Académique Documents
Professionnel Documents
Culture Documents
2009 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
Contents
Chapter 1: Product Overview
1.1 WS2000 Wireless Switch CLI Reference Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1.2 System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 1.3 Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 1.4 Software Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 3.4 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23 3.5 Network AP Selfheal commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24 selfheal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25 detect-neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29 3.6 Network AP Denyap Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30 denyap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33 3.7 Network AP Smartscan Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34 smartscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37 3.8 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38 new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39 3.9 Network AP Mesh Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40 mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44 preferred-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45 available-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47 3.10 Network DCHP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50 3.11 Network Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 fw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54 timeradd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55 timerdel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56 timerlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57 timerset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58 3.12 Network Firewall Intrusion Prevention System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59 ips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62
TOC-3
3.13 Network Firewall Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64 policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-65 3.14 Network Firewall Policy Inbound Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66 inbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-68 insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-69 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70 move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72 3.15 Network Firewall Policy Outbound Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73 outbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75 insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77 move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79 3.16 Network Firewall Submap Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 submap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-85 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-86 3.17 Network LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87 lan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90 updateDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-91 updateAllDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-92 3.18 Network LAN DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-95 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-97 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-99 renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-100 3.19 Network LAN Bridge commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101 bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-102 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-104 3.20 Network QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105 qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-106 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-107
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108 3.21 Network Router Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109 router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-110 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-111 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-113 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114 3.22 Network VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115 vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-116 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117 3.23 Network WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118 wan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118 renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-119 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-120 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122 3.24 Network WAN App Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123 app . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123 addcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-124 delcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-126 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128 3.25 Network WAN DynDNS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129 dyndns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-130 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132 3.26 Network WAN L2TPVPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133 l2tpvpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133 show-connected-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134 3.27 Network WAN L2TPVPN LNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135 lns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-136 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138 3.28 Network WAN L2TPVPN Users Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139 users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139 add-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-140 delete-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141 delete-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142 show-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143 show-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144 3.29 Network WAN TrunkIPFPolicy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145 trunkipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149
TOC-5
3.30 Network WAN NAT Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150 nat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-152 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-153 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155 3.31 Network WAN VPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156 vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-157 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158 ikestate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160 reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-161 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-162 stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167 3.32 Network WAN VPN Cmgr Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168 cmgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168 delca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-169 delprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-170 delself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-171 expcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-172 export-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173 genreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-174 3.33 Network WAN VPN Cmgr impcert Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175 impcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175 listca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-176 listprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-177 listself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-178 loadca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-179 loadself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-180 showreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-181 3.34 Network WLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182 wlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-183 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-184 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-185 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-186 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-191 3.35 Network WLAN Rogue AP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193 rogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-194 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195 3.36 Network WLAN Rogue AP Approvedlist Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196 approvedlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196 ageoute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-197 approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-198 erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-199
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-200 3.37 Network WLAN Rogue AP Roguelist Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201 roguelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201 ageout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202 approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203 erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206 deauth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207 3.38 Network WLAN Rogue AP Rogue List Locate Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208 locate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209 start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210 3.39 Network WLAN Rogue AP Rogue List MU Scan Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211 muscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-212 start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213 3.40 Network WLAN Rogue AP Rule List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214 rulelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215 authsymbolap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-217 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218 3.41 Network WLAN Enhanced Rogue AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219 enhancedrogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-220 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221 3.42 Network WLAN MU Probe Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222 muprobe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-223 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-224 3.43 Network WLAN Hotspot Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225 hotspot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-226 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-228 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229 3.44 Network WLAN Hotspot RADIUS commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230 radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-231 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-232 3.45 Network WLAN Hotstpot White-list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234 white-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-235 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-236 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237 3.46 Network WLAN WLAN IP Fiter Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238 wlanipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238
TOC-7
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-239 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-240 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-241 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-242 3.47 Network Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243 port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-244 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-245 3.48 Network IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246 ipfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-247 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-248 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-249 3.49 Network WIPS Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250 wips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-251 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-252 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-253 convert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-254 revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-255 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-256 3.50 Network WIPS Default commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257 defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-258 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-259 3.51 Network WIDS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260 wids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-261 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-262 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-266 3.52 Network URL Filter Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267 urlfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-268 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-269 3.53 Network URL Filter Keyword Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270 keyword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-271 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-272 removeall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-273 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-274 3.54 Network URL Filter White list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275 whitelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-276 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-277 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-278 3.55 Network URL Filter Black List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279 blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-280
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-281 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282 3.56 Network URL Filter Trusted IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283 trustip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-284 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-285 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-286
TOC-9
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 4.8 System RADIUS Client Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40 4.9 System RADIUS EAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41 eap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44 4.10 System RADIUS EAP PEAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45 peap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47 4.11 System RADIUS EAP TTLS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48 ttls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50 4.12 System RADIUS LDAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51 ldap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55 join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56 4.13 System RADIUS Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57 policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59 4.14 System RADIUS Proxy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60 proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65 4.15 System Redundancy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69 4.16 System SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70 snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70 4.17 System SNMP Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77 4.18 System SNMP Traps Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78 traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87 4.19 System SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89 ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91 4.20 System User Database Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92 userdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92 4.21 System User Database Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93 group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94 create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98 remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102 4.22 System User Database User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108 4.23 System User Database User Guest commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109 guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-112 4.24 System WS2000 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113 WS2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-115 restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121 4.25 System CF commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122 cf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122 ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123 4.26 System HTTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124 http . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-125
TOC-11
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-126 4.27 System Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-129
Product Overview
1.1 WS2000 Wireless Switch CLI Reference Guide
This guide is intended to support administrators responsible for understanding, configuring and maintaining the Wireless Switch. This document provides information for the system administrator to use the command line interface during the initial setup and configuration of the system. It also serves as a reference guide for the administrator to use while updating or maintaining the system.
We recommend viewing this Command Line Reference Guide with Adobe Acrobat 5.0 or higher.
