Scribd Logo
Importer

Bienvenue sur Scribd !

  • Symbol WS2000

    Transféré par

    Hugo Boss
    170 vues452 pages
    MOTOROLA and the Stylized M Logo are registered in the US Patent and Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.

    Description originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    MOTOROLA and the Stylized M Logo are registered in the US Patent and Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    170 vues452 pages

    Symbol WS2000

    Transféré par

    Hugo Boss
    MOTOROLA and the Stylized M Logo are registered in the US Patent and Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 452

    M

    WS2000 Wireless Switch


    CLI Reference Guide

    2009 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.

    Contents
    Chapter 1: Product Overview
    1.1 WS2000 Wireless Switch CLI Reference Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1.2 System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 1.3 Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 1.4 Software Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

    Chapter 2: Admin and Common Commands


    2.1 Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7 / . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8 2.2 Admin Menu Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9 passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10 summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

    Chapter 3: Network CLI Commands Reference


    3.1 network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 3.2 Network AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 ap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 copydefaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 forget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 remap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15 3.3 Network AP Default Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 loadfromcf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

    TOC-2 WS2000 Wireless Switch CLI Reference Guide

    show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 3.4 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23 3.5 Network AP Selfheal commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24 selfheal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25 detect-neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29 3.6 Network AP Denyap Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30 denyap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33 3.7 Network AP Smartscan Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34 smartscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37 3.8 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38 new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39 3.9 Network AP Mesh Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40 mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44 preferred-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45 available-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47 3.10 Network DCHP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50 3.11 Network Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 fw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54 timeradd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55 timerdel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56 timerlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57 timerset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58 3.12 Network Firewall Intrusion Prevention System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59 ips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62

    TOC-3

    3.13 Network Firewall Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64 policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-65 3.14 Network Firewall Policy Inbound Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66 inbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-68 insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-69 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70 move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72 3.15 Network Firewall Policy Outbound Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73 outbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75 insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77 move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79 3.16 Network Firewall Submap Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 submap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-85 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-86 3.17 Network LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87 lan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90 updateDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-91 updateAllDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-92 3.18 Network LAN DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-95 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-97 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-99 renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-100 3.19 Network LAN Bridge commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101 bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-102 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-104 3.20 Network QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105 qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-106 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-107

    TOC-4 WS2000 Wireless Switch CLI Reference Guide

    show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108 3.21 Network Router Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109 router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-110 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-111 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-113 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114 3.22 Network VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115 vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-116 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117 3.23 Network WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118 wan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118 renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-119 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-120 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122 3.24 Network WAN App Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123 app . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123 addcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-124 delcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-126 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128 3.25 Network WAN DynDNS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129 dyndns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-130 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132 3.26 Network WAN L2TPVPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133 l2tpvpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133 show-connected-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134 3.27 Network WAN L2TPVPN LNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135 lns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-136 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138 3.28 Network WAN L2TPVPN Users Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139 users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139 add-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-140 delete-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141 delete-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142 show-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143 show-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144 3.29 Network WAN TrunkIPFPolicy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145 trunkipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149

    TOC-5

    3.30 Network WAN NAT Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150 nat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-152 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-153 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155 3.31 Network WAN VPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156 vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-157 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158 ikestate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160 reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-161 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-162 stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167 3.32 Network WAN VPN Cmgr Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168 cmgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168 delca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-169 delprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-170 delself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-171 expcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-172 export-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173 genreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-174 3.33 Network WAN VPN Cmgr impcert Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175 impcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175 listca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-176 listprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-177 listself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-178 loadca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-179 loadself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-180 showreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-181 3.34 Network WLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182 wlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-183 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-184 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-185 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-186 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-191 3.35 Network WLAN Rogue AP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193 rogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-194 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195 3.36 Network WLAN Rogue AP Approvedlist Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196 approvedlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196 ageoute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-197 approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-198 erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-199

    TOC-6 WS2000 Wireless Switch CLI Reference Guide

    show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-200 3.37 Network WLAN Rogue AP Roguelist Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201 roguelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201 ageout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202 approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203 erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206 deauth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207 3.38 Network WLAN Rogue AP Rogue List Locate Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208 locate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209 start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210 3.39 Network WLAN Rogue AP Rogue List MU Scan Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211 muscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-212 start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213 3.40 Network WLAN Rogue AP Rule List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214 rulelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215 authsymbolap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-217 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218 3.41 Network WLAN Enhanced Rogue AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219 enhancedrogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-220 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221 3.42 Network WLAN MU Probe Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222 muprobe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-223 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-224 3.43 Network WLAN Hotspot Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225 hotspot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-226 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-228 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229 3.44 Network WLAN Hotspot RADIUS commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230 radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-231 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-232 3.45 Network WLAN Hotstpot White-list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234 white-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-235 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-236 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237 3.46 Network WLAN WLAN IP Fiter Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238 wlanipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238

    TOC-7

    set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-239 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-240 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-241 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-242 3.47 Network Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243 port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-244 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-245 3.48 Network IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246 ipfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-247 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-248 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-249 3.49 Network WIPS Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250 wips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-251 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-252 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-253 convert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-254 revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-255 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-256 3.50 Network WIPS Default commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257 defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-258 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-259 3.51 Network WIDS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260 wids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-261 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-262 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-266 3.52 Network URL Filter Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267 urlfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-268 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-269 3.53 Network URL Filter Keyword Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270 keyword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-271 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-272 removeall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-273 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-274 3.54 Network URL Filter White list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275 whitelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-276 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-277 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-278 3.55 Network URL Filter Black List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279 blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-280

    TOC-8 WS2000 Wireless Switch CLI Reference Guide

    delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-281 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282 3.56 Network URL Filter Trusted IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283 trustip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-284 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-285 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-286

    Chapter 4: System CLI Commands Reference


    4.1 system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 lastpw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 4.2 System Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 4.3 System Authentication RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 4.4 System Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10 config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10 default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11 export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 partial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19 sensor-fw-update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20 loadtocf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21 4.5 System Logs Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22 logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23 send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26 view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 4.6 System NTP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30 date-zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31 zone-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 4.7 System RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 generate-dh-param . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

    TOC-9

    show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 4.8 System RADIUS Client Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40 4.9 System RADIUS EAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41 eap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44 4.10 System RADIUS EAP PEAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45 peap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47 4.11 System RADIUS EAP TTLS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48 ttls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50 4.12 System RADIUS LDAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51 ldap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55 join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56 4.13 System RADIUS Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57 policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59 4.14 System RADIUS Proxy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60 proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65 4.15 System Redundancy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69 4.16 System SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70 snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70 4.17 System SNMP Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76

    TOC-10 WS2000 Wireless Switch CLI Reference Guide

    show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77 4.18 System SNMP Traps Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78 traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87 4.19 System SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89 ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91 4.20 System User Database Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92 userdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92 4.21 System User Database Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93 group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94 create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98 remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102 4.22 System User Database User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108 4.23 System User Database User Guest commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109 guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-112 4.24 System WS2000 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113 WS2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-115 restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121 4.25 System CF commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122 cf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122 ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123 4.26 System HTTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124 http . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-125

    TOC-11

    show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-126 4.27 System Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-129

    Chapter 5: Statistics Commands


    5.1 stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 5.2 Stats Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 5.3 Statistics RF Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 rf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

    TOC-12 WS2000 Wireless Switch CLI Reference Guide

    Product Overview
    1.1 WS2000 Wireless Switch CLI Reference Guide

    This guide is intended to support administrators responsible for understanding, configuring and maintaining the Wireless Switch. This document provides information for the system administrator to use the command line interface during the initial setup and configuration of the system. It also serves as a reference guide for the administrator to use while updating or maintaining the system.

    1.1.1 About this Document


    This document contains information on all command that configure the WS2000 Wireless Switch. To view the command syntax and a brief help on each command on your WS2000 Wireless Switch console, use the following syntax:
    admin> <command> ?

    We recommend viewing this Command Line Reference Guide with Adobe Acrobat 5.0 or higher.

    1-2 WS2000 Wireless Switch CLI Reference Guide

    1.1.2 Document Conventions


    Notes and Warnings
    NOTE: Indicates special tips or requirements

    CAUTION:

    Indicates a condition that can cause equipment damage or data loss

    WARNING!

    Indicates a condition or procedure that could result in personal injury or equipment damage

    CLI Conventions
    command / keyword The first word is always a command. Keywords are words that must be entered as is. Commands and keywords are mandatory. For example, the command,
    admin(network.wan)> show ip 1

    is documented as
    show ip <idx>

    where:
    show The command ip The keyword

    <variable>

    Variables are described with a short description enclosed within a < and a > pair. For example, the command,
    admin(network.wan)> show ip 1

    is documented as
    show ip <idx>

    where:
    show The command Display information. ip The keyword The IP address <idx> The variable WAN Index value.

    Product Overview 1-3

    The pipe symbol. This is used to separate the variables/keywords in a list. For example, the command
    admin(network.wan.vpn)> set .....

    is documented as
    set [ike|type|sub|remip|......]

    where:
    set The command [ike|type|sub|remip|...] Indicates the different commands that can be combined with the set command. However, only one of the above list can be used at a time.
    set set set set ike ... type ... sub ... remip ...

    []

    Of the different keywords and variables listed inside a [ & ] pair, only one can be used. Each choice in the list is separated with a | (pipe) symbol. For example, the command
    admin(network.wan)> show ...

    is documented as
    show [ip|pppoe]

    where:
    show The command [ip|pppoe] Indicates that two keywords are available for this command and only one can be used at a time

    {}

    Any command/keyword/variable or a combination of them inside a { & } pair is optional. All optional commands follow the same conventions as listed above. However they are displayed italicized. For example, the command
    admin(network.wan.vpn)> list ....

    is documented as
    list {<name>}

    Here:
    list The command. This command can also be used as
    list

    {<name>} The optional variable <name>.. The command can also be extended as
    list vpn_tunnel_01

    Here the value vpn_tunnel_01 is an optional tunnel name. values Values to be entered as shown in Blue. For example, the command
    admin(network.wan)> show ip ....

    is documented as
    show ip <idx>

    This commands parameter <idx> is described as under: <idx> <idx> (1-8) is the Wlan Index.

    1-4 WS2000 Wireless Switch CLI Reference Guide

    1.2 System Overview


    The WS2000 Wireless Switch provides a low-cost, feature-rich option for sites with one to six Access Ports. The WS2000 Wireless Switch works at the center of a networks infrastructure to seamlessly and securely combine wireless LANs (WLANs) and wired networks. The switch sits on the network. Wireless Access Ports connect to one of the six available ports on the switch and the external wired network (WAN) connects to a single 10/100 Mbit/sec. WAN port. Mobile units (MUs) associate with the switch via an Access Port. When an MU contacts the switch, the switch cell controller services attempt to authenticate the device for access to the network. The WS2000 Wireless Switch acts as a WAN/LAN gateway and a wired/wireless switch.

    1.2.1 Management of Access Ports


    This wireless switch provides six 10/100 Mbit/sec. LAN ports for internal wired or wireless traffic. Four of these ports provide IEEE 802.3af-compliant Power over Ethernet (PoE) support for devices that require power from the Ethernet connection (such as Access Ports). Administrators can configure the six ports to communicate with a private LAN or with an Access Port for a wireless LAN (WLAN). The switch provides up to four extended service set identifiers (ESSIDs) for each Access Port connected to the switch.

    1.2.1.1 Firewall Security


    The LAN and Access Ports are placed behind a user-configurable firewall that provides stateful packet inspection. The wireless switch performs network address translation (NAT) on packets passing to and from the WAN port. This combination provides enhanced security by monitoring communication with the wired network.

    1.2.1.2 Wireless LAN (WLAN) Security


    Administrators can configure security settings independently for each ESSID. Security settings and protocols available with this switch include: Kerberos WEP-64 WEP-128 802.1x with RADIUS 802.1x with Shared Key KeyGuard WPA/WPA2-TKIP WPA2/CCMP (802.11i)

    1.2.1.3 VPN Security


    Virtual Private Networks (VPNs) are IP-based networks that use encryption and tunneling to give users remote access to a secure LAN. In essence, the trust relationship is extended from one LAN across the public network to another LAN, without sacrificing security. A VPN behaves similarly to a private network; however, because the data travels through the public network, it needs several layers of security. The WS2000 Wireless Switch acts as a robust VPN gateway.

    Product Overview 1-5

    1.3 Hardware Overview


    The WS2000 Wireless Switch provides a fully integrated solution for managing every aspect of connecting wireless LANs (WLANs) to a wired network. This wireless switch can connect directly to a cable or DSL modem, and can also connect to other wide area networks through a Layer 2/3 device (such as a switch or router). The switch includes the following features: One WAN (RJ-45) port for connection to a DSL modem, cable modem, or any other Layer 2/3 network device. Six 10/100 Mbit/sec. LAN (RJ-45) ports: four ports provide 802.3af Power over Ethernet (PoE) support; the other two do not provide power. Each port has two LEDs, one indicating the speed of the transmission (10 or 100 Mbit/sec.), the other indicating whether there is activity on the port. The four LAN ports with PoE have a third LED that indicates whether power is being delivered over the line to a power device (such as an Access Port). (See the WS 2000 Wireless Switch LED explanation for more information on the meaning of the different state of the LEDs.) A DB-9 serial port for direct access to the command-line interface from a PC. Use Symbols Null-Modem cable (Part No. 25-632878-0) for the best fitting connection. A CompactFlash slot that provides AirBEAM support.

    1.3.1 Technical Specifications


    1.3.1.1 Physical Specifications
    Width: 203 mm Height: 38 mm Depth: 286 mm Weight: 0.64 kg

    1.3.1.2 Power Specifications


    Maximum Power Consumption: 90-256 VAC, 47-63 Hz, 3A Operating Voltage: 48 VDC Operating Current: 1A Peak Current: 1.6A

    1.3.1.3 Environmental Specifications


    Operating Temperature: 0C to 40C Storage Temperature: -40C to 70C Operating Humidity: 10% to 85% Non-condensing Storage Humidity: 10% to 85% Non-condensing Operating Altitude: 2.4 Km Storage Altitude: 4.6 km

    1-6 WS2000 Wireless Switch CLI Reference Guide

    1.3.2 WS 2000 Wireless Switch LED Functions


    The switch has a large blue LED on the right front that indicates that the switch is powered on. Each port on the WS 2000 Wireless Switch has either two or three LEDs that indicate the status of the port. Ports 1-4, which supply 802.3af Power over Ethernet (PoE), have three LEDs. The remaining two non-powered LAN ports and the WAN port have two LEDs.

    Location

    Function

    Upper left LED

    This LED is present on all ports and indicates the speed of the transmissions through the port. The LED is on when the transmission rate is 100 Mbit per second (100BaseT). The light is off when the transmission rate is 10 Mbit per second. This LED indicates activity on the port. This light is solid yellow when a link to a device is made. The light flashes when traffic is being transferred over the line. This LED is only present on Ports 1-4. These ports provide 802.3af Power over Ethernet (PoE) support to devices (such as Access Ports). The LED has several states: OFFA non-power device (or no device) is connected; no power is being delivered. GREENThe switch is delivering 48 volts to the power device connected to that port. REDThere was a valid PoE connection; however, the switch has detected that the power device is faulty. The red light will remain until a non-faulty connection is made to the port.

    Upper right LED Lower LED

    Product Overview 1-7

    1.4 Software Overview


    The WS2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components:

    1.4.1 Operating System (OS) Services


    Operating System (OS) Services determine how the WS2000 Wireless Switch communicates with existing network and operating system-centric software services, including: Dynamic Host Configuration Protocol (DHCP) Telnet and File Transfer Protocol (FTP/TFTP) servers The Simple Network Time Protocol (SNTP) client, used to keep switch time synchronized for Kerberos authentication A mechanism for setting up a redundant (secondary) switch that takes over if the primary switch fails

    1.4.2 Cell Controller Services


    The Cell Controller provides the ongoing communication between mobile units (MUs) on the Wireless LAN (WLAN) and the wired network. Cell Controller services perform the following: Initialize the Access Ports Maintain contact with Access Ports by sending a synchronized electronic heartbeat at regular intervals Track MUs when they roam from one location to another Manage security schemes based on system configuration Maintain system statistics Store policies and Access Port information Detect and manage rogue Access Ports Management of communications QoS

    1.4.3 Gateway Services


    Gateway services provide interconnectivity between the Cell Controller and the wired network, and include the following: System management through a Web-based Graphical User Interface (GUI) and SNMP 802.1x RADIUS client Security, including Secure Sockets Layer (SSL) and Firewall Network Address Translation (NAT), DHCP services, and Layer 3 Routing Virtual Private Network (VPN)

    1-8 WS2000 Wireless Switch CLI Reference Guide

    Admin and Common Commands


    The term Common Commands is used to indicate that these commands are available through the WS2000 Wireless Switchs CLI. These commands provide easy access to help, navigation, and to save configuration changes. This chapter also lists of commands available at the admin menu. Common Commands Admin Menu Commands

    2-2 WS2000 Wireless Switch System Reference Guide

    2.1 Common Commands


    Admin and Common Commands

    The following commands are available through the WS2000 CLI.


    Command Description Ref.

    ? help save quit .. /

    Displays the list of commands in the current menu. Displays general user interface help. Saves the configuration to the system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu.

    page 2-3 page 2-4 page 2-6 page 2-5 page 2-7 page 2-8

    Admin and Common Commands 2-3

    2.1.1 ? Command ?
    Common Commands

    Displays the commands available under the admin menu.


    Syntax ? Parameters

    None
    Example

    admin> ? admin>? help passwd summary network stats system save quit .. / : : : : : : : : : : display general user interface help change password show system summary go to network sub menu go to stats sub menu go to system sub menu save cfg to system flash quit cli go to parent menu go to root menu

    2-4 WS2000 Wireless Switch System Reference Guide

    2.1.2 help Command help


    Common Commands

    Displays general CLI user interface help.


    Syntax

    help
    Parameters

    None
    Example admin>help ? <ctrl-q> <ctrl-p> * Note : : : : display command help - Eg. ?, show ?, s? go backwards in command history go forwards in command history commands can be incomplete - Eg. sh = sho = show

    Admin and Common Commands 2-5

    2.1.3 quit Command quit


    Common Commands

    Quits the command line interface. Requires you to logon again. This command appears in all the submenus under admin menu. In each case, it has the same function, to exit out of the CLI.
    Syntax

    quit
    Parameters

    None
    Example admin>quit

    2-6 WS2000 Wireless Switch System Reference Guide

    2.1.4 save Command save


    Common Commands

    Saves the configuration to system flash. This command appears in all of the submenus under admin. In each case, it has the same function, to save the configuration. The save command must be issued before leaving the CLI for the settings to be retained.
    Syntax

    save
    Parameters

    none
    Example

    admin> save
    admin>

    Admin and Common Commands 2-7

    2.1.5 .. Command ..
    Common Commands

    Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure.
    Syntax

    ..
    Parameters

    None
    Example

    admin(network.ap) .. admin(network) admin(network) .. admin>

    2-8 WS2000 Wireless Switch System Reference Guide

    2.1.6 / Command /
    Common Commands

    Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure.
    Syntax

    /
    Parameters

    None
    Example

    admin(network.wan.nat)> / admin>

    Admin and Common Commands 2-9

    2.2 Admin Menu Commands


    Admin and Common Commands

    The following commands are only available at the admin menu.


    Command Description Ref.

    passwd summary network system stats

    Changes the admin password. Displays a system summary. Goes to the network menu. Goes to the system menu. Goes to the statistics menu.

    page 2-10 page 2-11 page 3-1 page 4-1 page 5-1

    2-10 WS2000 Wireless Switch System Reference Guide

    2.2.1 passwd Command passwd


    Admin Menu Commands

    Changes the password for the administrative logins - admin, guest-admin, and manager.
    Syntax

    passwd [admin|manager|guest-admin]
    Parameters

    passwd Passwords for the Administrator, Guest-admin, and Manager accounts [admin|manager|guest-admin] can be changed. To change password, type the old password once and the new password twice at their respective prompts. Passwords can be up to 11 characters.

    Example:
    admin>passwd admin Old Admin Password:****** New Admin Password:****** Verify Admin Password:******

    Admin and Common Commands 2-11

    2.2.2 summary Command summary


    Admin Menu Commands

    Displays system summary for the WS2000 Wireless Switch. The information displayed includes high-level characteristics and settings for WAN, subnet, and WLAN.
    Syntax

    summary
    Parameters

    None
    Example

    admin> summary System Information WS2000 firmware version country code WLAN 1 Information ess identifier wlan mode vlan_id enc type auth type WLAN 2 Information ess identifier wlan mode vlan_id enc type auth type WLAN 3 Information ess identifier wlan mode vlan_id enc type auth type WLAN 4 Information ess identifier wlan mode vlan_id enc type auth type : : : : : 104 disable 4 none none : : : : : 103 disable 3 none none : : : : : 102 disable 2 none none : : : : : Bharat enable 1 none none : 2.4.0.0-005X : us

    2-12 WS2000 Wireless Switch System Reference Guide

    WLAN 5 Information ess identifier wlan mode vlan_id enc type auth type WLAN 6 Information ess identifier wlan mode vlan_id enc type auth type WLAN 7 Information ess identifier wlan mode vlan_id enc type auth type WLAN 8 Information ess identifier wlan mode vlan_id enc type auth type Subnet 1 Information subnet interface ip address network mask dhcp mode default gateway ports wlan Subnet 2 Information subnet interface ip address network mask dhcp mode default gateway ports wlan : : : : : : : disable 192.168.1.1 255.255.255.0 server 192.168.1.1 wlan2 : : : : : : : enable 192.168.0.50 255.255.255.0 server 192.168.0.50 port1 port2 port3 port4 port5 port6 wlan1 : : : : : 108 disable 8 none none : : : : : 107 disable 7 none none : : : : : 106 disable 6 none none : : : : : 105 disable 5 none none

    Admin and Common Commands 2-13

    Subnet 3 Information subnet interface ip address network mask dhcp mode default gateway ports wlan Subnet 4 Information subnet interface ip address network mask dhcp mode default gateway ports wlan Subnet 5 Information subnet interface ip address network mask dhcp mode default gateway ports wlan Subnet 6 Information subnet interface ip address network mask dhcp mode default gateway ports : : : : : : disable 192.168.5.1 255.255.255.0 server 192.168.5.1 : : : : : : : disable 192.168.4.1 255.255.255.0 server 192.168.4.1 : : : : : : : disable 192.168.3.1 255.255.255.0 server 192.168.3.1 wlan4 : : : : : : : disable 192.168.2.1 255.255.255.0 server 192.168.2.1 wlan3

    2-14 WS2000 Wireless Switch System Reference Guide

    Network CLI Commands Reference


    Network commands are used to configure the different network parameters of the WS2000 Wireless Switch.

    3.1 network
    Admin Menu Commands

    Use the network command to go the Network menu.


    admin> network admin(network)>

    The following commands are available under the Network menu:


    Command Description Ref.

    ap dhcp fw ipfilter lan port qos router urlfilter vlan wan wids wips wlan save quit .. /

    Goes to the Access Port Submenu. Goes to the DHCP Submenu Goes to the Firewall Submenu Goes to the IP Filter Submenu Goes to the LAN Submenu Goes to the Port Submenu Goes to the QOS Submenu Goes to the Router Submenu Goes to the URL Filter Submenu Goes to the VLAN Submenu Goes to the WAN Submenu Goes to the WIDS Submenu Goes to the WIPS Submenu Goes to the WLAN Submenu Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu

    page 3-3 page 3-48 page 3-51 page 3-234 page 3-87 page 3-231 page 3-105 page 3-109 page 3-255 page 3-115 page 3-118 page 3-248 page 3-238 page 3-170 page 2-6 page 2-5 page 2-7 page 2-8

    3-2 WS2000 Wireless Switch System Reference Guide

    Network CLI Commands Reference 3-3

    3.2 Network AP Commands


    ap
    network

    Displays the Access Port submenu. The functionality provided by this menu is supplied by various screen under the Wireless menu item of the Web interface.
    Syntax admin(network)> ap admin(network.ap)>

    The items available under this command are shown below.


    Command Description Ref

    add copydefaults default delete denyap forget list mesh remap reset revert selfheal set show smartscan test save quit .. /

    Adds entries to the Access Port adoption list. Copies default AP settings to a connected AP. Goes to the default submenu. Deletes entries from the Access Port adoption lists. Goes to the Deny AP submenu Forgets AP parameters Lists entries in the Access Port adoption list. Goes to the Mesh submenu Remaps channels for the AP in auto mode. Resets an Access Port. Reverts AP to Access Point (AP4131 or AP4121) Goes to the Self-heal submenu Sets Access Port parameters. Shows Access Port parameters. Goes to the Smart scan submenu Goes to the test submenu. Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu

    page 3-4 page 3-5 page 3-17 page 3-6 page 3-30 page 3-7 page 3-8 page 3-40 page 3-9 page 3-10 page 3-11 page 3-24 page 3-12 page 3-15 page 3-34 page 3-38 page 2-6 page 2-5 page 2-7 page 2-8

    3-4 WS2000 Wireless Switch System Reference Guide

    3.2.1 Network AP add Command add


    Network AP Commands

    Adds entries to the Access Port adoption list. This allows the Access Ports with the MAC addresses specified in the command to associate with the specified WLAN. Performs functionality available in the Access Port Adoption List area of the Wireless screen.
    Syntax add <idx> <mac1> <mac2> Parameters

    <idx> <mac1> <mac2>


    Example

    The WLAN ID (1-8) The starting mac address for the range The last mac address in the range

    admin(network.ap)> add 1 00A0F8BFE9B0 00A0F8BFE9B0 admin(network.ap)list 1 admin(network.ap)>list 1 ------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)> Related Commands

    delete list

    Removes the MAC address range from the adoption list for the specified WLAN. Displays entries in the Access Port adoption list.

    Network CLI Commands Reference 3-5

    3.2.2 Network AP copydefaults Command copydefaults


    Network AP Commands

    Copies default Access Port settings to a connected Access Port. In the Web interface, the defaults are set on the Wireless, default AP screens (one for each radio type).
    Syntax copydefault <idx> Parameters

    <idx>
    Example

    The id of the AP to copy the defaults to

    admin(network.ap)>copydefaults 1 admin(network.ap)> Related Commands

    network.ap.default)> show default show status show ap

    Lists the current default settings for a selected Access Port type. Lists the index numbers for all currently connected Access Ports. Gets information about a particular Access Port.

    3-6 WS2000 Wireless Switch System Reference Guide

    3.2.3 Network AP delete Command delete


    Network AP Commands

    Deletes entries from the Access Port adoption list. In the Web interface, this functionality is found on the Wireless screen in the Access Port Adoption list area.
    Syntax delete <idx> [<entry>|all] Parameters

    <idx> [<entry>|all]

    Deletes an entry in the Access Port adoption list as specified by <entry>, which is the number listed in the adopted list (use the list command) for WLAN <idx> (1-8). all indicates deleting all the adoption list entries.

    Example

    The following example first lists out the adoption list entries for WLAN 1, deletes the second entry for WLAN 1, and finally displays the list for WLAN 1 showing that the entry has been deleted.
    admin(network.ap)>list 1 ------------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------------1 000000000000 00306542B965 2 004000000000 005000000000 admin(network.ap)>delete 1 2 admin(network.ap)>list 1 ------------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------------1 000000000000 00306542B965 Related Commands

    add list

    Adds entries to the adoption list. Lists entries in the Access Port adoption list.

    Network CLI Commands Reference 3-7

    3.2.4 Network AP forget Command forget


    Network AP Commands

    Forgets the AP parameters at a particular index specified by the <idx> value.


    Syntax forget [<idx>|all] Parameters

    <idx>|all
    Example

    <idx> The index to remove the AP parameters. all Removes all AP parameters from all the indices in the AP adoption list.

    The following syntax shows the forget command.


    admin(network.ap)>forget 1 admin(network.ap)>save

    3-8 WS2000 Wireless Switch System Reference Guide

    3.2.5 Network AP list Command list


    Network AP Commands

    Displays entries in the Access Port adoption list for a specified wireless LAN.
    Syntax list <idx> Parameters

    <idx>
    Example

    Lists the Access Port adoption entries for WLAN <idx> (1-8).

    The following example shows the access port adoption list for WLAN 1.
    admin(network.ap)>list 1 ---------------------------------------------------------------------index start mac end mac ----------------------------------------------------------------------1 1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C Related Commands

    add delete

    Adds entries to the adoption list. Deletes entries from the adoption list.

    Network CLI Commands Reference 3-9

    3.2.6 Network AP remap Command remap


    Network AP Commands

    Remaps the channels for a radio at index specified by <idx>.


    Syntax remap [<idx>|all] Parameters

    <idx>|all
    Example

    <idx> Remaps all channels for a radio specified by the index <idx> all Remaps all channels for all the radios in auto channel selection mode.

    admin(network.ap)>list 1 -------------------------------------------index start mac end mac -------------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)>remap 3

    3-10 WS2000 Wireless Switch System Reference Guide

    3.2.7 Network AP reset Command reset


    Network AP Commands

    Resets an Access Port.


    Syntax reset ap <idx> Parameters

    ap <idx>
    Example

    <idx> Resets the Access Port with index <idx> in the Access Port Adoption list.

    --------------------------------------index start mac end mac --------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)>reset ap 2 admin(network.ap)>

    Network CLI Commands Reference 3-11

    3.2.8 Network AP revert Command revert


    Network AP Commands

    Reverts an Access Port to an Access Point (Only on AP4131 or AP4121).


    Syntax revert ap <idx> Parameters

    ap <idx>
    Example

    <idx> Reverts the Access Port with index <idx> to an Access Point. Only on AP4131 and AP 4121.

    admin(network.ap)>revert ap 1 admin(network.ap)>

    3-12 WS2000 Wireless Switch System Reference Guide

    3.2.9 Network AP set Commands set


    Network AP Commands

    Sets Access Port parameters.


    Syntax set [beacon|ch_mode|div|dtim|loc|name|primary|rate| reg|rts|short-pre|802.1x|ap_scan|mac|radio_type| ap_type|sip_cac_mode|allowed_sip_session] Parameters

    beacon intvl <idx> <interval> ch_mode <idx> [fixed|random|auto] div <idx> <mode> dtim <idx> [<period>|<bss_idx <period>]]

    Sets the beacon interval for Access Port <idx> (112) to <interval> in K-us (50 200). Sets the channel mode for Access Port <idx> (112) to fixed, random or auto. Sets the default antenna diversity to <mode> (one of full, primary, or secondary). Sets the DTIM period for Access Port <idx> to <period> (number of beacons from 150). <bss_idx> is the index of the BSSID. If not specified for the AP300, the default value of 1 is assumed for this parameter. For other APs, the <period> value is used for all the BSSIDs. Sets Access Port <idx> location description to <loc> (113 characters). Sets Access Port <idx> name to <name> (113 characters). Sets the primary WLAN <widx> (the WLAN index from 1 to 8) for 802.11a radio associated with Access Port <idx> (1-12). The ESS ID configured for this WLAN will be used in the 802.11a beacon as the primary ESS.
    Note: This parameter is used only for AP200 APs with 802.11a radios

    loc <idx> <loc> name <idx> <name> primary <idx> <widx>

    rate <idx> <basic> <supported>

    Sets Access Port <idx> (1-12) basic and supported rates. <basic> and <supported> must be comma-separated lists of rates, such as 6,9,11,15 with no spaces. Basic rates are a subset of supported rates. The different types of radio support the following rates. A - 6|9|12|18|24|36|48|54 B - 1|2|5.5|11 G - 1|2|5.5|6|9|11|12|18|24|36|48|54
    Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy B stations.

    reg <idx> <indoor> <ch> Sets Access Port <idx> (1-12)regulatory parameters, which <indoor> is one of <pwr> in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20). Select the value of <ch> from the appropriate list. 802.11b ch -- 1 to 14 802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161
    Note: Regulatory parameter values depend on country of operation and radio type. Refer to documentation for regulatory information.

    rts <idx> <bytes>

    Sets the RTS threshold for Access Port <idx> (1-12) to <bytes> (e.g., 2341).

    Network CLI Commands Reference 3-13

    short-pre <idx> [enable|disable] 802.1x <username> <password> mac <idx> <mac>

    Enables or disables the short preamble mode for Access Port <idx> (1-12)

    Sets the 802.1x username and password on AP 300 Access Ports. Both parameters can be up to 64 characters long. Sets the MAC address of AP <idx> (1-12) to <mac> (MAC address format is XX:XX:XX:XX:XX:XX) ap_scan <idx> <mode> Sets the scan mode for Rogue AP detection where <idx> (1-12) is the access port index and <mode> is one of none, detector, on-chan, full-detector. radio_type <idx> Sets the Radio Type of an access port where <idx> (1-12) is the access port <radio_type> index and <radio_type> is one of 802.11a, 802.11b, 802.11b/g. ap_type <idx> Sets the AP type of an Access Port <idx> (1-12) to AP type. AP type <radio_type> <radio_type> is one of AP100, AP200, AP300 sip_cac_mode Enables or disables SIP Call Admission Control. [enable|disable] allowed_sip_session Sets the allowed number of SIP sessions for this portal. The value for <idx> <sip_session> <sip_session> lies between 1 and 100. <idx> (1-12) is the access port index. legacy_mode Enables or disables legacy mode support for AP300s. [enable|disable] mu-power-adjustment Sets Symbol MUs operating power in dBm. <ap-index> is the index of the <ap-index> <adjvalue> Symbol AP and <adjvalue> is the MU power adjustment value in dBm (valid 020) asset-name <idx> Sets asset name for the Access Port with <idx> (1-12) with <asset-name> (1<asset-name> 50 characters)

    Example:
    admin(network.ap)>set short-pre enable admin(network.ap)>set shor 1 enable admin(network.ap)>set name 1 BigOffice admin(network.ap)>set dtim 1 25 admin(network.ap)>set loc 1 BigBldg admin(network.ap)>show ap 1 ap name ap location ap mac address ap serial number ap radio type adopted by ap indoor use ap channel ap radio power antenna gain rf power antenna type ap diversity basic rates supported rates rts threshold : : : : : : : : : : : : : BigOffice BigBldg 00A0F8565656 00A0F8565656 802.11 B WLAN1 indoor/outdoor 1 4 dB 0 dBi 3 mW external full

    : 1 2 : 1 2 5.5 11 : 2341

    3-14 WS2000 Wireless Switch System Reference Guide

    beacon interval dtim period short preamble security beacon (hide ess) primary wlan index admin(network.ap)>

    : : : : :

    100 25 enable disable wlan1

    Network CLI Commands Reference 3-15

    3.2.10 Network AP show Command show


    Network AP Commands

    Shows Access Port parameters.


    Syntax show [ap|status|sip|legacy-mode] Parameters

    ap <idx> status sip <idx> legacy-mode


    Example

    Shows Access Port <idx> (1-12) radio parameters. Shows a list of Access Ports and their status. Shows SIP statistics for the portal <idx> (1-12). Shows the legacy mode configuration for the switch

    admin(network.ap)>show ap 1 ap name ap location ap mac address ap serial number ap radio type adopted by ap indoor use ap channel ap radio power antenna gain rf power antenna type ap diversity basic rates supported rates rts threshold beacon interval dtim period short preamble security beacon (hide ess) primary wlan index detector ap admin(network.ap)>show status ap index ap status ap index ap status ap index : 1 : connected : 2 : not connected : 3 : : : : : : : : : : : BigOffice BigBldg 00A0F8565656 00A0F8565656 802.11 B WLAN1 indoor/outdoor 1 4 dB 0 dBi 3 mW

    : external : full : 1 2 : 1 2 5.5 11 : : : : : : : 2341 100 25 enable disable wlan1 disable

    3-16 WS2000 Wireless Switch System Reference Guide

    ap status ap index ap status ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status

    : not connected : 4 : not connected : not connected : 6 : not connected : 7 : not connected : 8 : not connected : 9 : not connected : 10 : not connected : 11 : not connected : 12 : not connected

    admin(network.ap)>show legacy-mode Legacy mode is enabled. Related Commands

    set

    Sets Access Port parameters.

    Network CLI Commands Reference 3-17

    3.3 Network AP Default Commands


    default
    Network AP Commands

    Displays the default Access Port (AP) submenu. Use these commands to set the default values for all APs.
    Syntax admin(network.ap)> default

    The items available under this command are shown below.


    Command Description Ref

    set loadfromcf show quit save .. /

    Sets default Access Port parameters. Loads the configured images from the CF card immediately Shows default Access Port parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-18 page 3-20 page 3-21 page 3-1 page 3-1 page 3-1 page 3-1

    The items in this menu are available in the Web interface under the three default Access Port screens (one for each radio type) within the Wireless menu area.

    3-18 WS2000 Wireless Switch System Reference Guide

    3.3.1 Network AP Default set Command set


    Network AP Default Commands

    Sets the default Access Port parameters.


    Syntax set [beacon|ch_mode|div|dtim|primary|reg|rate|rts|short-pre|sensor-img| ap4131-img|ap4121-img] Parameters

    beacon intvl <type> <interval> ch-mode <type> [fixed|random|auto] div <type> <mode> dtim <type> [<bss_idx>|<period>]

    primary <type> <wdix>

    Sets the default beacon interval for specified radio type <type> (one of 802.11a, 802.11b, or 802.11b/g) to <interval> in K-us (50200). Sets the default channel mode for radios of <type> (one of 802.11a, 802.11b, or 802.11b/g) to fixed, random, or auto. Sets the default antenna diversity for radios of <type> (one of 802.11a, 802.11b, or 802.11b/g) to <mode> (one of full, primary, or secondary). Sets the default DTIM period for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g) to <period> number of beacons (150). <bss_idx> is the index of the BSSID. If not specified for the AP300, the default value of 1 is assumed for this parameter. For other APs, the <period> value is used for all the BSSIDs. Sets the default primary WLAN <widx> (1 to 8) for 802.11a radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). The ESS ID configured for this WLAN will be used in the 802.11a beacon as the primary ESS.
    Note: This parameter is used only for AP200 APs with 802.11a radios.

    rate <type> <basic> <supported>

    Sets the default basic and supported rates for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). <basic> and <supported> must be a comma separated list of rates, such as 6,9,11,15 with no spaces. Basic rates are a subset of supported rates. The different types of radio support the following rates. A - 6|9|12|18|24|36|48|54 B - 1|2|5.5|11 G - 1|2|5.5|6|9|11|12|18|24|36|48|54
    Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy B stations.

    reg <type> <indoor> <ch> <pwr>

    Sets the default regulatory parameters for radios of specified type (one of 802.11a, 802.11b, or 802.11b/g), where <indoor> is one of in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20). Select the value of <ch> from the appropriate list. 802.11b ch -- 1 to 14 802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161
    Note: Note: Regulatory parameter values depend on the country of operation and radio type. Refer to the documentation for specific regulatory information.

    rts <type> <bytes>

    Sets the default RTS threshold for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g) to <bytes> (e.g., 2341).

    Network CLI Commands Reference 3-19

    short-pre <type> [enable|disable] sensor-img <loc> ap4131-img <loc> ap4121-img <loc>


    Example

    By default, enables or disables the short preamble mode for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). Sets the default location of the sensor image. Location is specified in the <loc> parameter. Sets the default location <loc> of the AP 4131 image. Select from cf or def. Sets the default location <loc> of the AP 4121 image. Select from cf or def.

    admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap ap ap ap indoor use channel channel mode radio power : : : : : indoor only 36 random 17 dBm 50 mW

    ap diversity basic rates supported rates

    : full : 6 12 24 : 6 9 12 18 24 36 48 54

    rts threshold : 2341 beacon interval : 100 ------------------------------------------------------------------------BSSID | DTIM period ------------------------------------------------------------------------1 | 10 2 | 10 3 | 10 4 | 10 short preamble primary wlan index admin(network.ap.default)> Related Commands : disable : wlan1

    show default

    Displays the default AP settings for a particular radio type.

    3-20 WS2000 Wireless Switch System Reference Guide

    3.3.2 Network AP Default loadfromcf Command loadfromcf


    Network AP Default Commands

    Immediately loads configured images from the CF card.


    Syntax loadfromcf Parameters

    None
    Example admin(network.ap.default)>loadfromcf

    Network CLI Commands Reference 3-21

    3.3.3 Network AP Default show Command show


    Network AP Default Commands

    Shows the default Access Port parameters for a particular radio type.
    Syntax show [default|img-location] Parameters

    default <type> Shows the default Access Port parameters for radio type <type> (802.11a, 802.11b, 802.11bg). img-location Shows the Sensor/Access Port image locations.
    Example admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap ap ap ap indoor use channel channel mode radio power : : : : : indoor only 36 random 17 dBm 50 mW

    ap diversity basic rates supported rates

    : full : 6 12 24 : 6 9 12 18 24 36 48 54

    rts threshold : 2341 beacon interval : 100 ---------------------------------------------------------------------BSSID | DTIM period ---------------------------------------------------------------------1 | 10 2 | 10 3 | 10 4 | 10 short preamble : disable primary wlan index : wlan1 Related Commands

    set

    Sets the default parameters for the specified radio type.

    3-22 WS2000 Wireless Switch System Reference Guide

    3.4 Network AP Test Commands


    test
    Network AP Commands

    Displays the test submenu.


