Home » D-Link Manuals » Wireless » D-Link DGS-1250 » Manual Viewer

D-Link DGS-1250 Emulator - Page 432

DGS-1250 Series Gigabit Ethernet Smart Managed Switch CLI Reference Guide, CIPHERSUITE, TRUSTPOINT,

Add to My Manuals
Save this manual to your list of manuals

Page 432 highlights

DGS-1250 Series Gigabit Ethernet Smart Managed Switch CLI Reference Guide ciphersuite CIPHERSUITE secure-trustpoint TRUSTPOINT session-cache-timeout TIME-OUT  tls1.2 - Specifies to use TLS version 1.2 as the SSL service policy. (Optional) Specifies the cipher suites that should be used by the secure service when negotiating a connection with a remote peer. When the cipher suite is not configured, the SSL client and server will negotiate the best cipher suite that they both support from the list of available cipher suites. Multiple cipher suites can be specified to be used. Use the no form of this command to disable the selected cipher suites. The following keywords can be used:  dhe-dss-3des-ede-cbc-sha - Specifies to use DH key exchange with 3DESEDE-CBC encryption and SHA for message digest.  rsa-3des-ede-cbc-sha - Specifies to use RSA key exchange with 3DES and DES-EDE3-CBC for message encryption and the Secure Hash Algorithm (SHA) for message digest.  rsa-rc4-128-sha - Specifies to use RSA key exchange with RC4 128-bit encryption for message encryption and SHA for message digest.  rsa-rc4-128-md5 - Specifies to use RSA key exchange with RC4 128-bit encryption for message encryption and Message Digest 5 (MD5) for message digest.  rsa-export-rc4-40-md5 - Specifies to use RSA EXPORT key exchange with RC4 40 bits for message encryption and MD5 for message digest.  rsa-aes-128-cbc-sha - Specifies to use RSA key exchange with AES 128-bit encryption for message encryption and SHA for message digest.  rsa-aes-256-cbc-sha - Specifies to use RSA key exchange with AES 256-bit encryption for message encryption and SHA for message digest.  rsa-aes-128-cbc-sha256 - Specifies to use RSA key exchange with AES 128-bit encryption for message encryption and SHA 256-bit for message digest.  rsa-aes-256-cbc-sha256 - Specifies to use RSA key exchange with AES 256-bit encryption for message encryption and SHA 256-bit for message digest.  dhe-dss-aes-256-cbc-sha - Specifies to use DH key exchange with AES 256-bit encryption and SHA for message digest.  dhe-rsa-aes-256-cbc-sha - Specifies to use DH key exchange with AES 256-bit encryption and SHA for message digest. (Optional) Specifies the name of the trust-point that should be used in SSL handshake. When this parameter is not specified, the trust-point which is specified as the primary will be used. If no primary trust-point is specified, the built-in certificate/key pairs will be used. In no form of this command, the specified trust-point will be canceled and then the built-in certificate/key pairs will be used. (Optional) Specifies the timeout value in seconds for the information stored in the SSL session cache. The valid range is from 60 to 86400. When this parameter is not configured, the default session cache timeout is 600 seconds. In the no form of this command, the SSL session cache timeout will be reverted to the default value. Default None. Command Mode Global Configuration Mode. Usage Guideline Use this command to configure the SSL service policy. 429