CAUTION:
WARNING!
Indicates a condition or procedure that could result in personal injury or equipment damage
CLI Conventions
command / keyword The first word is always a command. Keywords are words that must be entered as is. Commands and keywords are mandatory. For example, the command,
admin(network.wan)> show ip 1
is documented as
show ip <idx>
where:
show The command ip The keyword
<variable>
Variables are described with a short description enclosed within a < and a > pair. For example, the command,
admin(network.wan)> show ip 1
is documented as
show ip <idx>
where:
show The command Display information. ip The keyword The IP address <idx> The variable WAN Index value.
The pipe symbol. This is used to separate the variables/keywords in a list. For example, the command
admin(network.wan.vpn)> set .....
is documented as
set [ike|type|sub|remip|......]
where:
set The command [ike|type|sub|remip|...] Indicates the different commands that can be combined with the set command. However, only one of the above list can be used at a time.
set set set set ike ... type ... sub ... remip ...
[]
Of the different keywords and variables listed inside a [ & ] pair, only one can be used. Each choice in the list is separated with a | (pipe) symbol. For example, the command
admin(network.wan)> show ...
is documented as
show [ip|pppoe]
where:
show The command [ip|pppoe] Indicates that two keywords are available for this command and only one can be used at a time
{}
Any command/keyword/variable or a combination of them inside a { & } pair is optional. All optional commands follow the same conventions as listed above. However they are displayed italicized. For example, the command
admin(network.wan.vpn)> list ....
is documented as
list {<name>}
Here:
list The command. This command can also be used as
list
{<name>} The optional variable <name>.. The command can also be extended as
list vpn_tunnel_01
Here the value vpn_tunnel_01 is an optional tunnel name. values Values to be entered as shown in Blue. For example, the command
admin(network.wan)> show ip ....
is documented as
show ip <idx>
This commands parameter <idx> is described as under: <idx> <idx> (1-8) is the Wlan Index.
Location
Function
This LED is present on all ports and indicates the speed of the transmissions through the port. The LED is on when the transmission rate is 100 Mbit per second (100BaseT). The light is off when the transmission rate is 10 Mbit per second. This LED indicates activity on the port. This light is solid yellow when a link to a device is made. The light flashes when traffic is being transferred over the line. This LED is only present on Ports 1-4. These ports provide 802.3af Power over Ethernet (PoE) support to devices (such as Access Ports). The LED has several states: OFFA non-power device (or no device) is connected; no power is being delivered. GREENThe switch is delivering 48 volts to the power device connected to that port. REDThere was a valid PoE connection; however, the switch has detected that the power device is faulty. The red light will remain until a non-faulty connection is made to the port.
Displays the list of commands in the current menu. Displays general user interface help. Saves the configuration to the system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu.
page 2-3 page 2-4 page 2-6 page 2-5 page 2-7 page 2-8
2.1.1 ? Command ?
Common Commands
None
Example
admin> ? admin>? help passwd summary network stats system save quit .. / : : : : : : : : : : display general user interface help change password show system summary go to network sub menu go to stats sub menu go to system sub menu save cfg to system flash quit cli go to parent menu go to root menu
help
Parameters
None
Example admin>help ? <ctrl-q> <ctrl-p> * Note : : : : display command help - Eg. ?, show ?, s? go backwards in command history go forwards in command history commands can be incomplete - Eg. sh = sho = show
Quits the command line interface. Requires you to logon again. This command appears in all the submenus under admin menu. In each case, it has the same function, to exit out of the CLI.
Syntax
quit
Parameters
None
Example admin>quit
Saves the configuration to system flash. This command appears in all of the submenus under admin. In each case, it has the same function, to save the configuration. The save command must be issued before leaving the CLI for the settings to be retained.
Syntax
save
Parameters
none
Example
admin> save
admin>
2.1.5 .. Command ..
Common Commands
Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure.
Syntax
..
Parameters
None
Example
2.1.6 / Command /
Common Commands
Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure.
Syntax
/
Parameters
None
Example
admin(network.wan.nat)> / admin>
Changes the admin password. Displays a system summary. Goes to the network menu. Goes to the system menu. Goes to the statistics menu.
page 2-10 page 2-11 page 3-1 page 4-1 page 5-1
Changes the password for the administrative logins - admin, guest-admin, and manager.
Syntax
passwd [admin|manager|guest-admin]
Parameters
passwd Passwords for the Administrator, Guest-admin, and Manager accounts [admin|manager|guest-admin] can be changed. To change password, type the old password once and the new password twice at their respective prompts. Passwords can be up to 11 characters.
Example:
admin>passwd admin Old Admin Password:****** New Admin Password:****** Verify Admin Password:******
Displays system summary for the WS2000 Wireless Switch. The information displayed includes high-level characteristics and settings for WAN, subnet, and WLAN.