    Syntax admin(network.ap)> test admin(network.ap.test)>

    The items available under this command are shown below


    Command Description Ref.

    new quit save .. /

    Switches the Access Port to a new channel. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-23 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-23

    3.4.1 Network AP Test new Command new


    Network AP Test Commands

    Switches the specified Access Port to a new channel.


    Syntax new <idx> <ch> Parameters

    <idx> <ch>
    Example

    Switches the Access Port indexed with <idx> (112) to channel <ch> (which must be a valid channel for the specified Access Port.

    admin(network.ap.test)>new 2 15 admin(network.ap.test)>

    3-24 WS2000 Wireless Switch System Reference Guide

    3.5 Network AP Selfheal commands


    selfheal
    Network AP Commands

    Displays the selfheal submenu.


    Syntax admin(network.ap)> selfheal

    The items available under this menu are shown below.


    Command Description Ref.

    set detect-neighbor add del show quit save .. /

    Sets self-heal parameters Detects neighbors and prepares the neighbors list automatically Adds entries to the self-heal table Removes entries from the self-heal table Shows entries in the self-heal table Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-25 page 3-26 page 3-27 page 3-28 page 3-29 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-25

    3.5.1 Network AP Selfheal set Command set


    Network AP Selfheal commands

    Sets the different self-heal parameters.


    Syntax set [interference-avoidance|neighbor-recovery] Parameters

    interference-avoidance mode [enable|disable] Sets the self-healing interference mode. Can be [mode one of enable or disable. [enable|disable] | max-retries [<max-retires|default] Sets the threshold limit on the max-retries maximum number of retires permitted. <max-retires> (0-15) is the [<max-retries>|default] | number of allowed retries. default has a value of 14. hold-time hold-time [<hold-time>|default] Sets the hold-time between running two [<hold-time>|default]] consecutive interference avoidance algorithms. <hold-time> (0-65535) is the duration in seconds. default has a value of 3600. mode [enable|disable] Enables or disables neighbor recovery. neighbor-recovery action <radio-idx> <action> Sets the neighbor recovery action for the [mode portal. <radio-idx> (1-12) is the id of the radio for which action specified [enable|disable] | action <radio-idx> <action> | in <action> must be taken. Select <action> from none, raise-power, open-rates, both. offset <radio-idx> [<offset>|default]] Sets the radio offset value for the radio <radio-idx> (1-12) when the set action is raise-power. <offset> value is between 0-65535. default value is 0.
    Example - Set interference-avoidance: admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set Example - set neighbor-recovery: admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set 1 admin(network.ap.selfheal)>set 1 admin(network.ap.selfheal)>set neighbor-recovery neighbor-recovery neighbor-recovery neighbor-recovery mode enable mode disable action none radio 1 action raise-power radio interference-avoidance interference-avoidance interference-avoidance interference-avoidance interference-avoidance interference-avoidance mode enable mode disable max-retries 15 max-retries default hold-time 24000 hold-time default

    neighbor-recovery action open-rates radio neighbor-recovery action both radio 1

    3-26 WS2000 Wireless Switch System Reference Guide

    3.5.2 Network AP Selfheal detect-neighbor Command detect-neighbor


    Network AP Selfheal commands

    Detects the neighbor devices.


    Syntax detect-neighbor Parameters

    None
    Example admin(network.ap.selfheal)>detect-neighbor admin(network.ap.selfheal)>

    Network CLI Commands Reference 3-27

    3.5.3 Network AP Selfheal add Command add


    Network AP Selfheal commands

    Adds entries into the selfheal AP-AP neighbor table.


    Syntax add <from-ap> <to-ap> Parameters

    <from-ap> <to-ap>
    Example

    Adds the specified APs into the neighbor-recovery table. <from-ap> and <toap> accepts values 1 to 12 and all. all indicates all the APs.

    admin(network.ap.selfheal)>add 2 4 admin(network.ap.selfheal)>show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : enable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 open-rates 3 0 none 4 777 raise-power 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP 2 4 TO-AP 4 2 RAISED-POWER(dBm) 0 0 0 0

    -------------HEALING STATE OF PORTALS-----------PORTAL HEALING-MODE CONFIGURED-POWER(dBm) 1 Normal 20 2 Normal 17 3 Normal 20 4 Normal 17

    3-28 WS2000 Wireless Switch System Reference Guide

    3.5.4 Network AP Selfheal del Command del


    Network AP Selfheal commands

    Deletes entries from the selfheal AP-AP neighbor table.


    Syntax del <from-ap> <to-ap> Parameters <from-ap> <to-ap> Removes the specified APs from the neighbor-recovery table. <from-ap> and

    <to-ap> accepts values 1 to 12 and all. all indicates all the APs.
    Example admin(network.ap.selfheal)> del 2 4 admin(network.ap.selfheal)> show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : enable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 open-rates 3 0 none 4 0 none 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP TO-AP

    -------------HEALING STATE OF PORTALS-----------PORTAL 1 2 3 4 HEALING-MODE Normal Normal Normal Normal CONFIGURED-POWER(dBm) 20 17 20 17 RAISED-POWER(dBm) 0 0 0 0

    Network CLI Commands Reference 3-29

    3.5.5 Network AP Selfheal show Command show


    Network AP Selfheal commands

    Shows the selfheal parameter details.


    Syntax show Parameters

    None
    Example admin(network.ap.selfheal)>show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : disable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 none 3 0 none 4 0 none 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP 1 2 TO-AP 2 1 RAISED-POWER(dBm) 0 0

    -------------HEALING STATE OF PORTALS-----------PORTAL HEALING-MODE CONFIGURED-POWER(dBm) 1 Normal 20 2 Normal 20

    3-30 WS2000 Wireless Switch System Reference Guide

    3.6 Network AP Denyap Commands


    denyap
    Network AP Commands

    Displays the denyap submenu. Use the denyap submenu to manage APs that have been denied access to the switch.
    Syntax admin(network.ap)> denyap admin(network.ap.denyap)>

    The items available under this menu are shown below.


    Command Description Ref.

    add delete show quit save .. /

    Adds access port deny list entries Deletes access port deny list entries Shows access port deny list Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-31 page 3-32 page 3-33 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-31

    3.6.1 Network AP Denyap add Command add


    Network AP Denyap Commands

    Add entries to the Access Port Deny List.


    Syntax add <mac> Parameters

    <mac>
    Example

    Adds the MAC specified in the <mac> parameter to the Access Port Deny List. MAC entries are to be entered without the :. For example 00b4c2114534.

    admin(network.ap.denyap)>add 00b4c2114534 admin(network.ap.denyap)> admin(network.ap.denyap)>show ------------------------------------------------------------------------Idx AP NIC MAC ------------------------------------------------------------------------1 00b4c2114535 2 00b4c2114534 admin(network.ap.denyap)>

    3-32 WS2000 Wireless Switch System Reference Guide

    3.6.2 Network AP Denyap delete Command delete


    Network AP Denyap Commands

    Deletes an entry in the Access Port Deny List.


    Syntax delete [<mac>|all] Parameters

    <mac> all
    Example

    Deletes the MAC specified in the <mac> parameter from the Access Port Deny List. Deletes all the entries in the Access Port Deny List

    admin(network.ap.denyap)>show ------------------------------------------------------------------------Idx AP NIC MAC ------------------------------------------------------------------------1 00b4c2114535 2 00b4c2114534 admin(network.ap.denyap)>delete 00b4c2114535 admin(network.ap.denyap)>show ------------------------------------------------------------------------Idx AP NIC MAC ------------------------------------------------------------------------1 00b4c2114534

    Network CLI Commands Reference 3-33

    3.6.3 Network AP Denyap show Command show


    Network AP Denyap Commands

    Displays the Access Port Deny List.


    Syntax show Parameters

    None
    Example admin(network.ap.denyap)>show ---------------------------------------------------------------------Idx AP NIC MAC ---------------------------------------------------------------------1 00b4c2114535 2 00b4c2114534

    3-34 WS2000 Wireless Switch System Reference Guide

    3.7 Network AP Smartscan Commands


    smartscan
    Network AP Commands

    Displays the smartscan submenu.


    Syntax admin(network.ap)> smartscan admin(network.ap.smartscan)>

    The items available under this menu are shown below.


    Command Description Ref.

    set delete show quit save .. /

    Sets smartscan channels Removes smartscan channels Shows all smartscan channels Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-35 page 3-36 page 3-37 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-35

    3.7.1 Network AP Smartscan set Command set


    Network AP Smartscan Commands

    Sets the smartscan channels. These channels are the ones that are scanned for presence of WLANs.
    Syntax set [11a <11a>|11bg <11bg>] Parameters

    11a <11a> 11bg <11bg>

    Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a comma separated list. For example, 36,40,44,48 Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a comma separated list. For example, 1-4,6,8
    Note: When using a range for selecting multiple channels, all the channels that are included in the range should be valid channel numbers for the current regulatory domain.

    Example admin<network.ap.smartscan>> set 11bg 1-6,8,10-12 admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12 Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165 Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13

    3-36 WS2000 Wireless Switch System Reference Guide

    3.7.2 Network AP Smartscan delete Command delete


    Network AP Smartscan Commands

    Deletes all the channels in the smartscan list for a specific radio.
    Syntax delete [11a <11a>|11bg <11bg>] Parameters

    11a <11a> 11bg <11bg>

    Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a comma separated list. For example, 36,40,44,48 Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a comma separated list. For example, 1-4,6,8
    Note: When using a range for selecting multiple channels, all the channels that are included in the range should be valid channel numbers for the current regulatory domain.

    Example admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : 1 2 3 Available valid 11a channels : 36 40 161 165 Available valid 11bg channels : 1 2 3 admin(network.ap.smartscan)> delete 11bg admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : Available valid 11a channels : 36 40 161 165 Available valid 11bg channels : 1 2 3 admin(network.ap.smartscan)>

    4 5 6 8 10 11 12 44 48 52 56 60 64 149 153 157 4 5 6 7 8 9 10 11 12 13

    44 48 52 56 60 64 149 153 157 4 5 6 7 8 9 10 11 12 13

    Network CLI Commands Reference 3-37

    3.7.3 Network AP Smartscan show Command show


    Network AP Smartscan Commands

    Displays the list of channels used for smartscan for the different radios.
    Syntax show [all] Parameters

    all
    Example

    Shows the list of channels in the smartscan list.


    all : : 1 2 3 4 5 6 8 10 11 12 : 36 40 44 48 52 56 60 64 149 153 157 : 1 2 3 4 5 6 7 8 9 10 11 12 13

    admin(network.ap.smartscan)> show smart scan 11a channels smart scan 11bg channels Available valid 11a channels 161 165 Available valid 11bg channels

    3-38 WS2000 Wireless Switch System Reference Guide

    3.8 Network AP Test Commands


    test
    Network AP Commands

    Displays the test submenu. Use this submenu commands to test APs.
    Syntax admin(network.ap)> test admin(network.ap.test)>

    The items available under this command are shown below.


    Command Description Ref

    new show quit .. /

    Switches the AP to a new channel Shows mesh configuration information Quits the CLI. Goes to the parent menu. Goes to the root menu.

    page 3-39 page 3-47 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-39

    3.8.1 Network AP Test new Command new


    Network AP Test Commands

    Switches AP to a new channel.


    Syntax test <idx> <ch> Parameters

    <idx> <ch>
    Example

    The access port index for which the channel has to be changed The channel to change to. This must be a channel that is valid for the selected AP <idx>.

    admin(network.ap.test)> new 1 24 admin(network.ap.test)>

    3-40 WS2000 Wireless Switch System Reference Guide

    3.9 Network AP Mesh Commands


    mesh
    Network AP Commands

    Displays the mesh submenu. Use this menu to configure the different Mesh Network parameters.
    Syntax admin(network.ap)> mesh admin(network.ap.mesh)>

    The items available under this command are shown below.


    Command Description Ref

    set add del preferred-list available-list show quit save .. /

    Sets mesh parameters Adds a preferred base to the list Removes preferred bases from the list Shows a list of preferred bases Shows a list of available bases Shows mesh configuration information Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-41 page 3-43 page 3-44 page 3-45 page 3-46 page 3-47 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-41

    3.9.1 Network AP Mesh set Command set


    Network AP Mesh Commands

    Sets the mesh related parameters.


    Syntax set [client|vlan|auto|base|max-clients] Parameters

    client <radio-idx> Enables or disables the mesh client for the radio with the index [enable|disable] <radio-idx> (1-12). wlan <radio-idx> <wlan-id> Selects the WLAN <wlan-id> (1-8) for the mesh client radio index <radio-idx> (1-12). auto <radio-idx> Enables or disables automatic base selection for the radio with the index [enable|disable] <radio-idx> (1-12). base <radio-idx> Enables or disables the radio <radio-idx> (1-12) as the mesh base. [enable|disable] max-clients <radio-idx> Sets the maximum number of client <max-clients> for the radio <max-clients> <radio-idx> (1-12).
    Example admin(network.ap.mesh)> set client 1 enable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Client Only WLAN1 Enabled N/A admin(network.ap.mesh)> set base 1 enable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN1 Enabled 6 admin(network.ap.mesh)> set wlan 1 3 admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN3 Enabled 6 admin(network.ap.mesh)> set max-clients 1 4 admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN3 Enabled 4

    3-42 WS2000 Wireless Switch System Reference Guide

    admin(network.ap.mesh)> set auto 1 disable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN3 Disabled 4 admin(network.ap.mesh)>

    Network CLI Commands Reference 3-43

    3.9.2 Network AP Mesh add Command add


    Network AP Mesh Commands

    Adds a preferred base to the devices Preferred Base Bridge List.


    Syntax add <radio-idx> <mac> Parameters
    <radio-idx> <mac>

    Adds the base to the devices Preferred Base Bridge List. The <radio-idx> (1-12) is the unique ID for the radio. <mac> is the address of the base device to be added to the list.

    Example admin(network.ap.mesh)> add 3 001570419F9F admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F admin(network.ap.mesh)> Related Commands

    del preferred-list

    Removes preferred bases from the list Shows a list of preferred bases

    3-44 WS2000 Wireless Switch System Reference Guide

    3.9.3 Network AP Mesh del Command del


    Network AP Mesh Commands

    Removes a Mesh Base from the devices Preferred Base Bridge List.
    Syntax del [<radio-idx>] [all|<index>] Parameters
    <radio-idx> [all|<index>]

    Removes all preferred bases from the devices Preferred Base Bridge List for the radio specified by the <radio-idx> (1-12). all Indicates all the preferred base devices. <index> Indicates the selected preferred base device.

    Example admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F 2 00:15:45:70:9C:8D 3 15:03:54:07:23:45 admin(network.ap.mesh)> del 3 2 admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F 2 15:03:54:07:23:45 admin(network.ap.mesh)> del 3 all admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------admin(network.ap.mesh)> Related Commands

    add preferred-list

    Adds a preferred base to the list Shows a list of preferred bases

    Network CLI Commands Reference 3-45

    3.9.4 Network AP Mesh preferred-list Command preferred-list


    Network AP Mesh Commands

    Displays the Preferred Base Bridge List for the device


    Syntax preferred-list <radio-idx> Parameters

    <radio-idx>
    Example

    Displays the selected radios (<radio-idx> (1-12)) Preferred Base Bridge List.

    admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F 2 00:15:45:70:9C:8D 3 15:03:54:07:23:45 admin(network.ap.mesh)> Related Commands

    add del

    Adds a preferred base to the list Removes preferred bases from the list

    3-46 WS2000 Wireless Switch System Reference Guide

    3.9.5 Network AP Mesh available-list Command available-list


    Network AP Mesh Commands

    Displays the list of available base bridges along with their MAC addresses and the RSSI.
    Syntax available-list <radio-idx> Parameters

    <radio-idx>
    Example

    Displays the available base bridges for a particular radio indicated by the <radio-idx> (1-12) value.

    admin(network.ap.mesh)> available-list 3 ------------------------------------------------------------------------"MAC" "Channel" "RSSI" ------------------------------------------------------------------------00:15:70:41:9A:9A 11 189 admin(network.ap.mesh)> Related Commands

    add del preferred-list

    Adds a preferred base to the list Removes preferred bases from the list Shows a list of preferred bases

    Network CLI Commands Reference 3-47

    3.9.6 Network AP Mesh show Command show


    Network AP Mesh Commands

    Displays the mesh details for a particular radio.


    Syntax show <radio-idx> Parameters

    <radio-idx>
    Example

    Displays the mesh configuration information for the radio indicated by the <radio-idx> (1-12) value.

    admin(network.ap.mesh)> show 3 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN2 Enabled 4

    3-48 WS2000 Wireless Switch System Reference Guide

    3.10 Network DCHP Commands


    dhcp
    network

    Displays the DHCP submenu.


    Syntax admin(network)> dhcp admin(network.dhcp)>

    The items available under this command are shown below.


    Command Description Ref.

    set show quit save .. /

    Sets system updated flags. Shows system updated flags. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-49 page 3-50 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-49

    3.10.1 Network DHCP set Command set


    Network DCHP Commands

    Sets parameters for automated firmware and configuration upgrades.


    Syntax set [firmwareupgrade|configureupgrade|interface| dhcpvendorclassid|autoupgradeinterval]

    firmwareupgrade [0|1] configupgrade [0|1] interface <iface>

    dhcpvendorclassid <dhcp vendor class id> Note: Vendor class id must be preceded by Sym. autoupgradeinterval Sets the Light Weight DHCP Client Auto Upload time interval to <autoupgradeinterval> <autoupgradeinterval> (1-65535) seconds.
    Example admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface : 0 : 0 : w

    Enables (1) or disables (0) automatic switch firmware upgrade. Enables (1) or disables (0) automatic switch configuration update. Sets the interface <iface> for the upgrades to the device: s1 subnet 1 s2 subnet 2 s3 subnet 3 s4 subnet 4 s5 subnet 5 s6 subnet 6 w WAN Sets the DHCP vendor class id to <dhcp vendor class id>.

    admin(network.dhcp)>set firmwareupgrade 1 admin(network.dhcp)>set con 1 admin(network.dhcp)>set inter s1 admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface Related Commands : 1 : 1 : s1

    show all Shows the settings for all the automatic update parameters.

    3-50 WS2000 Wireless Switch System Reference Guide

    3.10.2 Network DHCP show Command show


    Network DCHP Commands

    Displays system updated flags.


    Syntax show all Parameters

    all
    Example

    Displays all of the DHCP-related system update parameters.

    admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface Dhcp Vendor Class Id Auto Upgrade Interval Related Commands : : : : : 1 1 w SymbolWS.WS2K-V2-0 600

    set

    Sets the DHCP-related parameters for updating system firmware and configuration.

    Network CLI Commands Reference 3-51

    3.11 Network Firewall Commands


    fw
    network

    Displays the firewall submenu.


    Syntax admin(network)> fw admin(network.fw)>

    The items available under this command are shown below.


    Command Description Ref.

    set show submap policy timeradd timerset timerdel timerlist ips quit save .. /

    Sets firewall parameters. Shows firewall parameters. Goes to the subnet mapping submenu. Goes to the advanced subnet mapping submenu. Creates a new timeout value Sets timeout values Deletes a named timer Shows the list of timers Goes to the Intrusion Prevention System submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-52 page 3-54 page 3-80 page 3-64 page 3-55 page 3-58 page 3-56 page 3-57 page 3-59 page 3-1 page 3-1 page 3-1 page 3-1

    The commands in this menu are available in the Web interface on the Network>Firewall screen.

    3-52 WS2000 Wireless Switch System Reference Guide

    3.11.1 Network Firewall set Command set


    Network Firewall Commands

    Sets firewall parameters. In the Web interface, this functionality is provide by the Network->Firewall screen.
    Syntax set [mode|override|ftp|ip|seq|src|syn|win|spoof|rst| range|netbios-alg] [enable|disable] set set set set mime mime mime mime [filter|hdr|len] filter [enable|disable] hdr <count> len <length>

    set timeout <time> set fin <time> Parameters

    mode [enable|disable] override [enable|disable] ftp [enable|disable] ip [enable|disable] mime [filter [enable|disable]| hdr <count>| len <length>] seq [enable|disable] src [enable|disable] syn [enable|disable] timeout <time> win [enable|disable] spoof [enable|disable] rst [enable|disable] range [enable|disable] fin <time> netbios-alg [enable|disable]
    Example

    Enables or disables the firewall. Enables or disables subnet access override. Enables or disables FTP bounce attack check. Enables or disables IP unaligned timestamp check. filter [enable|disable] Enables or disables MIME flood attack check. hdr <count> Sets the max number of headers as specified in <count> (12-34463) len <length> Sets the max header length in bytes as specified by <length> (256-34463) Enables or disables sequence number prediction check. Enables or disables source routing check. Enables or disables SYN flood attack check. Sets the firewall timeout to <time> minutes (190). Enables or disables Winnuke attack check. Enables or disables IP Spoofing attack check Enables or disable reset attack check Enables or disable sequence out of range check Sets fin timeout to <time> seconds. Enables or disables NetBIOS ALG support.

    admin(network.fw)>show all Firewall Status Subnet Access Override Configurable Firewall Filters : enable : disable

    Network CLI Commands Reference 3-53

    ftp bounce attack filter syn flood attack filter unaligned ip timestamp filter source routing attack filter winnuke attack filter seq num prediction attack filter mime flood attack filter max mime header length max mime headers nat timeout interval in minutes ip spoofing attack filter reset attack filter ack/seq number out of range check fin timeout Always On Firewall Filters land attack filter ping of death attack filter reassembly attack filter NetBIOS alg admin(network.fw)> Related Commands

    : : : : : : : : : : : : : :

    enable enable enable enable enable enable enable 8192 16 30 enable enable enable 20

    : : : :

    enable enable enable disable

    show

    Shows the current firewall settings.

    3-54 WS2000 Wireless Switch System Reference Guide

    3.11.2 Network Firewall show Command show


    Network Firewall Commands

    Displays the firewall parameters.


    Syntax show all Parameters

    all
    Example

    Shows all firewall settings.

    admin(network.fw)>show all Firewall Status Subnet Access Override Configurable Firewall Filters ftp bounce attack filter syn flood attack filter unaligned ip timestamp filter source routing attack filter winnuke attack filter seq num prediction attack filter mime flood attack filter max mime header length max mime headers nat timeout interval in minutes ip spoofing attack filter reset attack filter ack/seq number out of range check fin timeout Always On Firewall Filters land attack filter ping of death attack filter reassembly attack filter NetBIOS alg admin(network.fw)> Related Commands : : : : enable enable enable disable : : : : : : : : : : : : : : enable enable enable enable enable enable enable 8192 16 30 enable enable enable 20 : enable : disable

    set

    Sets firewall settings.

    Network CLI Commands Reference 3-55

    3.11.3 Network Firewall timeradd Command timeradd


    Network Firewall Commands

    Adds a new named timeout value.


    Syntax timeradd <name> <protocol> <port> <value> Parameters timeradd <name> Adds a new named timeout value. <protocol> <name> is the name of the time out value (1-15 characters) <port> <value>

    <protocol> is the protocol to be used. (tcp or udp) <port> is the port number (0-32767) <value> is the timeout value in seconds (60-268400000)

    Example admin(network.fw)> timeradd newtcp tcp 21 4500 admin(network.fw)> timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 admin(network.fw)

    3-56 WS2000 Wireless Switch System Reference Guide

    3.11.4 Network Firewall timerdel Command timerdel


    Network Firewall Commands

    Deletes a named timeout value.


    Syntax timerdell <timer name> Parameters

    timerdel <timername>
    Example

    Deletes a timer named <timer name>.

    admin(network.fw)>timeradd newudp udp 21 4500 admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 newudp udp 21 4500 admin(network.fw)timerdel newtcp admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newudp udp 21 4500

    Network CLI Commands Reference 3-57

    3.11.5 Network Firewall timerlist Command timerlist


    Network Firewall Commands

    Displays all named time outs.


    Syntax timerlist Parameters

    None
    Example admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 newudp udp 21 4500 admin(network.fw)

    3-58 WS2000 Wireless Switch System Reference Guide

    3.11.6 Network Firewall timerset Command timerset


    Network Firewall Commands

    Sets the timeout value for a named timer.


    Syntax timerset <timer name> <value> Parameters

    timerset <timer name> <value>


    Example

    Sets the timer value <value> (60-268400000) for a timer named <timer name>.

    admin(network.fw)>timerset newudp 5000 admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 newudp udp 21 5000

    Network CLI Commands Reference 3-59

    3.12 Network Firewall Intrusion Prevention System Commands


    ips
    Network Firewall Commands

    Displays the firewall Intrusion Prevention System (IPS) submenu.


    Syntax admin(network.fw)> ips admin(network.fw.ips)>

    The items available under this command are shown below.


    Command Description Ref.

    set show quit save .. /

    Sets the IPS parameters Displays the IPS settings Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-60 page 3-62 page 3-1 page 3-1 page 3-1 page 3-1

    3-60 WS2000 Wireless Switch System Reference Guide

    3.12.1 Network Firewall IPS set Command set


    Network Firewall Intrusion Prevention System Commands

    Sets the Intrusion Prevention System (IPS) parameters.


    Syntax set [mode|anomaly-config|signature-categories|direction] set set set set mode [enable|disable] signature-categorises <category-list> direction [default|bi-directional] anomaly-config[-sl <smtplen>|-ml <mimelen>|-md <mimedepth>| -hl <httpline>|-hz <httpsize>|-hlz <httplinesize>| -huz <httpurisize>]

    mode [enable|disable] anomaly-config [-sl <smtplen>| -ml <mimelen>| -md <mimedepth>| -hl <httphline>| -hz <httphsize>| -hlz <httplinesize>| -huz <httpurisize>] signature-categories <category-list>

    direction [default|bi-directional]

    Enables or disables IPS. -sl <smtplen> Sets the SMTP header length. -ml <mimelen> Sets the MIME header length. -md <mimedepth> Sets the depth of MIME boundary header. -hl <httphline> Sets the field in the HTTP header. -hz <httphsize> Sets the HTTP header size. -hlz <httplinesize> Sets the HTTP header line size. -huz <httpurisize> Sets the HTTP URI size. Sets the signature categories for IPS. Select <category-list> from TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS, TCPRPC, UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, ICMP, TCP, UDP, IP. If more than one signature category is specified, separate each category with a space. Each of the signature category must be specified in Upper Case only. Sets the direction to inspect packets. default Sets direction as default. This is defined in the signature. bi-directional Sets direction as bi-directional. Packets are inspected when received or sent.

    Example admin(network.fw.ips)>set mode enable admin(network.fw.ips)>set anomaly-config -sl 100 admin(network.fw.ips)>set direction default admin(network.fw.ips)>set signature-categories TELNET POP3 TCP UDP admin(network.fw.ips)>show all IPS mode : enable SMTP Header length : 1024 MIME header length : 1024 Depth of MIME boundary header : 5 Field in HTTP header : 50 HTTP header size : 4096 HTTP header line size : 3072

    Network CLI Commands Reference 3-61

    HTTP URI size Loaded Signature Categories Packet Direction of signatures admin(network.fw.ips)>

    : 3072 : TELNET POP3 TCP UDP IMAP HTTP SMTP : default

    3-62 WS2000 Wireless Switch System Reference Guide

    3.12.2 Network Firewall IPS show Command show


    Network Firewall Intrusion Prevention System Commands

    Displays the Intrusion Prevention System (IPS) configurations.


    Syntax show all Parameters

    all
    Example

    Displays the IPS configuration.

    admin(network.fw.ips)>show all IPS mode SMTP Header length MIME header length Depth of MIME boundary header Field in HTTP header HTTP header size HTTP header line size HTTP URI size Loaded Signature Categories Packet Direction of signatures admin(network.fw.ips)> admin(network.fw)>show all Firewall Status Subnet Access Override Configurable Firewall Filters ftp bounce attack filter syn flood attack filter unaligned ip timestamp filter source routing attack filter winnuke attack filter seq num prediction attack filter mime flood attack filter max mime header length max mime headers nat timeout interval in minutes ip spoofing attack filter reset attack filter ack/seq number out of range check fin timeout Always On Firewall Filters land attack filter ping of death attack filter reassembly attack filter

    : : : : : : : : : :

    enable 1024 1024 5 50 4096 3072 3072 TELNET POP3 TCP UDP IMAP HTTP SMTp default

    : enable : disable

    : : : : : : : : : : : : : :

    enable enable enable enable enable enable enable 8192 16 10 enable enable enable 20

    : enable : enable : enable

    Network CLI Commands Reference 3-63

    NetBIOS alg HTTP alg admin(network.fw)>

    : disable : enable

    3-64 WS2000 Wireless Switch System Reference Guide

    3.13 Network Firewall Policy Commands


    policy
    Network Firewall Commands

    Displays the firewall policy submenu.


    Syntax admin(network.fw)> policy admin(network.fw.policy)>

    NOTE: The Policy menu can only be accessed when Subnet Access Override mode is enabled. To enable Subnet Access Override use the command
    admin(network.fw)> set override enable

    The items available under this command are shown below.


    Command Description Ref.

    inbound outbound import quit save .. /

    Goes to the inbound policy submenu. Goes to the outbound policy submenu. Imports subnet access rules. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-66 page 3-73 page 3-65 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-65

    3.13.1 Network Firewall Policy import command import


    Network Firewall Policy Commands

    Imports subnet access rules from current subnet access settings created in the GUI interface (Network-> Firewall -> Subnet Access menu item) or using the CLI submap menu commands. Previously set outbound firewall policies will be deleted.
    Syntax import Parameters

    None
    Example admin(network.fw.policy)>import WARNING : You will loose all your current advanced access policies. Do you want to continue [n/y]?y admin(network.fw.policy)> admin(network.fw.policy.outb)>list ---------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp Src Ports Dst Ports NAT Action ---------------------------------------------------------------------------1 192.168.0.1- 192.168.1.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 2 192.168.0.1- 192.168.2.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 3 192.168.1.1- 192.168.0.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 4 192.168.1.1- 192.168.2.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 5 192.168.2.1- 192.168.0.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 6 192.168.2.1- 192.168.1.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 7 192.168.0.0- 192.168.32.2all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 8 192.168.0.0- 0.0.0.0all 1:65535 1:65535 wan1 allow 255.255.255.0 0.0.0.0 9 192.168.1.0- 0.0.0.0all 1:65535 1:65535 none allow 255.255.255.0 0.0.0.0 10 192.168.2.0- 0.0.0.0all 1:65535 1:65535 none allow 255.255.255.0 0.0.0.0 Related Commands

    submap > list outb > list

    Lists the currently defined subnet to subnet/WAN communication rules into the outbound firewall policy list. Lists the current outbound firewall policies.

    3-66 WS2000 Wireless Switch System Reference Guide

    3.14 Network Firewall Policy Inbound Commands


    inbound
    Network Firewall Policy Commands

    Displays the inbound policy submenu.


    Syntax admin(network.fw.policy)> inb admin(network.fw.policy.inb)>

    The items available under this command are shown below.


    Command Description Ref.

    add set delete list move insert quit save .. /

    Adds a firewall policy. Sets firewall policy parameters. Deletes a firewall policy. Lists firewall policies. Moves a firewall policy to a different position in the list. Inserts a new firewall policy before an existing policy. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-67 page 3-72 page 3-68 page 3-70 page 3-71 page 3-69 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-67

    3.14.1 Network Firewall Policy Inbound add Command add


    Network Firewall Policy Inbound Commands

    Adds an inbound firewall policy.


    Syntax add <sip> <netmask> <dip> <dnetmask> Parameters
    <sip> <netmask> <dip> <dnetmask>

    Adds a firewall policy to be effective on communications between a source site and a destination site. <sip> The source IP <snetmask> The source IPs network mask <dip> The destination site IP <dnetmask> The destination IPs network mask

    Example admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0 Related Commands

    delete move

    Deletes firewall policies from the inbound list. Moves firewall policies either up or down in the list of policies.

    3-68 WS2000 Wireless Switch System Reference Guide

    3.14.2 Network Firewall Policy Inbound delete Command delete


    Network Firewall Policy Inbound Commands

    Deletes a firewall policy.


    Syntax delete [all|<idx>] Parameters

    <idx> all
    Example

    Deletes inbound firewall policy <idx> from the policy list. Deletes all inbound firewall policies.

    admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 admin(network.fw.policy.inb)>del 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0

    Network CLI Commands Reference 3-69

    3.14.3 Network Firewall Policy Inbound insert Command insert


    Network Firewall Policy Inbound Commands

    Inserts a new firewall policy before an existing policy.


    Syntax insert <idx> <sip> <snetmask> <dip> <dnetmask> Parameters
    <idx> <sip> <snetmask> <dip> <dnetmask>

    Inserts a new policy into the inbound firewall policy list at a specified index. <idx> The index in the firewall policy list where this policy is to be inserted. <sip> The source IP <snetmask> The source IPs network mask <dip> The destination site IP <dnetmask> The destination IPs network mask

    Example admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>insert 1 209.239.160.44 255.255.255.224 192.168.55. 44 255.255.255.0 Inbound Policy Successfully inserted at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0

    3-70 WS2000 Wireless Switch System Reference Guide

    3.14.4 Network Firewall Policy Inbound list Command list


    Network Firewall Policy Inbound Commands

    Lists inbound firewall policies.


    Syntax list {<idx>} Parameters

    <idx>

    Displays firewall policy with number <idx>.

    Example:
    admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.255.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0

    Network CLI Commands Reference 3-71

    3.14.5 Network Firewall Policy Inbound move Command move


    Network Firewall Policy Inbound Commands

    Moves a firewall policy to a different position in the list and renumbers all affected items in the list.
    Syntax move [up|down] <idx> Parameters

    [up|down] <idx>
    Example

    Moves policy with index <idx> up or down one (to a lower or a higher number) in the policy list.

    admin(network.fw.policy.inb)>list ---------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 2 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>move up 2 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 255.255.255.224 255.255.255.0 200: 201 0.0.0.0 allow nat port 0

    3-72 WS2000 Wireless Switch System Reference Guide

    3.14.6 Network Firewall Policy Inbound set Command set


    Network Firewall Policy Inbound Commands

    Sets inbound firewall policy parameters.


    Syntax set [saddr|daddr|tp|sport}dport|rnat|rport|action|logging] Parameters

    Sets source IP address <Ip Addr> and IP netmask <netmask> for inbound firewall policy <idx>. Sets destination IP address <Ip Addr> and IP netmask <netmask> for inbound firewall policy <idx>. Sets transport protocol for inbound firewall policy <idx> to <tp> (one of all, tcp, udp, icmp, ah, esp, gre). sport <idx> <port1> Sets source port range for inbound firewall policy <idx> from <port1> [<port2>] (165535) to <port2> (165535). If <port2> is not specified, <port1> is used as the top end of the range. dport <idx> <port1> Sets destination port range for inbound firewall policy <idx> from <port1> (1 [<port2>] 65535) to <port2> (165535). If <port2> is not specified, <port1> is used as the top end of the range. rnat <idx> <Ip Addr> Sets reverse NAT IP address for inbound firewall policy <idx> to <Ip Addr> (a.b.c.d). rport <idx> <rport> Sets reverse NAT port for inbound firewall policy <idx> to <rport> (065535). action <idx> [allow|deny] Sets action of inbound firewall policy <idx> to allow or deny.
    Example admin(network.fw.policy.inb)>set tp 1 gre admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>set sport 1 20 21 admin(network.fw.policy.inb)>set dport 1 200 201 admin(network.fw.policy.inb)>set action 1 allow admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0

    saddr <idx> <Ip Addr> <netmask> daddr <idx> <Ip Addr> <netmask> tp <idx> <tp>

    Network CLI Commands Reference 3-73

    3.15 Network Firewall Policy Outbound Commands


    outbound
    Network Firewall Policy Commands

    Displays the outbound policy submenu.


    Syntax admin(network.fw.policy)> outbound admin(network.fw.policy.outbound)>

    The items available under this command are shown below.


    Command Description Ref.

    add set delete list move insert quit save .. /

    Adds a firewall policy. Sets firewall policy parameters. Deletes a firewall policy. Lists firewall policies. Moves a firewall policy to a different position in the list. Inserts a new firewall policy before an existing policy. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-74 page 3-79 page 3-75 page 3-77 page 3-78 page 3-76 page 3-1 page 3-1 page 3-1 page 3-1

    3-74 WS2000 Wireless Switch System Reference Guide

    3.15.1 Network Firewall Policy Outbound add Command add


    Network Firewall Policy Outbound Commands

    Adds an outbound firewall policy.


    Syntax add <sip> <netmask> <dip> <netmask> Parameters
    <sip> <netmask> <dip> <dnetmask>

    Adds a firewall policy to be effective on communications between a source site and a destination site. <sip> The source IP <snetmask> The source IPs network mask <dip> The destination site IP <dnetmask> The destination IPs network mask

    Example admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.255.255.224 Outbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0 Related Commands

    delete move

    Deletes firewall policies from the outbound list. Moves policies either up or down in the list of policies.

    Network CLI Commands Reference 3-75

    3.15.2 Network Firewall Policy Outbound delete Command delete


    Network Firewall Policy Outbound Commands

    Deletes an outbound firewall policy.


    Syntax delete [all|<idx>] Parameters

    <idx> all
    Example

    Deletes inbound firewall policy <idx> from the policy list. Deletes all outbound firewall policies.

    admin(network.fw.policy.outb)>list ---------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ---------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 admin(network.fw.policy.outb)>del 1 admin(network.fw.policy.outb)>list ---------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ---------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0

    3-76 WS2000 Wireless Switch System Reference Guide

    3.15.3 Network Firewall Policy Outbound insert Command insert


    Network Firewall Policy Outbound Commands

    Inserts a new outbound firewall policy before an existing policy.


    Syntax insert <idx> <sip> <netmask> <dip> <netmask> Parameters
    <idx> <sip> <snetmask> <dip> <dnetmask>

    Inserts a new policy into the outbound firewall policy list at a specified index. <idx> The index in the firewall policy list where this policy is to be inserted. <sip> The source IP <snetmask> The source IPs network mask <dip> The destination site IP <dnetmask> The destination IPs network mask

    Example admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>insert 1 209.239.160.44 255.255.255.224 192.168.55. 44 255.255.255.0 Outbound Policy Successfully inserted at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0

    Network CLI Commands Reference 3-77

    3.15.4 Network Firewall Policy Outbound list Command list


    Network Firewall Policy Outbound Commands

    Lists outbound firewall policies.


    Syntax list {<idx>} Parameters

    <idx>
    Example

    Displays firewall outbound policy with number <idx>.

    admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0

    3-78 WS2000 Wireless Switch System Reference Guide

    3.15.5 Network Firewall Policy Outbound move Command move


    Network Firewall Policy Outbound Commands

    Moves an outbound firewall policy up or down in the policy list and renumbers the policy affected by the move.
    Syntax move [up|down] <idx> Parameters

    [up|down] <idx>
    Example

    Moves policy with index <idx> up or down one (to a lower or a higher number) in the policy list.

    admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 2 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>move up 2 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ---------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 255.255.255.224 255.255.255.0 200: 201 0.0.0.0 allow nat port 0

    Network CLI Commands Reference 3-79

    3.15.6 Network Firewall Policy Outbound set Command set


    Network Firewall Policy Outbound Commands

    Sets firewall policy parameters.


    Syntax set [saddr|daddr|tp|sport|dport|nat|action|logging] Parameters

    saddr <idx> <Ip Addr> <netmask> daddr <idx> <Ip Addr> <netmask> tp <idx> <tp>

    Sets source IP address <Ip Addr> and IP netmask <netmask> for outbound firewall policy <idx>. Sets destination IP address <Ip Addr> and IP netmask <netmask> for outbound firewall policy <idx>. Sets transport protocol for outbound firewall policy <idx> to <tp> (one of all, tcp, udp, icmp, ah, esp, gre). sport <idx> <port1> Sets source port range for outbound firewall policy <idx> from <port1> [<port2>] (165535) to <port2> (165535). If <port2> is not specified, <port1> is used as the top end of the range. dport <idx> <port1> Sets destination port range for outbound firewall policy <idx> from <port1> [<port2>] (165535) to <port2> (165535). If <port2> is not specified, <port1> is used as the top end of the range. nat <idx> <wan id> Sets NAT WAN ID for outbound firewall policy <idx> to <wan id> (0-8) where 0 = none, 1 = WAN 1, 2 = WAN 2, etc. action <idx> [allow|deny] Sets action of outbound firewall policy <idx> to allow or deny. logging <idx> Sets logging of outbound firewall policy <idx> to enable or disable. [enable|disable]

    Example admin(network.fw.policy.outb)>set tp 1 gre admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>set sport 1 20 21 admin(network.fw.policy.outb)>set dport 1 200 201 admin(network.fw.policy.outb)>set action 1 allow admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0

    3-80 WS2000 Wireless Switch System Reference Guide

    3.16 Network Firewall Submap Commands


    submap
    Network Firewall Commands

    Displays the subnet mapping submenu.


    Syntax admin(network.fw)> submap admin(network.fw.submap)>

    NOTE: The submap menu can only be accessed when Subnet Access Override mode is disabled. To disable Subnet Access Override use the command
    admin(network.fw)> set override disable

    The items available under this command are shown below.


    Command Description Ref.

    add delete list set show quit save .. /

    Adds subnet access exception rules. Deletes subnet access exception rules. Lists subnet access exception rules. Sets subnet access parameters. Shows subnet access parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-81 page 3-83 page 3-84 page 3-85 page 3-86 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-81

    3.16.1 Network Firewall Submap add Command add


    Network Firewall Submap Commands

    Adds subnet access exception rules.