Section	Page
Table of Contents	2
1. Introduction	4
Audience	4
Other Documentation	4
Conventions	4
Notes, Notices, and Cautions	4
Connecting to the Console Port	5
Command Descriptions	5
Command Modes	5
EXEC Mode	5
Global Configuration Mode	6
Creating a User Account	6
Error Messages	7
Editing Features	7
Display Result Output Modifiers	8
2. Basic CLI Commands	10
2-1 help	10
Parameters	10
Default	10
Command Mode	10
Usage Guideline	10
Example	11
2-2 configure terminal	11
Parameters	11
Default	11
Command Mode	12
Usage Guideline	12
Example	12
2-3 login (EXEC)	12
Parameters	12
Default	12
Command Mode	12
Usage Guideline	12
Example	12
2-4 logout	12
Parameters	13
Default	13
Command Mode	13
Usage Guideline	13
Example	13
2-5 end	13
Parameters	13
Default	13
Command Mode	13
Usage Guideline	13
Example	13
2-6 exit	14
Parameters	14
Default	14
Command Mode	14
Usage Guideline	14
Example	14
2-7 show environment	14
Parameters	14
Default	14
Command Mode	14
Usage Guideline	15
Example	15
Display Parameters	15
2-8 show unit	15
Parameters	15
Default	15
Command Mode	15
Usage Guideline	15
Example	16
2-9 show cpu utilization	16
Parameters	16
Default	16
Command Mode	16
Usage Guideline	16
Example	16
2-10 show version	17
Parameters	17
Default	17
Command Mode	17
Usage Guideline	17
Example	17
2-11 snmp-server enable traps environment	17
Parameters	17
Default	18
Command Mode	18
Usage Guideline	18
Example	18
2-12 environment temperature threshold	18
Parameters	18
Default	18
Command Mode	18
Usage Guideline	18
Example	19
2-13 show memory utilization	19
Parameters	19
Default	19
Command Mode	19
Usage Guideline	19
Example	19
3. 802.1X Commands	20
3-1 clear dot1x counters	20
Parameters	20
Default	20
Command Mode	20
Usage Guideline	20
Example	20
3-2 dot1x control-direction	20
Parameters	20
Default	21
Command Mode	21
Usage Guideline	21
Example	21
3-3 dot1x default	21
Parameters	21
Default	21
Command Mode	21
Usage Guideline	22
Example	22
3-4 dot1x port-control	22
Parameters	22
Default	22
Command Mode	22
Usage Guideline	22
Example	22
3-5 dot1x forward-pdu	23
Parameters	23
Default	23
Command Mode	23
Usage Guideline	23
Example	23
3-6 dot1x initialize	23
Parameters	23
Default	23
Command Mode	24
Usage Guideline	24
Example	24
3-7 dot1x max-req	24
Parameters	24
Default	24
Command Mode	24
Usage Guideline	24
Example	24
3-8 dot1x pae authenticator	25
Parameters	25
Default	25
Command Mode	25
Usage Guideline	25
Example	25
3-9 dot1x re-authenticate	25
Parameters	25
Default	26
Command Mode	26
Usage Guideline	26
Example	26
3-10 dot1x system-auth-control	26
Parameters	26
Default	26
Command Mode	26
Usage Guideline	26
Example	27
3-11 dot1x timeout	27
Parameters	27
Default	27
Command Mode	27
Usage Guideline	27
Example	27
3-12 show dot1x	28
Parameters	28
Default	28
Command Mode	28
Usage Guideline	28
Example	28
3-13 show dot1x diagnostics	29
Parameters	29
Default	29
Command Mode	29
Usage Guideline	29
Example	29
3-14 show dot1x statistics	30
Parameters	30
Default	30
Command Mode	30
Usage Guideline	30
Example	30
3-15 show dot1x session-statistics	30
Parameters	31
Default	31
Command Mode	31
Usage Guideline	31
Example	31
3-16 snmp-server enable traps dot1x	31
Parameters	31
Default	32
Command Mode	32
Usage Guideline	32
Example	32
4. Access Control List (ACL) Commands	33
4-1 access-list resequence	33
Parameters	33
Default	33
Command Mode	33
Usage Guideline	33
Example	34
4-2 acl-hardware-counter	34
Parameters	34
Default	34
Command Mode	35
Usage Guideline	35
Example	35
4-3 clear acl-hardware-counter	35
Parameters	35
Default	35
Command Mode	35
Usage Guideline	35
Example	35
4-4 ip access-group	35
Parameters	36
Default	36
Command Mode	36
Usage Guideline	36
Example	36
4-5 ip access-list	36
Parameters	36
Default	37
Command Mode	37
Usage Guideline	37
Example	37
4-6 ipv6 access-group	37
Parameters	37
Default	37
Command Mode	37
Usage Guideline	37
Example	38
4-7 ipv6 access-list	38
Parameters	38
Default	38
Command Mode	38
Usage Guideline	38
Example	38
4-8 list-remark	39
Parameters	39
Default	39
Command Mode	39
Usage Guideline	39
Example	39
4-9 mac access-group	39
Parameters	40
Default	40
Command Mode	40
Usage Guideline	40
Example	40
4-10 mac access-list	40
Parameters	40
Default	41