Syntax
summary
Parameters
None
Example
admin> summary System Information WS2000 firmware version country code WLAN 1 Information ess identifier wlan mode vlan_id enc type auth type WLAN 2 Information ess identifier wlan mode vlan_id enc type auth type WLAN 3 Information ess identifier wlan mode vlan_id enc type auth type WLAN 4 Information ess identifier wlan mode vlan_id enc type auth type : : : : : 104 disable 4 none none : : : : : 103 disable 3 none none : : : : : 102 disable 2 none none : : : : : Bharat enable 1 none none : 2.4.0.0-005X : us
WLAN 5 Information ess identifier wlan mode vlan_id enc type auth type WLAN 6 Information ess identifier wlan mode vlan_id enc type auth type WLAN 7 Information ess identifier wlan mode vlan_id enc type auth type WLAN 8 Information ess identifier wlan mode vlan_id enc type auth type Subnet 1 Information subnet interface ip address network mask dhcp mode default gateway ports wlan Subnet 2 Information subnet interface ip address network mask dhcp mode default gateway ports wlan : : : : : : : disable 192.168.1.1 255.255.255.0 server 192.168.1.1 wlan2 : : : : : : : enable 192.168.0.50 255.255.255.0 server 192.168.0.50 port1 port2 port3 port4 port5 port6 wlan1 : : : : : 108 disable 8 none none : : : : : 107 disable 7 none none : : : : : 106 disable 6 none none : : : : : 105 disable 5 none none
Subnet 3 Information subnet interface ip address network mask dhcp mode default gateway ports wlan Subnet 4 Information subnet interface ip address network mask dhcp mode default gateway ports wlan Subnet 5 Information subnet interface ip address network mask dhcp mode default gateway ports wlan Subnet 6 Information subnet interface ip address network mask dhcp mode default gateway ports : : : : : : disable 192.168.5.1 255.255.255.0 server 192.168.5.1 : : : : : : : disable 192.168.4.1 255.255.255.0 server 192.168.4.1 : : : : : : : disable 192.168.3.1 255.255.255.0 server 192.168.3.1 wlan4 : : : : : : : disable 192.168.2.1 255.255.255.0 server 192.168.2.1 wlan3
3.1 network
Admin Menu Commands
ap dhcp fw ipfilter lan port qos router urlfilter vlan wan wids wips wlan save quit .. /
Goes to the Access Port Submenu. Goes to the DHCP Submenu Goes to the Firewall Submenu Goes to the IP Filter Submenu Goes to the LAN Submenu Goes to the Port Submenu Goes to the QOS Submenu Goes to the Router Submenu Goes to the URL Filter Submenu Goes to the VLAN Submenu Goes to the WAN Submenu Goes to the WIDS Submenu Goes to the WIPS Submenu Goes to the WLAN Submenu Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu
page 3-3 page 3-48 page 3-51 page 3-234 page 3-87 page 3-231 page 3-105 page 3-109 page 3-255 page 3-115 page 3-118 page 3-248 page 3-238 page 3-170 page 2-6 page 2-5 page 2-7 page 2-8
Displays the Access Port submenu. The functionality provided by this menu is supplied by various screen under the Wireless menu item of the Web interface.
Syntax admin(network)> ap admin(network.ap)>
add copydefaults default delete denyap forget list mesh remap reset revert selfheal set show smartscan test save quit .. /
Adds entries to the Access Port adoption list. Copies default AP settings to a connected AP. Goes to the default submenu. Deletes entries from the Access Port adoption lists. Goes to the Deny AP submenu Forgets AP parameters Lists entries in the Access Port adoption list. Goes to the Mesh submenu Remaps channels for the AP in auto mode. Resets an Access Port. Reverts AP to Access Point (AP4131 or AP4121) Goes to the Self-heal submenu Sets Access Port parameters. Shows Access Port parameters. Goes to the Smart scan submenu Goes to the test submenu. Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu
page 3-4 page 3-5 page 3-17 page 3-6 page 3-30 page 3-7 page 3-8 page 3-40 page 3-9 page 3-10 page 3-11 page 3-24 page 3-12 page 3-15 page 3-34 page 3-38 page 2-6 page 2-5 page 2-7 page 2-8
Adds entries to the Access Port adoption list. This allows the Access Ports with the MAC addresses specified in the command to associate with the specified WLAN. Performs functionality available in the Access Port Adoption List area of the Wireless screen.
Syntax add <idx> <mac1> <mac2> Parameters
The WLAN ID (1-8) The starting mac address for the range The last mac address in the range
admin(network.ap)> add 1 00A0F8BFE9B0 00A0F8BFE9B0 admin(network.ap)list 1 admin(network.ap)>list 1 ------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)> Related Commands
delete list
Removes the MAC address range from the adoption list for the specified WLAN. Displays entries in the Access Port adoption list.
Copies default Access Port settings to a connected Access Port. In the Web interface, the defaults are set on the Wireless, default AP screens (one for each radio type).
Syntax copydefault <idx> Parameters
<idx>
Example
Lists the current default settings for a selected Access Port type. Lists the index numbers for all currently connected Access Ports. Gets information about a particular Access Port.
Deletes entries from the Access Port adoption list. In the Web interface, this functionality is found on the Wireless screen in the Access Port Adoption list area.
Syntax delete <idx> [<entry>|all] Parameters
<idx> [<entry>|all]
Deletes an entry in the Access Port adoption list as specified by <entry>, which is the number listed in the adopted list (use the list command) for WLAN <idx> (1-8). all indicates deleting all the adoption list entries.
Example
The following example first lists out the adoption list entries for WLAN 1, deletes the second entry for WLAN 1, and finally displays the list for WLAN 1 showing that the entry has been deleted.
admin(network.ap)>list 1 ------------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------------1 000000000000 00306542B965 2 004000000000 005000000000 admin(network.ap)>delete 1 2 admin(network.ap)>list 1 ------------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------------1 000000000000 00306542B965 Related Commands
add list
Adds entries to the adoption list. Lists entries in the Access Port adoption list.
<idx>|all
Example
<idx> The index to remove the AP parameters. all Removes all AP parameters from all the indices in the AP adoption list.
Displays entries in the Access Port adoption list for a specified wireless LAN.
Syntax list <idx> Parameters
<idx>
Example
Lists the Access Port adoption entries for WLAN <idx> (1-8).
The following example shows the access port adoption list for WLAN 1.
admin(network.ap)>list 1 ---------------------------------------------------------------------index start mac end mac ----------------------------------------------------------------------1 1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C Related Commands
add delete
Adds entries to the adoption list. Deletes entries from the adoption list.
<idx>|all
Example
<idx> Remaps all channels for a radio specified by the index <idx> all Remaps all channels for all the radios in auto channel selection mode.
admin(network.ap)>list 1 -------------------------------------------index start mac end mac -------------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)>remap 3
ap <idx>
Example
<idx> Resets the Access Port with index <idx> in the Access Port Adoption list.
