryption Types LocallyTo restrict wireless uses

303DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersAssigning and Clearing Encryption Types on a RADIUS ServerTo assign or d

304DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersHow the Location Policy Differs from a Security ACLAlthough structurally

26DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationThe following example sets the country code to US (United States) and

305DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersApplying Security ACLs in a Location Policy RuleWhen reassigning securit

306DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersTo move the rst rule to the end of the list and display the results, ty

307DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersUsername UsernameSession duration Session durationTimestamp TimestampVLA

308DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersThe user started on DWS-1008-0013:DWS-1008-0013# show accounting statist

309DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersDisplaying the AAA CongurationTo view the results of the AAA commands y

310DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersAvoiding AAA Problems in Conguration OrderUsing the Wildcard “Any” as t

311DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersYou then set up PEAP-MS-CHAP-V2 authentication and authorization

312DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersConguring a Mobility ProleA Mobility Prole is a way of specifying, on

313DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersTo display the name of each Mobility Prole and its ports, type the foll

314DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersThis command applies the access list named acl-101 to each user at EXAMP

27DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationTo verify the conguration change, use the following command:show sys

315DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network Usersset accounting dot1x ssid mycorp EXAMPLE\* stop-only localset authentica

316DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersEnabling PEAP-MS-CHAP-V2 AuthenticationThe following example illustra

317DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersEnabling PEAP-MS-CHAP-V2 OfoadThe following example illustrates how to

318DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersCombining EAP Ofoad with Pass-Through AuthenticationThe following examp

319DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Network UsersOverriding AAA-Assigned VLANsThe following example shows how to change t

320DWS-1008 User’s Manual D-Link Systems, Inc.Conguring Communication with RADIUSConfiguring Communication with RADIUSRADIUS OverviewRemote Authentica

321DWS-1008 User’s Manual D-Link Systems, Inc.Conguring Communication with RADIUSIf a server does not respond before the last request attempt times o

322DWS-1008 User’s Manual D-Link Systems, Inc.Conguring Communication with RADIUSSetting the System IP Address as the Source AddressBy default, RADIU

323DWS-1008 User’s Manual D-Link Systems, Inc.Conguring Communication with RADIUSNote: You must provide RADIUS servers with names that are unique. To

324DWS-1008 User’s Manual D-Link Systems, Inc.Conguring Communication with RADIUSNote: Any RADIUS servers that do not respond are marked dead (unavai

28DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguring for Authenticating UsersA DWS-1008 switch can provide auth

325DWS-1008 User’s Manual D-Link Systems, Inc.Conguring Communication with RADIUSThe following command disables load balancing for a server group:cle

326DWS-1008 User’s Manual D-Link Systems, Inc.Conguring Communication with RADIUSFor example, to delete the server group shorebirds, type the followi

327DWS-1008 User’s Manual D-Link Systems, Inc.Conguring Communication with RADIUS6. Display the conguration. Type the following command:DWS-1008# sh

328DWS-1008 User’s Manual D-Link Systems, Inc.Managing 802.1XManaging 802.1XCertain settings for IEEE 802.1X sessions on the DWS-1008 switch are enabl

329DWS-1008 User’s Manual D-Link Systems, Inc.Managing 802.1XFor example, the following command forces port 19 to unconditionally authenticate all 802

330DWS-1008 User’s Manual D-Link Systems, Inc.Managing 802.1XConguring 802.1X Key Transmission Time IntervalsThe following command sets the number of

331DWS-1008 User’s Manual D-Link Systems, Inc.Managing 802.1XUse the following command to disable WEP rekeying for broadcast and multicast keys:DWS-10

332DWS-1008 User’s Manual D-Link Systems, Inc.Managing 802.1XNote: To support SSIDs that have both 802.1X and static WEP clients, MSS sends a maximum

333DWS-1008 User’s Manual D-Link Systems, Inc.Managing 802.1XNote: If the number of reauthentications for a wired authentication client is greater tha

334DWS-1008 User’s Manual D-Link Systems, Inc.Managing 802.1XTo reset the Bonded Auth period to its default value, use the following command:clear dot

29DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguring APs for Wireless UsersA wireless user makes a wireless con

335DWS-1008 User’s Manual D-Link Systems, Inc.Managing 802.1XSetting the 802.1X Timeout for a ClientUse the following command to set the number of s

336DWS-1008 User’s Manual D-Link Systems, Inc.Managing 802.1XViewing 802.1X ClientsType the following command to display active 802.1X clients:DWS-100

