1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DGS-3612
    5. /
  5. 125
Page 621 / 757 Scroll up to view Page 616 - 620
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
617
enable ssl
Purpose
To enable the SSL function on the Switch.
Syntax
enable ssl {ciphersuite {RSA_with_RC4_128_MD5 | RSA_with_3DES_EDE_CBC_SHA |
DHE_DSS_with_3DES_EDE_CBC_SHA | RSA_EXPORT_with_RC4_40_MD5}}
Description
This command will enable SSL on the Switch by implementing any one or combination of listed
ciphersuites on the Switch. Entering this command without a parameter will enable the SSL
status on the Switch. Enabling SSL will disable the web-manager on the Switch.
Parameters
ciphersuite
– A security string that determines the exact cryptographic parameters, specific
encryption algorithms and key sizes to be used for an authentication session. The user may
choose any combination of the following:
RSA_with_RC4_128_MD5
– This ciphersuite combines the RSA key exchange,
stream cipher RC4 encryption with 128-bit keys and the MD5 Hash Algorithm.
RSA_with_3DES_EDE_CBC_SHA
– This ciphersuite combines the RSA key
exchange, CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm.
DHE_DSS_with_3DES_EDE_CBC_SHA
– This ciphersuite combines the DSA Diffie
Hellman key exchange, CBC Block Cipher 3DES_EDE encryption and SHA Hash
Algorithm.
RSA_EXPORT_with_RC4_40_MD5
– This ciphersuite combines the RSA Export key
exchange, stream cipher RC4 encryption with 40-bit keys.
The ciphersuites are enabled by default on the Switch, yet the SSL status is disabled by
default. Enabling SSL with a ciphersuite will not enable the SSL status on the Switch.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To enable SSL on the Switch for all ciphersuites:
DGS-3627:admin# enable ssl
Command:enable ssl
Note: Web will be disabled if SSL is enabled.
Success.
DGS-3627:admin#
NOTE:
Enabling SSL on the Switch will enable all ciphersuites. To utilize a particular
ciphersuite, the user must eliminate other ciphersuites by using the disable ssl command along
with the appropriate ciphersuites.
NOTE:
Enabling the SSL function on the Switch will disable the port for the web manager (port
80). To log on to the web based manager, the entry of your URL must begin with https://. (ex.
Page 622 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
618
disable ssl
Purpose
To disable the SSL function on the Switch.
Syntax
disable ssl {ciphersuite {RSA_with_RC4_128_MD5 | RSA_with_3DES_EDE_CBC_SHA |
DHE_DSS_with_3DES_EDE_CBC_SHA | RSA_EXPORT_with_RC4_40_MD5}}
Description
This command will disable SSL on the Switch and can be used to disable any one or
combination of listed ciphersuites on the Switch.
Parameters
ciphersuite
– A security string that determines the exact cryptographic parameters, specific
encryption algorithms and key sizes to be used for an authentication session. The user may
choose any combination of the following:
RSA_with_RC4_128_MD5
– This ciphersuite combines the RSA key exchange,
stream cipher RC4 encryption with 128-bit keys and the MD5 Hash Algorithm.
RSA_with_3DES_EDE_CBC_SHA
– This ciphersuite combines the RSA key
exchange, CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm.
DHE_DSS_with_3DES_EDE_CBC_SHA
– This ciphersuite combines the DSA Diffie
Hellman key exchange, CBC Block Cipher 3DES_EDE encryption and SHA Hash
Algorithm.
RSA_EXPORT_with_RC4_40_MD5
– This ciphersuite combines the RSA Export
key exchange, stream cipher RC4 encryption with 40-bit keys.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To disable the SSL status on the Switch:
DGS-3627:admin# disable ssl
Command: disable ssl
Success.
DGS-3627:admin#
To disable ciphersuite RSA_EXPORT_with_RC4_40_MD5 only:
DGS-3627:admin# disable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
Command: disable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5
Success.
DGS-3627:admin#
config ssl cachetimeout
Purpose
Used to configure the SSL cache timeout.
Syntax
config ssl cachetimeout <value 60-86400>
Description
This command will set the time between a new key exchange between a client and a host
using the SSL function. A new SSL session is established every time the client and host go
through a key exchange. Specifying a longer timeout will allow the SSL session to reuse the
master key on future connections with that particular host, therefore speeding up the
negotiation process.
Parameters
<value 60-86400>
– Enter a timeout value between
60
and
86400
seconds to specify the total
time an SSL key exchange ID stays valid before the SSL module will require a new, full SSL
negotiation for connection. The default cache timeout is 600 seconds
Restrictions
Only Administrator and Operator-level users can issue this command.
Page 623 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
619
Example usage:
To set the SSL cachetimeout for 7200 seconds:
DGS-3627:admin# config ssl cachetimeout 7200
Command: config ssl cachetimeout 7200
Success.
DGS-3627:admin#
show ssl cachetimeout
Purpose
Used to show the SSL cache timeout.