--------------------------------------index start mac end mac --------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)>reset ap 2 admin(network.ap)>
ap <idx>
Example
<idx> Reverts the Access Port with index <idx> to an Access Point. Only on AP4131 and AP 4121.
admin(network.ap)>revert ap 1 admin(network.ap)>
beacon intvl <idx> <interval> ch_mode <idx> [fixed|random|auto] div <idx> <mode> dtim <idx> [<period>|<bss_idx <period>]]
Sets the beacon interval for Access Port <idx> (112) to <interval> in K-us (50 200). Sets the channel mode for Access Port <idx> (112) to fixed, random or auto. Sets the default antenna diversity to <mode> (one of full, primary, or secondary). Sets the DTIM period for Access Port <idx> to <period> (number of beacons from 150). <bss_idx> is the index of the BSSID. If not specified for the AP300, the default value of 1 is assumed for this parameter. For other APs, the <period> value is used for all the BSSIDs. Sets Access Port <idx> location description to <loc> (113 characters). Sets Access Port <idx> name to <name> (113 characters). Sets the primary WLAN <widx> (the WLAN index from 1 to 8) for 802.11a radio associated with Access Port <idx> (1-12). The ESS ID configured for this WLAN will be used in the 802.11a beacon as the primary ESS.
Note: This parameter is used only for AP200 APs with 802.11a radios
Sets Access Port <idx> (1-12) basic and supported rates. <basic> and <supported> must be comma-separated lists of rates, such as 6,9,11,15 with no spaces. Basic rates are a subset of supported rates. The different types of radio support the following rates. A - 6|9|12|18|24|36|48|54 B - 1|2|5.5|11 G - 1|2|5.5|6|9|11|12|18|24|36|48|54
Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy B stations.
reg <idx> <indoor> <ch> Sets Access Port <idx> (1-12)regulatory parameters, which <indoor> is one of <pwr> in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20). Select the value of <ch> from the appropriate list. 802.11b ch -- 1 to 14 802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161
Note: Regulatory parameter values depend on country of operation and radio type. Refer to documentation for regulatory information.
Sets the RTS threshold for Access Port <idx> (1-12) to <bytes> (e.g., 2341).
Enables or disables the short preamble mode for Access Port <idx> (1-12)
Sets the 802.1x username and password on AP 300 Access Ports. Both parameters can be up to 64 characters long. Sets the MAC address of AP <idx> (1-12) to <mac> (MAC address format is XX:XX:XX:XX:XX:XX) ap_scan <idx> <mode> Sets the scan mode for Rogue AP detection where <idx> (1-12) is the access port index and <mode> is one of none, detector, on-chan, full-detector. radio_type <idx> Sets the Radio Type of an access port where <idx> (1-12) is the access port <radio_type> index and <radio_type> is one of 802.11a, 802.11b, 802.11b/g. ap_type <idx> Sets the AP type of an Access Port <idx> (1-12) to AP type. AP type <radio_type> <radio_type> is one of AP100, AP200, AP300 sip_cac_mode Enables or disables SIP Call Admission Control. [enable|disable] allowed_sip_session Sets the allowed number of SIP sessions for this portal. The value for <idx> <sip_session> <sip_session> lies between 1 and 100. <idx> (1-12) is the access port index. legacy_mode Enables or disables legacy mode support for AP300s. [enable|disable] mu-power-adjustment Sets Symbol MUs operating power in dBm. <ap-index> is the index of the <ap-index> <adjvalue> Symbol AP and <adjvalue> is the MU power adjustment value in dBm (valid 020) asset-name <idx> Sets asset name for the Access Port with <idx> (1-12) with <asset-name> (1<asset-name> 50 characters)
Example:
admin(network.ap)>set short-pre enable admin(network.ap)>set shor 1 enable admin(network.ap)>set name 1 BigOffice admin(network.ap)>set dtim 1 25 admin(network.ap)>set loc 1 BigBldg admin(network.ap)>show ap 1 ap name ap location ap mac address ap serial number ap radio type adopted by ap indoor use ap channel ap radio power antenna gain rf power antenna type ap diversity basic rates supported rates rts threshold : : : : : : : : : : : : : BigOffice BigBldg 00A0F8565656 00A0F8565656 802.11 B WLAN1 indoor/outdoor 1 4 dB 0 dBi 3 mW external full
: 1 2 : 1 2 5.5 11 : 2341
beacon interval dtim period short preamble security beacon (hide ess) primary wlan index admin(network.ap)>
: : : : :
Shows Access Port <idx> (1-12) radio parameters. Shows a list of Access Ports and their status. Shows SIP statistics for the portal <idx> (1-12). Shows the legacy mode configuration for the switch
admin(network.ap)>show ap 1 ap name ap location ap mac address ap serial number ap radio type adopted by ap indoor use ap channel ap radio power antenna gain rf power antenna type ap diversity basic rates supported rates rts threshold beacon interval dtim period short preamble security beacon (hide ess) primary wlan index detector ap admin(network.ap)>show status ap index ap status ap index ap status ap index : 1 : connected : 2 : not connected : 3 : : : : : : : : : : : BigOffice BigBldg 00A0F8565656 00A0F8565656 802.11 B WLAN1 indoor/outdoor 1 4 dB 0 dBi 3 mW
ap status ap index ap status ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status
: not connected : 4 : not connected : not connected : 6 : not connected : 7 : not connected : 8 : not connected : 9 : not connected : 10 : not connected : 11 : not connected : 12 : not connected
set
Displays the default Access Port (AP) submenu. Use these commands to set the default values for all APs.