    Syntax add <from> <to> <name> <tran> <port1> <port2> Parameters

    add <from> <to> <name> <tran> <port1> <port2>

    Adds a subnet access exception rule for communication. <from> The source subnet (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) <to> The destination subnet (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w=WAN) <name> The name of this exception rule. (1-7 characters) <trans> The transport protocol to deny access. (one of the following transport protocols: tcp, udp, icmp, ah, esp, gre, or all) <port1> <port2> Ports in the range <port1> to <port2>

    Example admin(network.fw.submap)>add s1 w test gre 21 101 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80

    3-82 WS2000 Wireless Switch System Reference Guide

    admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------

    Network CLI Commands Reference 3-83

    3.16.2 Network Firewall Submap delete Command delete


    Network Firewall Submap Commands

    Deletes subnet access exception rules.


    Syntax delete <from> [<idx>|all] Parameters

    <from> [<idx>|all]

    <idx> Deletes access exception rule entry <idx> from subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6). all Deletes all access exception rule entries from subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6).

    Example admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80 admin(network.fw.submap)>delete s1 2 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------

    3-84 WS2000 Wireless Switch System Reference Guide

    3.16.3 Network Firewall Submap list Command list


    Network Firewall Submap Commands

    Lists subnet access exception rules.


    Syntax list <from> Parameters

    <from>
    Example

    Lists the access exception entries for <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6).

    admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80 admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port

    Network CLI Commands Reference 3-85

    3.16.4 Network Firewall Submap set Command set


    Network Firewall Submap Commands

    Sets a default subnet access rule to allow or deny communication.


    Syntax set [default|subnet-logging|logging] Parameters

    Sets the default subnet access rule. <from> The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6). <to> The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). <rule> The rule to be enforced. Select from allow or deny. subnet-logging Enables or disables logging for a subnet access rule. <from> <to> <from> The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, [enable|disable] s4 = subnet4, s5 = subnet5, s6 = subnet6). <to> The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). enable Enables he logging disable Disables logging logging <from> Enables, disables, or sets to default the logging for a subnet access exception rule. <to> <rule-name> <from> The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, [enable|disable|d s4 = subnet4, s5 = subnet5, s6 = subnet6). efault] <to> The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). enable Enables he logging disable Disables logging default Adopts subnet access configuration.
    Example admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>set default s2 s4 deny admin(network.fw.submap)>set subnet-logging s2 s3 enable admin(network.fw.submap)>set logging s1 s2 s1s2allow default admin(network.fw.submap)>show default s2 ------------------------------------------------------------------------wan subnet1 subnet2 subnet3 subnet4 subnet5 subnet6 ------------------------------------------------------------------------deny allow allow allow deny allow allow (log enabled) admin(network.fw.submap)>

    default <from> <to> <rule>

    3-86 WS2000 Wireless Switch System Reference Guide

    3.16.5 Network Firewall Submap show Command show


    Network Firewall Submap Commands

    Displays default subnet access exception rules for indicated subnet.


    Syntax show default <from> Parameters

    default <from>
    Example

    Shows all default access exception rules for subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) to all other subnets.

    admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>set default s2 s4 deny admin(network.fw.submap)>set subnet-logging s2 s3 enable admin(network.fw.submap)>set logging s1 s2 s1s2allow default admin(network.fw.submap)>show default s2 ------------------------------------------------------------------------wan subnet1 subnet2 subnet3 subnet4 subnet5 subnet6 ------------------------------------------------------------------------deny allow allow allow deny allow allow (log enabled) admin(network.fw.submap)>

    Network CLI Commands Reference 3-87

    3.17 Network LAN Commands


    lan
    network

    Displays the LAN submenu.


    Syntax admin(network)>lan admin(network.lan)>

    The items available under this command are shown below.


    Command Description Ref.

    dhcp set show updateDNS updateAllDNS bridge quit save .. /

    Goes to the DHCP submenu. Sets LAN parameters. Shows LAN parameters. Updates DNS for a subnet Updates DNS for all subnets Goes to the bridge submenu Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-93 page 3-88 page 3-90 page 3-91 page 3-92 page 3-101 page 3-1 page 3-1 page 3-1 page 3-1

    3-88 WS2000 Wireless Switch System Reference Guide

    3.17.1 Network LAN set Command set


    Network LAN Commands

    Sets the LAN parameters for the six subnets.


    Syntax set [ipadr|mask|dgw|mode|name|port|wlan|stp] set set set set set set set set ipadr <idx> <ip> mask <idx> <netmask> dgw <idx> <ip> mode [enable|disable] name <idx> <name> port <port> <subnet> wlan <wlan> <subnet> stp <mode>

    Parameters

    ipadr <idx> <ip> mask <idx> <netmask> dgw <idx> <ip> mode <idx> [enable|disable] name <idx> <name> port <port> <subnet> wlan <wlan> <subnet> stp <mode>

    Sets the IP address of subnet <idx> (16) to the IP address <ip> in the form a.b.c.d. Sets the netmask of subnet <idx> (16) to IP address mask <netmask> in the form a.b.c.d. Sets the default gateway for the subnet <idx> (1-6) to the IP <ip>. Enables or disables the subnet identified by <idx> (16). Sets the name of the subnet <idx>(16) to <name> (can be up to 7 characters). Assigns port <port>(16) to the subnet indicated by <subnet> (none, s1, s2, s3, s4, s5, s6). Unassigns a port with <subnet> = none. Assigns WLAN number <wlan> to the subnet indicated by (none, s1, s2, s3, s4, s5, s6). Unassigns a WLAN with <subnet> = none. Enables or disables Spanning Tree Protocol (STP) for the subnets. Choose <mode> from enable or disable.

    NOTE: STP is applied on mesh networks even if it is disabled through the set command.
    Example admin(network.lan)>show lan 1 subnet name subnet interface ip address network mask ports wlans : : : : : : Subnet1 enable 192.168.0.1 255.255.255.0 port1 port2 port3 port4 port5 port6 wlan1

    Network CLI Commands Reference 3-89

    admin(network.lan)>set name admin(network.lan)>set port admin(network.lan)>set wlan admin(network.lan)>show lan subnet name subnet interface ip address network mask default gateway ports wlan vlan tag

    1 NewName 4 none 2 s1 1 : : : : : : : : OfficeN enable 192.168.0.1 255.255.255.0 192.168.0.1 port1 port2 port3 port4 port5 wlan1 wlan3 1

    admin(network.lan)> set stp enable admin(network.lan)> show stp STP Mode Related Commands : Enable

    show lan

    Shows the current settings for the specified subnet (LAN).

    3-90 WS2000 Wireless Switch System Reference Guide

    3.17.2 Network LAN show Command show


    Network LAN Commands

    Shows the LAN parameters.


    Syntax show [lan|stp] Parameters

    lan <idx> stp


    Example

    Shows the settings for the subnet <idx> (14). Shows the STP status for the device

    admin(network.lan)>show lan 1 subnet name subnet interface ip address network mask ports wlans admin(network.lan)>set name admin(network.lan)>set port admin(network.lan)>set wlan admin(network.lan)>show lan subnet name subnet interface ip address network mask ports wlans admin(network.lan)> set stp enable admin(network.lan)> show stp STP Mode Related Commands : Enable : : : : : : Subnet1 enable 192.168.0.1 255.255.255.0 port1 port2 port3 port4 port5 port6 wlan1

    1 NewName 4 none 2 s1 1 : : : : : : NewName enable 192.168.0.1 255.255.255.0 port1 port2 port3 port5 port6 wlan1 wlan2

    set set stp

    Sets the parameters for a specified subnet (LAN). Enables or disables Spanning Tree Protocol for the device.

    Network CLI Commands Reference 3-91

    3.17.3 Network LAN updateDNS Command updateDNS


    Network LAN Commands

    Updates the DNS for the selected subnet.


    Syntax updateDNS <idx> Parameters

    <idx>
    Example

    The subnet ID (1-6)

    admin(network.lan)>updateDNS 1 admin(network.lan)> Related Commands

    updateAllDNS Updates the DNS for all subnets.

    3-92 WS2000 Wireless Switch System Reference Guide

    3.17.4 Network LAN updateAllDNS Command updateAllDNS


    Network LAN Commands

    Updates the DNS for all the active subnets.


    Syntax updateAllDNS Parameters

    None
    Example admin(network.lan)> updateAllDNS admin(network.lan)> Related Commands

    updateDNS

    Updates the DNS for a selected subnet.

    Network CLI Commands Reference 3-93

    3.18 Network LAN DHCP Commands


    dhcp
    Network LAN Commands

    Displays the DHCP submenu.


    Syntax admin(network.lan)> dhcp admin(network.lan.dhcp)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete list set show renew quit save .. /

    Adds static DHCP address assignments. Deletes static DHCP address assignments. Lists static DHCP address assignments. Sets DHCP parameters. Shows DHCP parameters. Renews the DHCP IP address. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-94 page 3-95 page 3-96 page 3-97 page 3-99 page 3-100 page 3-1 page 3-1 page 3-1 page 3-1

    3-94 WS2000 Wireless Switch System Reference Guide

    3.18.1 Network LAN DHCP add Command add


    Network LAN DHCP Commands

    Adds static DHCP address assignments.


    Syntax add <idx> <mac> <ip> Parameters
    <idx> <mac> <ip>

    Adds a static DHCP address assignment for subnet <idx> (1-6) where the device with the MAC address <mac> (aabbccddeeff format) is assigned the IP address <ip> (a.b.c.d format).

    Example admin(network.lan.dhcp)>add 1 00A0F8F01234 192.160.24.6 admin(network.lan.dhcp)>add 1 00A1F1F24321 192.169.24.7 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 00A0F8F01234 192.160.24.6 2 00A1F1F24321 192.169.24.7 admin(network.lan.dhcp)>

    Network CLI Commands Reference 3-95

    3.18.2 Network LAN DHCP delete Command delete


    Network LAN DHCP Commands

    Deletes static DHCP address assignments.


    Syntax delete <idx> [<entry>|all] Parameters

    <idx> [<entry>|all]

    Deletes static DHCP assignment entries. <idx> The subnet index (1-6) <entry> The DHCP entry (1-30) all All entries.

    Example admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------admin(network.lan.dhcp)>add 1 0011223344FF 191.168.0.42 admin(network.lan.dhcp)>add 1 4433221100AA 191.168.0.43 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 0011223344FF 191.168.0.42 2 4433221100AA 191.168.0.43 admin(network.lan.dhcp)>delete 1 1 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 4433221100AA 191.168.0.43 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 0011223344FF 191.168.0.42 2 4433221100AA 191.168.0.43

    3-96 WS2000 Wireless Switch System Reference Guide

    3.18.3 Network LAN DHCP list Command list


    Network LAN DHCP Commands

    Lists static DHCP address assignments.


    Syntax list <idx> Parameters

    <idx>
    Example

    Lists the static DHCP address assignments for subnet <idx> (16).

    admin(network.lan.dhcp)>add 1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)> admin(network.lan.dhcp)>add 1 12332244AABB 192.168.64.3 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 00A0F8F01234 192.168.63.5 2 12332244AABB 192.168.64.3

    Network CLI Commands Reference 3-97

    3.18.4 Network LAN DHCP set Command set


    Network LAN DHCP Commands

    Sets DHCP parameters for the subnets.


    Syntax set [dgw|dns|wins|lease|domain|mode|range| relayserverip|ddnsmode|fwdzone|ddnsusrcls| tftp-server|bootfile|option-189|option-43] Parameters

    Sets the default gateway for subnet <idx> (16) to the IP address <a.b.c.d>. dns <a> <b> <c> Sets the primary/secondary DNS servers for the selected subnet. <a> The subnet (1-6) <b> The DNS server type (1=primary, 2=secondary) <c> The IP address of the server type selected in <b> in the a.b.c.d form. wins <idx> <a.b.c.d> Sets the WINS server for subnet <idx> (16) to the IP address <a.b.c.d>. lease <idx> <lease> Sets the DHCP lease time for subnet <idx> (16) to <lease> seconds (1999999). domain <idx> <dn> Sets the domain name for subnet <idx> (16) to the domain name <dn> (1 to 63 characters). mode <idx> <mode> Sets the DHCP mode for subnet <idx> (14) to <mode>. <mode> can be one of (none, client, server, relay) where: none disables DHCP node client enables the subnet to be a DHCP client server enables the subnet to be a DHCP server relay enables the subnet to be a DHCP relay range <a> <b> <c> Sets the DHCP assignment range for subnet <a> (16) from IP address <b> to another IP address <c>. relayserverip <idx> <a.b.c.d> Sets the DHCP relay server IP for subnet <idx> (1-6) to the IP <a.b.c.d>. ddnsmode <idx> <mode> Enables or disables DDNS for the subnet <idx> (1-6). <mode> can be one of enable or disable. fwdzone <idx> <fwdzone> Sets the DHCP forward zone for the subnet <idx> (1-6) to the zone specified by <fwdzone> (1 to 63 characters) ddnsusrcls <idx> <usrcls> Sets the DDNS user class <usrcls> to single or multiple for the subnet <idx> (1-6). tftp-server <idx> Sets the tftp-server IP for the subnet <idx> (1-6) to the IP <tftp-server> <tftp-server> bootfile <idx> <bootfile> Sets the bootfile name for the subnet <idx> (1-6) to the boot file name <boot-file> (max 31 characters)

    dgw <idx> <a.b.c.d>

    3-98 WS2000 Wireless Switch System Reference Guide

    option-189 <idx> <ip list>

    option-43 <idx> <ip list>

    Sets the IP addresses and ports numbers for WIAP enabled switches for the subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format a.b.c.d:xx and multiple addresses must be separated by comma. Sets the IP address for WIAP enabled switches for the subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format a.b.c.d and multiple addresses must be separated by a comma.

    Example admin(network.lan.dhcp)>set dns 1 1 209.160.0.18 admin(network.lan.dhcp)>set dns 1 2 209.160.0.218 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server default gateway : 192.168.0.1 primary dns server : 209.160.0.18 secondary dns server : 209.160.0.218 wins server : 192.168.0.254 starting ip address : 192.168.0.11 ending ip address : 192.168.0.254 lease time : 10000 domain name : admin(network.lan.dhcp)>set domain 1 BigFishCo admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server default gateway : 192.168.0.1 primary dns server : 209.160.0.18 secondary dns server : 209.160.0.218 wins server : 192.168.0.254 starting ip address : 192.168.0.11 ending ip address : 192.168.0.254 lease time : 10000 domain name : BigFishCo admin(network.lan.dhcp)>

    Network CLI Commands Reference 3-99

    3.18.5 Network LAN DHCP show Command show


    Network LAN DHCP Commands

    Shows DHCP parameter settings for specified subnets.


    Syntax show dhcp <idx> Parameters

    show dhcp <idx>


    Example

    Displays the DHCP parameter settings for subnet <idx> (16). These parameters are set with the set command.

    admin(network.lan.dhcp)>set dns 1 2 192.168.0.242 admin(network.lan.dhcp)>set dns 1 2 192.168.0.1 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server ddns mode : disable user class : default gateway : 192.168.0.50 primary dns server : 192.168.10.1 secondary dns server : 192.168.0.1 wins server : 192.168.0.254 starting ip address : 192.168.0.100 ending ip address : 192.168.0.254 relay server ip address : 0.0.0.0 lease time : 86400 domain name : forward zone : tftp-server : 0.0.0.0 bootfile : option-189 : option-43 : admin(network.lan.dhcp)>set domain 1 BigFishCo admin(network.lan.dhcp)>show dhcp 1 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server ddns mode : disable user class : default gateway : 192.168.0.50 primary dns server : 192.168.10.1 secondary dns server : 192.168.0.1 wins server : 192.168.0.254 starting ip address : 192.168.0.100 ending ip address : 192.168.0.254 relay server ip address : 0.0.0.0 lease time : 86400 domain name : BigFishCo forward zone : tftp-server : 0.0.0.0 bootfile : option-189 : option-43 :

    3-100 WS2000 Wireless Switch System Reference Guide

    3.18.6 Network LAN DHCP renew Command renew


    Network LAN DHCP Commands

    Renews the IP address assigned by DHCP.


    Syntax renew Parameters

    None
    Example admin(network.lan.dhcp)> renew

    Network CLI Commands Reference 3-101

    3.19 Network LAN Bridge commands


    bridge
    Network LAN Commands

    Displays the Bridge submenu.


    Syntax admin(network.lan)> bridge admin(network.lan.bridge)>

    The items available under this command are shown below.


    Command Description Ref.

    show set quit save .. /

    Shows the bridge configuration parameters Sets bridge configuration parameters Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-102 page 3-104 page 3-1 page 3-1 page 3-1 page 3-1

    3-102 WS2000 Wireless Switch System Reference Guide

    3.19.1 Network LAN Bridge show Command show


    Network LAN Bridge commands

    Displays the bridge configuration parameters.


    Syntax show Parameters

    None
    Example admin(network.lan.bridge)> show admin(network.lan.bridge)>show ** LAN1 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking ** LAN2 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking ** LAN3 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking ** LAN4 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking : : : : 32768 2 20 15

    : 60 : disable : : : : 32768 2 20 15

    : 60 : disable : : : : 32768 2 20 15

    : 300 : disable : : : : 32768 2 20 15

    : 300 : disable

    Network CLI Commands Reference 3-103

    ** LAN5 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking ** LAN6 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking admin(network.lan.bridge)>

    : : : :

    32768 2 20 15

    : 300 : disable : : : : 32768 2 20 15

    : 300 : disable

    3-104 WS2000 Wireless Switch System Reference Guide

    3.19.2 Network LAN Bridge set Command set


    Network LAN Bridge commands

    Sets the bridge configuration parameters.


    Syntax set [priority|hello|msgage|fwddelay|ageout|wireless-trunking] Parameters

    Sets the bridge priority to <priority> (0-65535) for the lan <LANidx> (1-6) hello <LAN-idx> <hello> Sets the bridges hello time to <hello> (1-10) seconds for the lan <LAN-idx> (1-6) msgage <LAN-idx> <msgage> Sets the bridge message age time to <msgage> (6-40) seconds for lan <LAN-idx> (1-6) fwddelay <LAN-idx> <fwddelay> Sets the bridge forward delay time to <fwddelay> (4-30) seconds for lan <LAN-idx> (1-6) ageout <LAN-idx> <ageout> Sets the bridge forward table entry ageout to <ageout> (4-3600) seconds for lan <LAN-idx> (1-6). wireless-trunking <LAN-idx> <mode> Sets the wireless trunking mode <mode> (enable/disable) for lan <LAN-idx> (1-6)
    Example admin(network.lan.bridge)>set priority 1 5 admin(network.lan.bridge)>set wireless-trunking 1 enable admin(network.lan.bridge)>show ** LAN1 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking ** LAN2 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking [...] : : : : 5 2 20 15

    priority <LAN-idx> <priority>

    : 60 : enable : : : : 32768 2 20 15

    : 60 : disable

    Network CLI Commands Reference 3-105

    3.20 Network QoS Commands


    qos
    network

    Displays the quality of service (QoS) submenu.


    Syntax admin(network)> qos admin(network.qos)>

    The items available under this command are shown below.


    Command Description Ref.

    clear set show quit save .. /

    Clears QoS parameters. Sets QoS parameters. Shows QoS parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-106 page 3-107 page 3-108 page 3-1 page 3-1 page 3-1 page 3-1

    3-106 WS2000 Wireless Switch System Reference Guide

    3.20.1 Network QOS clear Command clear


    Network QoS Commands

    Clears QoS radio statistics.


    Syntax clear queuing Parameters

    None
    Example admin(network.qos)>clear queue Related Commands

    set show

    Sets the QoS parameters. Shows the QoS parameters and the QoS queuing statistics.

    Network CLI Commands Reference 3-107

    3.20.2 Network QOS set Command set


    Network QoS Commands

    Sets QoS parameters.


    Syntax set bw-share [mode|weight|threshold] Parameters

    mode <mode> weight <idx> <weight>

    threshold <idx> <speed>


    Example

    Set bandwidth share mode <mode> (none, static, weighted or rate-limit) Set the weight for WLAN <idx> (18) to <weight> (110). A weight can only be set if the bandwidth share mode is set to weighted. Sets the bandwidth share threshold for WLAN <idx> (16) to speed <speed> <054000>

    admin(network.qos)>set bw-share mode weighted admin(network.qos)>set bw-share weight 1 6 admin(network.qos)>set bw-share threshold 1 12000 admin(network.qos)>show bw-share BW Share Mode:weighted -------------------------------WLAN BW Share Weight -------------------------------1 6 2 1 3 1 4 1 5 1 6 1 7 1 8 1 admin(network.qos)> Related Commands

    show clear

    Shows the bandwidth settings and the queuing statistics. Clears the queuing statistics.

    3-108 WS2000 Wireless Switch System Reference Guide

    3.20.3 Network QOS show Command show


    Network QoS Commands

    Shows QoS parameters and queuing statistics.


    Syntax show [bw-sharing|queuing] Parameters

    bw-share queuing
    Example

    Shows the bandwidth sharing settings. Displays the radio QoS queuing statistics.

    admin(network.qos)>show bw BW Share Mode:static admin(network.qos)>show qu 1 BW Share Mode:static ------------------------------------------------------------------------Priority In Out Dropped ------------------------------------------------------------------------------------------------------------------------------------------------WLAN: 1 ------------------------------------------------------------------------0 0 0 0 1 0 0 0 2 0 0 0 admin(network.qos)> Related Commands

    set clear

    Sets the QoS parameters. Clears the QoS queuing statistics.

    Network CLI Commands Reference 3-109

    3.21 Network Router Commands


    router
    network

    Displays the router submenu.


    Syntax admin(network)> router admin(network.router)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete list set show quit save .. /

    Adds user-defined routes. Deletes user-defined routes. Lists user-defined routes. Sets RIP parameters. Shows routes/RIP parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-110 page 3-111 page 3-112 page 3-113 page 3-114 page 3-1 page 3-1 page 3-1 page 3-1

    3-110 WS2000 Wireless Switch System Reference Guide

    3.21.1 Network Router add Command add


    Network Router Commands

    Adds user-defined routes.


    Syntax add <dest> <netmask> <gw> <iface> <metric> Parameters
    <dest> <netmask> <gw> <iface> <metric>

    Adds a route with destination IP address <dest>, IP netmask <netmask>, gateway IP address <gw>, interface subnet or WAN set to <iface> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6 or w = WAN), and metric set to <metric> (1 15).

    Example admin(network.router)>add 202.57.42.6 255.255.255.224 202.57.42.1 s2 3 admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5

    Network CLI Commands Reference 3-111

    3.21.2 Network Routes delete Command delete


    Network Router Commands

    Deletes user-defined routes.


    Syntax delete [all|<idx>] Parameters

    <idx> all
    Example

    Deletes the user-defined route <idx> (120) from the list. Deletes all user-defined routes.

    admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5 admin(network.router)>delete 2 admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3

    3-112 WS2000 Wireless Switch System Reference Guide

    3.21.3 Network Router list Command list


    Network Router Commands

    Lists user-defined routes.


    Syntax list Parameters

    None
    Example admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list ------------------------------------------------------------------------index destination netmask gateway interface metric ------------------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5

    Network CLI Commands Reference 3-113

    3.21.4 Network Router set Command set


    Network Router Commands

    Sets routing information protocol (RIP) parameters.


    Syntax set [auth|dir|id|key|passwd|type|dgw-if] Parameters

    auth <auth> dir <dir> id <idx> <id> key <idx> <key> passwd <passwd> type <type> dgw-if <if>
    Example

    Sets RIP authentication type to <auth> to one of none, simple, or md5 Sets RIP direction to <dir> to one of rx = receive, tx = transmit, or both). Sets MD5 authentication ID for key <idx> (12) to the MD5 key id <id> (1 256). Sets the MD5 authentication ID for key <idx> (12) to MD5 key <key> (up to 16 characters). Sets password for simple authentication to <passwd> (1 to 16 characters). Sets RIP type to <type> to ne of off, ripv1, ripv2, or ripv1v2. Sets the Default Gateway Interface to <if> one of none, wan, s1, s2, s3, s4, s5, s6, and default.

    admin(network.router)>set auth md5 admin(network.router)>set key 1 12345678 admin(network.router)>set key 2 87654321 admin(network.router)>show rip rip rip rip rip rip rip rip rip type direction authentication type simple auth password md5 id 1 md5 key 1 md5 id 2 md5 key 2 : : : : : : : : off both md5 ******** 1 ******** 1 ********S

    admin(network.router)>set type ripv1 Warning: Having RIP enabled compromises your Subnet to Subnet firewall. admin(network.router)>show rip rip rip rip rip rip rip rip rip type direction authentication type simple auth password md5 id 1 md5 key 1 md5 id 2 md5 key 2 : : : : : : : : ripv1 both md5 ******** 1 ******** 1 ********

    3-114 WS2000 Wireless Switch System Reference Guide

    3.21.5 Network Router show Command show


    Network Router Commands

    Shows connected routes and routing information protocol (RIP) parameters.


    Syntax show [rip|routes] Parameters

    rip routes
    Example

    Shows RIP parameters. Shows connected routes.

    admin(network.router)>show rip rip type : off rip direction : both rip authentication type : md5 rip simple auth password : ******** rip md5 id 1 : 1 rip md5 key 1 : ******** rip md5 id 2 : 1 rip md5 key 2 : ******** admin(network.router)>show routes --------------------------------------------------------------------------index destination netmask gateway interface metric --------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 0.0.0.0 subnet3 0 2 192.168.1.0 255.255.255.0 0.0.0.0 subnet2 0 3 192.168.0.0 255.255.255.0 0.0.0.0 subnet1 0 4 192.168.24.0 255.255.255.0 0.0.0.0 wan 0 5 0.0.0.0 0.0.0.0 192.168.24.1 wan 0

    Network CLI Commands Reference 3-115

    3.22 Network VLAN Commands


    vlan
    network

    Displays the VLAN submenu.


    Syntax admin(network)> vlan admin(network.vlan)>

    The items available under this command are shown below.


    Command Description Ref.

    set show quit save .. /

    Sets VLAN parameters. Shows VLAN parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-116 page 3-117 page 3-1 page 3-1 page 3-1 page 3-1

    3-116 WS2000 Wireless Switch System Reference Guide

    3.22.1 Network VLAN set Command set


    Network VLAN Commands

    Sets VLAN parameters.


    Syntax set [assign-mode|default|vlan-id|trunk-port|allow]

    Syntax:
    assign-mode <mode> default <vlan_id> vlan-id <subnet_id> <vlan_id> trunk-port <port> allow [vlans <list>|all|none] Assigns the VLAN assignment mode <mode> to one of user or port. Assigns the default VLAN ID to <vlan_id>, which is a number between 1 and 4094. Sets the VLAN ID for subnet <subnet_id> (one of s1, s2, s3, s4, s5,or s6) to <vlan_id> (14094). Sets the Trunk Port <port> to one of none or wan. Sets the list of VLANs allowed access to the trunk port. vlans <list> Sets the allowed VLANs from <list>, a comma separated list of VLAN Ids. all Sets the allowed VLANs to all VLANs. none Sets the list of allowed VLANs to none.

    Example admin(network.vlan)>set assign-mode user admin(network.vlan)>set default 3 admin(network.vlan)>show vlan 3 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID Related Commands : : : : user 3 Subnet3 Yes

    show

    Displays the VLAN settings.

    Network CLI Commands Reference 3-117

    3.22.2 Network VLAN show Command show


    Network VLAN Commands

    Shows VLAN parameters.


    Syntax show [vlan|trunk] Parameters

    vlan <id> trunk


    Example

    Displays the VLAN settings for the VLAN specified by <id> (14094). Displays the Trunk settings.

    admin(network.vlan)>show vlan 3 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID admin(network.vlan)>show vlan 2 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID : : : : user 2 Subnet1 No : : : : user 3 Subnet3 Yes

    admin(network.vlan)>set trunk-port wan admin(network.vlan)>set all vlans 1-20 admin(network.vlan)>show trunk Trunk Port Allowed VLANs Related Commands : WAN : 1-20

    set

    Sets the VLAN parameters.

    3-118 WS2000 Wireless Switch System Reference Guide

    3.23 Network WAN Commands


    wan
    network

    Displays the WAN submenu.


    Syntax admin(network)> wan admin(network.wan)>

    The items available under this command are shown below.


    Command Description Ref.

    vpn nat app dyndns trunkipfpolicy renew set show quit save .. /

    Goes to the VPN submenu. Goes to the NAT submenu. Goes to the outbound content filtering submenu. Goes to the Dynamic DNS submenu Goes to the Trunk Port IP Filter Policy submenu Renews the IP address. Sets WAN parameters. Shows WAN parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-144 page 3-138 page 3-123 page 3-129 page 3-133 page 3-119 page 3-120 page 3-122 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-119

    3.23.1 Network WAN renew Command renew


    Network WAN Commands

    Renews the IP address.


    Syntax renew Parameters

    None
    Example admin(network.wan)>renew admin(network.wan)>

    3-120 WS2000 Wireless Switch System Reference Guide

    3.23.2 Network WAN set Command set


    Network WAN Commands

    Sets the WAN parameters. In the Web interface, this functionality if provided by the Network->WAN screen.
    Syntax set [dhcp|dgw|dns|ipadr|mask|mode|ppope|mtu] Parameters

    Enables or disables the switch as a DHCP client. <mode> can be one of enable or disable. dgw <a.b.c.d> Sets the default gateway IP address to <a.b.c.d>. dns <idx> <a.b.c.d> Sets the IP address of one or two DNS servers, where <idx> indicates either the primary (1) or secondary (2) server, and <a.b.c.d> is the IP address of the server. ipadr <idx> <a.b.c.d> Sets up to 8 (using <idx> from 1 to 8) IP addresses <a.b.c.d> for the WAN interface of the switch. mask <a.b.c.d> Sets the subnet mask to <a.b.c.d>. mode <idx> <mode> Enables or disables the WAN interface associated with the given <idx> (1 8) as set using the set ipadr command. <mode> can be one of enable or disable. pppoe [idle|ka|mode|passwd| Sets PPPoE parameters. type|user|mss] idle <val> Sets the PPPoE idle value <val> (165535) seconds. ka <mode> Sets the PPPoE keep alive mode <mode> (enable, disable). mode <mode> Enables or disables PPPoE. <mode> can be one of enable or disable. passwd <password> Sets the PPPoE password to <password> (1 39 Characters) type <type> Sets the PPPoE authentication type to <type> (none, pap/ chap, pap, chap). user <username> Sets the PPPoE user name to <username> (1 47 Characters). mss <msssize> Sets the PPPoE maximum segment size to <msssize> (201460). mtu Sets MTU size of wan interface. The minimum value is 128 bytes and maximum is 1500 bytes.
    Example admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set dhcp enable dgw 192.168.122.25 pppoe mode enable pppoe type chap pppoe user JohnDoe pppoe passwd @#$goodpassword%$#

    dhcp <mode>

    Network CLI Commands Reference 3-121

    admin(network.wan)>set pppoe keepalive enable Related Commands

    show ip Shows the IP settings for the WAN. show pppoe Shows the PPPoE settings for the WAN.

    3-122 WS2000 Wireless Switch System Reference Guide

    3.23.3 Network WAN show Command show


    Network WAN Commands

    Shows the WAN parameters.


    Syntax show [ip|pppoe|mtuc] Parameters

    ip <idx>

    Shows the general IP parameters for the WAN along with settings for the WAN interface associated with <idx> (where <idx> is in the range 18).
    Note: If the WAN interface IP addresses have not been specified for <idx>, the IP and Mask values will be shown as 0.0.0.0.

    pppoe mtu
    Example

    Shows all PPPoE settings. Sets MTU size of wan interface. The minimum value is 128 bytes and maximum is 1500 bytes.

    admin(network.wan)>show ip 3 wan interface ip address network mask default gateway dhcp mode primary dns server secondary dns server admin(network.wan)>show pppoe pppoe mode ip address default gateway primary dns server secondary dns server pppoe keepalive mode pppoe authentication type pppoe idle time pppoe user name pppoe password pppoe MSS : : : : : : : : : : : disable 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 disable pap/chap 600 ******** 1452 : : : : : : : enable 0.0.0.0 0.0.0.0 192.168.24.1 enable 209.142.0.2 209.142.0.218

    Network CLI Commands Reference 3-123

    3.24 Network WAN App Commands


    app
    Network WAN Commands

    Displays the outbound content filtering submenu.


    Syntax admin(network.wan)> app admin(network.wan.app)>

    The items available under this command are shown below.


    Command Description Ref.

    addcmd delcmd list quit save .. /

    Adds app control commands to the deny list. Deletes app control commands from the deny list. Lists app control records. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-124 page 3-126 page 3-128 page 3-1 page 3-1 page 3-1 page 3-1

    3-124 WS2000 Wireless Switch System Reference Guide

    3.24.1 Network WAN APP addcmd Command addcmd


    Network WAN App Commands

    Adds app control commands to the deny list.


    Syntax addcmd [web|ftp|smtp] Parameters

    web [file Denies access to the specified web files. <filename>.<ext>| file <filename>.<ext> Denies specified web file name. <filename> can be up to 15 proxy|activex] characters and * can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified. proxy Denies web proxies activex Denies ActiveX files ftp Denies access to the following FTP commands: [put|get|ls|mkdir|c put Denies access to FTP put command d|pasv] get Denies access to FTP get command ls Denies access to FTP ls command mkdir Denies access to FTP mkdir command cd Denies access to FTP cd command pasv Denies access to FTP pasv command smtp Denies access to the following SMTP command: [helo|mail|rcpt| helo Denies access to the SMTP helo command data|quit|send| mail Denies access to the SMTP mail command saml|rset|vrfy| rcpt Denies access to the SMTP rcpt command expn] data Denies access to the SMTP data command quit Denies access to the SMTP quit command send Denies access to the SMTP send command saml Denies access to the SMTP saml command rset Denies access to the SMTP rset command vrfy Denies access to the SMTP vrfy command expn Denies access to the SMTP expn command
    Example admin(network.wan.app)>addcmd ftp ? put get ls mkdir cd pasv : : : : : : store command retrieve command directory list command create directory command change directory command passive mode command

    Network CLI Commands Reference 3-125

    admin(network.wan.app)>addcmd ftp put admin(network.wan.app)>addcmd ftp cd admin(network.wan.app)>addcmd ftp pasv admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation : : : : : : deny allow allow allow deny deny

    admin(network.wan.app)>addcmd smtp helo admin(network.wan.app)>addcmd smtp vrfy admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN admin(network.wan.app)> Related Commands : : : : : : : : : : deny allow allow allow allow allow allow allow deny allow

    delcmd

    Removes a file or command from the deny list.

    3-126 WS2000 Wireless Switch System Reference Guide

    3.24.2 Network WAN APP delcmd Command delcmd


    Network WAN App Commands

    Deletes application control commands from the deny list.


    Syntax delcmd [web|ftp|smtp] Parameters

    web [file Deletes the specified web files from the access denied list. <filename>.<ext>| file <filename>.<ext> Denied web file name. <filename> can be up to 15 proxy|activex] characters and * can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified. proxy Web proxies activex ActiveX files ftp Deletes the following FTP commands from the access denied list. [put|get|ls|mkdir|c put FTP put command d|pasv] get FTP get command ls FTP ls command mkdir FTP mkdir command cd FTP cd command pasv FTP pasv command smtp Deletes the following SMTP command from the access denied list. [helo|mail|rcpt| helo SMTP helo command data|quit|send| mail SMTP mail command saml|rset|vrfy| rcpt SMTP rcpt command expn] data SMTP data command quit SMTP quit command send SMTP send command saml SMTP saml command rset SMTP rset command vrfy SMTP vrfy command expn SMTP expn command
    Example admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory : : : : : deny allow allow allow deny

    Network CLI Commands Reference 3-127

    Passive Operation

    : deny

    admin(network.wan.app)>delcmd ftp put admin(network.wan.app)>delcmd ftp cd admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN : : : : : : : : : : deny allow allow allow allow allow allow allow deny allow : : : : : : allow allow allow allow allow deny

    admin(network.wan.app)>delcmd smtp helo admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN Related Commands : : : : : : : : : : allow allow allow allow allow allow allow allow deny allow

    addcmd

    Adds a file or command to the deny list.

    3-128 WS2000 Wireless Switch System Reference Guide

    3.24.3 Network WAN APP list Command list


    Network WAN App Commands

    Lists the app control records.


    Syntax list [web|ftp|smtp] Parameters

    web ftp smtp


    Example

    Lists Web/HTTP app control settings. Lists FTP app control settings. Lists SMTP app control record.

    admin(network.wan.app)>list web HTTP Files/Commands Web Proxy ActiveX filename admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN admin(network.wan.app)> : : : : : : : : : : deny allow allow allow allow allow allow allow deny allow : : : : : : allow allow allow deny deny deny : deny : deny :

    Network CLI Commands Reference 3-129

    3.25 Network WAN DynDNS Commands


    dyndns
    Network WAN Commands

    Displays the Dynamic DNS menu. DynDNS provides a facility to update the domain name information when the IP address associated with the domain name changes.
    Syntax admin(network.wan)> dyndns admin(network.wan.dyndns)>

    The items available under this command are shown below.


    Command Description Ref.

    set show update quit save .. /

    Sets the different Dynamic DNS parameters Displays the Dynamic DNS parameters and current status Manually updates the Dynamic DNS status Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-130 page 3-131 page 3-132 page 3-1 page 3-1 page 3-1 page 3-1

    3-130 WS2000 Wireless Switch System Reference Guide

    3.25.1 Network WAN DynDNS set Command set


    Network WAN DynDNS Commands

    Sets the DynDNS parameters


    Syntax set [mode|username|password|hostname] set set set set mode <mode> username <username> password <password> hostname <hostname>

    Parameters

    mode <mode> Enables or disables DynDNS. <mode> can be enable or disable. username <username> Sets the DynDNS user name to <username> (1-32 characters) password <password> Sets the password to <password> (1-32 characters) for the DynDNS username <username>. hostname <hostname> Sets the DynDNS server host name to <hostname> (1-32 characters).
    Example admin(network.wan.dyndns)>set admin(network.wan.dyndns)>set admin(network.wan.dyndns)>set admin(network.wan.dyndns)>set mode enable username JohnDoe password JohnDoe hostname motPropServ

    admin(network.wan.dyndns)>show DynDNS Configuration Mode Username Password Hostname DynDNS Update Response IP Address Hostname Status : 192.168.10.1 : motPropServ : Connected : : : : enable JohnDoe ******** motPropServ

    Network CLI Commands Reference 3-131

    3.25.2 Network WAN DynDNS show Command show


    Network WAN DynDNS Commands

    Displays the Dynamic DNS parameter information and the current status.
    Syntax show Parameters

    None
    Example admin(network.wan.dyndns)>show DynDNS Configuration Mode Username Password Hostname DynDNS Update Response IP Address Hostname Status : 192.168.10.1 : motPropServ : Connected : : : : enable JohnDoe ******** motPropServ

    3-132 WS2000 Wireless Switch System Reference Guide

    3.25.3 Network WAN DynDNS update Command update


    Network WAN DynDNS Commands

    Manually updates the Dynamic DNS information.


    Syntax update Parameters

    None
    Example admin(network.wan.dyndns)>update IP Address Hostname : 192.168.10.1 : motPropServ

    Network CLI Commands Reference 3-133

    3.26 Network WAN TrunkIPFPolicy Commands


    trunkipfpolicy
    Network WAN Commands

    Displays the Trunk IP Filter Policy submenu.


    Syntax admin(network.wan)>trunkipfpolicy admin(network.wan.trunkipfpolicy)>

    The items available under this command are shown below.


    Command Description Ref.

    add del set show quit save .. /

    Adds Trunk Port IP Filter association table entry Removes Trunk Port IP Filter association table entry Sets Trunk Port IP Filter association parameters Displays Trunk Port IP Filter association parameters Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-134 page 3-135 page 3-136 page 3-137 page 3-1 page 3-1 page 3-1 page 3-1

    3-134 WS2000 Wireless Switch System Reference Guide

    3.26.1 Network WAN TrunkIPFPolicy add Command add


    Network WAN TrunkIPFPolicy Commands

    Adds a Trunk Port IP Filter association table entry.


    Syntax add <filter-name> <direction> <action> Parameters

    <filter-name> <direction> <action>


    Example

    Name of the Trunk Port Filter entry The direction for the filter One of allow or deny.

    Network CLI Commands Reference 3-135

    3.26.2 Network WAN TrunkIPFPolicy del Command del


    Network WAN TrunkIPFPolicy Commands

    Deletes an entry from the Trunk Port IP Filter association table.