337DWS-1008 User’s Manual D-Link Systems, Inc.Managing 802.1X port 5, authcontrol: auto, max-sessions: 16 port 6, authcontrol: auto, max

338DWS-1008 User’s Manual D-Link Systems, Inc.Managing SessionsManaging SessionsAbout the Session ManagerA session is a related set of communic

339DWS-1008 User’s Manual D-Link Systems, Inc.Managing SessionsTo clear the sessions of all administrative users, type the following command:DWS-1008#

340DWS-1008 User’s Manual D-Link Systems, Inc.Managing SessionsTo clear the administrative sessions of Telnet clients, use the following command:clear

341DWS-1008 User’s Manual D-Link Systems, Inc.Managing SessionsDisplaying Verbose Network Session InformationIn the show sessions network commands, yo

342DWS-1008 User’s Manual D-Link Systems, Inc.Managing SessionsDWS-1008# show sessions network user E*User Sess IP or MAC

343DWS-1008 User’s Manual D-Link Systems, Inc.Managing SessionsFor example, to clear all sessions for MAC address 00:01:02:04:05:06, type the followin

344DWS-1008 User’s Manual D-Link Systems, Inc.Managing SessionsAuthentication Method: PEAP, using server 192.168.142.7Session statistics as updated fr

30DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationThe image below shows examples of direct and network DWL-822

345DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresRogue Detection and CountermeasuresAP radios automatically scan the

346DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresRogue Detection ListsRogue detection lists specify the third-party de

347DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresRadios perform both types of scans on all channels allowed for the co

348DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresDynamic Frequency Selection (DFS)Some regulatory domains require conf

349DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresPermitted vendor listList of OUIs to allow on the network. An OUI is

350DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresActive scan Active scan sends probe any requests (probes with a null

351DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresThe following example shows the permitted vendor list on switch:DWS-1

352DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresThe following example shows the permitted SSID list on the switch:DWS

353DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresThe following example shows the client black list on switch:DWS-1008#

354DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresTo remove a MAC address from the attack list, use the following comma

31DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationThe following sections list the conguration requirements for

355DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresEnabling CountermeasuresCaution: Countermeasures affect wireless serv

356DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresEnabling AP SignaturesAn AP signature is a set of bits in a managemen

357DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresFlood AttacksA ood attack is a type of Denial of Service attack. Dur

358DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and Countermeasures• Fake AP - A rogue device sends beacon frames for randomly

359DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresDisallowed Devices or SSIDsYou can congure the following types of li

360DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresManagement frame 7 oodClient aa:bb:cc:dd:ee:ff is sending rsvd mgmt

361DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresFake AP SSID (when source MAC address is known)FakeAP SSID attack det

362DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresDisplaying RF Detection InformationYou can use the CLI commands liste

363DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresDisplaying Rogue ClientsTo display the wireless clients detected by a

364DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresDWS-1008# show rfdetect countersType Current Total--

32DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationDNS - If the intermediate network between the switch and Distributed

365DWS-1008 User’s Manual D-Link Systems, Inc.Rogue Detection and CountermeasuresDisplaying the APs Detected by an AP RadioTo displays the APs detecte

366DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesManaging System FilesA DWS-1008 switch contains nonvolatile storage. MSS allo

367DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesKernel: 3.0.0#43: Wed Jun 30 05:17:44 PDT 2004BootLoader: 1.19 /

368DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesIn this example, the switch is running software version 1.1.0. The switch used the

369DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesThe following command displays the les in the old subdirectory:DWS-1008# dir old==

370DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesNote: You can copy a le from an switch to a TFTP server or from a TFTP server to a

371DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesTo copy le corpa-login.html from a TFTP server into subdirectory corpa

372DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesDWS-1008# mkdir corp2success: change accepted.DWS-1008# dir========================

373DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesThis section describes how to display the running conguration and the conguration

374DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesTo display only the VLAN conguration commands, type the following command:DWS-1008

33DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguring for a Directly-Connected APCaution: When you set the port

375DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesLoading a Conguration FileCaution: This command completely removes the running con

376DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesBacking Up and Restoring the SystemMSS has commands that enable you to easily backu

377DWS-1008 User’s Manual D-Link Systems, Inc.Managing System FilesCaution: Do not use the force option unless advised to do so by D-Link TAC. If you

378DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingTroubleshootingSome common problems that occur during installation and

379DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingClient cannot access the network.This symptom has more than one possible cau

380DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingRecovering the System PasswordYou can recover the system enable password if

381DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingLog Message ComponentsEach log message contains the following components: Fi

382DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingSpecifying a severity level sends log messages for events or conditions at t

383DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingTo stop sending messages to a syslog server, use the following command:clear

384DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingTo lter the event log by MSS area, use the facility facility-name keyword.

34DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationThe following example sets ports 1, 2, and 4 for the DWL-8220AP acces

385DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingLogging Messages to a Syslog ServerTo send event messages to a syslog server

386DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingChanging the Current Telnet Session DefaultsBy default, log information is n

387DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingDisplaying the Log CongurationTo display your current log conguration, typ

388DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingTracing Authentication ActivityTracing authentication activity can help you

389DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingDWS-1008# show tracemilliseconds spent printing traces: 31.945Trace Area

390DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingDisplaying Trace ResultsTo view the output of currently running trace comman

391DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingClearing the Trace LogTo clear all messages from the trace log buffer, type

392DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - Troubleshootingset authentication dot1x *@xmpl.com pass-through sg1set authentication dot1x

393DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingRemotely Monitoring TrafcRemote trafc monitoring enables you to snoop wire

394DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - Troubleshooting• If the snoop lter is running on a Distributed AP, and the AP used a DHCP

DWS-1008 User’s Manual D-Link Systems, Inc.IIIConguring and Managing IGMP SnoopingDisabling or Reenabling IGMP SnoopingDisabling or Reenabling Proxy

35DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationNote: You can congure an AP conguration template for automatically

395DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingIf you omit a condition, all packets match that condition. For example, if y

396DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingMapping a Snoop Filter to a RadioYou can map a snoop lter to a radio on a D

397DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - Troubleshootingclear snoop map filter-name dap dap-num radio {1 | 2}The following command re

398DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - TroubleshootingDWS-1008# show snoop stats snoop1Filter Dap Radio Rx Match Tx M

399DWS-1008 User’s Manual D-Link Systems, Inc.Appendix A - Troubleshooting To disable the decryption option in Ethereal:a. In the decode window, rig

400DWS-1008 User’s Manual D-Link Systems, Inc.Appendix B - Supported RADIUS AttribitesSupported RADIUS AttributesD-Link’s Mobility System Software

401DWS-1008 User’s Manual D-Link Systems, Inc.Appendix B - Supported RADIUS AttribitesService-Type5 No Yes Yes Access type, which can be one of the fo

402DWS-1008 User’s Manual D-Link Systems, Inc.Appendix B - Supported RADIUS AttribitesClass 25 Yes No Yes If received, this information must be sent o

403DWS-1008 User’s Manual D-Link Systems, Inc.Appendix B - Supported RADIUS AttribitesAcct-Input- Octets42 No No Yes Number of octets received from th

404DWS-1008 User’s Manual D-Link Systems, Inc.Appendix B - Supported RADIUS AttribitesAcct-Input- Gigawords52 No No YesNumber of times the Acct-Input

36DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationCongure the same Distributed AP on each of the switches you want to

405DWS-1008 User’s Manual D-Link Systems, Inc.Appendix C - DHCP ServerDHCP ServerMSS has a DHCP server that the switch uses to allocate IP addresses t

406DWS-1008 User’s Manual D-Link Systems, Inc.Appendix C - DHCP ServerHow the MSS DHCP Server WorksWhen MSS receives a DHCP Discover packet, the DHCP

407DWS-1008 User’s Manual D-Link Systems, Inc.Appendix C - DHCP ServerThe following command enables the DHCP server on VLAN red-vlan to serv

408DWS-1008 User’s Manual D-Link Systems, Inc.Appendix C - DHCP Server DHCP Clients: Hardware Address: 00:01:02:03:04:05 State:

409DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryGlossary3DESA three-round application of the Data Encryption Standard (DES) that us

410DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - Glossary802.11An IEEE LAN specication that denes the mobile (wireless) network access lin

411DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - Glossaryaccess control listSee security ACL.access point (AP)A hardware unit that acts

412DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryattributeIn authentication, authorization, and accounting (AAA), a property used to

413DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryBSSBasic service set. A set of wireless stations that communicate with one another

414DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryChallenge Handshake Authentication ProtocolSee CHAP.CHAPChallenge Handshake Authe

37DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguring a Service ProleA service prole controls advertisement

415DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossarycryptographyThe science of information security. Modern cryptography is typ

416DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryDHCPDynamic Host Conguration Protocol. A protocol that dynamically assigns

417DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryDSSSDirect-sequence spread-spectrum. One of two types of spread-spectrum radio te

418DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryEAP over LANSee EAPoL.EAP over WirelessSee EAPoL.EAPoWSee EAPoL.EAPTLSExtensible Au

419DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryETSIEuropean Telecommunications Standards Institute. A nonprot organization that e

420DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - Glossaryforwarding database (FDB)A database maintained on a DWS-1008 switch for the purpose

421DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - Glossarygroup transient keySee GTK.H.323A set of International Telecommunications Union Tel

422DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryIEEEInstitute of Electrical and Electronic Engineers. An American professio

423DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - Glossaryintegrity check valueSee ICV.interfaceA place at which independent systems meet and

424DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryLDAPLightweight Directory Access Protocol. A protocol dened in RFC 1777 f

38DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationParameter Default Value Radio Behavior When Parameter Set To D

425DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryMAC service data unitSee MSDU.master secretA code derived from the pre-master

426DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - Glossaryminimum data transmit rateThe lowest rate at which a DWL-8220AP access point can tr

427DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - Glossarynetwork address translationSee NAT.nonvolatile storageA way of storing images and c

428DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryPer-VLAN Spanning Tree protocolSee PVST+.PIMProtocol Independent Multicast protocol

429DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryPoE Power over Ethernet. A technology, dened in the developing IEEE 802.3

430DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryPRNGPseudorandom number generator. An algorithm of predictable behavior that

431DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryQoSQuality of service. A networking technology that seeks to measure, improve, and

432DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - Glossaryrestricted accessPermission to use most Mobility System Software (MSS) comm

433DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryscalabilityThe ability to adapt easily to increased or decreased requireme

434DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossarySIPSession Initialization Protocol. A signaling protocol that establishes r

39DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationTo create a service prole and assign an SSID to it, use the followin

435DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - Glossarysyslog serverA remote repository for log messages. D-Link Mobility System Software

436DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryTTLSTunneled Transport Layer Security. An Extensible Authentication Protocol

437DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - Glossaryuser globA D-Link convention for matching fully qualied structured usernames or se

438DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryVSAVendor-specic attribute. A type of RADIUS attribute that enables a ve

439DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryWired-Equivalent Privacy protocolSee WEP.Wireless Ethernet Compatibility AllianceSe

440DWS-1008 User’s Manual D-Link Systems, Inc.Appendix D - GlossaryX.500A standard of the International Organization for Standardization (ISO)

441DWS-1008 User’s Manual D-Link Systems, Inc.Hardware SpecicationsPhysical and Environmental• Dimensions (W x D x H): 17.4 x 8.2 x 1.72 in (44.2 x

442DWS-1008 User’s Manual D-Link Systems, Inc.Technical Specifications (continued)Appendix E - Technical SpecicationsEMI / EMC• FCC PART 15 • ICES PAR

443DWS-1008 User’s Manual D-Link Systems, Inc.Technical Specifications (continued)Appendix E - Technical SpecicationsGeneral• RFC 1122 Host requiremen

444DWS-1008 User’s Manual D-Link Systems, Inc.WarrantyAppendix F - WarrantySubject to the terms and conditions set forth herein, D-Link Systems, Inc.

40DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationThe following command congures radio prole rp1:DWS-1008# set radio-

445DWS-1008 User’s Manual D-Link Systems, Inc.Except as otherwise agreed by D-Link in writing, the replacement Software is provided only to the origin

446DWS-1008 User’s Manual D-Link Systems, Inc.D-Link may reject or return any product that is not packaged and shipped in strict compliance with the f

447DWS-1008 User’s Manual D-Link Systems, Inc.Limitation of Liability:TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLE UNDER ANY CONTRACT,

448DWS-1008 User’s Manual D-Link Systems, Inc.FCC Statement: This equipment has been tested and found to comply with the limits for a Class B digital

449DWS-1008 User’s Manual D-Link Systems, Inc.RegistrationAppendix G - RegistrationRevised: April 26, 2006 Version 1.1Product registration is entirely

41DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationParameter Default Value Radio Behavior When Parameter Set To D

42DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationThe following command congures radio 1 (the 802.11b/g radio) on Dist

43DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationHere is an example:DWS-1008# show ap cong 1Port 1: AP model: dwl-822

44DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguring User AuthenticationMSS provides the following types of aut

DWS-1008 User’s Manual D-Link Systems, Inc.IVManaging 802.1XManaging 802.1X on Wired Authentication PortsManaging 802.1X Encryption KeysManaging 802.1

45DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)Conguration• Local - The switch performs all authentication with information in

46DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguring RADIUS Servers for Pass-Through AuthenticationTo congure

47DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationDWS-1008# show aaaDefault Valuesauthport=1812 acctport=1813 timeout=5

48DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationAuthentication Example for Users in a UNIX DomainThe following comman

49DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationConguring EAP Ofoad with Server AuthenticationYou can congure a DW

50DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationDWS-1008# show aaaDefault Valuesauthport=1812 acctport=1813 timeout=5

51DWS-1008 User’s Manual D-Link Systems, Inc.Configuration (continued)CongurationThe following command displays the beginning of the congurat

52DWS-1008 User’s Manual D-Link Systems, Inc.Configuring AAA for Administrative and Local AccessOverview of AAA for Administrative and Local AccessD-Li

53DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Administrative and Local Access• Accounting for administrative access sessions. Accoun

54DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Administrative and Local AccessTypes of Administrative AccessMSS allows you access to

1DWS-1008 User’s Manual D-Link Systems, Inc.Product ContentsProduct ContentsDWS-1008 8-Port Wireless SwitchPower SupplySerial Cable for Connection to

55DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Administrative and Local AccessSetting the DWS-1008 Switch Enable PasswordThere is one

56DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Administrative and Local Access2. To enforce the use of console authentication via the

57DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Administrative and Local AccessSetting User PasswordsLike usernames, passwords are cas

58DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Administrative and Local AccessTo congure accounting for administrative logins over t

59DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Administrative and Local AccessDisplaying the AAA CongurationTo display your AAA con

60DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Administrative and Local AccessAdministrative AAA Conguration ScenariosThe following

61DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Administrative and Local AccessDWS-1008# set authentication admin * sg1success: change

62DWS-1008 User’s Manual D-Link Systems, Inc.Conguring AAA for Administrative and Local AccessAuthentication When RADIUS Servers Do Not RespondThis

63DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsConfiguring and ManagingPorts and VLANsYou can congure and display

64DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsTo set ports 4 through 6 for the DWL-8220AP and enable PoE on the

2DWS-1008 User’s Manual D-Link Systems, Inc.IntroductionThe D-Link® AirPremier® MobileLAN™ DWS-1008 is a wireless LAN switch optimized for deployme

65DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsSetting a Port for a Wired Authentication UserTo set a port for a

66DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsClearing a Port (continued)Note: If clients are connected to

67DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsConguring Port Operating ParametersAutonegotiation is enabled by

68DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsResetting a PortYou can reset a port by toggling its link state an

69DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsDisplaying PoE StateTo display the PoE state of a port, use the fo

70DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsMonitoring Port StatisticsYou can display port statistics in a for

71DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsTo cycle the display to the next set of statistics, press the Spac

72DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsConguring a Port Group (continued)After you congure a port g

73DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsInteroperating with Cisco Systems EtherChannelLoad-sharing port gr

74DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsNote. A wireless client cannot join a VLAN if the physical ne

3DWS-1008 User’s Manual D-Link Systems, Inc.Hardware OverviewHardware Overview (Front Panel)Console Port:The serial console port provides a direct man

75DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsTrafc ForwardingA DWS-1008 switch switches trafc at Layer 2 amon

76DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsCreating a VLANTo create a VLAN, use the following command:set vla

77DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsRemoving an Entire VLAN or a VLAN PortTo remove an entire VLAN or

78DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsTo display information for VLAN burgundy, type the following comma

79DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsHow Entries Enter the Forwarding DatabaseAn entry enters the forwa

80DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsUse a colon between each byte in the address (for example, 11:22:3

81DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsTo clear all dynamic forwarding database entries that match all VL

82DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANs1. Assign names to ports to identify their functions, and verify t

83DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANsBoot Time: 2000-03-18 22:59:19Uptime: 0 days 00:13:45=============

84DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANs4. Congure port 5 and 6 as wired authentication ports and verify

4DWS-1008 User’s Manual D-Link Systems, Inc.FeaturesPower Features Power supplies - The DWS-1008 switch contains one 100-120 VAC auto-sensing AC p

85DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing Ports and VLANs7. Save the conguration. Type the following command:DWS-1008# sav

86DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesConfiguring and Managing IP Interfaces and ServicesMTU S

87DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesAdding an IP InterfaceYou can add an IP interface to a

88DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and Services• If the address is not in use, MSS congures the VLAN

89DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesThe IP interface table ags the address assigned by a D

90DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesConguring the System IP AddressYou can designate one o

91DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesIf the IP route table contains an explicit route for a

92DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesThis example also shows two static routes, which have a

93DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesTo add two default routes and congure MSS to always us

94DWS-1008 User’s Manual D-Link Systems, Inc.Conguring and Managing IP Interfaces and ServicesManaging SSHMSS supports Secure Shell (SSH) Version 2.