Syntax admin(network.ap)> default
Sets default Access Port parameters. Loads the configured images from the CF card immediately Shows default Access Port parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-18 page 3-20 page 3-21 page 3-1 page 3-1 page 3-1 page 3-1
The items in this menu are available in the Web interface under the three default Access Port screens (one for each radio type) within the Wireless menu area.
beacon intvl <type> <interval> ch-mode <type> [fixed|random|auto] div <type> <mode> dtim <type> [<bss_idx>|<period>]
Sets the default beacon interval for specified radio type <type> (one of 802.11a, 802.11b, or 802.11b/g) to <interval> in K-us (50200). Sets the default channel mode for radios of <type> (one of 802.11a, 802.11b, or 802.11b/g) to fixed, random, or auto. Sets the default antenna diversity for radios of <type> (one of 802.11a, 802.11b, or 802.11b/g) to <mode> (one of full, primary, or secondary). Sets the default DTIM period for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g) to <period> number of beacons (150). <bss_idx> is the index of the BSSID. If not specified for the AP300, the default value of 1 is assumed for this parameter. For other APs, the <period> value is used for all the BSSIDs. Sets the default primary WLAN <widx> (1 to 8) for 802.11a radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). The ESS ID configured for this WLAN will be used in the 802.11a beacon as the primary ESS.
Note: This parameter is used only for AP200 APs with 802.11a radios.
Sets the default basic and supported rates for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). <basic> and <supported> must be a comma separated list of rates, such as 6,9,11,15 with no spaces. Basic rates are a subset of supported rates. The different types of radio support the following rates. A - 6|9|12|18|24|36|48|54 B - 1|2|5.5|11 G - 1|2|5.5|6|9|11|12|18|24|36|48|54
Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy B stations.
Sets the default regulatory parameters for radios of specified type (one of 802.11a, 802.11b, or 802.11b/g), where <indoor> is one of in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20). Select the value of <ch> from the appropriate list. 802.11b ch -- 1 to 14 802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161
Note: Note: Regulatory parameter values depend on the country of operation and radio type. Refer to the documentation for specific regulatory information.
Sets the default RTS threshold for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g) to <bytes> (e.g., 2341).
By default, enables or disables the short preamble mode for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). Sets the default location of the sensor image. Location is specified in the <loc> parameter. Sets the default location <loc> of the AP 4131 image. Select from cf or def. Sets the default location <loc> of the AP 4121 image. Select from cf or def.
admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap ap ap ap indoor use channel channel mode radio power : : : : : indoor only 36 random 17 dBm 50 mW
: full : 6 12 24 : 6 9 12 18 24 36 48 54
rts threshold : 2341 beacon interval : 100 ------------------------------------------------------------------------BSSID | DTIM period ------------------------------------------------------------------------1 | 10 2 | 10 3 | 10 4 | 10 short preamble primary wlan index admin(network.ap.default)> Related Commands : disable : wlan1
show default
None
Example admin(network.ap.default)>loadfromcf
Shows the default Access Port parameters for a particular radio type.
Syntax show [default|img-location] Parameters
default <type> Shows the default Access Port parameters for radio type <type> (802.11a, 802.11b, 802.11bg). img-location Shows the Sensor/Access Port image locations.
Example admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap ap ap ap indoor use channel channel mode radio power : : : : : indoor only 36 random 17 dBm 50 mW
: full : 6 12 24 : 6 9 12 18 24 36 48 54
rts threshold : 2341 beacon interval : 100 ---------------------------------------------------------------------BSSID | DTIM period ---------------------------------------------------------------------1 | 10 2 | 10 3 | 10 4 | 10 short preamble : disable primary wlan index : wlan1 Related Commands
set
Switches the Access Port to a new channel. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-23 page 3-1 page 3-1 page 3-1 page 3-1
<idx> <ch>
Example
Switches the Access Port indexed with <idx> (112) to channel <ch> (which must be a valid channel for the specified Access Port.
admin(network.ap.test)>new 2 15 admin(network.ap.test)>
Sets self-heal parameters Detects neighbors and prepares the neighbors list automatically Adds entries to the self-heal table Removes entries from the self-heal table Shows entries in the self-heal table Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-25 page 3-26 page 3-27 page 3-28 page 3-29 page 3-1 page 3-1 page 3-1 page 3-1
interference-avoidance mode [enable|disable] Sets the self-healing interference mode. Can be [mode one of enable or disable. [enable|disable] | max-retries [<max-retires|default] Sets the threshold limit on the max-retries maximum number of retires permitted. <max-retires> (0-15) is the [<max-retries>|default] | number of allowed retries. default has a value of 14. hold-time hold-time [<hold-time>|default] Sets the hold-time between running two [<hold-time>|default]] consecutive interference avoidance algorithms. <hold-time> (0-65535) is the duration in seconds. default has a value of 3600. mode [enable|disable] Enables or disables neighbor recovery. neighbor-recovery action <radio-idx> <action> Sets the neighbor recovery action for the [mode portal. <radio-idx> (1-12) is the id of the radio for which action specified [enable|disable] | action <radio-idx> <action> | in <action> must be taken. Select <action> from none, raise-power, open-rates, both. offset <radio-idx> [<offset>|default]] Sets the radio offset value for the radio <radio-idx> (1-12) when the set action is raise-power. <offset> value is between 0-65535. default value is 0.
Example - Set interference-avoidance: admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set Example - set neighbor-recovery: admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set 1 admin(network.ap.selfheal)>set 1 admin(network.ap.selfheal)>set neighbor-recovery neighbor-recovery neighbor-recovery neighbor-recovery mode enable mode disable action none radio 1 action raise-power radio interference-avoidance interference-avoidance interference-avoidance interference-avoidance interference-avoidance interference-avoidance mode enable mode disable max-retries 15 max-retries default hold-time 24000 hold-time default
None
Example admin(network.ap.selfheal)>detect-neighbor admin(network.ap.selfheal)>
<from-ap> <to-ap>
Example
Adds the specified APs into the neighbor-recovery table. <from-ap> and <toap> accepts values 1 to 12 and all. all indicates all the APs.
admin(network.ap.selfheal)>add 2 4 admin(network.ap.selfheal)>show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : enable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 open-rates 3 0 none 4 777 raise-power 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP 2 4 TO-AP 4 2 RAISED-POWER(dBm) 0 0 0 0
<to-ap> accepts values 1 to 12 and all. all indicates all the APs.