    Syntax del [all|<index>] Parameters

    all <index>
    Example

    Removes all trunk port IP filter association table entries. Remove trunk port ip filter association table entry at the index <index>.

    admin(network.wan.trunkipfpolicy)> del 1 admin(network.wan.trunkipfpolicy)>

    3-136 WS2000 Wireless Switch System Reference Guide

    3.26.3 Network WAN TrunkIPFPolicy set Command set


    Network WAN TrunkIPFPolicy Commands

    Sets the different Trunk Port IP Filter Policy configuration settings


    Syntax set [ipf-mode|default] set ipf-mode <mode> set default [incoming|outgoing] [allow|deny] Parameters

    ipf-mode <mode> default [incoming|outgoing] [allow|deny]


    Example

    Enables or disables the Trunk Port IP Filtering Sets the default properties for incoming and outgoing direction to either allow or deny.

    admin(network.wan.trunkipfpolicy)>show ---------------------------------------------------------------Filter-Name Direction Action ---------------------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow

    admin(network.wan.trunkipfpolicy)>set default outgoing deny admin(network.wan.trunkipfpolicy)>show -----------------------------------------------------------Filter-Name Direction Action -----------------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : deny

    Network CLI Commands Reference 3-137

    3.26.4 Network WAN TrunkIPFPolicy show Command show


    Network WAN TrunkIPFPolicy Commands

    Displays the Trunk Port IP Filter policy configuration information.


    Syntax show Parameters

    None
    Example admin(network.wan.trunkipfpolicy)>show ---------------------------------------------------Filter-Name Direction Action ---------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : deny

    admin(network.wan.trunkipfpolicy)>?

    3-138 WS2000 Wireless Switch System Reference Guide

    3.27 Network WAN NAT Commands


    nat
    Network WAN Commands

    Displays the nat submenu.


    Syntax admin(network.wan)> nat admin(network.wan.nat)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete listt set show quit save .. /

    Adds NAT records. Deletes NAT records. Lists NAT records. Sets NAT parameters. Shows NAT parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-139 page 3-140 page 3-141 page 3-142 page 3-143 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-139

    3.27.1 Network WAN NAT add Command add


    Network WAN NAT Commands

    Adds NAT records.


    Syntax add inb <idx> <name> <tran> <port1> <port2> <ip> <dst_port> Parameters

    inb <idx> <name> Sets an inbound Network Address Translation (NAT) entry. <tran> <port1> <idx> The WAN address <port2> <ip> <name> The NAT entry name <dst_port> <tran> The transport protocol (one of cp, udp, icmp, ah, esp, gre, or all) <port1> The starting port number in a port range <port2> The ending port number in a port range <ip> The internal IP address <dst_port> The optional internal translation port
    Example admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21 Related Commands

    delete inb list inb

    Deletes one of the inbound NAT entries from the list. Displays the list of inbound NAT entries.

    3-140 WS2000 Wireless Switch System Reference Guide

    3.27.2 Network WAN NAT delete Command delete


    Network WAN NAT Commands

    Deletes NAT records.


    Syntax delete inb <idx> [<entry>|all]

    Syntax:
    inb <idx> [<entry>|all] Deletes a NAT table entry. <idx> The WAN index (18) <entry> The NAT entry (120) all All NAT entries associated with the WAN <idx> (18)

    Example admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>delete inb 2 all ^ admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------Related Commands

    add inb list inb

    Adds entries to the list of inbound NAT entries. Displays the list of inbound NAT entries.

    Network CLI Commands Reference 3-141

    3.27.3 Network WAN NAT list Command list


    Network WAN NAT Commands

    Lists NAT records.


    Syntax list inb <idx> Parameters

    list inb <idx>


    Example

    Lists the inbound NAT entries associated with WAN port <idx> (18).

    admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21 Related Commands

    delete inb add inb

    Deletes one of the inbound NAT entries from the list. Adds entries to the list of inbound NAT entries.

    3-142 WS2000 Wireless Switch System Reference Guide

    3.27.4 Network WAN NAT set Command set


    Network WAN NAT Commands

    Sets NAT inbound and outbound parameters.


    Syntax set [inb|outb|type] Parameters

    Sets the inbound NAT parameters. mode <idx> <mode> Sets the inbound NAT mode for the WAN with index <idx> (18). <mode> can be one of enable or disable. ip <idx> <a.b.c.d> Forward unspecified ports and to the IP <a.b.c.d> for the WAN with index <idx> (18). outb [ip|map] Sets the outbound NAT parameters. ip <idx> <a.b.c.d> Sets 1-to-1 NAT IP mapping entries where <idx> (18) is the index of the WAN to the ip address <a.b.c.d>. map <from> <to> Sets 1-to-many NAT mapping entries where <from> is one of s1, s2, s3, s4, s5, and s6. <to> is the Wan index (18) or none. type <idx> <type> Sets the type of NAT translation for WAN address index <idx> (18) to one of none, 1-to-1, or 1-to-many.
    Example admin(network.wan.nat)>set type 1 1-to-1 admin(network.wan.nat)>set outb ip 1 209.239.44.36 admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type one to one nat ip address port forwarding mode port forwarding ip address one to many nat mapping : : : : : 1-to-1 209.239.44.36 enable 0.0.0.0 subnet1 subnet2 subnet3 subnet4 _

    inb [mode|ip]

    Network CLI Commands Reference 3-143

    3.27.5 Network WAN NAT show Command show


    Network WAN NAT Commands

    Shows NAT parameters.


    Syntax show nat <idx> Parameters

    show
    Example

    nat

    <idx>

    Shows NAT settings for WAN <idx> (18).

    admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type one to one nat ip address port forwarding mode port forwarding ip address one to many nat mapping : : : : : 1-to-1 209.239.44.36 enable 0.0.0.0 subnet1 subnet2 subnet3 subnet4

    3-144 WS2000 Wireless Switch System Reference Guide

    3.28 Network WAN VPN Commands


    vpn
    Network WAN Commands

    Displays the VPN submenu.


    Syntax admin(network.wan)> vpn admin(network.wan.vpn)>

    The items available under this command are shown below.


    Command Description Ref.

    cmgr add set list delete stats ikestate reset quit save .. /

    Goes to the cmgr (Certificate Manager) submenu. Adds an security policy database (SPD) entry. Sets SPD parameters. Lists SPD entries. Deletes SPD entries. Lists statistics for all active tunnels. Lists statistics for all active tunnels. Resets all VPN tunnels. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-156 page 3-145 page 3-150 page 3-148 page 3-146 page 3-155 page 3-147 page 3-149 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-145

    3.28.1 Network WAN VPN add Command add


    Network WAN VPN Commands

    Adds a security policy database (SPD) entry.


    Syntax add <name> <LSubnet> <LWANIP> <RSubnetIP> <RSubnetMask> <RGatewayIP> Parameters
    <name> <LSubnet> <LWanIP> <RSubnetIP> <RSubnetMask> <RGatewayIP>

    Creates a tunnel named <name> (1 to 13 characters) to gain access to local subnet <LSubnet> (1, 2, 3, 4, 5, 6), through local WAN IP <LWanIP> from the remote subnet with address <RSubnetIP> and subnet mask <RSubnetMask> using the remote gateway <RGatewayIP>. The local WAN IP can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP server is then used to initiate the VPN tunnel. The VPN peer must set its Remote Gateway address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only.
    Example admin(network.wan.vpn)>add Bob 1 209.239.160.55 206.107.22.45 255.255.255.224 206.107.22.2 If tunnel type is Manual, proper SPI values and Keys must be configured after adding the tunnel admin(network.wan.vpn)>list -----------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>

    3-146 WS2000 Wireless Switch System Reference Guide

    3.28.2 Network WAN VPN delete Command delete


    Network WAN VPN Commands

    Deletes security policy database (SPD) entries.


    Syntax delete [*|<name>] Parameters

    * <name>
    Example

    Deletes all SPD entries. Deletes SPD entries named <name>.

    admin(network.wan.vpn)>list ------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>delete Bob admin(network.wan.vpn)>list ------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 admin(network.wan.vpn)>

    Network CLI Commands Reference 3-147

    3.28.3 Network WAN VPN ikestate Command ikestate


    Network WAN VPN Commands

    Displays statistics for all active tunnels using Internet Key Exchange (IKE). In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key.
    Syntax ikestate Parameters

    None
    Example admin(network.wan.vpn)>ikestate ---------------------------------------------------------------------Tunnel Name IKE State Dest IP Remaining Life ---------------------------------------------------------------------Eng2EngAnnex Not Connected -----Bob Not Connected -----admin(network.wan.vpn)>

    3-148 WS2000 Wireless Switch System Reference Guide

    3.28.4 Network WAN VPN list Command list


    Network WAN VPN Commands

    Lists security policy database (SPD) entries.


    Syntax list {<name>} Parameters

    <name>

    Lists all tunnel entries. Lists detailed information about tunnel named <name>. Note that the <name> must match case with the name in the SPD entry. Bob is not equal to bob, as shown in the example below.

    Example admin(network.wan.vpn)>list ------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>list bob bad index value admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: ------------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : None Encryption Type : ESP Encryption Algorithm : DES ESP Inbound SPI : 0x00000100 ESP Outbound SPI : 0x00000100

    Network CLI Commands Reference 3-149

    3.28.5 Network WAN VPN reset Command reset


    Network WAN VPN Commands

    Resets all VPN tunnels.


    Syntax reset Parameters

    None
    Example admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)>

    3-150 WS2000 Wireless Switch System Reference Guide

    3.28.6 Network WAN VPN set Command set


    Network WAN VPN Commands

    Sets security policy database (SPD) entry parameters.


    Syntax set [ike|type|sub|remip|remmask|remgw|authalgo|espauthalgo|enckey|espauthkey| spi| localgw|usepfs|pfsgrp|salife|ipsecdel|auto-initiation| auto-initiate-interval] set ike [myidtype|remidtype|myiddata|opmode|authtype|authalgo|psk| encalgo|lifetime|group] set ike myidtype <name> <idtype> set ike remidtype <name> <idtype> set ike myiddata <name> <idtype> set ike opmode <name> <opmode> set ike authtype <name> <authtype> set ike authalgo <name> <authalgo> set ike psk <name> <psk> set ike encalgo <name> <encalgo> set ike lifetime <name> <lifetime> set ike group <name> <group> set type <name> <type> set sub <name> <sub> set remip <name> <remip> set remmask <name> <remmask> set remgw <name> <remgw> set authalgo <name> <auth> set enctype <name> <enctype> set encalgo <name> <encalgo> set espauthalgo <name> <espauthalgo> set enckey <name> <direction> <enckey> set espauthkey <name> <direction> <espauthkey> set spi <name> <algo> <direction> <spi> set localgw <name> <localgw> set usepfs <name> <usepfs> set pfsgrp <name> <pfsgrp> set salife <name> <lifetime>

    Network CLI Commands Reference 3-151

    set ipsecdel <name> <mode> set auto-initiation <name> <mode> set auto-initiate-interval <interval> Parameters

    Sets the Local ID type for IKE authentication for SPD <name> (1 to 13 characters) to <idtype> (one of IP, FQDN, or UFQDN). Sets the Remote ID type for IKE authentication for SPD <name> (1 to 13 characters) to <idtype> (one of IP, FQDN, or UFQDN). Sets the Local ID data for IKE authentication for SPD <name> (1 to 13 characters) to <iddata>. This value is not required when the ID type is set to IP. Sets the Remote ID data for IKE authentication for SPD <name> (1 to 13 characters) to <idtype>. Sets the Operation Mode of IKE for SPD <name> (1 to 13 characters) to 4. <opmode> can be one of Main or Aggr(essive). Sets the IKE Authentication type for SPD <name> (1 to 13 characters) to <authtype> (one of PSK or RSA). Sets the IKE Authentication Algorithm for SPD <name> (1 to 13 characters) to <authalgo>. <authalgo> can be either MD5 or SHA1. Sets the IKE Pre-Shared Key for SPD <name> (1 to 13 characters) to <psk> (149 characters). ike encalgo <name> Sets the IKE Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo> <encalgo> (one of DES, 3DES, AES128, AES192, or AES256). ike lifetime <name> Sets the IKE Key life time in seconds for SPD <name> (1 to 13 characters) to <lifetime> <lifetime> seconds. ike group <name> Sets the IKE Diffie-Hellman Group for SPD <name> (1 to 13 characters) to <group> <group> (one of G768 or G1024) type <name> <type> Sets the authentication type of SPD <name> (1 to 13 characters) to <type> (Auto or Manual). sub <name> <sub> Sets the Local Subnet (1, 2, 3, 4, 5 or 6) for SPD <name> (1 to 13 characters) to subnet number <sub> (1, 2, 3, 4, 5 or 6). remip <name> <remip> Sets the IP address for the remote end of SPD <name> (1 to 13 characters) to remote ip <remip> (a.b.c.d). remmask <name> Sets the IP Mask for the remote end of SPD <name> (1 to 13 characters) to <remmask> <remmask> (a.b.c.d). remgw <name> Sets the Remote IP gateway for SPD <name> (1 to 13 characters) to be <remgw> <remgw> (a.b.c.d). Set this value to 0.0.0.0 to support tunneling to VPN peer which is a DHCP client. authalgo <name> Sets the authentication algorithm for SPD <name> (1 to 13 characters) to <authalgo> <authalgo> (one of None, MD5, or SHA1).

    ike myidtype <name> <idtype> ike remidtype <name> <idtype> ike myiddata <name> <iddata> ike remiddata <name> <iddata> ike opmode <name> <opmode> ike authtype <name> <authtype> ike authalgo <name> <authalgo> ike psk <name> <psk>

    3-152 WS2000 Wireless Switch System Reference Guide

    authkey <name> Sets the AH authentication key (if SPD type is Manual) for tunnel <name> (1 to 13 <direction> <authkey> characters) with the direction <direction> set to IN or OUT, and the manual authentication key set to <authkey>. (The key size is 32 hex characters for MD5, and 40 hex characters for SHA1). enctype <name> Sets the Encryption type for SPD <name> (1 to 13 characters) to <enctype> (one <enctype> of None, ESP, or ESP-AUTH). encalgo <name> Sets the Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo> <encalgo> (one of DES, 3DES, AES128, AES192, or AES256). espauthalgo <name> Sets ESP Authentication Algorithm for SPD <name> to <espauthalgo> (one of MD5 or SHA1). <espauthalgo> enckey <name> Sets the Manual Encryption Key in ASCII for SPD <name> and direction <direction> <enckey> <direction> (IN or OUT) to the key <enckey>. The size of the key depends on the encryption algorithm. - 16 hex chars for DES - 48 hex chars for 3DES - 32 hex chars for AES128 - 48 hex chars for AES192 - 64 hex chars for AES256 espauthkey <name> Sets Manual ESP Authentication Key for SPD <name> (1 to 13 characters) either <direction> for direction <direction> (IN or OUT) to <espauthkey>, an ASCII string of hex <espauthkey> characters. If authalgo is set to MD5, the provide 32 hex characters. If authalgo is set to SHA1, provide 40 hex characters. spi <name> <algo> Sets the direction <direction> (IN(bound) or OUT(bound)) SPI for <algo> (AUTH <direction> <spi> (Manual Authentication) or ESP) for SPD <name> (1 to 13 characters) to <spi> (a hex value more than 0xFF). localgw <name> <ip> Sets the Local WAN IP to <ip> (a.b.c.d) for a SPI <name> (1 to 13 characters). The local WAN IP (local gateway) can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP server is then used to initiate the VPN tunnel. The VPN peer must set its Remote Gateway address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only. usepfs <name> Enables or disables Perfect Forward Secrecy for SPD <name> (1 to 13 characters). <usepfs> salife <name> <life Sets SA life time to <lifetime> seconds (minimum 300). time> ipsecdel <name> Enables the deletion of IPSEC SA when IKE SA is deleted for the tunnel named <mode> <name> (1 to 13 characters). auto-initiation <name> Enables / disables auto-initiation by WS2000 for the tunnel named <name> (1 to <mode> 13 characters). auto-initiate-interval Sets the time duration between two consecutive auto-initiation attempts. This <time> time duration is in seconds.
    Example admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: -----------------------------------------------------------------------Name : Bob Local Subnet : 1

    Network CLI Commands Reference 3-153

    Tunnel Type Remote IP Remote IP Mask Remote Security Gateway Local Security Gateway AH Algorithm Encryption Type Encryption Algorithm ESP Inbound SPI ESP Outbound SPI

    : : : : : : : : : :

    Manual 206.107.22.45 255.255.255.224 206.107.22.2 209.239.160.55 None ESP DES 0x00000100 0x00000100

    admin(network.wan.vpn)>set usepfs Bob enable admin(network.wan.vpn)>set spi Bob ESP IN abcde admin(network.wan.vpn)>set spi Bob ESP OUT cdef23 admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: ------------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : None Encryption Type : ESP Encryption Algorithm : DES ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23 admin(network.wan.vpn)>set authalgo Bob MD5 admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: -----------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : MD5 Encryption Type : ESP Encryption Algorithm : DES Auth Inbound SPI : 0x00000100 Auth Outbound SPI : 0x00000100 ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23 admin(network.wan.vpn)>set authkey Bob IN 12345678901234567890123456789012 admin(network.wan.vpn)>set authkey Bob OUT 11111111112222222222333333333344 admin(network.wan.vpn)>set spi Bob AUTH IN 2233445 admin(network.wan.vpn)>set spi Bob AUTH OUT 33344 admin(network.wan.vpn)>list Bob -------------------------------------------------------------------------

    3-154 WS2000 Wireless Switch System Reference Guide

    Detail listing of VPN entry: -----------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : MD5 Encryption Type : ESP Encryption Algorithm : DES Auth Inbound SPI : 0x02233445 Auth Outbound SPI : 0x00033344 ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23

    Network CLI Commands Reference 3-155

    3.28.7 Network WAN VPN stats Command stats


    Network WAN VPN Commands

    Lists statistics for all active tunnels.


    Syntax stats Parameters

    None
    Example admin(network.wan.vpn)>stats -----------------------------------------------------------------------Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx) -----------------------------------------------------------------------Eng2EngAnnex Not Active Bob Not Active

    3-156 WS2000 Wireless Switch System Reference Guide

    3.29 Network WAN VPN Cmgr Commands


    cmgr
    Network WAN VPN Commands

    Displays to the Certificate Manager submenu.


    Syntax admin(network.wan.vpn)> cmgr admin(network.wan.vpn.cmgr)>

    The items available under this command are shown below.


    Command Description Ref.

    genreq loadca loadself showreq listprivkey listself listca delprivkey delself delca expcert impcert quit save .. /

    Generates a Certificate Request. Loads a trusted certificate from CA. Loads a self certificate signed by CA. Displays a certificate request in PEM format. Lists names of private keys. Lists the self certificate loaded. Lists the trusted certificate loaded. Deletes the private key. Deletes the self certificate. Deletes the trusted certificate. Exports the certificate file. Imports the certificate file. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-162 page 3-167 page 3-168 page 3-169 page 3-165 page 3-166 page 3-164 page 3-158 page 3-159 page 3-157 page 3-160 page 3-163 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-157

    3.29.1 Network WAN VPN Cmgr delca Command delca


    Network WAN VPN Commands

    Deletes a trusted certificate.


    Syntax delca <IDname> Parameters
    <IDname>

    Deletes the trusted certificate <IDname>.

    Example admin(network.wan.vpn.cmgr)>delca CAfinance admin(network.wan.vpn.cmgr)>

    3-158 WS2000 Wireless Switch System Reference Guide

    3.29.2 Network WAN VPN Cmgr delprivkey Command delprivkey


    Network WAN VPN Commands

    Deletes a private key.


    Syntax delprivkey <IDName> Parameters
    <IDname>

    The key name to be deleted.

    Example admin(network.wan.vpn.cmgr)>delprivkey <IDname> admin(network.wan.vpn.cmgr)>

    Network CLI Commands Reference 3-159

    3.29.3 Network WAN VPN Cmgr delself Command delself


    Network WAN VPN Cmgr Commands

    Deletes a self certificate.


    Syntax delself <IDName> Parameters
    <IDname>

    The name of the self certificate to be deleted.

    Example admin(network.wan.vpn.cmgr)>delself<IDname> admin(network.wan.vpn.cmgr)>

    3-160 WS2000 Wireless Switch System Reference Guide

    3.29.4 Network WAN VPN Cmgr expcert Command expcert


    Network WAN VPN Cmgr Commands

    Exports the certificate file.


    Syntax expcert [ftp|tftp] <filename> Parameters

    [ftp|tftp] <file name>

    Exports the certificate with specified filename <file name> by either ftp or tftp. The tftp or ftp options for this file transfer will use the settings for the configuration file settings. See System Config set Command for information on how to set the tftp/ftp options.

    Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>expcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands

    impcert

    Imports a certificate.

    Network CLI Commands Reference 3-161

    3.29.5 Network WAN VPN Cmgr export-req Command export-req


    Network WAN VPN Cmgr Commands

    Exports the private key ID name to a file. The exported file will be in the same directory as used for importing or exporting configuration files.
    Syntax export-req ftp <idname> <filename> Parameters

    ftp <idname> <filename>


    Example

    Exports the private key ID name to a file. This file is exported to the same directory as used for exporting or importing configuration files.

    admin(network.wan.vpn.cmgr)> export-req ftp key1 filekey1

    3-162 WS2000 Wireless Switch System Reference Guide

    3.29.6 Network WAN VPN Cmgr genreq Command genreq


    Network WAN VPN Cmgr Commands

    Generates a Certificate Request.


    Syntax genreq <IDName> <subject> {-ou <Organization Unit>} {-on <Organization Name>} {-cn <City Name>} {-st <State>} {-p <Postal Code>} {-cc <Country Code>} {-e <Email Address>} { -d <Domain Name>} {-i <IP Address>} {-sa <Signature Algorithm>} {-k <Key Size>}

    Syntax:
    genreq <IDname> <Subject> ...optional arguments... Generates a self-certificate request for a Certification Authority (CA), where <IDname> is the private key ID (up to 7 characters) and <subject> is the subject name (up to 49 characters). A number of optional arguments can also be specified as indicated below.

    -ou <Organization Unit> -on <Organization Name> -cn <City Name> -st <State> -p <Postal Code> -cc <Country Code> -e <Email Address> -d <Domain Name> -i <IP Address> -sa <Signature Algorithm> -k <Key Size>

    Organization Unit (1 to 49 chars) Organization Name (1 to 49 chars) City Name of Organization (1 to 49 chars) State Name (1 to 49 chars) Postal code (9 digits) Country code (2 chars) E-mail Address (1 to 49 chars) Domain Name (1 to 49 chars) IP Address (a.b.c.d) Signature Algorithm (one of MD5-RSA or SHA1-RSA) Key size in bits (one of 512, 1024, or 2048)

    Note: The parameters in {curly brackets} are optional. Check with the CA to determine what fields are necessary. For example, most CAs require an email address and an IP address, but not the address of the organization. Example admin(network.wan.vpn.cmgr)>genreq MyCert2 MySubject -ou MyDept -on MyCompany Please wait. It may take some time... -----BEGIN CERTIFICATE REQUEST----MIHzMIGeAgEAMDkxEjAQBgNVBAoTCU15Q29tcGFueTEPMA0GA1UECxMGTXlEZXB0 MRIwEAYDVQQDEwlNeVN1YmplY3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtKcX plKFCFAJymTFX71yuxY1fdS7UEhKjBsH7pdqnJnsASK6ZQGAqerjpKScWV1mzYn4 1q2+mgGnCvaZUlIo7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG/C1f Bj8AszttSo/bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX/d6+Q1SMbs+tG4RP0lRSr iWDyuvwx -----END CERTIFICATE REQUEST-----

    Network CLI Commands Reference 3-163

    3.30 Network WAN VPN Cmgr impcert Command


    impcert
    Network WAN VPN Cmgr Commands

    Imports the certificate file.


    Syntax impcert <type> <filename> Parameters

    [ftp|tftp] <filename>

    Imports the certificate with specified filename <file name> by either ftp or tftp. The tftp or ftp options for this file transfer will use the settings for the configuration file settings. See System Config set Command for information on how to set the tftp/ftp options.

    Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>impcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands

    expcert Exports a certificate.

    3-164 WS2000 Wireless Switch System Reference Guide

    3.30.1 Network WAN VPN Cmgr listca Command listca


    Network WAN VPN Cmgr Commands

    Lists the loaded trusted certificate.


    Syntax listca Parameters

    None
    Example admin(network.wan.vpn.cmgr)>listca Trusted Certificate List:

    Network CLI Commands Reference 3-165

    3.30.2 Network WAN VPN Cmgr listprivkey Command listprivkey


    Network WAN VPN Cmgr Commands

    Lists the names of private keys.


    Syntax listprivkey Parameters

    None
    Example admin(network.wan.vpn.cmgr)>listprivkey ------------------------------------------------------------------------Private Key Name Certificate Associated -------------------------------------------------------------------------

    3-166 WS2000 Wireless Switch System Reference Guide

    3.30.3 Network WAN Vpn Cmgr listself Command listself


    Network WAN VPN Cmgr Commands

    Lists the loaded self certificates.


    Syntax listself Parameters

    None
    Example admin(network.wan.vpn.cmgr)>listself Self Certificate List:

    Network CLI Commands Reference 3-167

    3.30.4 Network WAN VPN Cmgr loadca Command loadca


    Network WAN VPN Cmgr Commands

    Loads a trusted certificate from the Certificate Authority.


    Syntax loadca {ftp <filename>} Parameters

    loadca

    Loads the trusted certificate (in PEM format) that is pasted into the command line. ftp <filename> (Optional parameter) Loads a CA certificate from a FTP server. <filename> is the name of the certificate file to load. The default path for loading the file is the same as used for importing or exporting configuration files.

    Example admin(network.wan.vpn.cmgr)>loadca ftp cert1 Starting file transfer ... Certificate transferred successfully admin(network.wan.vpn.cmgr)>loadca Currently Only certificates in PEM format can be uploaded Enter 'Ctrl C' to abort. Paste the certificate:

    3-168 WS2000 Wireless Switch System Reference Guide

    3.30.5 Network WAN VPN Cmgr loadself Command loadself


    Network WAN VPN Cmgr Commands

    Loads a self certificate signed by the Certificate Authority.


    Syntax loadself [<IDname>|ftp <IDname> <filename>] Parameters

    <IDname> ftp <IDname> <filename>


    Example

    Loads the self certificate signed by the CA with name <IDname>. Loads the self certificate <IDName> from a file <filename> on an FTP server. The certificate file is loaded from the same directory as used for importing or exporting configuration files.

    admin(network.wan.vpn.cmgr)> loadself ftp MyCert mycert.cert Starting file transfer ... admin(network.wan.vpn.cmgr)> admin(network.wan.vpn.cmgr)>loadself MyCert Currently Only certificates in PEM format can be uploaded. Paste the certificate:

    Network CLI Commands Reference 3-169

    3.30.6 Network WAN VPN Cmgr showreq Command showreq


    Network WAN VPN Cmgr Commands

    Displays a certificate request in PEM format.


    Syntax showreq <IDname> Parameters

    showreq <IDname>

    Displays a certificate request named <IDname> generated from the genreq command.

    3-170 WS2000 Wireless Switch System Reference Guide

    3.31 Network WLAN Commands


    wlan
    network

    Displays the WLAN submenu.


    Syntax admin(network)> wlan admin(network.wlan)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete list rogueap enhancedrogueap muprobe hotspot wlanipfpolicy set show quit save .. /

    Adds MU access control list entries. Deletes MU access control list entries. Lists MU access control list entries. Goes to the rogue AP submenu. Goes to the Enhanced Rogue AP submenu. Goes to the MU Probe submenu Goes to the Hotspot submenu Goes to WLAN IPF policy submenu. Sets WLAN parameters. Shows WLAN parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-171 page 3-172 page 3-173 page 3-181 page 3-207 page 3-210 page 3-213 page 3-226 page 3-174 page 3-179 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-171

    3.31.1 Network WLAN add Command add


    Network WLAN Commands

    Adds entries to the mobile unit (MU) access control list.


    Syntax add <idx> <mac1> <mac2> <name> Parameters
    <idx> <mac1> <mac2> <name>

    Adds an entry to the MU access control list, where <idx> is the WLAN index (18), <mac1> is the starting MAC address (e.g., 001122334455), and <mac2> is ending MAC address in the acceptable range. <name> is the name of the MU ACL.

    Example admin(network.wlan)>add 1 000000000000 112233445566 admin(network.wlan)>list 1 -----------------------------------------------------------------------index start mac end mac -----------------------------------------------------------------------1 000000000000 112233445566 admin(network.wlan)> Related Commands

    delete list

    Deletes entries from the MU access control list. Shows entries in the MU access control list.

    3-172 WS2000 Wireless Switch System Reference Guide

    3.31.2 Network WLAN delete Command delete


    Network WLAN Commands

    Deletes specified entry or entries from mobile unit (MU) access control list.
    Syntax delete <idx> [<entry>|all] Parameters

    <idx> [<entry>|all]

    Deletes MU ACL entries. <entry> Deletes MU access control list entry <entry> (130) for WLAN <idx> (18). all Deletes all access control list entries for the WLAN specified by <idx>.

    Example admin(network.wlan)>add 1 223344556677 334455667788 admin(network.wlan)>list 1 -----------------------------------------------------------------------index start mac end mac -----------------------------------------------------------------------1 000000000000 112233445566 2 223344556677 334455667788 admin(network.wlan)>delete 1 2 admin(network.wlan)>list 1 ------------------------------------------------------------------------index start mac end mac -----------------------------------------------------------------------1 000000000000 112233445566 admin(network.wlan)> Related Commands

    add list

    Adds entries to the MU access control list. Displays entries in the MU access control list.

    Network CLI Commands Reference 3-173

    3.31.3 Network WLAN list Command list


    Network WLAN Commands

    Lists the entries in the mobile unit (MU) access control list.
    Syntax list <idx> Parameters

    list <idx>
    Example

    Displays the entries in the MU access control list for WLAN <idx> (18).

    admin(network.wlan)>list 1 ------------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------------1 000000000000 112233445566 Related Commands

    add Adds entries to the MU access control list. delete Deletes entries from the MU access control list.

    3-174 WS2000 Wireless Switch System Reference Guide

    3.31.4 Network WLAN set Command set


    Network WLAN Commands

    Sets WLAN parameters.


    Syntax set [acl|adopt|auth|bcast|eap|enc|ess|kerb|mcast|mode|name| vlan-id|no-mu-mu|vop|tkip|ccmp|wep-mcm|mu-inact|wep_shared| handshake-timeout|handshake-retry-count|secure-beacon|enforce-pmkvalidation|wireless-stp] set [acl|adopt|bcast] <idx> <mode> set auth <idx> <type> set eap [adv|server|port|syslog|rad-acct|reauth|secret| rad-bind-interface] set eap adv [mu-quite|mu-tx|mu-timeout|mu-retry| server-timeout|server-retry] set eap adv [mu-quite|mu-tx] <idx> <period> set eap adv [mu-timeout|server-timeout] <idx> <timeout> set eap adv [mu-retry|server-retry] <idx> <retry> set eap server <a> <b> <c> set eap port <a> <b> <c> set eap syslog [ip|mode] set eap syslog ip <a> <b> set eap syslog mode <idx> <mode> set eap rad-acct [mode|timeout|retry-count] set eap rad-acct mode <idx> <mode> set eap rad-acct timeout <idx> <timeout> set eap rad-acct retry-count <idx> <retry> set eap reauth mode <idx> <mode> set eap reauth period <idx> <period> set eap reauth retry <idx> <retry> set eap secret <a> <b> <c> set eap rad-bind-interface <idx> <server> <interface> set enc <idx> <type> set ess <idx> <ess> set set set set set set kerb kerb kerb kerb kerb kerb [passwd|port|realm|server|user] passwd <idx> <passwd> port <a> <b> <c> realm <idx> <realm> server <a> <b> <c> user <idx> <name>

    set mcast <widx> <midx> <mac> set [mode|no-mu-mu|vop] <idx> <mode> set name <idx> <name> set vlan-id <idx> <vlan-id>

    Network CLI Commands Reference 3-175

    set set set set set set

    tkip tkip tkip tkip tkip tkip

    [key|type|phrase|rotate-mode|interval|wpa2|preauth|pmk] key <idx> <key> type <idx> <type> phrase <idx> <phrase> [rotate-mode|wpa2|preauth|pmk] <idx> <mode> interval <idx> <interval> [key|type|phrase|rotate-mode|interval|mixed-mode|preauth|oppkey <idx> <key> type <idx> <type> phrase <idx> <phrase> [rotate-mode|mixed-mode|preauth|opp-pmk] <idx> <mode> interval <idx> <interval>

    set ccmp pmk] set ccmp set ccmp set tkip set tkip set tkip

    set wep-mcm [index|key] set wep-mcm index <a> <b> set wep-mcm key <a> <b> <c> set mu-inact <timeout> set wep_shared <mode> set handshake-timeout <idx> <timeout> set handshake-retry-count <idx> <retry-count> Parameters

    acl <idx> <mode> adopt <idx> <mode> auth <idx> <type>

    Sets the default MU access control mode <mode> to allow or deny for WLAN <idx> (18). Sets default Access Port adoption mode <mode> to allow or deny for WLAN <idx> (18). Sets the authentication type for WLAN <idx> (18) to <type> (none, eap, or kerberos).
    Note: EAP parameters are only in effect if eap is specified for the authentication method (set auth <idx> <type>).

    Enables or disables the broadcast ESS answer for the WLAN <idx> (1 8). eap adv mu-quiet <idx> Sets the EAP MU/supplicant quiet period for WLAN <idx> (18) to <period> <period> seconds (165535). eap adv mu-tx <idx> <period> Sets the EAP MU/supplicant TX period for WLAN <idx> (18) to <period> seconds (165535). eap adv mu-timeout <idx> Sets the EAP MU/supplicant timeout for WLAN <idx> (18) to <timeout> <timeout> seconds (1255). eap adv mu-retry <idx> <retry> Sets the EAP maximum number of MU retries to <retry> (110) for WLAN <idx> (18). eap adv server-timeout <idx> Sets the server timeout for WLAN <idx> (18) to <timeout> seconds (1 <timeout> 255). eap adv server-retry <idx> Sets the maximum number of server retries for WLAN <idx> (18) to <retry> <retry> (110).

    bcast <idx> <mode>

    3-176 WS2000 Wireless Switch System Reference Guide

    eap server <idx> <rsidx> <ip> eap port <idx> <rsidx> <port> eap rad-acct mode <idx> <mode> eap rad-acct retry-count <idx> <count> eap rad-acct timeout <idx> <time> eap rad-bind-interface <idx> <server> <interface>

    Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN <idx> (18) to IP address <ip>. Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN <idx> (18) to <port>. Enables/disables RADIUS accounting for WLAN <idx> (18).

    Sets RADIUS accounting retry count to <count> (110) for WLAN <idx> (18). Sets RADIUS accounting retry timeout to <time> seconds (1255) for WLAN <idx> (18). 0 indicates no timeout. Binds the RADIUS server type <server> (1 - Primary, 2 - Secondary) to the interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2, ...s6-Subnet 6, w-wan) for the WLAN <idx> (18). eap reauth mode <idx> enable/ Enables or disables the EAP reauthentication parameters for WLAN <idx> disable (18). eap reauth period <idx> Sets the reauthentication period for WLAN <idx> (18) to <period> <period> seconds (309999). eap reauth retry <idx> <retry> Sets the maximum number of reauthentication retries to <retry> (199) for WLAN <idx> (18). eap secret <idx> <rsidx> Sets the EAP shared secret <secret> (1127 characters) for server <secret> <rsidx> (1-primary or 2-secondary) on WLAN <idx> (18).
    Note: Kerberos parameters are only in effect if kerberos is specified for the authentication method (set auth <idx> <type>).

    Sets the remote syslog server for WLAN <idx> (18) to the IP address <ip> (a.b.c.d). eap syslog mode <idx> enable/ Enables/disables remote syslog for WLAN <idx> (18). disable enc <idx> <type> Sets the encryption type to <type> (one of none, wep40, wep104, keyguard, tkip, or ccmp) for WLAN <idx> (18).
    Note: TKIP parameters are only in effect if tkip is selected as the encryption type.

    eap syslog ip <idx> <ip>

    Sets the 802.11 ESS ID for WLAN <idx> (18) to <ess>. Sets the Kerberos password to <password> (121 characters) for WLAN <idx> (18). Sets the Kerberos port to <port> (KDC port) for server <ksidx> (1-primary, 2-backup, or 3-remote) for WLAN <idx> (18). kerb realm <idx> <realm> Sets the Kerberos realm name for WLAN <idx> (18) to <realm> (163 characters). kerb server <idx> <ksidx> <ip> Sets the Kerberos server <ksidx> (1-primary, 2-backup, or 3-remote) IP address for WLAN <idx> (18) to <ip>. kerb user <idx> <name> Sets the Kerberos user name for WLAN <idx> (18) to <name> (121 characters). mcast <idx> <midx> <mic> Sets the multicast group address <midx> (1, 2) for WLAN <idx> (18) to MAC address <mac>. mode <idx> <mode> Enables or disables WLAN <idx> (18). name <idx> <name> Sets the name of WLAN <idx> (18) to <name> (17 characters).

    ess <idx> <ess> kerb passwd <idx> <password> kerb port <idx> <ksidx> <port>

    Network CLI Commands Reference 3-177

    Enables or disables the stoppage of MU-to-MU communication for WLAN <idx> (18). vop <idx> <mode> Enables or disables the voice priority mode for WLAN <idx> (18). tkip key <idx> <key> Sets the TKIP key to <key> (164 hex digits) for WLAN <idx> (18). tkip type <idx> <type> Sets the TKIP key type to phrase or key for WLAN <idx> (18). tkip phrase <idx> <phrase> Sets the TKIP ASCII pass phrase to <phrase> (863 characters) for WLAN <idx> (18). tkip rotate-mode <idx> <mode> Enables or disabled the broadcast key rotation for WLAN <idx> (18). tkip interval <idx> <interval> Sets the broadcast key rotation interval to <interval> seconds (300 604800) for WLAN <idx> (18). ccmp key <idx> <key> Sets the CCMP key to <key> (164 hex digits) for WLAN <idx> (18). Must be specified when type parameter is set to key. ccmp type <idx> phrase/ Sets the CCMP key type to phrase or key for WLAN <idx> (18). key ccmp phrase <idx> <phrase> Sets the CCMP ASCII pass phrase for WLAN <idx> (18) to <phrase> (8 63 characters). Must be specified when type parameter is set to phrase. ccmp rotate-mode <idx> Enables or disables the broadcast key rotation for WLAN <idx> (18). enable/disable ccmp interval <idx> <interval> Sets the broadcast key rotation interval for WLAN <idx> (18) to <interval> (300604800) seconds. Enables or disables mixed mode (allowing WPA-TKIP clients) for WLAN ccmp mixed-mode <idx> enable/disable <idx> (18). ccmp preauth <idx> enable/ Enables or disables pre-authentication (fast roaming) for WLAN <idx> (1 disable 8). ccmp opp-pmk <idx> enable/ Enables or disables opportunistic PMK caching (fast roaming) for WLAN disable <idx> (18).
    Note: The WEP authentication mechanism saves up to four different keys (one for each WLAN). It is not a requirement to set all keys, but you must associate a WLAN with the appropriate key.

    no-mu-mu <idx> <mode>

    wep-mcm index <idx> <kidx> Selects the WEP/KeyGuard key (from one of the four potential values of <kidx> (14) for WLAN <idx> (18). wep-mcm key <idx> <kidx> Sets the WEP/KeyGuard key for key index <kidx> (14) for WLAN <idx> <key> (18) to <key> 1 to 26 (hex digits). vlan-id <idx> <vlan-id> Sets the VLAN-ID mapping to WLAN <idx> (18) to VLAN <vlan-id> (1 4094). mu-inact <timeout> Sets the MU inactivity timeout value to <timeout> (1-60) minutes. wep_shared <mode> Enables or disables WEP shared mode. handshake-timeout <idx> Sets the 802.11i handshake timeout value to <timeout> (100-2000 ms) for <timeout> the WLAN <idx> (18). This feature is provided to prevent those MUs that do not receive EAPOL messages from restarting the association procedure. The default retry for these MUs is 2 seconds. This switch is provided to control the retry for EAPOL messages to a value that is less than 2 seconds.

    3-178 WS2000 Wireless Switch System Reference Guide

    handshake-retry-count <idx> <retry-count>

    secure-beacon <idx> <mode> enforce-pmk-validation <mode> wireless-stp <mode>


    Example

    Sets the 802.11i handshake retry count to <retry-count> (1-10) for the WLAN <idx> (18). This in conjunction with the handshake-timeout command controls the handshake retry time and retry count for those MUs that do not receive EAPOL messages. Enables or disables secure beacon for the WLAN <idx> (18) Enables or disables PMK validation across association and EAPOL packets Enable or disables STP on wireless side

    admin(network.wlan)>set name 1 store admin(network.wlan)>set name 2 backoff admin(network.wlan)>set auth 1 kerberos Kerberos requires WEP 104 or Keyguard. The encryption type has been changed to W EP104. admin(network.wlan)>set no-mu-mu 1 enable admin(network.wlan)>show wlan 1 wlan name ess identifier wlan mode subnet vlan_id enc type auth type voice prioritization disallow mu to mu answer broadcast ess secure beacon mode default mu acl mode default ap adopt mode multicast address 1 multicast address 2 handshake timeout in milliseconds handshake retry count admin(network.wlan)> : : : : : : : : : : : : : : : : : WLAN1 101 enable s1 1 none none enable disable disable disable allow all allow all 01005E000000 09000E000000 2000 3

    Network CLI Commands Reference 3-179

    3.31.5 Network WLAN show Command show


    Network WLAN Commands

    Displays the WLAN parameters.