Syntax
show ssl cachetimeout
Description
Entering this command will allow the user to view the SSL cache timeout currently
implemented on the Switch.
Parameters
None.
Restrictions
None.
Example usage:
To view the SSL cache timeout on the Switch:
DGS-3627:admin# show ssl cachetimeout
Command: show ssl cachetimeout
Cache timeout is 600 second(s).
DGS-3627:admin#
show ssl
Purpose
Used to view the SSL status and the certificate file status on the Switch.
Syntax
show ssl {certificate}
Description
This command is used to view the SSL status on the Switch.
Parameters
{certificate}
– Use this parameter to display the SSL certificate file information currently
implemented on the Switch.
Restrictions
None.
Example usage:
To view the SSL status on the Switch:
Page 624 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
620
DGS-3627:admin# show ssl
Command: show ssl
SSL status
Disabled
RSA_WITH_RC4_128_MD5
Enabled
RSA_WITH_3DES_EDE_CBC_SHA
Enabled
DHE_DSS_WITH_3DES_EDE_CBC_SHA
Enabled
RSA_EXPORT_WITH_RC4_40_MD5
Enabled
DGS-3627:admin#
Example usage:
To view certificate file information on the Switch:
DGS-3627:admin#
show ssl certificate
Command: show ssl certificate
Loaded with RSA Certificate!
DGS-3627:admin#
download ssl certificate
Purpose
Used to download a certificate file for the SSL function on the Switch.
Syntax
download ssl certificate <ipaddr> certfilename <path_filename 64> keyfilename
<path_filename 64>
Description
This command is used to download a certificate file for the SSL function on the Switch from
a TFTP server. The certificate file is a data record used for authenticating devices on the
network. It contains information on the owner, keys for authentication and digital signatures.
Both the server and the client must have consistent certificate files for optimal use of the
SSL function. The Switch only supports certificate files with .der file extensions.
Parameters
<ipaddr>
– Enter the IP address of the TFTP server.
certfilename <path_filename 64>
– Enter the path and the filename of the certificate file you
wish to download.
keyfilename <path_filename 64>
– Enter the path and the filename of the key exchange file
you wish to download.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To download a certificate file and key file to the Switch:
DGS-3627:admin# download ssl certificate 10.53.13.94 certfilename c:/cert.der keyfilename
c:/pkey.der
Command: download ssl certificate 10.53.13.94 certfilename c:/cert.der keyfilename
c:/pkey.der
Certificate Loaded Successfully!
DGS-3627:admin#
Page 625 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
621
82
SFLOW COMMANDS
sFlow is a feature that allows users to monitor network traffic running through the switch to identify network problems
through packet sampling and packet counter information of the Switch.
The Switch itself is the sFlow agent where packet
data is retrieved and sent to an sFlow Analyzer where it can be scrutinized and utilized to resolve the problem.
The Switch can configure the settings for the sFlow Analyzer but the remote sFlow Analyzer device must have an sFlow
utility running on it to retrieve and analyze the data it receives from the sFlow agent.
The Switch will take sample packets from the normal running traffic of the Switch based on a sampling interval configured
by the user. Once this information has been gathered by the switch, it is packaged into a packet called an sFlow
datagram, which is then sent to the sFlow Analyzer for analysis.
The sFlow commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
Parameters
create sflow flow_sampler
ports [<portlist> | all] analyzer_server_id < value 1-4> {rate <value 0-65535> |
tx_rate <value 0-65535> | maxheadersize <value 18-256>
config sflow flow_sampler
ports [<portlist> | all] {rate <value 0-65535> | tx_rate <value 0-65535> |
maxheadersize < value 18-256 >}(1)
delete sflow flow_sampler
ports [<portlist> | all]
create sflow counter_poller
ports [<portlist> | all] analyzer_server_id < value 1-4> {interval [ disable | <sec
20-120>]}
config sflow counter_poller
ports [<portlist> | all] interval [disable | <sec 20-120>]
delete sflow counter_poller
ports [<portlist> | all]
create sflow analyzer_server
< value 1-4 > owner<name 16> {timeout [<sec 1-2000000> | infinite] |
collectoraddress [<ipaddr> | <ipv6addr>] | collectorport <udp_port_number 1-
65535> | maxdatagramsize < value m-n>}
config sflow analyzer_server
< value 1-4 > {timeout [<sec 1-2000000 > | infinity] | collectoraddress
[ <ipaddr>
| <ipv6addr>] | collectorport <udp_port_number 1-65535> | maxdatagramsize <
value 300-1400 >}(1)
delete sflow analyzer_server
< value 1-4 >
enable sflow
disable sflow
show sflow
show sflow flow_sampler
show sflow counter_poller
show sflow analyzer_server
Each command is listed, in detail, in the following sections.
create sflow flow_sampler
Purpose
Used to create the sFlow flow_sampler.

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top