Example admin(network.ap.selfheal)> del 2 4 admin(network.ap.selfheal)> show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : enable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 open-rates 3 0 none 4 0 none 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP TO-AP
-------------HEALING STATE OF PORTALS-----------PORTAL 1 2 3 4 HEALING-MODE Normal Normal Normal Normal CONFIGURED-POWER(dBm) 20 17 20 17 RAISED-POWER(dBm) 0 0 0 0
None
Example admin(network.ap.selfheal)>show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : disable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 none 3 0 none 4 0 none 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP 1 2 TO-AP 2 1 RAISED-POWER(dBm) 0 0
Displays the denyap submenu. Use the denyap submenu to manage APs that have been denied access to the switch.
Syntax admin(network.ap)> denyap admin(network.ap.denyap)>
Adds access port deny list entries Deletes access port deny list entries Shows access port deny list Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-31 page 3-32 page 3-33 page 3-1 page 3-1 page 3-1 page 3-1
<mac>
Example
Adds the MAC specified in the <mac> parameter to the Access Port Deny List. MAC entries are to be entered without the :. For example 00b4c2114534.
admin(network.ap.denyap)>add 00b4c2114534 admin(network.ap.denyap)> admin(network.ap.denyap)>show ------------------------------------------------------------------------Idx AP NIC MAC ------------------------------------------------------------------------1 00b4c2114535 2 00b4c2114534 admin(network.ap.denyap)>
<mac> all
Example
Deletes the MAC specified in the <mac> parameter from the Access Port Deny List. Deletes all the entries in the Access Port Deny List
admin(network.ap.denyap)>show ------------------------------------------------------------------------Idx AP NIC MAC ------------------------------------------------------------------------1 00b4c2114535 2 00b4c2114534 admin(network.ap.denyap)>delete 00b4c2114535 admin(network.ap.denyap)>show ------------------------------------------------------------------------Idx AP NIC MAC ------------------------------------------------------------------------1 00b4c2114534
None
Example admin(network.ap.denyap)>show ---------------------------------------------------------------------Idx AP NIC MAC ---------------------------------------------------------------------1 00b4c2114535 2 00b4c2114534
Sets smartscan channels Removes smartscan channels Shows all smartscan channels Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-35 page 3-36 page 3-37 page 3-1 page 3-1 page 3-1 page 3-1
Sets the smartscan channels. These channels are the ones that are scanned for presence of WLANs.
Syntax set [11a <11a>|11bg <11bg>] Parameters
Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a comma separated list. For example, 36,40,44,48 Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a comma separated list. For example, 1-4,6,8
Note: When using a range for selecting multiple channels, all the channels that are included in the range should be valid channel numbers for the current regulatory domain.
Example admin<network.ap.smartscan>> set 11bg 1-6,8,10-12 admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12 Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165 Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13
Deletes all the channels in the smartscan list for a specific radio.
Syntax delete [11a <11a>|11bg <11bg>] Parameters
Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a comma separated list. For example, 36,40,44,48 Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a comma separated list. For example, 1-4,6,8
Note: When using a range for selecting multiple channels, all the channels that are included in the range should be valid channel numbers for the current regulatory domain.
Example admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : 1 2 3 Available valid 11a channels : 36 40 161 165 Available valid 11bg channels : 1 2 3 admin(network.ap.smartscan)> delete 11bg admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : Available valid 11a channels : 36 40 161 165 Available valid 11bg channels : 1 2 3 admin(network.ap.smartscan)>
Displays the list of channels used for smartscan for the different radios.
Syntax show [all] Parameters
all
Example
admin(network.ap.smartscan)> show smart scan 11a channels smart scan 11bg channels Available valid 11a channels 161 165 Available valid 11bg channels
Displays the test submenu. Use this submenu commands to test APs.
Syntax admin(network.ap)> test admin(network.ap.test)>
Switches the AP to a new channel Shows mesh configuration information Quits the CLI. Goes to the parent menu. Goes to the root menu.
page 3-39 page 3-47 page 3-1 page 3-1 page 3-1
<idx> <ch>
Example
The access port index for which the channel has to be changed The channel to change to. This must be a channel that is valid for the selected AP <idx>.
Displays the mesh submenu. Use this menu to configure the different Mesh Network parameters.
Syntax admin(network.ap)> mesh admin(network.ap.mesh)>
Sets mesh parameters Adds a preferred base to the list Removes preferred bases from the list Shows a list of preferred bases Shows a list of available bases Shows mesh configuration information Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-41 page 3-43 page 3-44 page 3-45 page 3-46 page 3-47 page 3-1 page 3-1 page 3-1 page 3-1
client <radio-idx> Enables or disables the mesh client for the radio with the index [enable|disable] <radio-idx> (1-12). wlan <radio-idx> <wlan-id> Selects the WLAN <wlan-id> (1-8) for the mesh client radio index <radio-idx> (1-12). auto <radio-idx> Enables or disables automatic base selection for the radio with the index [enable|disable] <radio-idx> (1-12). base <radio-idx> Enables or disables the radio <radio-idx> (1-12) as the mesh base. [enable|disable] max-clients <radio-idx> Sets the maximum number of client <max-clients> for the radio <max-clients> <radio-idx> (1-12).
Example admin(network.ap.mesh)> set client 1 enable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Client Only WLAN1 Enabled N/A admin(network.ap.mesh)> set base 1 enable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN1 Enabled 6 admin(network.ap.mesh)> set wlan 1 3 admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN3 Enabled 6 admin(network.ap.mesh)> set max-clients 1 4 admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN3 Enabled 4
admin(network.ap.mesh)> set auto 1 disable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN3 Disabled 4 admin(network.ap.mesh)>
Adds the base to the devices Preferred Base Bridge List. The <radio-idx> (1-12) is the unique ID for the radio. <mac> is the address of the base device to be added to the list.