    Syntax show [eap|kerb|tkip|ccmp|wep-mcm|wlan|mu-inact|wep_shared|enforce-pmkvalidation|wireless-stp] <idx>

    Syntax:
    eap <idx> kerb <idx> tkip <idx> ccmp <idx> wep-mcm <idx> wlan <idx> mu-inact wep_shared enforce-pmkvalidation wireless-stp
    Example admin(network.wlan)>show tkip 1 tkip tkip tkip tkip tkip key type phrase key rotate mode rotate interval : : : : : phrase ******** ******** disable 86400

    Shows the EAP parameters for WLAN <idx> (18). Shows the Kerberos parameters for WLAN <idx> (18). Shows the TKIP parameters for WLAN <idx> (18). Shows the CCMP parameters for WLAN <idx> (18). Shows the WEP/Keyguard parameters for WLAN <idx> (18). Shows the basic WLAN parameters for WLAN <idx> (18). Shows the MU inactivity timeout value. Shows the WEP Shared parameters. Shows enforce-pmk-validation configuration value Show wireless STP configuration

    admin(network.wlan)>show ccmp 1 ccmp key type ccmp phrase ccmp key ccmp rotate mode ccmp rotate interval ccmp mixed mode (allow WPA) 802.11i preauthentication Opportunistic PMK Caching : : : : : : : : phrase ******** ******** disable 86400 disable disable enable

    admin(network.wlan)>show wep-mcm 1 wep wep wep wep wep key key key key key index 1 2 3 4 : : : : : 1 ******** ******** ******** ********

    3-180 WS2000 Wireless Switch System Reference Guide

    admin(network.wlan)>show wlan 1 wlan name ess identifier wlan mode enc type auth type voice prioritization disallow mu to mu answer broadcast ess default mu acl mode default ap adopt mode multicast address 1 multicast address 2 admin(network.wlan)>show eap 1 server ip 1 server ip 2 server port 1 server port 2 eap secret 1 eap secret 2 eap remote syslog mode syslog server ip Bind interface (for server 1) Bind interface (for server 2) eap reauth mode eap reauth retries eap reauth period eap eap eap eap eap eap mu quiet period mu tx period mu timeout mu retries server timeout server retries : : : : : : : : : : 0.0.0.0 0.0.0.0 1812 1812 ******** ******** disable 0.0.0.0 s1 none : : : : : : : : : : : : WLAN1 101 enable none none enable disable disable allow all allow all 01005E000000 09000E000000

    : disable : 2 : 3600 : : : : : : 10 5 10 2 5 2

    radius accounting retry mode radius accounting retry timeout radius accounting retry count

    : disable : 10 : 2

    Related Commands

    set

    Sets WLAN parameters.

    Network CLI Commands Reference 3-181

    3.32 Network WLAN Rogue AP Commands


    rogueap
    Network WLAN Commands

    Displays the rogue AP submenu.


    Syntax admin(network.wlan)> rogueap admin(network.wlan.rogueap)>

    The items available under this command are shown below.


    Command Description Ref.

    show set rulelist approvedlist roguelist quit save .. /

    Shows current rogue AP configuration. Sets rogue AP parameters. Goes to the rule list submenu. Goes to the approved AP list submenu. Goes to the rogue AP list submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-183 page 3-182 page 3-202 page 3-184 page 3-189 page 3-1 page 3-1 page 3-1 page 3-1

    3-182 WS2000 Wireless Switch System Reference Guide

    3.32.1 Network WLAN Rogueap set Command set


    Network WLAN Rogue AP Commands

    Sets rogue access point parameters.


    Syntax set [muscan|apscan|detscan|fullapscan] [mode <mode>|interval <interval>] Parameters

    [muscan|apscan|detscan|fullapscan] [mode <mode>|interval <interval>

    Sets the different Rogue AP parameters muscan Sets MU scanning parameters apscan Sets AP scanning parameters. detscan Sets Detector scanning parameters. For this feature to work, you must set one of the Access Ports as a Detector AP. fullapscan Sets full AP scanning parameter. For this feature to work, you must set one of the Access Ports as a Full Detector AP. Each of the above options have these settings mode <mode> <mode> can be enable or disable. Use this to enable or disable a rogue ap parameter interval <interval> Sets the scanning interval for rogue ap detection. <interval> can be between 5 to 65535 minutes. For fullapscan, the interval is in seconds. Enables or disables mobile unit scanning.

    Example admin(network.wlan.rogueap)>set apscan mode enable admin(network.wlan.rogueap)>set apscan int 60 Related Commands

    show

    Displays the rogue AP parameters.

    Network CLI Commands Reference 3-183

    3.32.2 Network WLAN Rogueap show Command show


    Network WLAN Rogue AP Commands

    Shows the current rogue AP configuration.


    Syntax show Parameters

    None
    Example admin(network.wlan.rogueap)>show mu scan : disabled mu scan interval : 60 minutes ap scan : disabled ap scan interval : 60 minutes detector ap scan : disabled detector ap scan interval : 60 minutes full detector ap scan : disabled full detector ap scan interval : 60 seconds Related Commands

    set

    Sets the rogue AP scanning parameters.

    3-184 WS2000 Wireless Switch System Reference Guide

    3.33 Network WLAN Rogue AP Approvedlist Commands


    approvedlist
    Network WLAN Rogue AP Commands

    Displays the approved AP list submenu.


    Syntax admin(network.wlan.rogueap)> approvedlist admin(network.wlan.rogueap.approvedlist)>

    The items available under this command are shown below.


    Command Description Ref.

    show ageoute approve erase quit save .. /

    Shows the approved AP list. Displays the ageout time for an approved list entry. Approves an AP. Erases the list. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-188 page 3-185 page 3-186 page 3-187 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-185

    3.33.1 Network WLAN Rogueap Approvedlist ageout Command ageoute


    Network WLAN Rogue AP Approvedlist Commands

    Displays ageout time for an approved list entry.


    Syntax ageout <interval> Parameters

    ageout <interval>
    Example

    Sets the number of minutes, the <interval> (01000), before an entry in the approved list is automatically removed.

    admin(network.wlan.rogueap.approvedlist)>ageout 30 admin(network.wlan.rogueap.approvedlist)> Related Commands

    erase

    Erases the approved AP list.

    3-186 WS2000 Wireless Switch System Reference Guide

    3.33.2 Network WLAN Rogueap Approvedlist approve Command approve


    Network WLAN Rogue AP Approvedlist Commands

    Approves an AP.
    Syntax approve [<index>|all] Parameters

    approve [<index>|all]
    Example

    approve <index> Approves an access point from the list based on the location specified by <index>. approve all Approves all access points in the list.

    admin(network.wlan.rogueap.approvedlist)>approve 1 admin(network.wlan.rogueap.approvedlist)>approve all admin(network.wlan.rogueap.approvedlist)> Related Commands

    erase

    Erases all access points in the list.

    Network CLI Commands Reference 3-187

    3.33.3 Network WLAN Rogueap Approvedlist erase Command erase


    Network WLAN Rogue AP Approvedlist Commands

    Erases the approved AP list.


    Syntax erase all Parameters

    none
    Example admin(network.wlan.rogueap.approvedlist)>erase all admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout index ----ap -: 30 minutes essid ------

    Related Commands

    approve show

    Adds an Access Port to the approved list. Displays the approved list.

    3-188 WS2000 Wireless Switch System Reference Guide

    3.33.4 Network WLAN Rogueap Approvedlist show Command show


    Network WLAN Rogue AP Approvedlist Commands

    Shows the approved AP list.


    Syntax show Parameters

    None
    Example admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout index ----ap -: 30 minutes essid ------

    Related Commands

    approve Adds an AP to the approved list.

    Network CLI Commands Reference 3-189

    3.34 Network WLAN Rogue AP Roguelist Commands


    roguelist
    Network WLAN Rogue AP Commands

    Displays the rogue AP list submenu.


    Syntax admin(network.wlan.rogueap)> roguelist admin(network.wlan.rogueap.roguelist)>

    The items available under this command are shown below.


    Command Description Ref.

    show locate muscan ageout approve erase set deauth quit save .. /

    Displays the rogue list entries. Goes to the submenu for locating a rogue AP. Goes to the submenu for on-demand MU polling. Displays the ageout time for a rogue list entry. Approves a rogue AP. Erases the list. Sets rogue AP related parameters Configuration related to Rogue AP Containment. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-193 page 3-196 page 3-199 page 3-190 page 3-191 page 3-192 page 3-194 page 3-195 page 3-1 page 3-1 page 3-1 page 3-1

    3-190 WS2000 Wireless Switch System Reference Guide

    3.34.1 Network WLAN Rogue AP Roguelist ageout Command ageout


    Network WLAN Rogue AP Commands

    Displays the ageout time for a rogue list entry.


    Syntax ageout <time> Parameters

    ageout <time>
    Example

    Sets the ageout time for the entry associated to <time> (11000) minutes.

    admin(network.wlan.rogueap.roguelist)>ageout 50 Related Commands

    locate show

    Locates a rogue AP. Shows the rogue AP list parameters and entries.

    Network CLI Commands Reference 3-191

    3.34.2 Network WLAN Rogue AP Roguelist approve Command approve


    Network WLAN Rogue AP Commands

    Moves a rogue AP into the approved AP list.


    Syntax approve [<index>|all] Parameters

    approve [<index>|all]
    Example

    approve <index> Puts the rogue AP <index> into the approved AP list. approve all Puts all the entries of the rogue list into the approved AP list.

    admin(network.wlan.rogueap.approvedlist)>approve all Related Commands

    show

    Shows the rogue list entries.

    3-192 WS2000 Wireless Switch System Reference Guide

    3.34.3 Network WLAN Rogue AP Roguelist erase Command erase


    Network WLAN Rogue AP Commands

    Erases the rogue AP list.


    Syntax erase all Parameters

    None
    Example admin(network.wlan.rogueap.roguelist)>erase all Example

    show

    Lists all entries in the rogue AP list.

    Network CLI Commands Reference 3-193

    3.34.4 Network WLAN Rogue AP Roguelist show Command show


    Network WLAN Rogue AP Commands

    Displays the rogue list entries.


    Syntax show [all|<index>|deauth-list] Parameters

    show [all|<index>|deauthlist]

    Displays Rogue AP lists. all Displays the complete list of rogue APs. <index> Displays detailed information for the rogue AP with index number <index>. deauth-list Displays the Rogue AP Containment list

    Example admin(network.wlan.rogueap.roguelist)>show all rogue ap list ++++++++++++++++++++ rogue list ageout : 0 minutes

    ------------------------------------------------------------------------Idx AP Essid Channel ------------------------------------------------------------------------Related Commands

    locate approve

    Locates a rogue AP. Approves a rogue AP

    3-194 WS2000 Wireless Switch System Reference Guide

    3.34.5 Network WLAN Rogue AP Roguelist set Command set


    Network WLAN Rogue AP Commands

    Sets rogue list parameters.


    Syntax set [rap-containment|deauth-interval|deauth-all] set RAP-Containment <mode> set deauth-interval <interval> set dauth-all <mode>

    Syntax:
    RAP-Containment <mode> deauth-interval <interval> deauth-all <mode>
    Example admin(network.wlan.rogueap)>set RAP-Containment enable admin(network.wlan.rogueap)>set deauth-interval 10 admin(network.wlan.rogueap)>set deauth-all enable Related Commands

    Enables or disables Rogue AP Containment feature. Sets the Rogue AP de-authentication interval to <interval> (1300) seconds. This is the time after which MUs associated to a Rogue AP is deauthenticated. Enables or disables deauthenticating all rogue APs in the containment list.

    show

    Displays the rogue AP parameters.

    Network CLI Commands Reference 3-195

    3.34.6 Network WLAN Rogue AP Roguelist deauth Command deauth


    Network WLAN Rogue AP Commands

    Manages the Rogue AP Containment list by adding APs, their MAC address to the list and deleting APs from the list.
    Syntax deauth [add-to-list|add-mac-to-list|remove-from-list] <index> deauth all Parameters

    deauth [add-tolist|add-mac-tolist|remove-from-list] <index>

    deauth all
    Example

    Adds or removes APs from the ACL. add-to-list <index> Adds an AP to the Rogue AP containment list at the position specified by <index>. add-mac-to-list <index> Adds the MAC address of a Rogue AP to the Rogue AP containment list at the position specified by <index>. remove-from-list <index> Removes a MAC from the Rogue AP Containment list. Removes all the contents from the Rogue AP Containment list

    admin(network.wlan.rogueap.roguelist)>deauth add-to-list 1 admin(network.wlan.rogueap.roguelist)> admin(network.wlan.rogueap.roguelist)>deauth add-mac-to-list 11-22-33-4455-66 admin(network.wlan.rogueap.roguelist)>

    3-196 WS2000 Wireless Switch System Reference Guide

    3.35 Network WLAN Rogue AP Rogue List Locate Commands


    locate
    Network WLAN Rogue AP Roguelist Commands

    Displays the locate submenu.


    Syntax admin(network.wlan.rogueap.roguelist)> locate admin(network.wlan.rogueap.roguelist.locate)>

    The items available under this command are shown below.


    Command Description Ref.

    start list quit save .. /

    Starts locating a rogue AP. Lists results of the locate rogue AP scan. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-198 page 3-200 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-197

    3.35.1 Network WLAN Rogue AP Rogue List Locate list Command list
    Network WLAN Rogue AP Rogue List Locate Commands

    Lists the results of the locate rogue AP scan.


    Syntax list Parameters

    None
    Example admin(network.wlan.rogueap.roguelist.locate)>list Related Commands

    start

    Starts the rogue AP location process.

    3-198 WS2000 Wireless Switch System Reference Guide

    3.35.2 Network WLAN Rogue AP Rogue List Locate start Command start
    Network WLAN Rogue AP Rogue List Locate Commands

    Locates a rogue AP.


    Syntax start <MAC> <ESSID> Parameters

    start <MAC> <ESSID>


    Example

    Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the rogue AP, and <essid> is the ESSID for the rogue AP.

    admin(network.wlan.rogueap.roguelist.locate)>start 00A0f8fe2344 wlan-engg Related Commands

    list

    Lists information for the rogue AP found during the scan.

    Network CLI Commands Reference 3-199

    3.36 Network WLAN Rogue AP Rogue List MU Scan Commands


    muscan
    Network WLAN Rogue AP Roguelist Commands

    Displays the MU scan submenu.


    Syntax admin(network.wlan.rogueap.roguelist)> muscan admin(network.wlan.rogueap.roguelist.muscan)>

    The items available under this command are shown below.


    Command Description Ref.

    start list quit save .. /

    Starts a rogue AP scan using on-demand MU polling. Lists the rogue APs found during the scan. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-201 page 3-200 page 3-1 page 3-1 page 3-1 page 3-1

    3-200 WS2000 Wireless Switch System Reference Guide

    3.36.1 Network WLAN Rogue AP Rogue List MU Scan list Command list
    Network WLAN Rogue AP Roguelist Commands

    Lists the results of the locate rogue AP scan.


    Syntax list Parameters

    None
    Example admin(network.wlan.rogueap.roguelist.muscan)>list Related Commands

    start

    Starts the MU scan process.

    Network CLI Commands Reference 3-201

    3.36.2 Network WLAN Rogue AP Rogue List MU Scan start Command start
    Network WLAN Rogue AP Roguelist Commands

    Starts an on-demand MU polling for rogue APs.


    Syntax start <MAC> <ESSID> Parameters

    start <MAC> <ESSID>


    Example

    Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the rogue AP, and <ESSID> is the ESSID for the rogue AP.

    admin(network.wlan.rogueap.roguelist.muscan)>start 00A0f8fe2344 Related Commands

    list

    Lists information for the rogue AP found during the scan.

    3-202 WS2000 Wireless Switch System Reference Guide

    3.37 Network WLAN Rogue AP Rule List Commands


    rulelist
    Network WLAN Rogue AP Commands

    Displays the rule list submenu.


    Syntax admin(network.wlan.rogueap)> rulelist admin(network.wlan.rogueap.rulelist)>

    The items available under this command are shown below.


    Command Description Ref.

    show add delete authsymbolap quit save .. /

    Displays the rule list. Adds an entry to the rule list. Deletes an entry from the rule list. Authorizes all Symbol APs. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-206 page 3-203 page 3-205 page 3-204 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-203

    3.37.1 Network WLAN Rogue AP Rule List add Command add


    Network WLAN Rogue AP Rule List Commands

    Adds an entry to the rule list.


    Syntax add <MAC> <ESSID> Parameters

    add <MAC> <ESSID>


    Example

    Adds an entry into the rule list to allow an AP with the mac address <MAC> and the ESSID <ESSID>.

    admin(network.wlan.rogueap.rulelist)>add 00a0f8f31212 mywlan admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----1 : disabled essid -----mywlan

    ap -00:a0:f8:f3:12:12

    admin(network.wlan.rogueap.rulelist)>? Related Commands

    show

    Shows the entries in the rule list.

    3-204 WS2000 Wireless Switch System Reference Guide

    3.37.2 Network WLAN Rogue AP Rule List authsymbolap Command authsymbolap


    Network WLAN Rogue AP Rule List Commands

    Authorizes all Symbol APs.


    Syntax authsymbolap <mode> Parameters

    authsymbolap <mode> Enables or disables automatic authorization of all Symbol APs. <mode> can be enable or disable.
    Example admin(network.wlan.rogueap.rulelist)>auth enable admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----1 : enabled essid -----mywlan

    ap -00:a0:f8:f3:12:12

    Related Commands

    show

    Shows all the rules in the rule list and shows status of the Symbol AP automatic authorization.

    Network CLI Commands Reference 3-205

    3.37.3 Network WLAN Rogue AP Rule List delete Command delete


    Network WLAN Rogue AP Rule List Commands

    Deletes an entry from the rule list.


    Syntax delete [all|<idx>] Parameters

    delete [all|<idx>]

    Deletes entries in the rule list. all Deletes all entries in the rule list. <idx> Deletes the entry at the <idx> index in the rule list.

    Example admin(network.wlan.rogueap.rulelist)>delete all admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----ap -: enabled essid ------

    Related Commands

    show

    Displays the entries in the rule list.

    3-206 WS2000 Wireless Switch System Reference Guide

    3.37.4 Network WLAN Rogue AP Rule List show Command show


    Network WLAN Rogue AP Rule List Commands

    Displays the rule list.


    Syntax show Parameters

    None
    Example admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----1 : enabled essid -----mywlan

    ap -00:a0:f8:f3:12:12

    Related Commands

    delete add

    Deletes entries from the rule list. Adds entries to the rule list.

    Network CLI Commands Reference 3-207

    3.38 Network WLAN Enhanced Rogue AP Commands


    enhancedrogueap
    Network WLAN Commands

    Displays the Enhanced Rogue AP detection submenu.


    Syntax admin(network.wlan)> enhancedrogueap admin(network.wlan.enhancedrogueap)>

    The items available under this command are shown below.


    Command Description Ref.

    show set quit save .. /

    Displays the Enhanced Rogue AP parameters. Sets the Enhanced Rogue AP parameters Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-208 page 3-209 page 3-1 page 3-1 page 3-1 page 3-1

    3-208 WS2000 Wireless Switch System Reference Guide

    3.38.1 Network WLAN Enhanced Rogue AP show Command show


    Network WLAN Enhanced Rogue AP Commands

    Displays the Enhanced Rogue AP parameters.


    Syntax show Parameters

    None
    Example admin(network.wlan.enhancedrogueap)>show Enhanced RAP mode ERAP scan interval ERAP scan duration Channel Set for Radio A Channel Set for Radio B/G : disabled : 10 seconds : 100 milli seconds : :

    admin(network.wlan.enhancedrogueap)>

    Network CLI Commands Reference 3-209

    3.38.2 Network WLAN Enhanced Rogue AP set Command set


    Network WLAN Enhanced Rogue AP Commands

    Sets the Enhanced Rogue AP parameters.


    Syntax set [mode|scaninterval|scanduration|A_channels|BG_channels|erase] set set set set set set mode <mode> scaninterval <scaninterval> scanduration <scanduration> A_channel {channelset} BG_channel {channelset} erase

    Parameters

    mode <mode> scaninterval <scaninterval> scanduration <scanduration> A_channels {<channelset>} BG_channels {<channelset>} erase
    Example

    Enables or disables the Enhanced Rogue AP feature Sets the Enhanced Rogue AP feature scan interval. Sets the Enhanced Rogue AP feature scan duration Sets A channels to scan for Enhanced Rogue AP feature. <channelset> (Optional) Enter a list of valid channels for A Radio. Sets BG channels to scan for Enhanced Rogue AP feature <channelset> (Optional) Enter a list of valid channels for b/g Radio. Clears the Enhanced Rogue AP feature list.

    admin(network.wlan.enhancedrogueap)> show Enhanced RAP mode : disabled ERAP scan interval : 10 seconds ERAP scan duration : 100 milli seconds Channel Set for Radio A : Channel Set for Radio B/G : admin(network.wlan.enhancedrogueap)> set mode enable admin(network.wlan.enhancedrogueap)> set scaninterval 33 admin(network.wlan.enhancedrogueap)> set scanduration 110 admin(network.wlan.enhancedrogueap)> set A_channels 36 40 admin(network.wlan.enhancedrogueap)> set BG_channels 1 2 3 admin(network.wlan.enhancedrogueap)> show Enhanced RAP mode ERAP scan interval ERAP scan duration Channel Set for Radio A Channel Set for Radio B/G : : : : : enabled 33 seconds 110 milli seconds 36, 40, 1, 2, 3,

    3-210 WS2000 Wireless Switch System Reference Guide

    3.39 Network WLAN MU Probe Commands


    muprobe
    Network WLAN Commands

    Displays the MU Probe sub menu.


    Syntax admin(network.wlan)> muprobe admin(network.wlan.muprobe)>

    The items available under this menu are shown below.


    Command Description Ref.

    show set quit save .. /

    Shows the MU Probe Table configuration Sets the MU Probe Table configuration Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-211 page 3-212 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-211

    3.39.1 Network WLAN MU Probe show Command show


    Network WLAN MU Probe Commands

    Displays the MU Probe Table configuration information.


    Syntax show Parameters

    None
    Example admin(network.wlan.muprobe)> show mu probe table mu probe table size mu probe window : disabled : 200 MUs (number of rows could be more) : 30 seconds

    3-212 WS2000 Wireless Switch System Reference Guide

    3.39.2 Network WLAN MU Probe set Command set


    Network WLAN MU Probe Commands

    Sets the different MU Probe Table configurations.


    Syntax set [mode|size|erase|windows] set set set set mode <mode> size <size> erase window <value>

    Parameters

    mode <mode> size <size> erase window <value>


    Example

    Enables or disables MU Probe scans. <mode> can be enable or disable. Sets the size <size> in number of rows of the MU Probe Table. Erases the MU Probe Table Sets the MU Probe time window to <value> (5-300) seconds.

    admin(network.wlan.muprobe)> show mu probe table mu probe table size mu probe window admin(network.wlan.muprobe)> admin(network.wlan.muprobe)> admin(network.wlan.muprobe)> admin(network.wlan.muprobe)> mu probe table mu probe table size mu probe window : disabled : 200 MUs (number of rows could be more) : 30 seconds set mode enable set size 100 set window 50 show : enabled : 100 MUs (number of rows could be more) : 50 seconds

    Network CLI Commands Reference 3-213

    3.40 Network WLAN Hotspot Commands


    hotspot
    Network WLAN Commands

    Displays the Hotspot sub menu.


    Syntax admin(network.wlan)> hotspot admin(network.wlan.hotspot)>

    The items available under this menu are shown below.


    Command Description Ref.

    set show import radius white-list quit save .. /

    Sets the hotspot parameters Displays the hotspot parameters Imports hotspot display pages Sets hotspot RADIUS configuration. Goes to a submenu. Sets the hotspot white-list. Goes to a submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-214 page 3-216 page 3-217 page 3-218 page 3-222 page 3-1 page 3-1 page 3-1 page 3-1

    3-214 WS2000 Wireless Switch System Reference Guide

    3.40.1 Network WLAN Hotspot set Command set


    Network WLAN Hotspot Commands

    Sets the different Hotspot parameters.


    Syntax set [mode|page-loc|exturl|http-mode|hotspot-session-timeout| hotspot-cred-cache] set set set set set set mode <idx> <mode> page-loc <idx> <page-loc> exturl <idx> <page> <url> http-mode <idx> <http-mode> hotspot-session-timeout <timeout> hotspot-cred-cache <hotspot-cred-cache>

    Parameters

    mode <idx> <mode> page-loc <idx> <page-loc>

    exturl <idx> <page> <url>

    http-mode <idx> <http-mode>

    hotspot-session-timeout <hotspot-session-timeout>

    hotspot-cred-cache <hotspot-cred-cache>
    Example

    Enables or disables hotspot for a WLAN with the index value <idx> (18). Sets the location of the welcome page for Hotspot for a WLAN with the index <idx> (1-8). <page-loc> can be one of default, cf, url. When <page-loc> is default, the default pages are shown. When <page-loc> is cf, the pages for login, welcome, and fail are stored on the CF card and are displayed from there. When <page-loc> is url, the pages are displayed from a URL. The URL information is provided through the set exturl command. Sets the URL locations for the hotspot login, welcome, and fail pages for a WLAN with the index value <idx> (1-8). <page> should be one of login, welcome, or fail and indicates the page type. <url> is the fully qualified path to the page indicated by the <page> value. Sets the HTTP mode for the hotspot for the WLAN with index <idx> (1-8). <http-mode> can be one of http or https. HTTP indicates that connections to the hotspot does not use security. HTTPS indicates use of security. Sets the timeout value for the hotspot to <hotspot-session-timeout> minutes. This value is global and is applicable to all WLANs. The default value for <hotspot-session-timeout> is 20 minutes and the maximum value that can be entered is 1440 minutes (1 day). Enables or disables hotspot user credential caching for the WS2000.

    admin(network.wlan.hotspot)> show hotspot 1 WLAN 1 Hotspot Mode Hotspot Page Location External Login URL External Welcome URL : disable : default : :

    Network CLI Commands Reference 3-215

    External Fail URL Http Mode admin(network.wlan.hotspot)> admin(network.wlan.hotspot)> admin(network.wlan.hotspot)> hotspt/login.htm admin(network.wlan.hotspot)> hotspt/welcome.htm admin(network.wlan.hotspot)> hotspt/fail.htm admin(network.wlan.hotspot)> WLAN 1 Hotspot Mode Hotspot Page Location External Login URL External Welcome URL welcome.htm External Fail URL Http Mode

    : : https set mode 1 enable set page-loc 1 url set exturl 1 login //192.168.1.10/wlan1/ set exturl 1 welcome //192.168.1.10/wlan1/ set exturl 1 fail //192.168.1.10/wlan1/ show hotspot 1 : : : : enable url //192.168.1.10/wlan1/hotspt/login.htm //192.168.1.10/wlan1/hotspt/

    : //192.168.1.10/wlan1/hotspt/fail.htm : https

    3-216 WS2000 Wireless Switch System Reference Guide

    3.40.2 Network WLAN Hotspot show Command show


    Network WLAN Hotspot Commands

    Displays the different hotspot configuration settings.


    Syntax show [hotspot|white-list|hs-session-timeout|hs-cred-cache] show hotspot <idx> show white-list <idx> Parameters

    hotspot <idx> white-list <idx> hs-session-timeout hs-cred-cache


    Example

    Displays the hotspot configuration settings. Displays the white list rules. Displays the global hotspot session timeout value. Displays the enable/disable status for hotspot user credentials caching.

    admin(network.wlan.hotspot)> show hotspot 1 WLAN 1 Hotspot Mode Hotspot Page Location External Login URL External Welcome URL welcome.htm External Fail URL Http Mode : : : : enable url //192.168.1.10/wlan1/hotspt/login.htm //192.168.1.10/wlan1/hotspt/

    : //192.168.1.10/wlan1/hotspt/fail.htm : https

    admin(network.wlan.hotspot)> show white-list 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 admin(network.wlan.hotspot)> show hs-session-timeout Hotspot Session Timeout : 10 admin(network.wlan.hotspot)> show hs-cred-caching Hotspot Credential Cache Mode : Disabled

    Network CLI Commands Reference 3-217

    3.40.3 Network WLAN Hotspot Import Command import


    Network WLAN Hotspot Commands

    Imports the html pages for the welcome, login, and fail screens.
    Syntax import <idx> <page> Parameters

    import <idx> <page> Imports the specified page for the WLAN with index <idx> (1-8). <page> must be one of login, welcome, or fail. Paste the html page into the console.
    Example admin(network.wlan.hotspot)> import 1 login Enter 'Ctrl C' to abort. Paste the HTML Page: <html> <Head> <title>Office1 WLAN - Login Page</title> </head> <body> <h1 align="center">Office1 Wireless LAN - Login Page</h1> <HR width=50%> <p align ="center"><b>Please enter your login information below</b></p> <form action="login.asp> <center> <table width=25%> <tr> <tD>User Name</td> <td><input > </input></td> </tr> <tr> <td>Password</td> <td><input type=password> </input></td> </tr> </table> <br> <button type=submit> <strong>Login</strong> </button> <hr width=50%> <p>Page usage monitored and IP captured. Do not login if not authorized.</p> </center> </form> </body> </html>

    3-218 WS2000 Wireless Switch System Reference Guide

    3.41 Network WLAN Hotspot RADIUS commands


    radius
    Network WLAN Hotspot Commands

    Displays the RADIUS server commands for hotspot. RADIUS is used to authenticate hotspot users.
    Syntax admin(network.wlan.hotspot)> radius admin(network.wlan.hotspot.radius)>

    The items available under this command are shown below.


    Command Description Ref.

    show set quit save .. /

    Shows RADIUS configuration settings. Sets RADIUS configuration Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-219 page 3-220 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-219

    3.41.1 Network WLAN Hotspot RADIUS show Command show


    Network WLAN Hotspot RADIUS commands

    Displays the RADIU ?S server information for each hotspot.


    Syntax show radius <idx> Parameters

    show radius <idx>


    Example

    Displays the RADIUS information for the WLAN with the index <idx> (1-8).
    show radius 1 127.0.0.1 1812 ****** 0.0.0.0 1812 ****** disable 1 1

    admin(network.wlan.hotspot.radius)> Primary Server Ip adr : Primary Server Port : Primary Server Secret : Secondary Server Ip adr : Secondary Server Port : Secondary Server Secret : Accounting Mode : Accounting Timeout : Accounting Retry-count :

    3-220 WS2000 Wireless Switch System Reference Guide

    3.41.2 Network WLAN Hotspot RADIUS set Command set


    Network WLAN Hotspot RADIUS commands

    Configures the RADIUS server information for hotspots for each WLAN.
    Syntax set [server|port|secret|acct-mode|acct-timeout|acct-retry| bind-interface|auth-mode] set set set set set set set set server <idx> <srvr_type> <ipadr> port <idx> <srvr_type> <port> secret <idx> <srvr_type> <secret> acct-mode <idx> <mode> acct-timeout <idx> <timeout> acct-retry <idx> <retry_count> bind-interface <idx> <server> <interface> auth-mode <idx> <mode>

    Parameters

    server <idx> <srvr_type> <ipadr> port <idx> <srvr_type> <port>

    secret <idx> <srvr_type <secret> acct-mode <idx> <mode>

    acct-timeout <idx> <timeout> acct-retry <idx> <retry-count> bind-interface <idx> <server> <interface> auth-mode <idx> <mode>

    Sets the IP address <ipadr> of the RADIUS server for the WLAN with index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. Sets the port <port> of the RADIUS server for the WLAN with the index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. Sets the secret <secret> for accessing the RADIUS server for the WLAN with the index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. Enables or disables accounting mode for the RADIUS server for the WLAN with the index <idx> (1-8). When enabled, RADIUS accounting log is written to the CF card when the RADIUS server is not reachable. Sets the time duration <timeout> (1-255) seconds after which RADIUS logs are written to the CF card. Sets the number of re-tries <retry-count> (1-10) made before RADIUS logs are written to the CF card. Binds the RADIUS server type <server> (Primary or Secondary) to the interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2, ...s6-Subnet 6, w-wan) for the WLAN <idx> (18). Sets the radius authentication mode to either PAP or CHAP. This is used to encrypt authentication packets when authenticating with radius servers located on the WAN side of WS2000.
    set set set set set server server port 1 port 1 secret 1 primary 192.169.1.222 1 secondary 192.169.1.223 primary 1812 secondary 1812 1 primary hello1

    Example admin(network.wlan.hotspot.radius)> admin(network.wlan.hotspot.radius)> admin(network.wlan.hotspot.radius)> admin(network.wlan.hotspot.radius)> admin(network.wlan.hotspot.radius)>

    Network CLI Commands Reference 3-221

    admin(network.wlan.hotspot.radius)> set secret 1 secondary hello2 admin(network.wlan.hotspot.radius)> set acct-mode 1 enable admin(network.wlan.hotspot.radius)> set acct-timeout 1 90 admin(network.wlan.hotspot.radius)> set acct-retry 1 8 admin(network.wlan.hotspot.radius)> set bind-interface 1 primary s1 admin(network.wlan.hotspot.radius)> set auth-mode 1 PAP admin(network.wlan.hotspot.radius)>show radius 1 Primary Server Ip adr : 192.168.1.222 Primary Server Port : 1812 Primary Server Secret : ****** Primary client bind interface : s1 Secondary Server Ip adr : 192.169.1.223 Secondary Server Port : 1812 Secondary Server Secret : ****** Secondary client bind interface : none Accounting Mode : disable Accounting Timeout : 10 Accounting Retry-count : 3 RADIUS auth-mode : PAP admin(network.wlan.hotspot.radius)>

    3-222 WS2000 Wireless Switch System Reference Guide

    3.42 Network WLAN Hotstpot White-list Commands


    white-list
    Network WLAN Hotspot Commands

    Displays the White-list submenu. White-list is a list of devices that can use the hotspot.
    Syntax admin(network.wlan.hotspot)> white-list admin(network.wlan.hotspot.whitelist)>

    The items available under this command are shown below.


    Command Description Ref.

    add clear show quit save .. /

    Adds hotspot white-list entries. Clears the hotspot white-list entries. Displays the hotspot white-list entries. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-223 page 3-225 page 3-225 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-223

    3.42.1 Network WLAN Hotspot White-list add Command add


    Network WLAN Hotstpot White-list Commands

    Adds an entry to the WLAN hotspot white-list. White-list is a list of devices that can access the hotspot.
    Syntax add rule <wlan_idx> <ipadr> Parameters

    add rule <wlan_idx> <ipadr>


    Example

    Adds an IP entry <ipadr> to the White-list for the WLAN specified by the index <wlan_idx> (1-8)

    admin(network.wlan.hotspot.whitelist)> add rule 1 192.168.1.67 admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67

    3-224 WS2000 Wireless Switch System Reference Guide

    3.42.2 Network WLAN Hotspot White-list clear Command clear


    Network WLAN Hotstpot White-list Commands

    Clears or deletes the WLAN hotspot white-list entries.


    Syntax clear rule [all|<wlan_idx> [all|<ipadr>]] clear rule all clear rule <wlan_idx> all clear rule <wlan_idx> <ipadr> Parameters

    clear rule [all|<wlan_idx> [all|<ipadr>]]

    clear rule all Clears all the hotspot white-list entries. clear rule <wlan_idx> all Clears all the hotspot white-list entries for the WLAN specified by the <wlan_idx> (1-8) value. clear rule <wlan_idx> <ipadr> Clears a specific IP address <ipadr> from the hotspot white-list entries for the WLAN specified by the <wlan_idx> (1-8) value.

    Example admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67 admin(network.wlan.hotspot.whitelist)> clear rule 1 192.168.1.67 admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 admin(network.wlan.hotspot.whitelist)> clear rule all admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address -------------------------------------------------------------------------

    Network CLI Commands Reference 3-225

    3.42.3 Network WLAN Hotspot White-list show Command show


    Network WLAN Hotstpot White-list Commands

    Displays the WLAN hotspot white-list entries.


    Syntax show white-rules <idx> Parameters

    show white-rules <idx> Displays the hotspot white-list for the WLAN with the index <idx> (1-8).
    Example admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67

    3-226 WS2000 Wireless Switch System Reference Guide

    3.43 Network WLAN WLAN IP Fiter Policy Commands


    wlanipfpolicy
    Network WLAN Commands

    Displays the WLAN IP Filter Policy submenu.


    Syntax admin(network.wlan)> wlanipfpolicy admin(network.wlan.wlanipfpolicy)>

    The items available under this command are shown below.


    Command Description Ref.

    set add del show quit save .. /

    Sets the WLAN IP Filter Policy configurations. Adds entries to the WLAN IP Filter table. Deletes entries from the WLAN IP Filter table. Displays the WLAN IP filter table. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-227 page 3-228 page 3-229 page 3-230 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-227

    3.43.1 Network WLAN WLAN IP Filter Policy set Command set


    Network WLAN WLAN IP Fiter Policy Commands

    Sets the WLAN IP filter policy configuration. IP Filters have to be set up through the Network > IPFilter menu.
    Syntax set [ipf-mode|default] set ipf-mode <wlan-idx> <ipf-mode> set default [incoming|outgoing] <wlan-idx> <action>

    Syntax:
    ipf-mode <wlan-idx> <ipf-mode> default [incoming|outgoing] <wlan-idx> <action> Sets the IP filter mode <ipf-mode> (enable/disable) for the WLAN with the index <idx> (1-8). incoming Sets the default incoming action to <action> (allow/deny) for IP filtering for he WLAN with the index <idx> (1-8). outgoing Sets the default outgoing action to <action> (allow/deny) for IP filtering for he WLAN with the index <idx> (1-8).

    Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action : disable : deny : deny

    admin(network.wlan.wlanipfpolicy)> set ipf-mode 1 enable admin(network.wlan.wlanipfpolicy)> set default outgoing 1 allow admin(network.wlan.wlanipfpolicy)> set default incoming 1 allow admin(network.wlan.wlanipfpolicy)>show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow

    3-228 WS2000 Wireless Switch System Reference Guide

    3.43.2 Network WLAN WLAN IP Filter Policy add Command add


    Network WLAN WLAN IP Fiter Policy Commands

    Adds a new IP Filter association table entry. IP Filters have to be set up through the Network > IPFilter menu.
    Syntax add <wlan-idx> <filter-name> <direction> <action> Parameters

    add <wlan-idx> <filter-name> <direction> <action> Adds a new IP Filter association table entry. The <filter-name> is the name of the filter to be added to the WLAN specified by the <wlan-idx> (1-8). The <direction> could be incoming or outgoing. The <action> could be allow or deny.
    Example admin(network.wlan.wlanipfpolicy)> add 1 allow_tcp incoming allow admin(network.wlan.wlanipfpolicy)> add 1 allow_tcp outgoing deny admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow

    Network CLI Commands Reference 3-229

    3.43.3 Network WLAN WLAN IP Filter Policy del Command del


    Network WLAN WLAN IP Fiter Policy Commands

    Deletes a entry from the IP Filter association table.


    Syntax del <wlan-idx> [all|<index>]

    Syntax:
    delete <wlan-idx> [all|<index>]
    Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow

    Deletes an IP Filter association table entry. The WLAN is specified by the <wlan-idx> (1-8). <index> indicates the filter to delete. all is used to delete all entries from the IP Filter association table.

    admin(network.wlan.wlanipfpolicy)> del 1 2 admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow

    3-230 WS2000 Wireless Switch System Reference Guide

    3.43.4 Network WLAN WLAN IP Filter Policy show Command show


    Network WLAN WLAN IP Fiter Policy Commands

    Displays the contents of the IP Filter association table.


    Syntax show <wlan-idx> Parameters

    show <wlan-idx> Displays the IP filter association table for the WLAN with the index <wlan-idx> (1-8).
    Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow

    Network CLI Commands Reference 3-231

    3.44 Network Port Commands


    port
    network

    Displays the port configuration submenu.


    Syntax admin(network)>port admin(network.port)>

    The items available under this command are shown below.


    Command Description Ref.

    show set quit save .. /

    Shows the port configuration settings. Sets the port configuration Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-233 page 3-232 page 3-1 page 3-1 page 3-1 page 3-1

    3-232 WS2000 Wireless Switch System Reference Guide

    3.44.1 Network Port set Command set


    Network Port Commands

    Sets the port configuration parameters.


    Syntax set [auto-negotiation|speed|duplex] set auto-negotiation <idx> <auto-negotiation> set speed <idx> <speed> set duplex <idx> <duplex> Parameters

    auto-negotiation <idx> <autonegotiation> speed <idx> <speed> duplex <idx> <duplex>


    Example

    Enables or disables auto negotiation. When enabled, the port negotiates the speed and the duplex type. <auto-negotiation> can be one of enable or disable. <idx> (port1-port6, wan) is the port number. Sets the speed for the port with the index <idx> (port1-port6, wan). Set <speed> from 10M or 100M. Sets the duplex mode for the port with the index <idx> (port1-port6, wan). Set the <duplex> value from full or half.

    admin(network.port)> show port1 auto-negotiation speed duplex admin(network.port)> admin(network.port)> admin(network.port)> admin(network.port)> auto-negotiation speed duplex : disable : 10M : half set auto-negotiation port1 enable set speed port1 100M set duplex port1 full show port1 : enable : 100M : full

    Network CLI Commands Reference 3-233

    3.44.2 Network Port show Command show


    Network Port Commands

    Displays the port configuration parameters.