Command Mode	41
Usage Guideline	41
Example	41
4-11 permit \| deny (ip access-list)	41
Parameters	41
Default	43
Command Mode	43
Usage Guideline	43
Example	43
4-12 permit \| deny (ipv6 access-list)	43
Parameters	44
Default	45
Command Mode	45
Usage Guideline	45
Example	45
4-13 permit \| deny (mac access-list)	46
Parameters	46
Default	46
Command Mode	46
Usage Guideline	47
Example	47
4-14 show access-group	47
Parameters	47
Default	47
Command Mode	47
Usage Guideline	47
Example	48
4-15 show access-list	48
Parameters	48
Default	48
Command Mode	48
Usage Guideline	48
Example	49
5. Access Management Commands	50
5-1 access-class	50
Parameters	50
Default	50
Command Mode	50
Usage Guideline	50
Example	50
5-2 do	50
Parameters	50
Default	50
Command Mode	51
Usage Guideline	51
Example	51
5-3 ip http server	51
Parameters	51
Default	52
Command Mode	52
Usage Guideline	52
Example	52
5-4 ip http secure-server	52
Parameters	52
Default	52
Command Mode	52
Usage Guideline	52
Example	52
5-5 ip {http \| https} access-class	53
Parameters	53
Default	53
Command Mode	53
Usage Guideline	53
Example	53
5-6 ip http service-port	53
Parameters	53
Default	53
Command Mode	54
Usage Guideline	54
Example	54
5-7 ip http timeout-policy idle	54
Parameters	54
Default	54
Command Mode	54
Usage Guideline	54
Example	54
5-8 ip telnet server	54
Parameters	55
Default	55
Command Mode	55
Usage Guideline	55
Example	55
5-9 ip telnet service-port	55
Parameters	55
Default	55
Command Mode	55
Usage Guideline	55
Example	56
5-10 line	56
Parameters	56
Default	56
Command Mode	56
Usage Guideline	56
Example	56
5-11 show terminal	56
Parameters	56
Default	56
Command Mode	57
Usage Guideline	57
Example	57
5-12 show ip telnet server	57
Parameters	57
Default	57
Command Mode	57
Usage Guideline	57
Example	57
5-13 show ip http server	58
Parameters	58
Default	58
Command Mode	58
Usage Guideline	58
Example	58
5-14 show ip http secure-server	58
Parameters	58
Default	58
Command Mode	58
Usage Guideline	58
Example	59
5-15 show users	59
Parameters	59
Default	59
Command Mode	59
Usage Guideline	59
Example	59
5-16 terminal length	59
Parameters	60
Default	60
Command Mode	60
Usage Guideline	60
Example	60
5-17 terminal speed	60
Parameters	60
Default	60
Command Mode	61
Usage Guideline	61
Example	61
5-18 session-timeout	61
Parameters	61
Default	61
Command Mode	61
Usage Guideline	61
Example	61
5-19 terminal width	61
Parameters	62
Default	62
Command Mode	62
Usage Guideline	62
Example	62
5-20 username	62
Parameters	62
Default	63
Command Mode	63
Usage Guideline	63
Example	63
6. ARP Spoofing Prevention Commands	64
6-1 ip arp spoofing-prevention	64
Parameters	64
Default	64
Command Mode	64
Usage Guideline	64
Example	64
6-2 show ip arp spoofing-prevention	65
Parameters	65
Default	65
Command Mode	65
Usage Guideline	65
Example	65
Display Parameters	65
7. Asymmetric VLAN Commands	66
7-1 asymmetric-vlan	66
Parameters	66
Default	66
Command Mode	66
Usage Guideline	66
Example	66
8. Authentication, Authorization, and Accounting (AAA) Commands	67
8-1 aaa authentication dot1x	67
Parameters	67
Default	67
Command Mode	67
Usage Guideline	67
Example	67
8-2 aaa group server radius	67
Parameters	68
Default	68
Command Mode	68
Usage Guideline	68
Example	68
8-3 aaa new-model	68
Parameters	68
Default	68
Command Mode	68
Usage Guideline	68
Example	69
8-4 clear aaa counters servers	69
Parameters	69
Default	69
Command Mode	69
Usage Guideline	69
Example	69
8-5 radius-server deadtime	69
Parameters	70
Default	70
Command Mode	70
Usage Guideline	70
Example	70
8-6 radius-server host	70
Parameters	70
Default	71
Command Mode	71
Usage Guideline	71
Example	71
8-7 server (RADIUS)	71
Parameters	71
Default	71
Command Mode	71
Usage Guideline	71
Example	72
8-8 show aaa	72
Parameters	72
Default	72
Command Mode	72
Usage Guideline	72
Example	72
8-9 show radius statistics	72
Parameters	72
Default	73
Command Mode	73
Usage Guideline	73
Example	73
Display Parameters	73
9. Basic IPv4 Commands	75
9-1 arp	75
Parameters	75
Default	75
Command Mode	75
Usage Guideline	75
Example	75
9-2 arp timeout	75
Parameters	75
Default	75
Command Mode	76
Usage Guideline	76
Example	76
9-3 clear arp-cache	76
Parameters	76
Default	76
Command Mode	76
Usage Guideline	76
Example	76