Example admin(network.ap.mesh)> add 3 001570419F9F admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F admin(network.ap.mesh)> Related Commands
del preferred-list
Removes preferred bases from the list Shows a list of preferred bases
Removes a Mesh Base from the devices Preferred Base Bridge List.
Syntax del [<radio-idx>] [all|<index>] Parameters
<radio-idx> [all|<index>]
Removes all preferred bases from the devices Preferred Base Bridge List for the radio specified by the <radio-idx> (1-12). all Indicates all the preferred base devices. <index> Indicates the selected preferred base device.
Example admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F 2 00:15:45:70:9C:8D 3 15:03:54:07:23:45 admin(network.ap.mesh)> del 3 2 admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F 2 15:03:54:07:23:45 admin(network.ap.mesh)> del 3 all admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------admin(network.ap.mesh)> Related Commands
add preferred-list
<radio-idx>
Example
Displays the selected radios (<radio-idx> (1-12)) Preferred Base Bridge List.
admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F 2 00:15:45:70:9C:8D 3 15:03:54:07:23:45 admin(network.ap.mesh)> Related Commands
add del
Adds a preferred base to the list Removes preferred bases from the list
Displays the list of available base bridges along with their MAC addresses and the RSSI.
Syntax available-list <radio-idx> Parameters
<radio-idx>
Example
Displays the available base bridges for a particular radio indicated by the <radio-idx> (1-12) value.
admin(network.ap.mesh)> available-list 3 ------------------------------------------------------------------------"MAC" "Channel" "RSSI" ------------------------------------------------------------------------00:15:70:41:9A:9A 11 189 admin(network.ap.mesh)> Related Commands
Adds a preferred base to the list Removes preferred bases from the list Shows a list of preferred bases
<radio-idx>
Example
Displays the mesh configuration information for the radio indicated by the <radio-idx> (1-12) value.
admin(network.ap.mesh)> show 3 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN2 Enabled 4
Sets system updated flags. Shows system updated flags. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-49 page 3-50 page 3-1 page 3-1 page 3-1 page 3-1
dhcpvendorclassid <dhcp vendor class id> Note: Vendor class id must be preceded by Sym. autoupgradeinterval Sets the Light Weight DHCP Client Auto Upload time interval to <autoupgradeinterval> <autoupgradeinterval> (1-65535) seconds.
Example admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface : 0 : 0 : w
Enables (1) or disables (0) automatic switch firmware upgrade. Enables (1) or disables (0) automatic switch configuration update. Sets the interface <iface> for the upgrades to the device: s1 subnet 1 s2 subnet 2 s3 subnet 3 s4 subnet 4 s5 subnet 5 s6 subnet 6 w WAN Sets the DHCP vendor class id to <dhcp vendor class id>.
admin(network.dhcp)>set firmwareupgrade 1 admin(network.dhcp)>set con 1 admin(network.dhcp)>set inter s1 admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface Related Commands : 1 : 1 : s1
show all Shows the settings for all the automatic update parameters.
all
Example
admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface Dhcp Vendor Class Id Auto Upgrade Interval Related Commands : : : : : 1 1 w SymbolWS.WS2K-V2-0 600
set
Sets the DHCP-related parameters for updating system firmware and configuration.
set show submap policy timeradd timerset timerdel timerlist ips quit save .. /
Sets firewall parameters. Shows firewall parameters. Goes to the subnet mapping submenu. Goes to the advanced subnet mapping submenu. Creates a new timeout value Sets timeout values Deletes a named timer Shows the list of timers Goes to the Intrusion Prevention System submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-52 page 3-54 page 3-80 page 3-64 page 3-55 page 3-58 page 3-56 page 3-57 page 3-59 page 3-1 page 3-1 page 3-1 page 3-1
The commands in this menu are available in the Web interface on the Network>Firewall screen.
Sets firewall parameters. In the Web interface, this functionality is provide by the Network->Firewall screen.
Syntax set [mode|override|ftp|ip|seq|src|syn|win|spoof|rst| range|netbios-alg] [enable|disable] set set set set mime mime mime mime [filter|hdr|len] filter [enable|disable] hdr <count> len <length>
mode [enable|disable] override [enable|disable] ftp [enable|disable] ip [enable|disable] mime [filter [enable|disable]| hdr <count>| len <length>] seq [enable|disable] src [enable|disable] syn [enable|disable] timeout <time> win [enable|disable] spoof [enable|disable] rst [enable|disable] range [enable|disable] fin <time> netbios-alg [enable|disable]
Example
Enables or disables the firewall. Enables or disables subnet access override. Enables or disables FTP bounce attack check. Enables or disables IP unaligned timestamp check. filter [enable|disable] Enables or disables MIME flood attack check. hdr <count> Sets the max number of headers as specified in <count> (12-34463) len <length> Sets the max header length in bytes as specified by <length> (256-34463) Enables or disables sequence number prediction check. Enables or disables source routing check. Enables or disables SYN flood attack check. Sets the firewall timeout to <time> minutes (190). Enables or disables Winnuke attack check. Enables or disables IP Spoofing attack check Enables or disable reset attack check Enables or disable sequence out of range check Sets fin timeout to <time> seconds. Enables or disables NetBIOS ALG support.