    Syntax show <idx> Parameters

    show <idx>
    Example

    Displays the port configuration settings for the port <idx> (port1-port6, wan).

    admin(network.port)> show port1 auto-negotiation speed duplex : enable : 100M : full

    3-234 WS2000 Wireless Switch System Reference Guide

    3.45 Network IP Filter Commands


    ipfilter
    network

    Displays the IP Filter submenu. IP based filtering allows administrators to configure Incoming and Outgoing IP filtering policies on packets within the same Subnet / WLAN and between wired and wireless hosts. Filters can be set up based on IP Address or as a default rule for all IPs in a given direction.
    Syntax admin(network)> ipfilter admin(network.ipfilter)>

    The items available under this command are shown below.


    Command Description Ref.

    add del show quit save .. /

    Adds a filter to the global IP Filter table. Deletes a filter from the global IP Filter table. Shows the global IP Filter table. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-235 page 3-236 page 3-237 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-235

    3.45.1 Network IP Filter add Command add


    Network IP Filter Commands

    Adds an entry into the global IP Filter table.


    Syntax add <filter-name> <protocol> <port> <start-src-address> <end-src-address> <start-dest-address> <end-dest-address> Parameters

    add <filter-name> <protocol> <port> <start-src-address> <end-src-address> <start-dest-address> <enddest-address> Adds an IP Filter with <filter-name> to the IP Filter table. <protocol> can be one of tcp, udp, icmp, pim, gre, rsvp, idp, pup, egp, ipip, esp, ah, igmp, ipv6, compr_h, raw_ip. <port> is the port number. Could also be all. <start-src-address> to <end-src-address> is the source ip range for which this filter is applied <start-dest-address> to <end-dest-address> is the destination ip range for which this filter is applied.
    Example admin(network.ipfilter)> add port80tcp TCP 80 192.168.1.100 192.168.1.250 0.0.0.0 0.0.0.0 admin(network.ipfilter)> show ------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0 port80tcp TCP 192.168.1.100 0.0.0.0 NO 80 192.168.1.250 0.0.0.0

    3-236 WS2000 Wireless Switch System Reference Guide

    3.45.2 Network IP Filter del Command del


    Network IP Filter Commands

    Deletes an entry from the global IP Filter table.


    Syntax del [all|<idx>] Parameters

    del [all|<index>] Deletes IP Filter table entries. del <index> Deletes the global IP Filter table entry at <index>. del all Deletes all entries of the global IP Filter table.
    Example admin(network.ipfilter)> del 3 admin(network.ipfilter)> show ------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0

    Network CLI Commands Reference 3-237

    3.45.3 Network IP Filter Shlow Command show


    Network IP Filter Commands

    Displays the global IP Filter table.


    Syntax show Parameters

    None
    Example admin(network.ipfilter)> show ------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0

    3-238 WS2000 Wireless Switch System Reference Guide

    3.46 Network WIPS Command


    wips
    network

    Description:
    Displays the Wireless Intrusion Protection System (WIPS) submenu.
    Syntax admin(network)> wips admin(network.wips)>

    The items available under this command are shown below.


    Command Description Ref.

    set show list convert revert update defaults quit save .. /

    Sets WIPS parameters. Displays WIPS parameters Lists the APs and Sensors discovered. Converts APs to dedicated WIPS sensors Revers dedicated WIPS sensors to APs Sends WIPS configuration to the sensors Goes to the Defaults submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-239 page 3-240 page 3-241 page 3-242 page 3-243 page 3-244 page 3-245 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-239

    3.46.1 Network WIPS set Command set


    Network WIPS Command

    Enables or disables WIPS.


    Syntax set mode <mode> Parameters

    set mode <mode>


    Example

    Enables or disables WIPS. <mode> can be either enable or disable.

    admin(network.wips)> set mode enable admin(network.wips)> show mode State : enable

    3-240 WS2000 Wireless Switch System Reference Guide

    3.46.2 Network WIPS show Command show


    Network WIPS Command

    Displays the WIPS parameters.


    Syntax show [mode|sensor] Parameters

    mode sensor <mac>


    Example

    Enables or disables WIPS mode Shows sensor configuration <mac> Shows mac-Sensor MAC address

    admin(network.wips)> show mode State : enable

    Network CLI Commands Reference 3-241

    3.46.3 Network WIPS list Command list


    Network WIPS Command

    Lists the adopted APs and detected sensors for WIPS.


    Syntax list [sensors|aps] Parameters

    list [sensors|aps]
    Example

    list aps Lists the sensor APs list sensors Lists the discovered APs

    admin(network.wips)> list sensors ------------------------------------------------------------------------Idx Sensor MAC IP address ------------------------------------------------------------------------1 00a0f8bf8a70 192.168.0.167 admin(network.wips)> list APs ------------------------------------------------------------------------Idx AP MAC Conversion State ------------------------------------------------------------------------1 00a0f8bf8a70

    3-242 WS2000 Wireless Switch System Reference Guide

    3.46.4 Network WIPS convert Command convert


    Network WIPS Command

    Converts an existing AP to a dedicated Sensor device. This command is only valid for Motorola AP300.
    Syntax convert <mac1> <mac2> ... Parameters

    convert <mac1> <mac2> ...


    Example

    Converts the list of AP represented by their MAC addresses <mac1> <mac2>... to dedicated sensor devices.

    admin(network.wips)> convert 00a0f8bf8a70 Conversion is started in the background admin(network.wips)> list sensors ------------------------------------------------------------------------Idx Sensor MAC IP address ------------------------------------------------------------------------1 00a0f8bf8a70 192.168.0.167

    Network CLI Commands Reference 3-243

    3.46.5 Network WIPS revert Command revert


    Network WIPS Command

    Reverts a dedicated Sensor device to an AP. This command is only valid for Motorola AP300.
    Syntax revert <mac1> <mac2> ...

    Syntax:
    revert <mac1> <mac2> Converts the list of Sensors represented by their MAC addresses <mac1> ... <mac2>... to APs.
    Example admin(network.wips)> revert 00a0f8bf8a70 Revert is started in the background admin(network.wips)> list aps ---------------------------------------------------------------------------Idx AP MAC Conversion State ---------------------------------------------------------------------------1 00a0f8bf8a70

    3-244 WS2000 Wireless Switch System Reference Guide

    3.46.6 Network WIPS update Command update


    Network WIPS Command

    Sends configuration information to dedicated sensor devices.


    Syntax update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>} Parameters

    update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>} Sends the configuration information to the sensor device, where: <mac> is the MAC address of the sensor device. <dhcp_mode> is the dhcp mode. Mode can be either client or static. <ipaddr> is the IP address of the sensor device. This field is only required when the <dhcp_mode> is static. <mask> is the subnet mask for the IP address of the sensor device. This field is only required when the <dhcp_mode> is static. <dgw> is the default gateway for the sensor device. This field is only required when the <dhcp_mode> is static. <pwips> is the IP address of the primary WIPS server. <swips> is the IP address of the secondary WIPS server. This value is optional.
    Example admin(network.wips)> show sensor 00a0f8bf8a70 Sensor MAC DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server : : : : : : : 00a0f8bf8a70 client 192.168.1.107 255.255.255.0 192.168.1.1 192.168.0.20 192.168.0.21

    admin(network.wips)> update 00a0f8bf8a70 static 192.168.1.108 255.255.255.0 192.168.1.10 192.168 .0.20 192.168.0.21 admin(network.wips)> show sensor 00a0f8bf8a70 Sensor MAC DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server : : : : : : : 00a0f8bf8a70 client 192.168.2.100 255.255.255.0 192.168.2.1 192.168.0.20 192.168.0.21

    Network CLI Commands Reference 3-245

    3.47 Network WIPS Default commands


    defaults
    Network WIPS Command

    Goes to the WIPS default configuration menu.


    Syntax admin(network.wips)>defaults admin(network.wips.defaults)>

    The items available under this command are shown below.


    Default Description Ref.

    show set quit save .. /

    Shows the WIPS default configuration settings. Sets the Sensor default configuration for WIPS. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-247 page 3-246 page 3-1 page 3-1 page 3-1 page 3-1

    3-246 WS2000 Wireless Switch System Reference Guide

    3.47.1 Network WIPS set Command set


    Network WIPS Default commands

    Sets the default WIPS configuration settings. These settings are used when WIPS configurations are not changed.
    Syntax set mode <mode> set [ipaddr|mask|dgw|pwips|swips] <a.b.c.d>

    Syntax:
    mode <mode> ipaddr <a.b.c.d> mask <a.b.c.d> dgw <a.b.c.d> pwips <a.b.c.d> swips <a.b.c.d>
    Example admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server : : : : : : set mode enable set ipaddr 192.168.0.10 set mask 255.255.255.0 set dgw 192.168.0.1 set pwips 192.168.0.20 set swips192.168.0.21 show

    Sets the default mode to enable or disable. Sets the IP address to <a.b.c.d> for the WIPS sensor. Sets the network mask to <a.b.c.d> for the WIPS sensor Sets the default gateway for the WIPS sensor to <a.b.c.d> Sets the primary WIPS server to <a.b.c.d> Sets the secondary WIPS server to <a.b.c.d>.

    client 192.168.0.10 255.255.255.0 192.168.0.1 192.168.0.20 192.168.0.21

    Network CLI Commands Reference 3-247

    3.47.2 Network WIPS show Command show


    Network WIPS Default commands

    Displays the default WIPS configuration.


    Syntax show Parameters

    None
    Example admin(network.wips.default)> show DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server : : : : : : client 192.168.0.10 255.255.255.0 192.168.0.1 192.168.0.20 192.168.0.21

    3-248 WS2000 Wireless Switch System Reference Guide

    3.48 Network WIDS Commands


    wids
    network

    Displays the Wireless Intrusion Detection System (WIDS) commands.


    Syntax admin(network)>wids admin(network.wids)>

    The items available under this command are shown below.


    Command Description Ref.

    show set delete quit save .. /

    Shows WIDS status and statistics Sets WIDS parameters Removes WIDS MU List entries Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-254 page 3-250 page 3-249 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-249

    3.48.1 Network WIDS delete Command delete


    Network WIDS Commands

    Deletes WIDS MU list entries.


    Syntax delete [all|<idx>] Parameters

    delete [all|<idx>]
    Example

    all Deletes all the MU from the list. <idx> Deletes MU list entry at the index <idx>.

    admin(network.wids)> delete 1 admin(network.wids)> delete all admin(network.wids)>

    3-250 WS2000 Wireless Switch System Reference Guide

    3.48.2 Network WIDS set Command set


    Network WIDS Commands

    Sets the WIDPS parameters.


    Syntax set [mode|detect-window|anomaly-detect|excess-op] set set set set set set set set mode <mode> detect-window <detect-window> anomaly-mode [mode|filter-ageout] anomaly-mode mode <violation-type> <mode> anomaly-mode filter-ageout <type> <filter-ageout> excess-op [threshold|filter-ageout] excess-op threshold [mu|radio|switch] <type> <threshold> excess-op filter-ageout <type> <filter-ageout>

    Parameters

    mode <mode> Enables or disables WIDS. <mode> can be enable or disable. detect-window Sets the duration for which WIDS information is collected to <detect-window> (5<detect-window> 300) seconds. Once collected, the information is sent for analysis. The deafult value for <detect-window> is 10 seconds.

    Network CLI Commands Reference 3-251

    anomaly-detect [mode|filterageout]

    Configures the anomaly detection mode. mode <violation-type> <mode> Enables or disables anomaly detection for each violation type <violation-type>. <mode> can be enable or disable. <violation-type> can be one of the following: all - all the anomalies. null-dst - NULL destination MAC anomaly same-src-dst - Same source and destination IP anomaly mcas-src - Multicast source MAC anomaly weak-wep-iv - Weak WEP initialization vector anomaly tkip-cntr-meas - TKIP Countermeasures anomaly invalid-frame-len - Invalid frame length anomaly filter-ageout <type> <filter-ageout> Sets the number of seconds a mobile unit is filtered out. <type> is the violation type and can be one of: all - all the anomalies. null-dst - NULL destination MAC anomaly same-src-dst - Same source and destination IP anomaly mcas-src - Multicast source MAC anomaly weak-wep-iv - Weak WEP initialization vector anomaly tkip-cntr-meas - TKIP Countermeasures anomaly invalid-frame-len - Invalid frame length anomaly <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds. 0 disables this option.

    3-252 WS2000 Wireless Switch System Reference Guide

    excess-op [threshold|filterageout]

    Sets the threshold of events allowed in the detection window per MU. threshold [mu|radio|switch] <type> <threshold> Sets the threshold values for mu, radio, or switch. <type> is the violation type and can be one of: all - all types of excessive operations probe-req - Probe Request frames auth-assoc-req - 802.11 Authentication and Association Request deauth-disassoc-req - Disassociation and Deauthentication frames auth-fails - Failures reported by Authentication servers crypto-replay-fails - TKIP/CCMP IV replay check failure 80211-replay-fails - 802.11 replay check failure decrypt-fails - decryption failures unassoc-frames - frames from unassociated stations eap-starts - EAP (802.1x) Start frames <threshold> (0-65535) is the threshold value in seconds, 0 disables this option filter-ageout <type> <filter-ageout> Sets the number of seconds a mobile unit is filtered out. <type> is the violation type and can be one of: all - all the anomalies. null-dst - NULL destination MAC anomaly same-src-dst - Same source and destination IP anomaly mcas-src - Multicast source MAC anomaly weak-wep-iv - Weak WEP initialization vector anomaly tkip-cntr-meas - TKIP Countermeasures anomaly invalid-frame-len - Invalid frame length anomaly <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds. 0 disables this option.
    set mode enable set detect-window 25 set anomaly-detect mode all enable set anomaly-detect filter-ageout all 120 set excess-op threshold mu all 80 set excess-op filter-ageout all 80 show wids : Enabled : 10 (Secs) Threshold (0 == disabled) mu 80 80 80 80 radio 0 0 0 0 switch 0 0 0 0 Filter-Ageout 80 80 80 80

    Example admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> WIDS feature is Detect Window Excessive Operations :: (Secs) -------------------probe-req : auth-assoc-req : deauth-disassoc-req : auth-fails :

    Network CLI Commands Reference 3-253

    crypto-replay-fails 80211-replay-fails decrypt-fails unassoc-frames eap-starts Anomaly Analysis ---------------null-dst same-src-dst mcast-src weak-wep-iv tkip-cntr-meas invalid-frame-len

    : : : : : :: : : : : : :

    80 80 80 80 80 Status enabled enabled enabled enabled enabled enabled

    0 0 0 0 0

    0 0 0 0 0

    80 80 80 80 80

    Filter-Ageout (Secs) 120 120 120 120 120 120

    3-254 WS2000 Wireless Switch System Reference Guide

    3.48.3 Network WIDS show Command show


    Network WIDS Commands

    Displays the default WIDS configuration settings


    Syntax show [wids|filter] Parameters

    show [wids|filter]
    Example

    wids Displays the default WIDS configuration values. filter Displays the filter configuration values.

    admin(network.wids)> show wids WIDS feature is Detect Window Excessive Operations :: (Secs) -------------------probe-req : auth-assoc-req : deauth-disassoc-req : auth-fails : crypto-replay-fails : 80211-replay-fails : decrypt-fails : unassoc-frames : eap-starts : Anomaly Analysis ---------------null-dst same-src-dst mcast-src weak-wep-iv tkip-cntr-meas invalid-frame-len :: : : : : : : : Enabled : 10 (Secs) Threshold (0 == disabled) mu 80 80 80 80 80 80 80 80 80 Status enabled enabled enabled enabled enabled enabled radio 0 0 0 0 0 0 0 0 0 switch 0 0 0 0 0 0 0 0 0 Filter-Ageout 80 80 80 80 80 80 80 80 80

    Filter-Ageout (Secs) 120 120 120 120 120 120

    Network CLI Commands Reference 3-255

    3.49 Network URL Filter Commands


    urlfilter
    network

    Displays the URL Filter commands


    Syntax admin(network)> urlfilter admin(network.urlfilter)>

    The items available under this command are shown below.


    Command Description Ref.

    keyword whitelist blacklist trustip set show quit save .. /

    Goes to the Keyword submenu Goes to the Whitelist submenu Goes to the Blacklist submenu Goes to the Trusted IP submenu Sets the URL Filter configuration information Displays URL Filter configuration information Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-258 page 3-263 page 3-267 page 3-271 page 3-256 page 3-257 page 3-1 page 3-1 page 3-1 page 3-1

    3-256 WS2000 Wireless Switch System Reference Guide

    3.49.1 Network URL Filter set Command set


    Network URL Filter Commands

    Sets URL FIlter parameters.


    Syntax set [mode|tcp-port|error-msg|action] set set set set mode <mode> tcp-port <tcp-port> error-msg <error-msg> action <action>

    Parameters

    mode <mode> set tcp-port <tcp-port> set error-msg <error-msg>

    set action <action>


    Example

    Sets the URL Filter mode. <mode> can be enable or disable. Sets the TCP Port for URL Filtering to <tcp-port>. Sets the error message to the string <error-msg> for URL Filtering. This error message is displayed when there is an error while accessing the page the user had requested. Sets the default action for URL Filtering when reverse DNS look-up fails. <action> can be one of allow or deny.

    admin(network.urlfilter)> show URL Filter Mode TCP Port Number Error Message : Disable : 0 :

    admin(network.urlfilter)>admin(network.urlfilter)>set mode enable admin(network.urlfilter)>set tcp-port 100 admin(network.urlfilter)>set error-msg "Error message" admin(network.urlfilter)>set action deny admin(network.urlfilter)>show URL Filter Mode TCP Port Number Error Message Action on DNSRD reply failure : : : : Disable 80 policies of your service provider deny

    Network CLI Commands Reference 3-257

    3.49.2 Network URL Filter show Command show


    Network URL Filter Commands

    Displays URL Filter configuration information.


    Syntax show Parameters

    None
    Example admin(network.urlfilter)>show URL Filter Mode TCP Port Number Error Message Action on DNSRD reply failure : : : : Disable 80 policies of your service provider deny

    3-258 WS2000 Wireless Switch System Reference Guide

    3.50 Network URL Filter Keyword Commands


    keyword
    Network URL Filter Commands

    Displays the URL Filter Keyword commands.


    Syntax admin(network.urlfilter)> keyword admin(network.urlfilter.keyword)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete removeall show quit save .. /

    Adds a new keyword and action to the keyword filter table Deletes keyword from the keyword filter table Removes all keywords in the keyword filter table Displays the URL Filter Keyword table entries Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-259 page 3-260 page 3-261 page 3-262 page 3-1 page 3-1 page 3-1 page 3-1

    Network CLI Commands Reference 3-259

    3.50.1 Network URL Filter Keyword add Command add


    Network URL Filter Keyword Commands

    Adds a new keyword and action to the keyword filter table.


    Syntax add <keyword> <action> Parameters

    add <keyword> <action>


    Example

    Adds a filter to the keyword filter table. <keyword> The keyword to be searched <action> allow or deny. The action to be performed when the <keyword> is found.

    admin(network.urlfilter.keyword)>add share deny admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share deny admin(network.urlfilter.keyword)>add trading deny admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share deny trading deny admin(network.urlfilter.keyword)>

    3-260 WS2000 Wireless Switch System Reference Guide

    3.50.2 Network URL Filter Keyword delete Command delete


    Network URL Filter Keyword Commands

    Deletes a keyword from the keyword table.


    Syntax delete <keyword> Parameters

    delete <keyword> Deletes the keyword <keyword> from the URL Filter keyword table.
    Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share deny trading deny admin(network.urlfilter.keyword)>delete share admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action trading Deny admin(network.urlfilter.keyword)>

    Network CLI Commands Reference 3-261

    3.50.3 Network URL Filter Keyword removeall Command removeall


    Network URL Filter Keyword Commands

    Removes all entries from the Keyword Table.


    Syntax removeall Parameters

    None
    Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord share trading stocks stock admin(network.urlfilter.keyword)>removeall admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord

    Action Deny Deny Deny Deny

    Action

    3-262 WS2000 Wireless Switch System Reference Guide

    3.50.4 Network URL Filter Keyword show Command show


    Network URL Filter Keyword Commands

    Displays the URL filter keyword table entries.


    Syntax show Parameters

    None
    Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share Deny trading Deny

    Network CLI Commands Reference 3-263

    3.51 Network URL Filter White list Commands


    whitelist
    Network URL Filter Commands

    Displays the whitelist URLs commands.


    Syntax admin(network.urlfilter)> whitelist admin(network.urlfilter.whitelist)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete show quit save .. /

    Adds a whitelist entry to the URL whitelist table. Deletes a whitelist entry from the URL whitelist table. Displays the URL whitelist table entries. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-264 page 3-265 page 3-266 page 3-1 page 3-1 page 3-1 page 3-1

    3-264 WS2000 Wireless Switch System Reference Guide

    3.51.1 Network URL Filter White List add Command add


    Network URL Filter White list Commands

    Adds a new whitelist entry to the whitelist table.


    Syntax add <whitelist> Parameters

    add <whitelist>
    Example

    Adds a whitelist entry into the whitelist table. <whitelist> is an URL to be added.

    admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com admin(network.urlfilter.whitelist)>add moto.com admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com admin(network.urlfilter.whitelist)>

    Network CLI Commands Reference 3-265

    3.51.2 Network URL Filter White List delete Command delete


    Network URL Filter White list Commands

    Deletes a whitelist entry from the whitelist table.


    Syntax delete [<whitelist>|all] Parameters

    delete [<whitelist>|all]
    Example

    Deletes the entries from the URL whitelist table. <whitelist> deletes the specified URL from the URL whitelist table all deletes all URLs from the URL whitelist table

    admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com motoo.com admin(network.urlfilter.whitelist)>delete motoo.com admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com admin(network.urlfilter.whitelist)>delete all admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS---------

    3-266 WS2000 Wireless Switch System Reference Guide

    3.51.3 Network URL Filter White List show Command show


    Network URL Filter White list Commands

    Displays the URL filter whitelist table entries.


    Syntax show Parameters

    None
    Example admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com admin(network.urlfilter.whitelist)>

    Network CLI Commands Reference 3-267

    3.52 Network URL Filter Black List Commands


    blacklist
    Network URL Filter Commands

    Displays the URL Filter black list URLs commands.


    Syntax admin(network.urlfilter)> blacklist admin(network.urlfilter.blacklist)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete show quit save .. /

    Adds an URL to the blacklist table Deletes a URL from the blacklist table Displays the URL blacklist table entries Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-268 page 3-269 page 3-270 page 3-1 page 3-1 page 3-1 page 3-1

    3-268 WS2000 Wireless Switch System Reference Guide

    3.52.1 Network URL Filter Black List add Command add


    Network URL Filter Black List Commands

    Adds a new blacklist entry to the blacklist table.


    Syntax add <blacklist> Parameters

    add <blacklist>
    Example

    Adds a blacklist entry into the blacklist table. <blacklist> is an URL.

    admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com admin(network.urlfilter.blacklist)>add trading.com admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com admin(network.urlfilter.blacklist)>

    Network CLI Commands Reference 3-269

    3.52.2 Network URL Filter Black List delete Command delete


    Network URL Filter Black List Commands

    Deletes a blacklist entry from the blacklist table.


    Syntax delete [<blacklist>|all] Parameters

    del [<blacklist>|all]
    Example

    Deletes the entries from the URL blacklist table. <blacklist> The URL to be removed from the blacklist table. all Removes all URLs from the URL blacklist table.

    admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com dipmail.com admin(network.urlfilter.blacklist)>delete dipmail.com admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com admin(network.urlfilter.blacklist)>delete all admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS---------

    3-270 WS2000 Wireless Switch System Reference Guide

    3.52.3 Network URL Filter Black List show Command show


    Network URL Filter Black List Commands

    Displays the URL filter blacklist table entries.


    Syntax show Parameters

    None
    Example admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com admin(network.urlfilter.blacklist)>

    Network CLI Commands Reference 3-271

    3.53 Network URL Filter Trusted IP Commands


    trustip
    Network URL Filter Commands

    Displays the URL Trusted IP commands.


    Syntax admin(network.urlfilter)> trustip admin(network.urlfilter.trustip)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete show quit save .. /

    Adds an IP to the trusted IP list Deletes an IP from the trusted IP list Displays the list of trusted IPs Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 3-272 page 3-273 page 3-274 page 3-1 page 3-1 page 3-1 page 3-1

    3-272 WS2000 Wireless Switch System Reference Guide

    3.53.1 Network URL Filter Trusted IP add Command add


    Network URL Filter Trusted IP Commands

    Adds a new IP into the trusted IP table.


    add <trustip> Parameters

    add <trustip>
    Example

    Adds an IP address <trustip> into the trusted IPs list.

    admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 admin(network.urlfilter.trustip)>add 192.168.10.10 admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>

    Network CLI Commands Reference 3-273

    3.53.2 Network URL Filter Trusted IP delete Command delete


    Network URL Filter Black List Commands

    Deletes an entry from the trusted IPs list.


    Syntax delete [<trustip>|all] Parameters

    del [<trustip>|all] Deletes trusted IP entries from the trusted IP list. <trustedip> Deletes the IP <trustedip> from the trusted IP list all Deletes all trusted IPs from the trusted IP list.
    Example admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 192.168.11.9 admin(network.urlfilter.trustip)>del 192.168.11.9 admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>

    3-274 WS2000 Wireless Switch System Reference Guide

    3.53.3 Network URL Filter Trusted IP show Command show


    Network URL Filter Trusted IP Commands

    Displays the trusted IPs list


    Syntax show Parameters

    None
    Example admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>

    System CLI Commands Reference


    System commands are used to set the system parameters for the WS 2000 Wireless Switch.

    4.1 system
    Admin Menu Commands

    Use the system command to go to the System menu.


    admin> system admin(system)>

    The following commands are available under the System menu:


    Command Description Ref.

    lastpw exec config logs ntp snmp userdb radius test WS2000 authentication ssh redundancy cf http save quit .. /

    Displays the last debug password. Execute a linux command. Goes to the config submenu. Goes to the logs submenu. Goes to the NTP submenu. Goes to the SNMP submenu. Goes to the userdb submenu. Goes to the RADIUS submenu. Goes to the test submenu. Goes to the WS2000 submenu. Goes to the authentication submenu. Goes to the SSH submenu. Goes to the redundancy submenu. Goes to the CF submenu. Goes to the HTTP submenu Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu

    page 4-2 page 4-3 page 4-10 page 4-22 page 4-28 page 4-70 page 4-92 page 4-33 page 4-127 page 4-113 page 4-4 page 4-89 page 4-66 page 4-122 page 4-124 page 2-6 page 2-5 page 2-7 page 2-8

    4-2 WS2000 Wireless Switch System Reference Guide

    4.1.1 System lastpw Command lastpw


    system

    This command displays the MAC address for the switch, the previous admin password for the switch, and the number of times the current admin password has been used along with how many more times it will be valid.
    Syntax lastpw Parameters

    None
    Example admin(system)>lastpw WS2000 MAC Address is 00:a0:f8:6f:d8:fc Last Password was symbol12 Current password used 0 times, valid 4 more time(s)

    System CLI Commands Reference 4-3

    4.1.2 System exec Command exec


    system

    Executes a linux command


    Syntax exec <command> Parameters

    exec <command> Executes a linux command <command>.


    Example admin(system)> exec df -h /mnt Filesystem Size Used Avail Use% Mounted on automount(pid153) 0 0 0 - /mnt

    4-4 WS2000 Wireless Switch System Reference Guide

    4.2 System Authentication Commands


    authentication
    system

    Displays the authentication submenu.


    Syntax admin(system)> authentication admin(system.authentication)>

    The items available under this command are shown below.


    Command Description Ref.

    radius set show save .. /

    Goes to the RADIUS submenu. Sets the mode. Shows the authentication parameters. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 4-7 page 4-5 page 4-6 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-5

    4.2.1 System Authentication set Command set


    System Authentication Commands

    Sets the parameter that specifies how user authentication is taking place.
    Syntax set [mode|auth-loc] [local|radius]

    Syntax:
    set mode [local|radius] Sets the authentication mode. If set to local, the internal User Database will serve as the data source. If set to radius, the switch will use an external LDAP server for the information. If radius is the mode, then the parameters under the radius submenu must to be set. Sets the Airbeam user authentication to either the local database or the RADIUS server. If set to radius, the switch will use an external LDAP server for the authentication. If radius is the authentication location, then the RADIUS server is used for authentication.

    set auth-loc [local|radius]

    Example admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode : local admin(system.authentication)> Related Commands

    set

    Sets the parameters to specify that the external RADIUS server is used for user authentication.

    4-6 WS2000 Wireless Switch System Reference Guide

    4.2.2 System Authentication show Command show


    System Authentication Commands

    Shows the main user authentication parameters.


    Syntax show all Parameters

    None
    Example admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode : local radius user location and type : radius admin(system.authentication)> Related Commands

    set

    Sets the authentication parameters.

    System CLI Commands Reference 4-7

    4.3 System Authentication RADIUS Commands


    radius
    System Authentication Commands

    Displays the RADIUS submenu.


    Syntax admin(system.authentication)> radius admin(system.authentication.radius)>

    The items available under this command are shown below.


    Command Description Ref.

    set show save .. /

    Sets the RADIUS authentication parameters. Shows the RADIUS authentication parameters. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 4-8 page 4-9 page 4-1 page 4-1 page 4-1

    4-8 WS2000 Wireless Switch System Reference Guide

    4.3.1 System Authentication RADIUS set Command set


    System Authentication RADIUS Commands

    Sets the RADIUS proxy server authentication parameters.


    Syntax set [auth-server-ip|auth-server-port|shared-secret] set auth-server-ip <IP> set auth-server-port <port> set shared-secret <password> Parameters

    Sets the IP address for the RADIUS authentication proxy server to the IP address <IP>. auth-server-port <port> Specifies the TCP/IP port number <port> for the RADIUS server that will act as a proxy server. The default port is 1812. shared-secret <password> Sets a shared secret <password> for each suffix that is used for authentication with the RADIUS proxy server.
    Example admin(system.authentication.radius)>set auth-server-ip 192.168.0.4 admin(system.authentication.radius)>set auth-server-port 1812 admin(system.authentication.radius)>set shared mysecret admin(system.authentication.radius)> admin(system.authentication.radius)>show all radius server ip : 192.168.0.4 radius server port : 1812 radius server shared secret : ********

    set auth-server-ip <IP>

    System CLI Commands Reference 4-9

    4.3.2 System Authentication RADIUS show Command show


    System Authentication RADIUS Commands

    Shows the RADIUS authentication parameters.


    Syntax show all Parameters

    None
    Example admin(system.authentication.radius)> set auth-server-ip 192.168.0.4 admin(system.authentication.radius)> set auth-server-port 1812 admin(system.authentication.radius)> set shared mysecret admin(system.authentication.radius)>show all radius server ip : 192.168.0.4 radius server port : 1812 radius server shared secret : ******** Related Commands

    set

    Sets the RADIUS authentication parameters.

    4-10 WS2000 Wireless Switch System Reference Guide

    4.4 System Configuration Commands


    config
    system

    Displays the config submenu.


    Syntax admin(system)> config admin(system.config)>

    The items available under this command are shown below.


    Command Description Ref.

    default export import partial set show update sensor-fw-update loadtocf save quit .. /

    Restores default configuration Exports configuration from the system Imports configuration to the system Restores partial default configuration Sets import/export parameters Shows import/export parameters Performs firmware update Performs firmware update for the sensors Loads the current firmware to a CF card Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu

    page 4-11 page 4-12 page 4-14 page 4-15 page 4-16 page 4-18 page 4-19 page 4-20 page 4-21 page 2-6 page 2-5 page 2-7 page 2-8

    System CLI Commands Reference 4-11

    4.4.1 System Config default Command default


    System Configuration Commands

    Restores the switch to the factory default configuration.


    Syntax default Parameters

    None
    Example admin(system.config)>default Are you sure you want to default the configuration? (yes/no):yes ************************************************************************* System will now restore default configuration. You will need to set the country code for correct operation. ************************************************************************* Restoring default configuration : [ In progress ]

    4-12 WS2000 Wireless Switch System Reference Guide

    4.4.2 System Config export Command export


    System Configuration Commands

    Exports the configuration from the system.


    Syntax export [ftp|tftp|terminal|sftp]

    Syntax:
    export Exports the system configuration. [ftp|tftp|terminal ftp Exports the configuration to the FTP server. Use the set command to set the sftp] server, user, password, and file name before using this command. tftp Exports the configuration to the TFTP server. Use the set command to set the IP address for the TFTP server before using the command. terminal Exports the configuration to the terminal. sftp Exports the configuration to the sftp server.
    Example

    Export FTP Example:


    admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(system.config)>export ftp Export operation Building configuration file File transfer File transfer Export operation : [ Started ] : [ Done ] : [ In progress ] : [ Done ] : [ Done ]

    Export TFTP Example:


    admin(system.config)>set server 192.168.0.101 admin(system.config)>export tftp Export operation Building configuration file File transfer File transfer Export operation : : : : : [ [ [ [ [ Started ] Done ] In progress ] Done ] Done ]

    Export Terminal Example:


    admin(system.config)>export terminal // // WS2000 Configuration Command Script // System Firmware Version: 1.5.0.0-160b // system ws2000

    System CLI Commands Reference 4-13

    // WS2000 menu set name WS2000 set loc Extra\20office set email fred@symbol.com set cc us set airbeam mode disable set airbeam enc-passwd a11e00942773 set applet lan enable set applet wan enable set applet slan enable set applet swan enable set cli lan enable set cli wan enable set snmp lan enable set snmp wan enable / system config --More--

    . . . <several pages of settings>


    / // Router configuration network router set type off set dir both set auth none set enc-passwd 8e57 set id 1 1 set enc-key 1 e2565fc57c2a766fb0d55160d6f92952 set id 2 1 set enc-key 2 e2565fc57c2a766fb0d55160d6f92952 delete all / save

    4-14 WS2000 Wireless Switch System Reference Guide

    4.4.3 System Config import Command import


    System Configuration Commands

    Imports the configuration to the system.


    Syntax import [ftp|tftp|sftp] {default-and-apply} Parameters

    import [ftp|tftp] {default-and-apply}

    Imports configuration from external devices. ftp Imports the configuration from the FTP server. Use the set command to set the server, user, password, and file. tftp Imports the configuration from the TFTP server. Use the set command to set the server and file. default-and-apply Import the configuration from the FTP or TFTP server. Use this command to first set the device to factory defaults before applying the imported configuration. This command is optional. sftp Imports the comfiguration from the SFTP server.

    Example

    Import FTP Example


    admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd mysecret admin(system.config)>import ftp Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ] admin(system.config)>import ftp default-and-apply Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ]

    Import TFTP Example


    admin(system.config)>set server 192.168.0.101 admin(system.config)>import tftp Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ] admin(system.config)>import tftp default-and-apply Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ]

    System CLI Commands Reference 4-15

    4.4.4 System Config partial Command partial


    System Configuration Commands

    Resets the switch's configuration to the factory default settings for all settings except the WAN and some SNMP related settings. The following settings will remain intact when using Restore Partial Default Configuration: All settings on the WAN page SNMP access to the WS 2000 on the WS 2000 Access page All settings on the SNMP Access page Before using this feature, consider exporting the current configuration for safekeeping.
    Syntax partial Parameters

    None
    Example admin(system.config)>partial Are you sure you want to partially default WS 2000? (yes/no):yes ************************************************************************* System will now restore default configuration. You will need to set the country code for correct operation. ************************************************************************* Restoring default configuration Related Commands : [ In progress ]

    export

    Exports system configuration settings.

    4-16 WS2000 Wireless Switch System Reference Guide

    4.4.5 System Config set Command set


    System Configuration Commands

    Sets the import/export parameters.


    Syntax set [server|user|passwd|file|cfgpath|fw|sensor-fw|import-enc-password| bind-interface|ap300] set set set set set set set set set set set set set set server <IP> user <username> passwd <password> file <filename> cfgpath <filepath> fw fw fw fw fw [file|path|boot|active-partition] file <filename> path <path> boot [on-board-flash|compact-flash] active-partition [primary|secondary] [file|path|max-size] file <filename> path <path> max-size <size>

    sensor-fw sensor-fw sensor-fw sensor-fw

    set import-enc-password <mode> set bind-interface <bind-interface> set ap300 [file|path|max-size|legacy-mode] Parameters

    server <ipaddress> user <username> passwd <password> file <filename> cfgpath <path> fw [ file <filename>| path <path>| boot [on-board-flash| compact-flash]| active-partition [primary|secondary]

    Sets the FTP/TFTP server IP address to <ipaddress> in the format a.b.c.d. Sets the FTP user name to <username> (up to 47 characters). Sets the FTP password to <password> (up to 39 characters). Sets the configuration file name to <filename> (up to 39 characters). Sets the configuration file path to <path> (up to 31 characters) Sets the firmware information for the device. file <filename> Sets the firmware filename to <filename> (up to 39 characters). path <path> Sets the firmware file path to <path> (up to 39 characters). boot [on-board-flash|compact-flash] Sets the firmware boot device to either the on board flash (on-board-flash) or the compact flash card (compactflash) attached to the WS 2000 Wireless Switch. active-partition [primary|secondary] Sets the active partition on the compact flash card to either of primary or secondary.

    System CLI Commands Reference 4-17

    Sets sensor firmware information. file <filename> Sets the sensor firmware file name to <filename> (up to 39 characters). path <path> Sets the firmware file path for the sensor to <path> (up to 39 characters). max-size <size> Sets the maximum file size of the sensor firmware file to <size>. import-enc-password Enables or disables the import of encrypted passwords for the admin and <mode> manager logins. <mode> can be one of enable or disable. bind-interface <bind- Sets the interface to bind <bind-interface> (s1-s6, w, none where s1-Subnet 1, interface> s2-Subnet 2,..., s6-Subnet 6, w-WAN) during ftp. ap300 [file|path| Sets AP300 firmware update parameters. max-size|legacy-mode] file <filename> Sets AP300 firmware file name filename Sets the file name. The range is 1 to 39 characters. path Sets firmware file path max-size Sets maximum size for AP300 firmware file legacy-mode Sets AP300 fw legacy mode
    Example

    sensor-fw [ file <filename>| path <path| max-size <size>]

    FTP Set Example


    admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(system.config)>export ftp Export operation Building configuration file File transfer File transfer Export operation : : : : : [ [ [ [ [ Started ] Done ] In progress ] Done ] Done ]

    Firmware Example
    admin(system.config)>set fw file mf_01050000160B.bin admin(system.config)>set fw path /tftp/myadmin/ admin(system.config)>update tftp s1

    4-18 WS2000 Wireless Switch System Reference Guide

    4.4.6 System Config show Command show


    System Configuration Commands

    Shows the import/export parameters.


    Syntax show all Parameters

    None
    Example admin(system.config)> show all ftp/tftp server ip address ftp user name ftp password cfg filename config filepath firmware filepath firmware filename sensor firmware filepath sensor firmware filename max size of sensor firmware file import enc admin password mode boot source device active partition of Compact Flash ftp/sftp/tftp server ip address ftp/sftp user name ftp/sftp password cfg filename config filepath firmware filepath firmware filename sensor firmware filepath sensor firmware filename max size of sensor firmware file ap300 firmware filepath ap300 firmware filename max size of ap300 firmware file AP300 firmware legacy mode import enc admin password mode boot source device active partition of Compact Flash bind interface : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 157.235.208.196 admin ******** v23.26b.bin /home/ftp/admin/2k/ /home/ftp/admin/2k/ v23.26b.bin /home/ftp/admin/2k/ leo_sensor.bin 512000 disable on-board-flash primary 192.168.0.11 guest ******** cfg.txt /home/guest/ mf_02040300010B.bin leo_sensor.bin 512000 wiap.bin 512000 disable disable on-board-flash primary none

    System CLI Commands Reference 4-19

    4.4.7 System Config update Command update


    System Configuration Commands

    Performs a firmware update.


    Syntax update <mode> {<interface>} update [tftp|ftp|sftp] <interface> update cf Parameters

    update [tftp|ftp|sftp] <iface>

    Sets how firmware updates will occur. Select between ftp, sftp and tftp. <iface> specifies the interface (location), as follows: s1 = subnet1 s2 = subnet2 s3 = subnet3 s4 = subnet4 s5 = subnet5 s6 = subnet6 w = wan Before using this command, use set server to set the IP address for the FTP/TFTP server. If using the ftp mode, also use set user and set passwd to allow login to the FTP server.
    Note: When update mode is sftp,then the parameter iface is not required.

    update cf
    Example

    Indicates that firmware updates will occur from the switchs compact flash slot. (Undoes an ftp/tftp/sftp setting.)

    admin(system.config)>set fw file mf_01050000200B.bin admin(system.config)>set fw path /tftp/myadmin/ admin(system.config)>update tftp s1

    4-20 WS2000 Wireless Switch System Reference Guide

    4.4.8 System Config sensor-fw-update Command sensor-fw-update


    System Configuration Commands

    Performs firmware update for the sensors. When sensor firmware update is done, No restart is required. New sensors receive the updated firmware. Existing sensors must be reverted and then reassigned for them to get the new sensor firmware image.
    Syntax sensor-fw-update [ftp|tftp|sftp] Parameters

    sensor-fw-update [ftp|tftp]

    Updates the sensor firmware. ftp Updates the sensor firmware from the specified FTP server. tftp Updates the sensor firmware from the specified TFTP server. sftp Updates the sensor firmware from the specified SFTP server.