Match case Limit results 1 per page

DGS-1250 Series Gigabit Ethernet Smart Managed Switch CLI Reference Guide

429



tls1.2

- Specifies to use TLS version 1.2 as the SSL service policy.

ciphersuite

CIPHERSUITE

(Optional) Specifies the cipher suites that should be used by the secure service

when negotiating a connection with a remote peer. When the cipher suite is not

configured, the SSL client and server will negotiate the best cipher suite that they

both support from the list of available cipher suites. Multiple cipher suites can be

specified to be used. Use the no form of this command to disable the selected

cipher suites.

The following keywords can be used:



dhe-dss-3des-ede-cbc-sha

- Specifies to use DH key exchange with 3DES-

EDE-CBC encryption and SHA for message digest.



rsa-3des-ede-cbc-sha

- Specifies to use RSA key exchange with 3DES and

DES-EDE3-CBC for message encryption and the Secure Hash Algorithm

(SHA) for message digest.



rsa-rc4-128-sha

- Specifies to use RSA key exchange with RC4 128-bit

encryption for message encryption and SHA for message digest.



rsa-rc4-128-md5

- Specifies to use RSA key exchange with RC4 128-bit

encryption for message encryption and Message Digest 5 (MD5) for

message digest.



rsa-export-rc4-40-md5

- Specifies to use RSA EXPORT key exchange with

RC4 40 bits for message encryption and MD5 for message digest.



rsa-aes-128-cbc-sha

- Specifies to use RSA key exchange with AES 128-bit

encryption for message encryption and SHA for message digest.



rsa-aes-256-cbc-sha

- Specifies to use RSA key exchange with AES 256-bit

encryption for message encryption and SHA for message digest.



rsa-aes-128-cbc-sha256

- Specifies to use RSA key exchange with AES

128-bit encryption for message encryption and SHA 256-bit for message

digest.



rsa-aes-256-cbc-sha256

- Specifies to use RSA key exchange with AES

256-bit encryption for message encryption and SHA 256-bit for message

digest.



dhe-dss-aes-256-cbc-sha

- Specifies to use DH key exchange with AES

256-bit encryption and SHA for message digest.



dhe-rsa-aes-256-cbc-sha

- Specifies to use DH key exchange with AES

256-bit encryption and SHA for message digest.

secure-trustpoint

TRUSTPOINT

(Optional) Specifies the name of the trust-point that should be used in SSL

handshake. When this parameter is not specified, the trust-point which is

specified as the primary will be used. If no primary trust-point is specified, the

built-in certificate/key pairs will be used. In no form of this command, the

specified trust-point will be canceled and then the built-in certificate/key pairs will

be used.

session-cache-timeout

TIME-OUT

(Optional) Specifies the timeout value in seconds for the information stored in the

SSL session cache. The valid range is from 60 to 86400. When this parameter is

not configured, the default session cache timeout is 600 seconds. In the no form

of this command, the SSL session cache timeout will be reverted to the default

value.

Default

None.

Command Mode

Global Configuration Mode.

Usage Guideline

Use this command to configure the SSL service policy.