    Example admin(system.config)>sensor-fw-update tftp File transfer admin(system.config)> : [Successful]

    System CLI Commands Reference 4-21

    4.4.9 System Config loadtocf Command loadtocf


    System Configuration Commands

    This command loads and updates the firmware to the CF card. This is used for dual boot.
    Syntax loadtocf [cf|ftp|tftp|sftp] <image-type>

    Syntax:
    cf <image-type> Loads the image to the CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. In this case, the image source is the CF card and the destination is also the CF card. Loads the image to a CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using FTP and stores it on the target partition. Loads the image to a CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using TFTP and stores it on the target partition. Loads binary image to cf using sftp.The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using SFTP and stores it on the target partition.

    ftp <image-type>

    tftp <image-type>

    sftp <image-type>

    Example admin(system.config)> loadtocf cf primary admin(system.config)>

    4-22 WS2000 Wireless Switch System Reference Guide

    4.5 System Logs Commands


    logs
    system

    Displays the logs submenu.


    Syntax admin(system)> logs admin(system.logs)>

    The items available under this command are shown below.


    Command Description Ref.

    delete set send show view quit save .. /

    Deletes core files. Sets log options and parameters. Sends log and core files. Shows logging options. Views system log. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-23 page 4-25 page 4-24 page 4-26 page 4-27 page 4-1 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-23

    4.5.1 System Logs delete Command delete


    System Logs Commands

    Deletes the core log files.


    Syntax delete Parameters

    None
    Example admin(system.logs)>delete

    4-24 WS2000 Wireless Switch System Reference Guide

    4.5.2 System Logs send Command send


    System Logs Commands

    Sends log and core files through FTP to a location specified with the set command. Use the set command to set the FTP login and site information first.
    Syntax send Parameters

    None
    Example admin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness admin(system.logs)>show all log level ext syslog server logging ext syslog server ip address ftp/tftp server ip address ftp user name ftp password admin(system.logs)>send File transfer File transfer admin(system.logs)> Related Commands : [ In progress ] : [ Done ] : : : : : : L6 Info disable 0.0.0.0 192.168.0.10 fred ********

    set Sets the parameters associated with log operations, such as send. show all Displays the log related settings.

    System CLI Commands Reference 4-25

    4.5.3 System Logs set Command set


    System Logs Commands

    Sets log options and parameters.


    Syntax set [ipadr|level|mode|cf_logging_mode|server|user|passwd] set set set set set set set ipadr <ip> level <level> mode <mode> cf_logging_mode <mode> server <ip> user <username> passwd <password>

    Parameters

    Sets the external syslog server IP address to <ip> (a.b.c.d). Sets the level of the events that will be logged. All event with a level at or above <level> (L0L7) will be saved in the system log. L0:Emergency L1:Alert L2:Critical L3:Errors L4:Warning L5:Notice L6:Info L7:Debug mode <mode> Enables or disables ext syslog server logging. <mode> is either enable or disable. cf_logging_mode <mode> Enables or disables logging to CF card if connection to the Syslog server fails. <mode> is either enable or disable. server <ip> Sets the FTP server IP address to <ip> (a.b.c.d). user <username> Sets the FTP user name to <username> (147 characters). passwd <password> Sets the FTP password to <password> (139 characters).
    Example admin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness admin(system.logs)>show all log level ext syslog server logging ext syslog server ip address ftp/tftp server ip address ftp user name ftp password : : : : : : L6 Info disable 0.0.0.0 192.168.0.10 fred ********

    ipadr <ip> level <level>

    4-26 WS2000 Wireless Switch System Reference Guide

    4.5.4 System Logs Show Command show


    System Logs Commands

    Shows logging options.


    Syntax show all Parameters

    None
    Example admin(system.logs)>set user user1 admin(system.logs)>set passwd hello admin(system.logs)>show all log level ext syslog server logging syslog server logging on CF ext syslog server ip address ftp/tftp server ip address ftp user name ftp password Related Commands : : : : : : : L4 Warning enable disable 0.0.0.0 196.168.10.1 admin ********

    set

    Sets logging parameters to be used with send.

    System CLI Commands Reference 4-27

    4.5.5 System Logs View Command view


    System Logs Commands

    Views the system log file.


    Syntax view Parameters

    None
    Example admin(system.logs)>view Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). Jan 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:15:43 (none) last message repeated 2 times Jan 7 16:16:01 (none) CC: 4:16pm up 6 days, 16:16, load average: 0.00, 0.01, 0.00 Jan 7 16:16:01 (none) CC: Mem: 62384 32520 29864 0 0 Jan 7 16:16:01 (none) CC: 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf7 000034dc 00000000 00000000 00000000 Jan 7 16:16:13 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:16:44 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance . . .

    4-28 WS2000 Wireless Switch System Reference Guide

    4.6 System NTP Commands


    ntp
    system

    Displays the NTP submenu.


    Syntax admin(system)> ntp admin(system.ntp)>

    The items available under this command are shown below.


    Command Description Ref.

    show set date-zone zone-list quit save .. /

    Shows NTP parameters settings. Sets NTP parameters. Shows the date, time and time zone Shows the list of time zones Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-30 page 4-29 page 4-31 page 4-32 page 4-1 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-29

    4.6.1 System NTP Set Command set


    System NTP Commands

    Sets NTP parameters.


    Syntax set [mode|intrvl|server|port|time|zone] set set set set set set mode <mode> intrvl <interval> server <idx> <ip/hostname> port <idx> <port> time <yyyy> <MM> <dd> <hh> <mm> <ss> zone <zone-index>

    Syntax:
    mode <mode> intrvl <interval> Enables or disables NTP. <mode> is either enable or disable. Sets the length of time to <interval> (in minutes) for the switch to synchronize its time with an NTP server. server <idx> Sets the NTP server IP address <ip/hostname> (a.b.c.d or host url); specify one of <ip/hostname> the three NTP servers with <idx> (1, 2, or 3). This value can also be a host name of the NTP server. When the value is a host name, the domain name IP should be set under the (system.ws2000) menu on the CLI. port <idx> <port> Sets the NTP port for the indicated server <idx> to <port> (165535). time <yyyy> <MM> Sets the WS2000 system time manually. Time is in the format YYYY MM DD hh mm <dd> <hh> <mm> ss (Example: 2008 02 24 11 25 32) <ss> zone <zone-idx> Sets the time zone to the <zone-idx> value. This value can be found by using the (system.ntp)>zone-list command.

    Example admin(system.ntp)>set mode enable admin(system.ntp)>set server 1 203.21.37.18 admin(system.ntp)>set port 1 345 admin(system.ntp)>show all ntp mode server ip 1 server ip 2 server ip 3 server port 1 server port 2 server port 3 current time admin(system.ntp)> : : : : : : : : enable 203.21.37.18 0.0.0.0 0.0.0.0 345 123 123 1970-01-07 23:29:05

    4-30 WS2000 Wireless Switch System Reference Guide

    4.6.2 System NTP Show Command show


    System NTP Commands

    Shows all NTP server settings.


    Syntax show all Parameters

    None
    Example admin(system.ntp)>show all ntp mode server ip 1 server ip 2 server ip 3 server port 1 server port 2 server port 3 current time Related Commands : : : : : : : : enable 114.233.112.4 0.0.0.0 0.0.0.0 123 123 123 2004-10-07 22:58:24

    set

    Sets NTP parameters.

    System CLI Commands Reference 4-31

    4.6.3 System NTP Date-zone Command date-zone


    System NTP Commands

    Shows the WS2000 date, time and time zone.


    Syntax date-zone Parameters

    None
    Example admin(system.ntp)> date-zone Date/Time : Thu 1970-Jan-01 05:53:25 +0530 IST Time Zone : Asia/Calcutta admin(system.ntp)>

    4-32 WS2000 Wireless Switch System Reference Guide

    4.6.4 System NTP zone-list Command zone-list


    System NTP Commands

    Displays the different time zones.


    Syntax zone-list Parameters

    None
    Example admin(system.ntp)>zone-list ---------------------------------------------Index | TimeZone ---------------------------------------------1 | Africa/Abidjan 2 | Africa/Accra 3 | Africa/Addis_Ababa 4 | Africa/Algiers 5 | Africa/Asmera 6 | Africa/Bamako 7 | Africa/Bangui 8 | Africa/Banjul 9 | Africa/Bissau 10 | Africa/Blantyre <Hit any key to continue> 11 | Africa/Brazzaville 12 | Africa/Bujumbura 13 | Africa/Cairo 14 | Africa/Casablanca 15 | Africa/Ceuta 16 | Africa/Conakry 17 | Africa/Dakar 18 | Africa/Dar_es_Salaam 19 | Africa/Djibouti <Hit any key to continue> 20 | Africa/Douala 21 | Africa/El_Aaiun 22 | Africa/Freetown 23 | Africa/Gaborone 24 | Africa/Harare 25 | Africa/Johannesburg 26 | Africa/Kampala 27 | Africa/Khartoum 28 | Africa/Kigali <Hit any key to continue>

    System CLI Commands Reference 4-33

    4.7 System RADIUS Commands


    radius
    system

    Displays the RADIUS submenu.


    Syntax admin(system)> radius admin(system.radius)>

    The items available under this command are shown below.


    Command Description Ref.

    eap policy ldap proxy client generate-dh-param set show quit save .. /

    Goes to the EAP submenu. Goes to the access policy submenu. Goes to the LDAP submenu. Goes to the proxy submenu. Goes to the client submenu. Generates the DH Param file required for EAP-TLS/TTLS Sets the RADIUS parameters. Shows the RADIUS parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-41 page 4-57 page 4-51 page 4-60 page 4-37 page 4-34 page 4-35 page 4-36 page 4-1 page 4-1 page 4-1 page 4-1

    4-34 WS2000 Wireless Switch System Reference Guide

    4.7.1 System RADIUS generate-dh-param Command generate-dh-param


    System RADIUS Commands

    Generates the DH Params file for supporting Cipher Suit v 0x13 (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) for EAP-TLS./TTLS protocols. If this file does not exist when the WS2000 is booted, it is created. This command provides a facility to create the DH Params file as required.
    Syntax generate-dh-param Parameters

    None
    Example admin(system.radius)>generate-dh-param This will take several minutes. Please wait until the operation is complete. DH Parameter file will not get created if interrupted... admin(system.radius)>

    System CLI Commands Reference 4-35

    4.7.2 System RADIUS set Command set


    System RADIUS Commands

    Sets the RADIUS database to either the local database or an LDAP server.
    Syntax set database [local|ldap|ldaps] Parameters

    set database [local|ldap|ldaps]


    Example

    Sets the RADIUS server to the local database (local) or an LDAP server (ldap) or a secured LDAP server (ldaps).

    admin(system.radius)>set database ldap admin(system.radius)>show all Database : ldap Related Commands

    show all

    Shows the top-level RADIUS parameters.

    4-36 WS2000 Wireless Switch System Reference Guide

    4.7.3 System RADIUS show Command show


    System RADIUS Commands

    Shows the RADIUS parameters.


    Syntax show all Parameters

    None
    Example admin(system.radius)>set database ldap admin(system.radius)>show all Database : ldap Related Commands

    set

    Sets the RADIUS database source.

    System CLI Commands Reference 4-37

    4.8 System RADIUS Client Commands


    client
    System RADIUS Commands

    Displays the client submenu.


    Syntax admin(system.radius)>client admin(system.radius.client)>

    The items available under this command are shown below.


    Command Description Ref.

    add del show quit save .. /

    Adds a RADIUS client. Deletes a RADIUS client. Displays a list of configured clients. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-38 page 4-39 page 4-40 page 4-1 page 4-1 page 4-1 page 4-1

    4-38 WS2000 Wireless Switch System Reference Guide

    4.8.1 System RADIUS Client add Command add


    System RADIUS Client Commands

    Adds a RADIUS client.


    Syntax add <ip> <mask> <secret> Parameters

    add <ip> <mask> <secret>


    Example

    Adds a RADIUS client with IP address <ip>, netmask <mask>, and shared secret <secret>.

    admin(system.radius.client)>add 192.168.46.4 225.225.225.0 mysecret admin(system.radius.client)>show List of Radius Clients : ------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret -----------------------------------------------------------------------1 192.168.46.4 225.225.225.0 admin(system.radius.client)> ******

    Related Commands

    del show

    Deletes a RADIUS client. Shows a list of RADIUS clients.

    System CLI Commands Reference 4-39

    4.8.2 System RADIUS Client del Command del


    System RADIUS Client Commands

    Deletes a RADIUS client with the provided IP address.


    Syntax del <ip> Parameters

    del <ip>
    Example

    Deletes the RADIUS client with IP address <ip>.

    admin(system.radius.client)>show List of Radius Clients

    ------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------1 192.168.46.4 225.225.225.0 ****** 2 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)>del 192.168.46.4 admin(system.radius.client)>show List of Radius Clients : ------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------1 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)> Related Commands

    add show

    Adds a RADIUS client to the list. Displays the list of RADIUS clients.

    4-40 WS2000 Wireless Switch System Reference Guide

    4.8.3 System RADIUS Client show Command show


    System RADIUS Client Commands

    Displays a list of configured RADIUS clients.


    Syntax show Parameters

    None
    Example admin(system.radius.client)>show List of Radius Clients :

    ------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------1 192.168.46.4 225.225.225.0 ****** 2 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)> Related Commands

    add del

    Adds a RADIUS client to the list. Deletes a RADIUS client from the list.

    System CLI Commands Reference 4-41

    4.9 System RADIUS EAP Commands


    eap
    System RADIUS Commands

    Displays the EAP submenu.


    Syntax admin(system.radius)> eap admin(system.radius.eap)>

    The items available under this command are shown below.


    Command Description Ref.

    peap ttls import set show quit save .. /

    Goes to the PEAP submenu. Goes to the TTLS submenu. Imports the EAP certificates. Sets the EAP parameters. Shows the EAP parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-45 page 4-48 page 4-42 page 4-43 page 4-44 page 4-1 page 4-1 page 4-1 page 4-1

    4-42 WS2000 Wireless Switch System Reference Guide

    4.9.1 System RADIUS EAP import Command import


    System RADIUS EAP Commands

    Imports the EAP certificates.


    Syntax import [server|cacert] <cert ID> Parameters

    server <cert id> cacert <cert id>


    Example

    Imports a server certificate with the certificate ID <cert id>. Imports a Trusted Certificate with certificate ID <cert id>.

    admin(system.radius.eap)>import server mycert admin(system.radius.eap)>import cacert NETE3443 Related Commands

    show cert

    Show the list of certificates.

    System CLI Commands Reference 4-43

    4.9.2 System RADIUS EAP set Command set


    System RADIUS EAP Commands

    Sets the EAP parameters. To configure each of the selected authentication types, go to the submenu associated with each type.
    Syntax set auth [peap|ttls|both] Parameters

    auth [peap|ttls|both]
    Example

    Sets the default authorization type to one of PEAP or TTLS or both. When selected, go to the submenu associated with the selection to finish the setup.

    admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type : peap Related Commands

    show all

    Shows the EAP settings.

    4-44 WS2000 Wireless Switch System Reference Guide

    4.9.3 System RADIUS EAP show Command show


    System RADIUS EAP Commands

    Displays the EAP parameters.


    Syntax show [all|cert] Parameters

    show [all|cert]

    Displays EAP parameters all Displays the default EAP authentication settings. cert - Displays a list of certificates.

    Example admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type : peap Example

    set

    Sets the EAP parameters.

    System CLI Commands Reference 4-45

    4.10 System RADIUS EAP PEAP Commands


    peap
    System RADIUS EAP Commands

    Displays the PEAP submenu.


    Syntax admin(system.radius.eap)> peap admin(system.radius.eap.peap)>

    The items available under this command are shown below.


    Command Description Ref.

    set show quit save .. /

    Sets the PEAP authentication type. Shows the PEAP authentication type. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-46 page 4-47 page 4-1 page 4-1 page 4-1 page 4-1

    4-46 WS2000 Wireless Switch System Reference Guide

    4.10.1 System RADIUS EAP PEAP set Command set


    System RADIUS EAP PEAP Commands

    Sets the PEAP authentication type.


    Syntax set auth <peap type> Parameters

    set auth <peap type> Sets the authentication type for PEAP to <peap type> (GTC or MTCHAPv2).
    Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type : gtc Related Commands

    show

    Displays the PEAP authentication type.

    System CLI Commands Reference 4-47

    4.10.2 System RADIUS EAP PEAP show Command show


    System RADIUS EAP PEAP Commands

    Displays the PEAP authentication type.


    Syntax show Parameters

    None
    Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type : gtc Related Commands

    set

    Sets the PEAP authentication type.

    4-48 WS2000 Wireless Switch System Reference Guide

    4.11 System RADIUS EAP TTLS Commands


    ttls
    System RADIUS EAP Commands

    Displays the TTLS submenu.


    Syntax admin(system.radius.eap)> ttls admin(system.radius.eap.ttls)>

    The items available under this command are shown below.


    Command Description Ref.

    set show quit save .. /

    Sets the TTLS authentication type. Shows the TTLS authentication type. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-49 page 4-50 page 4-1 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-49

    4.11.1 System RADIUS EAP TTLS set Command set


    System RADIUS EAP TTLS Commands

    Sets the TTLS authentication type.


    Syntax set auth <ttls type> Parameters

    set auth <auth type>


    Example

    Sets the authentication type for TTLS to <auth type> (PAP, MD5, or MSCHAPv2).

    admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type : md5 Related Commands

    show

    Show the TTLS authentication type.

    4-50 WS2000 Wireless Switch System Reference Guide

    4.11.2 System RADIUS EAP TTLS show Command show


    System RADIUS EAP TTLS Commands

    Shows the TTLS authentication type.


    Syntax show Parameters

    None
    Example admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type : md5 Related Commands

    set

    Sets the TTLS authentication type.

    System CLI Commands Reference 4-51

    4.12 System RADIUS LDAP Commands


    ldap
    System RADIUS Commands

    Displays the LDAP submenu.


    Syntax admin(system.radius)> ldap admin(system.radius.ldap)>

    The items available under this command are shown below.


    Command Description Ref.

    set show import join quit save .. /

    Sets the LDAP parameters. Shows the LDAP parameters. Imports Secured LDAP certificates. Joins the A D domain. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-52 page 4-54 page 4-55 page 4-56 page 4-1 page 4-1 page 4-1 page 4-1

    4-52 WS2000 Wireless Switch System Reference Guide

    4.12.1 System RADIUS LDAP set Command set


    System RADIUS LDAP Commands

    Sets the LDAP parameters.


    Syntax set [ipadr|domain|port|binddn|basedn|passwd|login|pass_attr| groupname|filter|membership|adagent|pri-domain|admin-uname|admin-pass] set set set set set set set set set set set set set set set ipadr <ip> domain <domain> port <port> binddn <binddn> basedn <basedn> passwd <password> login <login attr> pass_attr <password attr> groupname <groupname attr> filter membership <group attr> adagent <mode> pri-domain <mode> admin-uname <username> admin-pass <password>

    Parameters

    ipadr <ip> domain <domain> port <port> binddn <binddn> basedn <basedn> passwd <password> login <login attr> pass_attr <password attr> groupname <groupname attr> filter membership <group attr> adagent <mode> pri-domain <mode> admin-uname <username> admin-pass <password>

    Sets LDAP server IP address to <ip>. Sets LDAP domain name to a fully qualified domain name <domain>. Use when using LDAPS or AD agent Sets LDAP server port to <port>. Sets LDAP bind distinguished name to <binddn> (a string of characters). Sets LDAP Base distinguished name to <basedn> (a string of characters). Sets LDAP server password to <password> (a string of characters). Sets LDAP login attribute to <login attr> (a string of characters). Sets LDAP password attribute to <password attr> (a string of characters). Sets LDAP group name attribute to <groupname attr> (a string of characters). Sets LDAP membership filter with appropriate settings Sets LDAP membership attribute to <group attr> (a string of characters). Enables or disables the A D agent feature. <mode> is either enable or disable. Enables or disables setting primary domain for A D agent. <mode> is either enable or disable. Sets the administrator user name to <username> for the LDAP domain Sets the administrator password to <password> for the LDAP domain

    System CLI Commands Reference 4-53

    Example admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP : 192.168.42.23 LDAP Server Port : 56 LDAP Bind DN : dfkjkkj LDAP Base DN : o=mobion LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{UserName}}) LDAP Password Attribute : userPassword LDAP Group Name Attribute : cn LDAP Group Membership Filter : LDAP Group Membership Attribute : mygroup admin(system.radius.ldap)> Related Commands

    show

    Displays the set of LDAP server settings.

    4-54 WS2000 Wireless Switch System Reference Guide

    4.12.2 System RADIUS LDAP show Command show


    System RADIUS LDAP Commands

    Description:
    Displays the LDAP parameters.
    Syntax show all Parameters

    None
    Example admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP : 192.168.42.23 LDAP Server Port : 56 LDAP Bind DN : dfkjkkj LDAP Base DN : o=mobion LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{UserName}}) LDAP Password Attribute : userPassword LDAP Group Name Attribute : cn LDAP Group Membership Filter : LDAP Group Membership Attribute : mygroup admin(system.radius.ldap)> Related Commands

    set

    Sets the LDAP parameters.

    System CLI Commands Reference 4-55

    4.12.3 System RADIUS LDAP import Command import


    System RADIUS LDAP Commands

    Imports Secure LDAP certificates.


    Syntax import [client|cacert] <cert-id> Parameters

    import Import Secure LDAP certificates. [client|cacert] client Imports self certificate <cert-id> <cert-id> ca-cert Imports the trusted certificate authority certificate <cert-id>
    Example admin(system.radius.ldap)> import client LdapClient admin(system.radius.ldap)> import cacert LdapTrusted

    4-56 WS2000 Wireless Switch System Reference Guide

    4.12.4 System RADIUS LDAP join Command join


    System RADIUS LDAP Commands

    Joins the device to the A D domain.


    Syntax join Parameters

    None
    Example admin(system.radius.ldap)> join

    System CLI Commands Reference 4-57

    4.13 System RADIUS Policy Commands


    policy
    System RADIUS Commands

    Displays the policy submenu.


    Syntax admin(system.radius)> policy admin(system.radius.policy)>

    The items available under this command are shown below.


    Command Description Ref.

    set show quit save .. /

    Sets the groups access policy. Shows the groups access policy. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-58 page 4-59 page 4-1 page 4-1 page 4-1 page 4-1

    4-58 WS2000 Wireless Switch System Reference Guide

    4.13.1 System RADIUS Policy set Command set


    System RADIUS Policy Commands

    Sets a groups access to WLANs.


    Syntax set <group> <idx> Parameters

    set <group> <idx> Gives the group <group> access to WLAN with a list of indexes <idx>. The list <idx> can either be a single index or several indexes separated by spaces. The group <group> must be already defined. See System User Database Group Commands for information about defining groups.
    Example admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies : g1 : 2 3 4 g2 : No Wlans Related Commands

    show

    Displays the groups access policies.

    System CLI Commands Reference 4-59

    4.13.2 System RADIUS Policy show Command show


    System RADIUS Policy Commands

    Displays the access policy details for all groups.


    Syntax show Parameters

    None
    Example admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies : g1 : 2 3 4 g2 : No Wlans Related Commands

    set

    Sets the group WLAN access settings.

    4-60 WS2000 Wireless Switch System Reference Guide

    4.14 System RADIUS Proxy Commands


    proxy
    System RADIUS Commands

    Displays the proxy submenu.


    Syntax admin(system.radius)> proxy admin(system.radius.proxy)>

    The items available under this command are shown below.


    Command Description Ref.

    add del clearall set show quit save .. /

    Adds a proxy realm. Deletes a proxy realm. Removes all proxy server records. Sets the proxy server parameters. Shows the proxy server parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-61 page 4-62 page 4-63 page 4-64 page 4-65 page 4-1 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-61

    4.14.1 System RADIUS Proxy add Command add


    System RADIUS Proxy Commands

    Adds a proxy realm.


    Syntax add <name> <ip> <port> <secret> Parameters

    add <realm> <ip> <port> <secret>


    Example

    Add a proxy realm with realm name <realm>, RADIUS server IP address <ip>, port <port>, and shared secret <secret>.

    admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------1 realm1 192.168.102.42 225 ****** Related Commands

    show realm del

    Displays this list of defined proxy servers. Deletes a proxy server from the list.

    4-62 WS2000 Wireless Switch System Reference Guide

    4.14.2 System RADIUS Proxy del Command del


    System RADIUS Proxy Commands

    Deletes a proxy realm.


    Syntax del <realm> Parameters

    del <realm>
    Example

    Deletes a proxy server realm with name <realm>.

    admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------1 realm1 192.168.102.42 225 ****** admin(system.radius.proxy)>del realm1 admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------Related Commands

    add show

    Adds a proxy server realm. Displays the list of proxy servers.

    System CLI Commands Reference 4-63

    4.14.3 System RADIUS Proxy clearall Command clearall


    System RADIUS Proxy Commands

    Clears all the proxy server records.


    Syntax clearall Parameters

    None
    Example admin(system.radius.proxy)> clearall

    4-64 WS2000 Wireless Switch System Reference Guide

    4.14.4 System RADIUS Proxy set Command set


    System RADIUS Proxy Commands

    Sets the proxy server parameters.


    Syntax set delay <delay> set count <count>

    Syntax:
    delay <delay> count <count>
    Example admin(system.radius.proxy)>set delay 7 admin(system.radius.proxy)>set count 4 admin(system.radius.proxy)>show proxy Proxy Server Retry Count : 4 Proxy Server Retry Delay : 7 admin(system.radius.proxy)> Example

    Sets the retry delay of the proxy server to <delay> minute (510). Sets the retry count of the proxy server to <count> (36).

    show proxy

    Shows the proxy server retry settings.

    System CLI Commands Reference 4-65

    4.14.5 System RADIUS Proxy show Command show


    System RADIUS Proxy Commands

    Shows the proxy server parameters.


    Syntax show [proxy|realm] Parameters

    show [proxy|realm] Displays proxy server parameters. proxy Displays the proxy server parameters. realm Displays proxy server realm information.
    Example admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------1 realm1 192.168.102.42 225 ****** admin(system.radius.proxy)>set delay 7 admin(system.radius.proxy)>set count 4 admin(system.radius.proxy)>show proxy Proxy Server Retry Count : 4 Proxy Server Retry Delay : 7 admin(system.radius.proxy)> Related Commands

    set add

    Sets the proxy server retry parameters. Adds a proxy server realm to the list.

    4-66 WS2000 Wireless Switch System Reference Guide

    4.15 System Redundancy Commands


    redundancy
    system

    Displays the redundancy submenu.


    Syntax admin(system)> redundancy admin(system.redundancy)>

    The items available under this command are shown below.


    Command Description Ref.

    set show quit save .. /

    Sets redundancy parameters. Shows redundancy settings. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-67 page 4-69 page 4-1 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-67

    4.15.1 System Redundancy set Command set


    System Redundancy Commands

    Sets the parameters for redundant switch mode.


    Syntax set [op_state|mode|heartbeat|revertdelay|redundancy|preempt|virtualip] set set set set set set set mode <mode> op_state <state> heartbeat <interval> revertdelay <delay> redundancy <subnet> <state> preempt <mode> virtualip <subnet> <ip>

    Parameters

    Sets the switch to the <mode> (primary or secondary). Indicates that the switch is either the primary or secondary (standby) switch when redundancy is enabled. This parameter can only be set if the op_state parameter is set to redundancy. op-state <state> Sets the redundancy operation state of the switch to one of the following <state>: standaloneThe switch has no redundancy capabilities and operates independently of any other WS 2000 switches on the network. This is the default setting. redundancyTwo WS 2000 switches are connected, with one set as a primary and the other as a standby. upgradeThe primary and standby switches must run the same version of the switch firmware for redundancy to work correctly. If the firmware on only one of the switches is updated, redundancy is disabled and the Operational State is automatically set to Upgrade. heartbeat <interval> Sets the heartbeat interval for the switch to <interval> (160) seconds. revertdelay <delay> Specifies the amount of time <delay> (120 minutes) after not receiving a heartbeat packet before the secondary (standby) switch will take over. redundancy <subnet> Sets the redundancy state <state> (enable or disable) for the subnet <subnet> <state> (s1, s2. s3, s4, s5, s6). preempt <mode> Enables to prevent system stand-by on redundant switches. <mode> can be enable or disable. virtualip <subnet> Sets the virtual IP address to <ip> for each redundant subnet <subnet>. <ip>
    Example admin(system.redundancy)>set mode standby can not set the value when the op_state is either upgrade or standalone admin(system.redundancy)>set op-state redundancy admin(system.redundancy)>set mode standby admin(system.redundancy)>

    mode <mode>

    4-68 WS2000 Wireless Switch System Reference Guide

    Related Commands

    show

    Displays the redundancy settings.

    System CLI Commands Reference 4-69

    4.15.2 System Redundancy show Command show


    System Redundancy Commands

    Displays the switch redundancy settings.


    Syntax show all Parameters

    None
    Example admin(system.redundancy)>show all redundancy configured mode redundancy operational mode redundancy operational state heart beat interval revert delay heart beat interface Related Commands : : : : : : primary VRRP daemon not running standalone 3 seconds 5 minutes 1

    set

    Sets the redundancy settings.

    4-70 WS2000 Wireless Switch System Reference Guide

    4.16 System SNMP Commands


    snmp
    system

    Displays the SNMP submenu.


    Syntax admin(system)> snmp admin(system.snmp)>

    The items available under this command are shown below.


    Command Description Ref.

    access traps quit save .. /

    Goes to the SNMP access submenu. Goes to the SNMP traps submenu. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-71 page 4-78 page 4-1 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-71

    4.17 System SNMP Access Commands


    access
    System SNMP Commands

    Displays the SNMP access menu.


    Syntax admin(system.snmp)> access admin(system.snmp.access)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete list show quit save .. /

    Adds SNMP access entries. Deletes SNMP access entries. Lists SNMP access entries. Shows SNMP v3 engine ID. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-72 page 4-74 page 4-76 page 4-77 page 4-1 page 4-1 page 4-1 page 4-1

    4-72 WS2000 Wireless Switch System Reference Guide

    4.17.1 System SNMP Access add Command add


    System SNMP Access Commands

    Adds SNMP access list entries.


    Syntax add [acl|v1v2c|v3] add acl <ip1> <ip2> add v1v2c <comm> <access> [<oid>|all] add v3 <user> <access> [<oid>|all] <sec> <auth> <pass1> <priv> <pass2> Parameters

    Adds an entry to the SNMP access control list with <ip1> as the starting IP address and <ip2> and the ending IP address. v1v2c <comm> Adds an SNMP v1/v2c configuration. <access> [<oid>|all] <comm> The community (131 characters) <access> The read/write access set to (ro (read only) or rw (read/write) <oid> The Object Identifier. <oid> is a string of 1127 numbers in dot notation, such as 2.3.4.5.6 or all for all objects. v3 <user> <access> Adds an SNMP v3 user definition. [<oid> / all] <sec> <user> The username (131 characters). <auth> <pass1> <priv> <access> The read/write access set to ro (read only) or rw (read/write) <pass2> <oid> The Object Identifier. <oid> is a string of 1127 numbers in dot notation, such as 1.3.6.1 or all for all objects) <sec> The security type. <sec> is set to one of none, auth, or auth/priv. The following parameters must be specified if <sec> is set to auth/priv: <auth> The authentication algorithm. Can be one of md5 or sha1. Must be set if <sec> is set to auth or auth/priv. <pass1> The password (831 characters) for authentication. Must be provided if <sec> is set to auth or auth/priv. <priv> The privacy algorithm. Set to des or aes. Must be set if <sec> is set to auth/priv. <pass2> Privacy password (831 characters). Must be provided if <sec> is set to auth/priv.
    Example admin(system.snmp.access)>add acl 209.236.24.1 209.236.24.46 admin(system.snmp.access)>list acl ---------------------------------------------------------------index start ip end ip ---------------------------------------------------------------1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>add v3 fred rw 1.3.6.6 none admin(system.snmp.access)>list v3 all

    add acl <ip1> <ip2>

    System CLI Commands Reference 4-73

    index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password

    : : : : : : : : :

    1 fred read/write 1.3.6.6 none md5 ******** des ********

    admin(system.snmp.access)>add v3 judy rw 1.3.6.1 auth/priv md5 changeme des changemetoo admin(system.snmp.access)>list v3 2 index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : 2 judy read/write 1.3.6.1 auth/priv md5 ******** des *******

    4-74 WS2000 Wireless Switch System Reference Guide

    4.17.2 System SNMP Access delete Command delete


    System SNMP Access Commands

    Deletes SNMP access entries.


    Syntax delete [acl|v1v2c|v3] [<idx>|all] Parameters

    delete [acl|v1v2c|v3] [<idx>|all]

    Deletes SNMP access entries. acl Deletes SNMP access list entries v1v2c Deletes entries from the SNMP v1/v2 configuration list v3 Deletes entries from the SNMP v3 configuration list. <idx> Deletes entry with index <idx> all Deletes all entries.

    Example admin(system.snmp.access)>list acl ------------------------------------------------------------------------index start ip end ip ------------------------------------------------------------------------1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>delete acl all admin(system.snmp.access)>list acl ------------------------------------------------------------------------index start ip end ip ------------------------------------------------------------------------admin(system.snmp.access)>list v3 all index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : : : : : : : : : : 1 fred read/write 1.3.6.6 none md5 ******** des ******** 2 judy read/write 1.3.6.1 auth/priv md5 ******** des ********

    System CLI Commands Reference 4-75

    admin(system.snmp.access)>delete v3 2 admin(system.snmp.access)>list v3 all index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password admin(system.snmp.access)> : : : : : : : : : 1 fred read/write 1.3.6.6 none md5 ******** des ********

    4-76 WS2000 Wireless Switch System Reference Guide

    4.17.3 System SNMP Access list Command list


    System SNMP Access Commands

    Lists SNMP access entries.


    Syntax list [acl|v1v2c] list v3 [<idx>|all] Parameters

    list [acl|v1v2c]

    acl Lists SNMP access control list entries. v1v2c Lists SNMP v1/v2c configuration entries. list v3 [<idx>|all] Lists SNMP v3 user definition with index <idx>. all lists all SNMP v3 user definitions.
    Example admin(system.snmp.access)>list acl ---------------------------------------------------------------index start ip end ip ---------------------------------------------------------------1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>list v3 all index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : 1 fred read/write 1.3.6.6 none md5 ******** des ********

    admin(system.snmp.access)>list v3 2 index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : 2 judy read/write 1.3.6.1 auth/priv md5 ******** des *******

    System CLI Commands Reference 4-77

    4.17.4 System SNMP Access show Command show


    System SNMP Access Commands

    Displays the SNMP v3 engine ID.


    Syntax show eid Parameters

    None
    Example admin(system.snmp.access)>show eid WS2000 snmp v3 engine id admin(system.snmp.access)> : 0000018457D71CDFF86FD8FC

    4-78 WS2000 Wireless Switch System Reference Guide

    4.18 System SNMP Traps Commands


    traps
    System SNMP Commands

    Displays the SNMP traps submenu.


    Syntax admin(system.snmp)> traps admin(system.snmp.traps)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete list set show quit save .. /

    Adds SNMP trap entries. Deletes SNMP trap entries. Lists SNMP trap entries. Sets SNMP trap parameters. Shows SNMP trap parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-79 page 4-81 page 4-82 page 4-83 page 4-87 page 4-1 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-79

    4.18.1 System SNMP Traps add Command add


    System SNMP Traps Commands

    Adds SNMP traps.


    Syntax add [v1v2c|v3] add v1v2c <ip> <port> <comm> <ver> add v3 <ip> <port> <user> <sec> <auth> <pass1> <priv> <pass2> Parameters

    v1v2c <ip> <port> <comm> <ver>

    v3 <ip> <port> <user> <sec> <auth> <pass1> <priv> <pass2>

    Adds an SNMP v1/v2c trap entry. <ip> The destination IP address <port> The destination UDP port number. <comm> The community (131 characters) <ver> The SNMP version number. (v1 or v2) Adds an SNMP v3 trap entry. <ip> The destination IP address <port> The destination UDP port number. <user> The username (131 characters). <sec> The security type. <sec> is set to one of none, auth, or auth/priv. The following parameters must be specified if <sec> is set to auth/priv: <auth> The authentication algorithm. Can be one of md5 or sha1. Must be set if <sec> is set to auth or auth/priv. <pass1> The password (831 characters) for authentication. Must be provided if <sec> is set to auth or auth/priv. <priv> The privacy algorithm. Set to des or aes. Must be set if <sec> is set to auth/priv. <pass2> Privacy password (831 characters). Must be provided if <sec> is set to auth/priv.

    Example admin(system.snmp.traps)>add v1v2 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------index dest ip dest port community version ---------------------------------------------------------------------1 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>add v1v2 209.255.32.1 334 jumbo v2 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------index dest ip dest port community version ---------------------------------------------------------------------1 203.223.24.2 333 mycomm v1 2 209.255.32.1 334 jumbo v2

    4-80 WS2000 Wireless Switch System Reference Guide

    admin(system.snmp.traps)>add v3 192.168.103.3 80 bomuser auth md5 bomuser1 admin(system.snmp.traps)>add v3 182.168.103.4 80 blistuser auth/priv md5 blistuser des listuser admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : : : : : : : : : : 1 192.168.103.3 80 bomuser auth md5 ******** des ******** 2 182.168.103.4 80 blistuser auth/priv md5 ******** des ********

    System CLI Commands Reference 4-81

    4.18.2 System SNMP Traps delete Command delete


    System SNMP Traps Commands

    Deletes SNMP trap entries.


    Syntax delete [v1v2c|v3] [<idx>|all] Parameters

    delete [acl|v1v2c|v3] [<idx>|all]

    Deletes SNMP access entries. acl Deletes SNMP access list entries v1v2c Deletes entries from the SNMP v1/v2 configuration list v3 Deletes entries from the SNMP v3 configuration list. <idx> Deletes entry with index <idx> all Deletes all entries.

    Example admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : : : : : : : : : : 1 192.168.103.3 80 bomuser auth md5 ******** des ******** 2 182.168.103.4 80 blistuser auth/priv md5 ******** des ********

    admin(system.snmp.traps)>delete v3 1 admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : 1 182.168.103.4 80 blistuser auth/priv md5 ******** des ********

    4-82 WS2000 Wireless Switch System Reference Guide

    4.18.3 System SNMP Traps list Command list


    System SNMP Traps Commands

    Lists SNMP trap entries.


    Syntax list v1v2c list v3 [<idx>|all] Parameters

    list v1v2c Lists SNMP v1/v2c traps entries. list v3 [<idx>|all] Lists SNMP v3 traps definition with index <idx>. all lists all SNMP v3 traps definitions.
    Example admin(system.snmp.traps)>list v1 ------------------------------------------------------------------------index dest ip dest port community version ------------------------------------------------------------------------1 197.168.10.1 80 HTTPUser v2 2 197.168.10.2 1056 AllUsers v2 admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : 1 182.168.103.4 80 blistuser auth/priv md5 ******** des ********

    System CLI Commands Reference 4-83

    4.18.4 System SNMP Traps set Command set


    System SNMP Traps Commands

    Sets SNMP trap parameters.


    Syntax set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc| mu-unassoc|mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt| ap-denied-adopt|ap-radar|rogue-ap|hotspot-mu-state| user-login-failure|interface|admin-passwd-change|dyndns-update| wids-mu|wids-radio|wids-switch|ips] <mode> set cf-thresh <memory_kb> set min-pkt <pkt> set dos-rate-limit <seconds> set rate <rate> <scope> <value> Parameters

    set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc|mu-unassoc| mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt|ap-denied-adopt|ap-radar| rogue-ap|hotspot-mu-state|user-login-failure|interface|admin-passwd-change| dyndns-update|wids-mu|wids-radio|wids-switch|ips] <mode> Sets the different SNMP parameters. <mode> can be one of enable or disable. cold Configuration changed trap cfg Configuration mode trap lowcf Low compact flash memory trap port Physical port status change trap dos-attack Denial of Service (DOS) attack trap snmp-auth Authentication failure trap snmp-acl SNMP ACL violation trap mu-assoc MU associated trap mu-unassoc MU un-associated trap mu-deny-assoc MU denied association trap mu-deny-auth MU authentication denied trap ap-adop AP adopted trap ap-unadop AP un-adopted trap ap-denied-adopt AP denied trap ap-radar AP radar trap rogue-ap Rogue AP trap hotspot-mu-state Hotspot MU change state trap user-login-failure User login failure trap ips Intrusion Prevention System trap interface Interface status change trap

    4-84 WS2000 Wireless Switch System Reference Guide

    cf-thresh <memory_kb> min-pkt <pkt>

    dos-rate-limit <seconds> rate <rate> Sets the rate value for rate and scope combination for DOS traps. <scope> <value> <rate> The rate value to monitor. Can be one of pkts packets greater than <value> (0 9999.99). mbps throughput greater than <value> (0 108.00) MBPS. avg-bps bit speed less than <value> (0 108.00) MBPS. pct-nu non unicast packets percentage greater than <value> (0 100.00) avg-signal negative average signal worse than <value> (0 100.00) avg-retries average retries greater than <value> (0 16.00) pctdropped dropped packet percentage greater than <value> (0 100.00) pct-undecrypted undecryptable packet percentage greater than <value> (0 100.00) assoc-mus number of associated MUs greater than <value> (0 32.00 when scope is AP, 200.00 otherwise.) <scope> The scope where the rate applies to. <scope> can be one of switch, wlan, ap, mu) <value> The value in the range as specified for each <rate>.
    Allowed Range for <value>

    admin-passwd-change Admin password change trap dyndns-update Dynamic DNS update trap wids-mu WIDS MU event trap wids-radio WIDS radio event trap wids-switch WIDS switch event trap cf-thresh Compact Flash memory trap min-pkt Packets required for rate traps to fire Sets the low memory on compact flash trap to the value <memory_kb> (0 2147483647 kilobytes). Sets the minimum number of packets <pkt> required for the rate traps to fire. <pkt> can be a value in the range 0 65535. Sets the rate limit to <seconds> ((0 2147483647 seconds) for DOS traps.

    <rate> Choices

    Interpretation

    Allowed <scope>

    pkts mbps avg-bps pct-nu avg-signal avg-retries pct-dropped pct-undecrypt assoc-mus

    Packets/second > <value> Throughput > <value> Average bit speed in mbps < <value> % not UNICAST > <value> Negative average signal < <value> Average retries > <value> % dropped packets > <value> % undecryptable > <value> Number of associated MUs > <value>

    0-9999.99 0-108.00 0-108.00 0-100.00 0-100.00 0-16.00 0-100.00 0-100.00 0-200

    switch,wlan,ap,mu switch,wlan,ap,mu wlan,ap,mu wlan,ap,mu wlan,ap,mu wlan,ap,mu wlan,ap,mu wlan,ap,mu switch,wlan,ap

    System CLI Commands Reference 4-85

    NOTE: <value> can be a number with up to two decimal places, except for assoc_mus, which must be an integer.
    Example admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory SNMP Network Traps physical port status change denial of service SNMP Traps snmp auth failure snmp acl violation SNMP MU Traps mu mu mu mu associated unassociated denied association denied authentication : : : : disable disable disable disable : disable : disable : disable : disable : disable : disable : disable

    SNMP AP Traps ap ap ap ap adopted unadopted denied adoption radar detection : : : : disable disable disable disable

    SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 800 denial of service trap rate limit : 10 admin(system.snmp.traps)>set cold enable admin(system.snmp.traps)>set port enable admin(system.snmp.traps)>set dos-attack enable admin(system.snmp.traps)>set mu-unassoc enable admin(system.snmp.traps)>set ap-radar enable admin(system.snmp.traps)>set min-pkt 1000 admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory : enable : disable : disable

    4-86 WS2000 Wireless Switch System Reference Guide

    SNMP Network Traps physical port status change denial of service SNMP Traps snmp auth failure snmp acl violation SNMP MU Traps mu mu mu mu associated unassociated denied association denied authentication : : : : disable enable disable disable : disable : disable : enable : enable

    SNMP AP Traps ap ap ap ap adopted unadopted denied adoption radar detection : : : : disable disable disable enable

    SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 1000 denial of service trap rate limit : 10 admin(system.snmp.traps)>

    System CLI Commands Reference 4-87

    4.18.5 System SNMP Traps show Command show


    System SNMP Traps Commands

    Shows SNMP trap parameters.


    Syntax show [trap|rate-trap] Parameters

    show [trap|rate-trap] Displays trap settings. trap Displays SNMP trap parameter settings. rate-trap Shows SNMP rate-trap parameter settings.
    Example admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory SNMP Network Traps physical port status change denial of service SNMP Traps snmp auth failure snmp acl violation SNMP MU Traps mu mu mu mu associated unassociated denied association denied authentication : : : : disable enable disable disable : disable : disable : enable : enable : enable : disable : disable

    SNMP AP Traps ap ap ap ap adopted unadopted denied adoption radar detection : : : : disable disable disable enable

    SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 1000 denial of service trap rate limit : 10

    4-88 WS2000 Wireless Switch System Reference Guide

    admin(system.snmp.traps)>show rate-trap SNMP Switch Rate Traps pkts/s greater than : disable throughput(Mbps) greater than : disable num of associated mu greater than : disable SNMP Wlan Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than pct non-unicast greater than -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than num of associated mu greater than SNMP Portal Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than pct non-unicast greater than -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than num of associated mu greater than SNMP Mu Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than pct non-unicast greater than -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than admin(system.snmp.traps)> : : : : : : : : disable disable disable disable disable disable disable disable : : : : : : : : : disable disable disable disable disable disable disable disable disable : : : : : : : : : disable disable disable disable disable disable disable disable disable

    System CLI Commands Reference 4-89

    4.19 System SSH Commands


    ssh
    system

    Displays the secure shell (SSH) submenu.


    Syntax admin(system)> ssh admin(system.ssh)>

    The items available under this command are shown below.


    Command Description Ref.

    set show save .. /

    Sets SSH parameters Shows SSH parameters. Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-90 page 4-91 page 4-1 page 4-1 page 4-1

    4-90 WS2000 Wireless Switch System Reference Guide

    4.19.1 System SSH set Command set


    System SSH Commands

    Sets secure shell parameters for system access.


    Syntax set auth-timeout <authentication timeout> set inactive-timeout <inactive timeout> Parameters

    auth-timeout <authentication timeout> inactive-timeout <inactive timeout>


    Example

    Sets the maximum time <authentication timeout> (065535 seconds) allowed for SSH authentication to occur before executing a timeout. Sets the maximum amount of inactive time <inactive timeout> (065535 seconds) for an SSH connection before a timeout occurs and the user is dropped.

    admin(system.ssh)>set auth-timeout 60 admin(system.ssh)>set inactiv 2000 admin(system.ssh)>show all Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000 admin(system.ssh)> Related Commands

    show all Shows the SSH parameter values.

    System CLI Commands Reference 4-91

    4.19.2 System SSH show Command show


    System SSH Commands

    Shows secure shell timeout parameters.


    Syntax show all Parameters

    None
    Example admin(system.ssh)>set auth-timeout 60 admin(system.ssh)>set inactiv 2000 admin(system.ssh)>show all Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000 admin(system.ssh)> Related Commands

    set

    Sets the values for the secure shell timeout parameters.

    4-92 WS2000 Wireless Switch System Reference Guide

    4.20 System User Database Commands


    userdb
    system

    Displays the userdb submenu.


    Syntax admin(system)> userdb admin(system.userdb)>

    The items available under this command are shown below.


    Command Description Ref.

    user group quit save .. /

    Goes to the user submenu. Goes to the group submenu. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-103 page 4-93 page 4-1 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-93

    4.21 System User Database Group Commands


    group
    System User Database Commands

    Displays the group submenu.


    Syntax admin(system.userdb)> group admin(system.userdb.group)>

    The items available under this command are shown below.


    Command Description Ref.

    create delete clearall add remove set show quit save .. /

    Creates a new group. Deletes a group. Deletes all the listed groups Adds a user to a group. Removes a user from a group. Sets group parameters. Shows the existing groups. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-95 page 4-96 page 4-98 page 4-94 page 4-99 page 4-100 page 4-102 page 4-1 page 4-1 page 4-1 page 4-1

    4-94 WS2000 Wireless Switch System Reference Guide

    4.21.1 System Userdb Group add Command add


    System User Database Group Commands

    Adds a user to a group.


    Syntax add <userid> <group> Parameters

    add <userID> <groupID>


    Example

    Adds the user specified by <userID> to the group <groupID>. <userID> must already be defined in the database. User the add command from the (system.userdb.users) menu to add a new user.

    admin(system.userdb.group)>add fred g1 admin(system.userdb.group)>add joe g1 admin(system.userdb.group)>add joe g2 admin(system.userdb.group)>show user g1 List of Users of Group : fred joe admin(system.userdb.group)>show user g2 List of Users of Group : joe Related Commands

    show users

    Displays a list of users in a group.

    System CLI Commands Reference 4-95

    4.21.2 System Userdb Group create Command create


    System User Database Group Commands

    Creates a new group.


    Syntax create <group> <vlan-id> Parameters

    create <group> <vlan-id> Creates a new group with the ID <group>. <group> can be an alphanumeric string. Users in the group are automatically assigned the vlan-id as specified by <vlan-id>.

    Example:
    admin(system.userdb.group)>create g1 10 admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days admin(system.userdb.group)> Related Commands : : : : : : g1 NO 10 0000 2359 All

    delete Deletes a group. show groups Displays a list of groups in the database.

    4-96 WS2000 Wireless Switch System Reference Guide

    4.21.3 System Userdb Group delete Command delete


    System User Database Group Commands

    Deletes a group from the database.


    Syntax delete <group> Parameters

    delete <groupID>
    Example

    Deletes the group <group> from the database. A warning occurs if there are still users assigned to that group.

    admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days : : : : : : : : : : : : : : : : : : g1 NO 10 0000 2359 All g2 NO 6 0000 2359 All g3 NO 1 0000 2359 All

    admin(system.userdb.group)>delete g2 admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group : : : : : : g1 NO 10 0000 2359 All

    : g3 : NO

    System CLI Commands Reference 4-97

    VanId Start Time Expiry Time Access on Days Related Commands

    : : : :

    1 0000 2359 All

    add show user

    Adds users to a group. Displays a list of users in a group.

    4-98 WS2000 Wireless Switch System Reference Guide

    4.21.4 System Userdb Group clearall Command clearall


    System User Database Group Commands

    Clears all the groups in the Groups list. Before clearing all the groups, ensure that no user account is associated to the groups.
    Syntax clearall Parameters

    None
    Example admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days : : : : : : : : : : : : : : : : : : g1 NO 10 0000 2359 All g3 NO 1 0000 2359 All g2 NO 15 0000 2359 All

    admin(system.userdb.group)>clearall admin(system.userdb.group)>show groups List of Group Names : admin(system.userdb.group)>

    No Groups

    System CLI Commands Reference 4-99

    4.21.5 System Userdb Group remove Command remove


    System User Database Group Commands

    Removes a user from a group.


    Syntax remove <userid> <group> Parameters

    remove <userid> <group>


    Example

    Removes the user <userid> from the group <group>.

    admin(system.userdb.group)>show users g1 List of Users of Group : John Jane admin(system.userdb.group)>remove Jane g1 admin(system.userdb.group)>show users g1 List of Users of Group : John admin(system.userdb.group)> Related Commands

    add show users

    Adds a user to a group. Shows a list of users in a group.

    4-100 WS2000 Wireless Switch System Reference Guide

    4.21.6 System Userdb Group set Command set


    System User Database Group Commands

    Sets the different group parameters.


    Syntax set [vlan|day-access|guest-group|start-time|end-time] set set set set [start-time|end-time} <time> vlan <group> <vlan> day-access <group> [all|weekdays|<days>] guest-group <group>

    Parameters

    vlan <group> <vlan> start-time <group> <time> end-time <group> <time> day-access <group> [all|weekdays|<days>

    Sets the vlan id of a group <group> to <vlan> (1 4094). Sets the time when a user belonging to a group <group> can start authenticating (login) with the WS2000. Start-time is in 24hr format. Sets the time after which a user belonging to a group <group> cannot authenticate (login) with the WS2000. End-time is in 24hr format. Sets the access days for a group <group>. all Sets the access days to all days of the week including Saturdays and Sundays. weekday Sets the access days to all week days excluding Saturdays and Sunday. <days> Sets the access days as specified. Each item in this list is to be separated by a space. <days> can be mo, tu, we, th, fr, sa, su. Sets the group identified by <group> as a guest group.
    set vlan Group1 1 set start-time Group1 0730 set end-time Group1 2230 set day-access Group1 mo tu we fr sa su show groups : : : : : : : : : : : : GroupOfAdmins NO 1 0000 2359 All GroupOfLevel1Users NO 1 0730 2230 Mo Tu We Fr Sa Su

    guest-group <group>
    Example

    admin(system.userdb.group)> admin(system.userdb.group)> admin(system.userdb.group)> admin(system.userdb.group)> admin(system.userdb.group)> List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days

    System CLI Commands Reference 4-101

    admin(system.userdb.group)> set guest-group Group1 admin(system.userdb.group)>set guest-group guests admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days : : : : : : : : : : : : : : : : : : g1 NO 10 0000 2359 All g2 NO 6 0600 2000 Weekdays guests YES 9 0000 2359 All

    4-102 WS2000 Wireless Switch System Reference Guide

    4.21.7 System Userdb Groups show Command show


    System User Database Group Commands

    Shows the existing groups.


    Syntax show [groups|users <group>] Parameters

    show [groups| users <group>]


    Example

    Displays user database groups information. group Displays a list of the defined groups. users <group> Displays a list of users in group <group>.

    admin(system.userdb.group)>show groups admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days : : : : : : : : : : : : : : : : : : g1 NO 1 0000 2359 All g2 NO 1 0000 2359 ALL g3 NO 1 0000 2359 All

    admin(system.userdb.group)>show users g1 List of Users of Group : Admin L1User Related Commands

    create delete set

    Creates a new group. Deletes a group. Sets group parameters

    System CLI Commands Reference 4-103

    4.22 System User Database User Commands


    user
    System User Database Commands

    Displays the user submenu.


    Syntax admin(system.userdb)> user admin(system.userdb.user)>

    The items available under this command are shown below.


    Command Description Ref.

    add del clearall set show guest quit save .. /

    Adds a new user to the database. Deletes a user from the database. Removes all User IDs Sets the password for a user. Shows a list of users and group information about a user. Manages guest users Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-104 page 4-105 page 4-106 page 4-107 page 4-108 page 4-109 page 4-1 page 4-1 page 4-1 page 4-1

    4-104 WS2000 Wireless Switch System Reference Guide

    4.22.1 System Userdb User add Command add


    System User Database User Commands

    Adds a new user to the database.


    Syntax add <userid> <password> Parameters

    add <userid> <password> Adds a user to the database with the ID <userid> and password <password> (1 8 characters).
    Example admin(system.userdb.user)>add fred fredpass admin(system.userdb.user)>add joe joepass admin(system.userdb.user)>add sally sallypa admin(system.userdb.user)> List of User Ids : fred joe sally Related Commands

    show users del

    Show a list of the users in the database. Deletes a user from the database.

    System CLI Commands Reference 4-105

    4.22.2 System Userdb User del Command del


    System User Database User Commands

    Deletes a user from the database.


    Syntax del <userid> Parameters

    del <userid>
    Example

    Deletes the user with the ID <userid> from the database.

    admin(system.userdb.user)>show users List of User Ids : John Jane Bill Amanda admin(system.userdb.user)>del Bill admin(system.userdb.user)>show users List of User Ids : John Jane Amanda Related Commands

    Guest User NO NO NO NO

    Guest User NO NO NO

    add Adds a user to the database. show users Displays a list of users in the database.

    4-106 WS2000 Wireless Switch System Reference Guide

    4.22.3 System Userdb User clearall Command clearall


    System User Database User Commands

    Clears all the users from the local database.


    Syntax clearall Parameters

    None
    Example admin(system.userdb.user)>show users List of User Ids : John Jane Bill Amanda admin(system.userdb.user)> admin(system.userdb.user)> clearall admin(system.userdb.user)> admin(system.userdb.user)> show users entries = 0 List of User Ids : No Users Guest User NO NO NO NO :

    Guest User

    System CLI Commands Reference 4-107

    4.22.4 System Userdb User set Command set


    System User Database User Commands

    Sets the password for a user.


    Syntax set <userid> <password> Parameters

    set <userID> <password>


    Example

    Resets the password for user with <userid> to <password>.

    admin(system.userdb.user)>set fred frednew Related Commands

    add

    Adds a new user.

    4-108 WS2000 Wireless Switch System Reference Guide

    4.22.5 System Userdb Users show Command show


    System User Database User Commands

    Shows a list of users and group membership for a particular user.


    Syntax show [groups <userid>|users] Parameters

    show [groups <userid>|users]

    Displays group membership and user information. groups <userid> Displays the list of groups that a user with <userid> belongs. users Displays a list of all defined users in the database.

    Example admin(system.userdb.user)>show user List of User Ids : Guest User John NO Jane NO Bill NO Amanda NOadmin(system.userdb.user)>.. admin(system.userdb.user)>group admin(system.userdb.group)>create g1 admin(system.userdb.group)>add John g1 admin(system.userdb.group)>.. admin(system.userdb.user)>user admin(system.userdb.user)>show groups John List of Groups of user : g1 Related Commands :

    add

    Add a user to the database.

    System CLI Commands Reference 4-109

    4.23 System User Database User Guest commands


    guest
    System User Database User Commands

    Displays the Guest submenu.


    Syntax admin(system.userdb.user)> guest admin(system.userdb.guest)>

    The items available under this command are shown below.


    Command Description Ref.

    set show clear quit save .. /

    Sets the parameters for guest users. Shows the list of guest users Clears guest users and guest groups. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-110 page 4-111 page 4-112 page 4-1 page 4-1 page 4-1 page 4-1

    4-110 WS2000 Wireless Switch System Reference Guide

    4.23.1 System Userdb User Guest set Command set


    System User Database User Commands

    Sets the parameters for guest users.


    Syntax set [guest-user|start-date|expiry-date] set guest-user <guest-user> <guest-group> set start-date <guest-user> <date-time> set expiry-date <guest-user> <date-time> Parameters

    guest-user <guest-user> <guest-group> start-date <guest-user> <date-time> expiry-date <guest-user> <date-time>


    Example

    Adds the guest user <guest-user> to the guest user group <guest-group>.

    Sets the start date for a guest user <guest-user>. This is the date and time combination from when a guest user can access the resources. <date-time> value must be in the MM:DD:YYYY-hh:mm format (02:24:2008-21:06). Sets the date when the guest user account <guest-user> expires. This is the date and time combination after which the account becomes inactive. <date-time> value must be in the MM:DD:YYYY-hh:mm format (02.24:2008-21:06).

    admin(system.userdb.user.guest)> set guest-user guest1 GroupOfGuestUsers admin(system.userdb.user.guest)> show users Guest Username Belongs to Group Start Date Time Expiry Date Time : : : : guest1 GroupOfGuestUsers 01:16:1970-01:10 01:17:1970-01:10

    admin(system.userdb.user.guest)> set start-date guest1 01:01:2008-00:00 admin(system.userdb.user.guest)> set expiry-date guest1 01:31:2008-23:59 admin(system.userdb.user.guest)> show users Guest Username Belongs to Group Start Date Time Expiry Date Time : : : : guest1 GroupOfGuestUsers 01:01:2008-00:00 01:31:2008-23:59

    System CLI Commands Reference 4-111

    4.23.2 System Userdb User Guest show Command show


    System User Database User Commands

    Displays information for guest users and guest user groups.


    Syntax show [groups|users] Parameters

    show [guests|users]

    Displays guest information. groups Displays the list of guest user groups users Displays the list of guest users.

    Example admin(system.userdb.user.guest)> show users Guest Username Belongs to Group Start Date Time Expiry Date Time : : : : guest1 GroupOfGuestUsers 01:01:2008-00:00 01:31:2008-23:59

    admin(system.userdb.user.guest)> show groups Guest Groupname VanId Start Time Expiry Time Access on Days : : : : : GroupOfGuestUsers 1 0000 2359 Weekdays

    4-112 WS2000 Wireless Switch System Reference Guide

    4.23.3 System Usredb User Guest clear Command clear


    System User Database User Commands

    Clears all guest user and guest user groups from the local database.
    Syntax clear [guest-group|guest-user] clear guest-group <guest-group> clear guest-user <guest-user> Parameters

    guest-group <guest-group> guest-user <guest-user>


    Example

    Clears the guest group indicated by <guest-group> Clears the guest user indicated by <guest-user>

    admin(system.userdb.user.guest)> clear guest-group GroupOfGuestUsers admin(system.userdb.user.guest)> clear guest-user guest1 admin(system.userdb.user.guest)> show groups No Guest Groups

    System CLI Commands Reference 4-113

    4.24 System WS2000 Commands


    WS2000
    system

    Displays the WS 2000 submenu.


    Syntax admin(system)> ws2000 admin(system.ws2000)>

    The items available under this command are shown below.


    Command Description Ref.

    add delete restart set show quit save .. /

    Adds an administrative user Removes an administrative user Restarts the WS 2000 Wireless Switch Sets WS 2000 system parameters. Shows WS 2000 system parameter settings. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-114 page 4-115 page 4-116 page 4-117 page 4-121 page 4-1 page 4-1 page 4-1 page 4-1

    4-114 WS2000 Wireless Switch System Reference Guide

    4.24.1 System WS2000 add Command add


    System WS2000 Commands

    Adds a device that is allowed administrative access to the switch over WLAN.
    Syntax add administrator <ip> Parameters

    add administrator <ip>


    Example

    Adds the device specified by <ip> as an administrator for this device.

    admin(system.ws2000)> add administrator 192.168.0.10 admin(system.ws2000)>

    System CLI Commands Reference 4-115

    4.24.2 System WS2000 delete Command delete


    System WS2000 Commands

    Removes a device that is allowed administrative access to the switch over WLAN.
    Syntax delete administrator [<ip>|all] Parameters

    delete administrator [<ip>|all]

    Removes the specified device that is allowed administrative access of the switch from WLAN . <ip> Removes the device specified by <ip>. all Removes all devices

    Example admin(system.ws2000)> delete administrator 192.168.0.10 admin(system.ws2000)> delete administrator all admin(system.ws2000)>

    4-116 WS2000 Wireless Switch System Reference Guide

    4.24.3 System WS2000 restart Command restart


    System WS2000 Commands

    Restarts the WS 2000 Wireless Switch.


    Syntax restart Parameters

    None
    Example admin(system.ws2000)>restart Restarting system. WS 2000 Wireless Switch 2.4.0.0-011B Copyright(c) Motorola Inc. 2003-2008. All rights reserved. Press escape key to run boot firmware ........ Power On Self Test testing testing testing testing ... Starting iGateway Apps(1).... Starting iGateway Apps(2).... Using switch.o Starting Wireless Switch.... Configuring iGateway.... Starting SNMP.... Using led.o Starting WS2000 CLI.... Login: ram nor flash nand flash ethernet : : : : pass pass pass pass

    System CLI Commands Reference 4-117

    4.24.4 System WS2000 set Command set


    System WS2000 Commands

    Sets WS 2000 system parameters.


    Syntax set [airbeam|ftp|ssh|applet|cc|cli|email|loc|name|domain-name|snmp| timeout|limited-access|dns-ip|sslv2|support-sshv1|dns-relay-mode] set set set set airbeam airbeam airbeam airbeam [mode|passwd|logging] mode <mode> passwd <password> logging <mode>

    set [ftp|ssh|snmp] [lan|wan] [mode <mode>|logging <mode>] set [applet|cli] [lan|wan|slan|swan] [mode <mode>|logging <mode>] set set set set set set set set email <email> cc <country-code> loc <location> name <device-name> domain-name <domain> timeout <timeout> limited-access <mode> dns-ip <ip>;

    Parameters

    airbeam mode <mode> airbeam passwd <passwd> airbeam logging <mode> applet [lan|wan|slan|swan] [mode <mode>| logging <mode>]

    Enables or disables airbeam access. <mode> can be one of enable or disable. Sets the airbeam password to <passwd> (139 characters). Sets the logging mode for airbeam access.<mode> can be one of enable or disable. Configures access to the applet. lan mode <mode> Enables/disables http applet access from LAN. wlan mode <mode> Enables/disables http applet access from WAN. slan mode <mode> Enables/disables https applet access from LAN. swan mode <mode> Enables/disables https applet access from WAN. <mode> can be one of enable or disable. logging <mode> Enables/disables logging for each access type. Sets the WS2000 two-letter country code to <country-code>.

    cc <country-code>

    4-118 WS2000 Wireless Switch System Reference Guide

    cli [lan|wan|slan|swan] Configures access to the Command Line Interface (CLI). [mode <mode>| lan mode <mode> Enables/disables http applet access from LAN. logging <mode>] wlan mode <mode> Enables/disables http applet access from WAN. slan mode <mode> Enables/disables https applet access from LAN. swan mode <mode> Enables/disables https applet access from WAN. <mode> can be one of enable or disable. logging <mode> Enables/disables logging for each access type. email Sets the WS2000 admin email address to <email> (159 characters). <email> ftp [lan|wan] [mode Configures access to FTP <mode>| lan mode <mode> Enables/disables http applet access from LAN. logging <mode>] wlan mode <mode> Enables/disables http applet access from WAN. <mode> can be one of enable or disable. logging <mode> Enables/disables logging for each access type. loc <location> Sets the WS2000 system location to <location> (159 characters). name <device-name> Sets the WS2000 system name to <device-name> (159 characters). ssh [lan|wan] [mode Configures secure shell access (SSH) to the device. <mode>| lan mode <mode> Enables/disables http applet access from LAN. logging <mode>] wlan mode <mode> Enables/disables http applet access from WAN. <mode> can be one of enable or disable. logging <mode> Enables/disables logging for each access type. snmp [lan|wan] [mode Configures SNMP access to the device. <mode>| lan mode <mode> Enables/disables http applet access from LAN. logging <mode>] wlan mode <mode> Enables/disables http applet access from WAN. <mode> can be one of enable or disable. logging <mode> Enables/disables logging for each access type. timeout <time-out> Sets the idle timeout to <time-out> value in minutes (01440). Setting the value to 0 indicates not to timeout. limited-access <mode> Enables/disables management access to the WS2000 across subnets. When enabled, administrative access to the subnet interface is available only from hosts in the same subnet. When disabled, hosts from any subnet can access any subnets interface. <mode> can be one of enable or disable. dns-ip <ip> Sets the IP address of the Domain Name Server to resolve domain names to the IP address <ip>. domain-name <domain- Sets the name of the domain to <domain-name> for this WS2000. name> sslv2 <mode> Sets SSLv2 mode <mode> Enables/disables mode for apache support-sshv1 Sets SSHv1 mode. <mode> Enables/disables mode for sshv1 dns-relay-mode Sets DNS relay mode <mode> Enables/disables dns relay mode.

    System CLI Commands Reference 4-119

    Example admin(system.ws2000)>show all system name : system location : system Domain Name : admin email address : system uptime : WS2000 firmware version : WS2000 firmware build time : country code : applet http access from lan : applet http access from wan : applet https access from lan : applet https access from wan : cli telnet access from lan : cli telnet access from wan : snmp access from lan : snmp access from wan : airbeam/ftp lan access mode : airbeam/ftp wan access mode : ssh wan access mode : ssh lan access mode : airbeam access user name : airbeam access password : http/s timeout interval in minutes: limit ws2000 access : System Wide DNS IP Address : Atlanta1 Atlanta Field Office docteam.motorola.com LeoExample@motorola.com 0 days 4 hours 33 minutes 2.3.1.0-004X Sat-May-31-00:42:16-IST-2008 us enable enable enable enable enable enable enable enable disable disable enable enable airbeam ******** 0 disable 192.168.0.1

    admin(system.ws2000)>set name BldgC admin(system.ws2000)>set email johndoe@motorola.com admin(system.ws2000)>set applet lan enable admin(system.ws2000)>set airbeam mode enable admin(system.ws2000)>set airbeam passwd changeme admin(system.ws2000)>show all system name system location system Domain Name admin email address system uptime WS2000 firmware version WS2000 firmware build time country code applet http access from lan applet http access from wan applet https access from lan applet https access from wan cli telnet access from lan cli telnet access from wan snmp access from lan snmp access from wan airbeam/ftp lan access mode airbeam/ftp wan access mode ssh wan access mode ssh lan access mode airbeam access user name airbeam access password : : : : : : : : : : : : : : : : : : : : : : BldgC Atlanta Field Office docteam.motorola.com johndoe@motorola.com 0 days 4 hours 41 minutes 2.3.1.0-004X Sat-May-31-00:42:16-IST-2008 us enable enable enable enable enable enable enable enable disable disable enable enable airbeam ********

    4-120 WS2000 Wireless Switch System Reference Guide

    http/s timeout interval in minutes: 0 limit ws2000 access : disable System Wide DNS IP Address : 192.168.0.1 admin(system.ws2000)>

    System CLI Commands Reference 4-121

    4.24.5 System WS2000 show Command show


    System WS2000 Commands

    Shows WS 2000 system information.


    Syntax show all Parameters

    None
    Example admin(system.ws2000)>show all system name : system location : system Domain Name : admin email address : system uptime : WS2000 firmware version : WS2000 firmware build time : country code : applet http access from lan : applet http access from wan : applet https access from lan : applet https access from wan : cli telnet access from lan : cli telnet access from wan : snmp access from lan : snmp access from wan : airbeam/ftp lan access mode : airbeam/ftp wan access mode : ssh wan access mode : ssh lan access mode : airbeam access user name : airbeam access password : http/s timeout interval in minutes: limit ws2000 access : System Wide DNS IP Address : admin(system.ws2000)> Atlanta1 Atlanta Field Office docteam.motorola.com LeoExample@motorola.com 0 days 4 hours 33 minutes 2.3.1.0-004X Sat-May-31-00:42:16-IST-2008 us enable enable enable enable enable enable enable enable disable disable enable enable airbeam ******** 0 disable 192.168.0.1

    4-122 WS2000 Wireless Switch System Reference Guide

    4.25 System CF commands


    cf
    system

    Displays the CF submenu.


    Syntax admin(system)> cf admin(system.cf)>

    The items available under this command are shown below.


    Command Description Ref.

    ls quit .. /

    Lists the content of the CF card Quits the CLI Goes to the parent menu Goes to the root menu

    page 4-123 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-123

    4.25.1 System CF ls Command ls


    System CF commands

    Displays the CF cards contents.


    Syntax ls {<directory-name>} Parameters

    ls <directory-name>
    Example

    Lists the contents of the CF card. The <directory-name> parameter is optional.

    admin(system.cf)> ls . .. mf12.bin mf_02020200003R.bin admin(system.cf)> admin(system.cf)>

    4-124 WS2000 Wireless Switch System Reference Guide

    4.26 System HTTP commands


    http
    system

    Displays the http submenu.


    Syntax admin(system)> http admin(system.http)>

    The items available under this command are shown below.


    Command Description Ref.

    import show quit save .. /

    Imports the Secured HTTP self certificate Shows all the Secured HTTP certificates. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-125 page 4-126 page 4-1 page 4-1 page 4-1 page 4-1

    System CLI Commands Reference 4-125

    4.26.1 System HTTP import Command import


    System HTTP commands

    Imports Secured HTTP self certificates.


    Syntax import self <cert-id> Parameters

    import self <cert-id> Imports the Secured HTTP Self Certificate identified by the ID <cert-id>.
    Example admin(system.http)> import self 1

    4-126 WS2000 Wireless Switch System Reference Guide

    4.26.2 System HTTP show Command show


    System HTTP commands

    Displays all Secure HTTP certificates on this device.


    Syntax show all Parameters

    None
    Example admin(system.http)> show all http self certificate admin(system.http)> : default

    System CLI Commands Reference 4-127

    4.27 System Test Commands


    test
    system

    Displays the test submenu.


    Syntax admin(system)> test admin(system.test)>

    The items available under this command are shown below.


    Command Description Ref.

    set show quit save .. /

    Sets the different test parameters Displays the different test parameters and their set values. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

    page 4-128 page 4-129 page 4-1 page 4-1 page 4-1 page 4-1

    4-128 WS2000 Wireless Switch System Reference Guide

    4.27.1 System Test set Command set


    System Test Commands

    Configures the different test parameters.


    Syntax set flow hbt wd pmd rs wme padding parp sip-portcheck weighted-wme int1 hosts mu_limit int4 str1 str2 str3 str4 interval

    System CLI Commands Reference 4-129

    4.27.2 System Test show Command show


    System Test Commands

    Displays the test parameters.


    Syntax show all Parameters

    None
    Example admin(system.test)> show all admin(system.test)>show all half fc window for ap100 val broadcasts in psp val drop bc pre wep val rate scale disable val wireless disable val psp fix more data val wpa2 tkip disabled val wpa ie before rsn ie val disable wpa countermeasures val WME enable Wisp alignment padding enable Proxy arp enable Weighted WME enable ARP Check enable SIP src/dst port check : : : : : : : : : : : : : : : [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 ........ ........ ........ ........ ........ ........ ........ ........ .......0 ......0. .....1.. ....1... ...0.... ..1..... .1...... .......0 ......1. .....1.. ....0... ...0.... ..0..... .0...... 0....... ........ ........ ........ ........ ........ ........ ........ ] ] ] ] ] ] ] ] ] ] ] ] ] ] ]

    int1 max lan hosts max clients/Portal int4 str1 str2 str3 str4

    : : : : : : : :

    00006C06 200 64 00000000

    4-130 WS2000 Wireless Switch System Reference Guide

    Statistics Commands
    Statistics commands are used to view the different statistical information of the WS2000 Wireless Switch.

    5.1 stats
    Admin Menu Commands

    Use the stats command to go to the Stats menu


    admin>stats admin(stats)>

    The following commands are available under the Stats menu:


    Command Description Ref.

    show rf save quit .. /

    Shows system status and statistics Goes to the RF Submenu Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu

    page 5-2 page 5-5 page 2-6 page 2-5 page 2-7 page 2-8

    5-2 WS2000 Wireless Switch System Reference Guide

    5.2 Stats Show Command


    show
    stats

    Displays the system status and statistics for either the specified subnet or the WAN.
    Syntax show [leases|subnet|wan|stp|ips] show show show show show show show leases subnet <idx> wan stp <idx> ips [global-stats|category-stats] ips global-stats ips category-stats <category-name>

    Parameters

    Show the leases issued by the switch. Shows subnet status, where <idx> (16) is the index number of the subnet (LAN) to show. show wan Shows WAN status. show stp <idx> Shows the LAN Spanning Tree Protocol statistics for the subnet <idx> (1-6). show ips global-stats Shows the IPS Global statistics show ips category-stats Show the IPS statistics for a category. Select <category> from: <category> TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS, TCPRPC, UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, TCP, UDP, ICMP, IP To display stats for all IPS signature categories do not pass any parameter to <category>.
    Example

    show leases show subnet <idx>

    show subnet example


    admin(stats)>show subnet 1 LAN Interface Information subnet interface 1 : enable ip address 1 : 192.168.0.1 network mask : 255.255.255.0 ethernet address : 00A0F86FD8FD LAN Rx Information rx packets : 236530 rx bytes : 31581419 rx errors : 0 rx dropped : 0 rx overruns : 0 rx frame errors : 0 LAN Tx Information tx packets : 100101 tx bytes : 40811508 tx errors : 0 tx dropped : 0

    Statistics Commands 5-3

    tx overruns : 0 tx carrier errors : 0 Port 1 link status : up speed : 100 Mbps Port 2 link status : up speed : 100 Mbps Port 3 link status : down Port 4 link status : down Port 5 link status : down Port 6 link status : down WLAN Interfaces wlans : wlan1

    show wan example


    admin(stats)>show wan WAN Interface Information wan interface 1 : enable ip address 1 : 192.168.24.198 wan interface 2 : disable ip address 2 : 192.168.24.198 wan interface 3 : disable ip address 3 : 192.168.24.198 wan interface 4 : disable ip address 4 : 192.168.24.198 wan interface 5 : disable ip address 5 : 192.168.24.198 wan interface 6 : disable ip address 6 : 192.168.24.198 wan interface 7 : disable ip address 7 : 192.168.24.198 wan interface 8 : disable ip address 8 : 192.168.24.198 network mask : 255.255.255.0 ethernet address : 00A0F86FD8FC link status : up speed : 100 Mbps WAN Rx Information rx packets : 226809 rx bytes : 311719105 rx errors : 1 rx dropped : 0 rx overruns : 0 rx frame errors : 1 WAN Tx Information tx packets : 5499 tx bytes : 559567 tx errors : 0 tx dropped : 0 tx overruns : 0 tx carrier errors : 0

    5-4 WS2000 Wireless Switch System Reference Guide

    show ips global-stats example.


    admin(stats)>show ips global-stats IPS GLOBAL STATISTICS ================================================ Number of Packets Received : 124832934 Number of Packets Processsed : 124832899 Number of Packets Dropped : 35 Number of Connecti ns Disconnected: 6

    show ips category-stats example.


    admin(stats)>show ips category-stats TCP Category Name Number of rules Number of alerts Number of logs Number of pkts droped Number of disconnection : : : : : : TCP 6 18 9 45 1

    show stp example:


    admin(stats)>show stp 1 LAN1 Spanning Tree Info: Spanning Tree Designated Root Bridge ID Root Port Root Path Cost Bridge Max Msg Age Bridge Hello Time Bridge Forward Delay : : : : : : : : enable 8000.00157000C851 8000.00157000C851 0 0 20 2 15

    Port Interface Table: ------------------------------------------------------------------------Designated Designated Designated Port - State - Cost Root Bridge Port Designated Cost ------------------------------------------------------------------------ixp0v0 Fwding 100 8000.00157000C851 8000.00157000C851 8001 0 ixp1v0 Fwding 100 8000.00157000C851 8000.00157000C851 8002 0

    Statistics Commands 5-5

    5.3 Statistics RF Commands


    rf
    stats

    Displays the RF statistics submenu.


    Syntax admin(stats)> rf admin(stats.rf)>

    The items available under this command are shown below.


    Command Description Ref.

    show reset quit save .. /

    Shows RF statistics. Resets/clears all RF statistics. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

    page 5-7 page 5-6 page 5-1 page 5-1 page 5-1 page 5-1

    5-6 WS2000 Wireless Switch System Reference Guide

    5.3.1 Stats RF reset Command reset


    Statistics RF Commands

    Resets/clears all RF statistics.


    Syntax reset Parameters

    None
    Example admin(stats.rf)>reset admin(stats.rf)>

    Statistics Commands 5-7

    5.3.2 Stats RF show Command show


    Statistics RF Commands

    Shows radio frequency (RF) statistics.


    Syntax show [all|wlan|ap|mu|mesh-base|mesh-client|total] show show show show show show show all [wlan|ap|mu|mesh-base|mesh-client] wlan <idx> ap <idx> mu <mu> mesh-base <base> mesh-client <client> total

    Syntax:
    show all [wlan|ap|mu| Shows all statistics for: mesh-base|mesh-client] wlan Shows all WLAN status. ap Shows all Access Port status. mu Shows all mobile unit (MU) status. mesh-base Shows all mesh-base statistics mesh-client Shows all mesh-client statistics show wlan <idx> Shows the specified WLANs statistics, where <idx> is the index number of the WLAN. show ap <idx> Shows the specified Access Ports statistics, where <idx> is the index number of the Access Port (112). show mu <mu> Shows the specified mobile units statistics, where <mu> is the index number of the mobile unit (1200). show mesh-base <base> Shows the statistics for the mesh base with index <base> (1-36). show mesh-client Shows the statistics for the mesh client with index <client> (1-72). <client> show total Shows total switch statistics.
    Example admin(stats.rf)>show all wlan Index Name Status Index Name Status Index Name Status Index : 1 : WLAN1 : Enabled : 2 : WLAN2 : Disabled : 3 : WLAN3 : Disabled : 4

    5-8 WS2000 Wireless Switch System Reference Guide

    Name Status Index Name Status Index Name Status Index Name Status Index Name Status admin(stats.rf)>show wlan 1 Name ESSID Subnet Adopted APs Number of Associated MUs Packets per second Throughput Average Bit Speed Non-Unicast Packets Signal Noise Signal-to-Noise Average Number of Retries Dropped Packets Undecryptable Packets admin(stats.rf)>show all ap ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status

    : WLAN4 : Disabled : 5 : WLAN5 : Disabled : 6 : WLAN6 : Disabled : 7 : WLAN7 : Disabled : 8 : WLAN8 : Disabled

    : : : : :

    WLAN1 101 Subnet1 2 0

    : 0.00 pps : 0.00 Mbps : 0.00 Mbps : 0.00 % : 0.0 dBm : 0.0 dBm : 0.0 dBm : 0.00 Retries : 0.00 % : 0.00 % : 1 : not connected : 2 : connected : 3 : not connected : 4 : not connected : 5 : not connected : 6 : not connected

    Statistics Commands 5-9

    ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status admin(stats.rf)>show ap 2 Name Location Radio Type Current Channel Adopted By Number of Associated Mus Packets per Throughput Average Bit Approximate Non-Unicast second Speed Utilization Packets : : : : : : : : : : :

    : 7 : not connected : 8 : not connected : 9 : not connected : 10 : not connected : 11 : not connected : 12 : not connected AP2 802.11 B 1 WLAN1 0 0.13 pps 0.00 Mbps 0.00 Mbps 0.00 % 100.00 %

    Signal Noise Signal-to-Noise Average Number of Retries Dropped Packets Undecryptable Packets

    : 0.0 dBm : 0.0 dBm : 0.0 dBm : 0.00 Retries : 0.00 % : 0.00 %

    5-10 WS2000 Wireless Switch System Reference Guide

    MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com

    72E-132762-01 Revision A December 2009

    Vous aimerez peut-être aussi