admin(network.fw)>show all Firewall Status Subnet Access Override Configurable Firewall Filters : enable : disable
ftp bounce attack filter syn flood attack filter unaligned ip timestamp filter source routing attack filter winnuke attack filter seq num prediction attack filter mime flood attack filter max mime header length max mime headers nat timeout interval in minutes ip spoofing attack filter reset attack filter ack/seq number out of range check fin timeout Always On Firewall Filters land attack filter ping of death attack filter reassembly attack filter NetBIOS alg admin(network.fw)> Related Commands
: : : : : : : : : : : : : :
enable enable enable enable enable enable enable 8192 16 30 enable enable enable 20
: : : :
show
all
Example
admin(network.fw)>show all Firewall Status Subnet Access Override Configurable Firewall Filters ftp bounce attack filter syn flood attack filter unaligned ip timestamp filter source routing attack filter winnuke attack filter seq num prediction attack filter mime flood attack filter max mime header length max mime headers nat timeout interval in minutes ip spoofing attack filter reset attack filter ack/seq number out of range check fin timeout Always On Firewall Filters land attack filter ping of death attack filter reassembly attack filter NetBIOS alg admin(network.fw)> Related Commands : : : : enable enable enable disable : : : : : : : : : : : : : : enable enable enable enable enable enable enable 8192 16 30 enable enable enable 20 : enable : disable
set
<protocol> is the protocol to be used. (tcp or udp) <port> is the port number (0-32767) <value> is the timeout value in seconds (60-268400000)
Example admin(network.fw)> timeradd newtcp tcp 21 4500 admin(network.fw)> timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 admin(network.fw)
timerdel <timername>
Example
admin(network.fw)>timeradd newudp udp 21 4500 admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 newudp udp 21 4500 admin(network.fw)timerdel newtcp admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newudp udp 21 4500
None
Example admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 newudp udp 21 4500 admin(network.fw)
Sets the timer value <value> (60-268400000) for a timer named <timer name>.
admin(network.fw)>timerset newudp 5000 admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 newudp udp 21 5000
Sets the IPS parameters Displays the IPS settings Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-60 page 3-62 page 3-1 page 3-1 page 3-1 page 3-1
mode [enable|disable] anomaly-config [-sl <smtplen>| -ml <mimelen>| -md <mimedepth>| -hl <httphline>| -hz <httphsize>| -hlz <httplinesize>| -huz <httpurisize>] signature-categories <category-list>
direction [default|bi-directional]
Enables or disables IPS. -sl <smtplen> Sets the SMTP header length. -ml <mimelen> Sets the MIME header length. -md <mimedepth> Sets the depth of MIME boundary header. -hl <httphline> Sets the field in the HTTP header. -hz <httphsize> Sets the HTTP header size. -hlz <httplinesize> Sets the HTTP header line size. -huz <httpurisize> Sets the HTTP URI size. Sets the signature categories for IPS. Select <category-list> from TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS, TCPRPC, UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, ICMP, TCP, UDP, IP. If more than one signature category is specified, separate each category with a space. Each of the signature category must be specified in Upper Case only. Sets the direction to inspect packets. default Sets direction as default. This is defined in the signature. bi-directional Sets direction as bi-directional. Packets are inspected when received or sent.
Example admin(network.fw.ips)>set mode enable admin(network.fw.ips)>set anomaly-config -sl 100 admin(network.fw.ips)>set direction default admin(network.fw.ips)>set signature-categories TELNET POP3 TCP UDP admin(network.fw.ips)>show all IPS mode : enable SMTP Header length : 1024 MIME header length : 1024 Depth of MIME boundary header : 5 Field in HTTP header : 50 HTTP header size : 4096 HTTP header line size : 3072
HTTP URI size Loaded Signature Categories Packet Direction of signatures admin(network.fw.ips)>
all
Example
admin(network.fw.ips)>show all IPS mode SMTP Header length MIME header length Depth of MIME boundary header Field in HTTP header HTTP header size HTTP header line size HTTP URI size Loaded Signature Categories Packet Direction of signatures admin(network.fw.ips)> admin(network.fw)>show all Firewall Status Subnet Access Override Configurable Firewall Filters ftp bounce attack filter syn flood attack filter unaligned ip timestamp filter source routing attack filter winnuke attack filter seq num prediction attack filter mime flood attack filter max mime header length max mime headers nat timeout interval in minutes ip spoofing attack filter reset attack filter ack/seq number out of range check fin timeout Always On Firewall Filters land attack filter ping of death attack filter reassembly attack filter
: : : : : : : : : :
enable 1024 1024 5 50 4096 3072 3072 TELNET POP3 TCP UDP IMAP HTTP SMTp default
: enable : disable
: : : : : : : : : : : : : :
enable enable enable enable enable enable enable 8192 16 10 enable enable enable 20
: disable : enable
NOTE: The Policy menu can only be accessed when Subnet Access Override mode is enabled. To enable Subnet Access Override use the command
admin(network.fw)> set override enable
Goes to the inbound policy submenu. Goes to the outbound policy submenu. Imports subnet access rules. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-66 page 3-73 page 3-65 page 3-1 page 3-1 page 3-1 page 3-1
Imports subnet access rules from current subnet access settings created in the GUI interface (Network-> Firewall -> Subnet Access menu item) or using the CLI submap menu commands. Previously set outbound firewall policies will be deleted.
Syntax import Parameters
None
Example admin(network.fw.policy)>import WARNING : You will loose all your current advanced access policies. Do you want to continue [n/y]?y admin(network.fw.policy)> admin(network.fw.policy.outb)>list ---------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp Src Ports Dst Ports NAT Action ---------------------------------------------------------------------------1 192.168.0.1- 192.168.1.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 2 192.168.0.1- 192.168.2.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 3 192.168.1.1- 192.168.0.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 4 192.168.1.1- 192.168.2.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 5 192.168.2.1- 192.168.0.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 6 192.168.2.1- 192.168.1.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 7 192.168.0.0- 192.168.32.2all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 8 192.168.0.0- 0.0.0.0all 1:65535 1:65535 wan1 allow 255.255.255.0 0.0.0.0 9 192.168.1.0- 0.0.0.0all 1:65535 1:65535 none allow 255.255.255.0 0.0.0.0 10 192.168.2.0- 0.0.0.0all 1:65535 1:65535 none allow 255.255.255.0 0.0.0.0 Related Commands
Lists the currently defined subnet to subnet/WAN communication rules into the outbound firewall policy list. Lists the current outbound firewall policies.
Adds a firewall policy. Sets firewall policy parameters. Deletes a firewall policy. Lists firewall policies. Moves a firewall policy to a different position in the list. Inserts a new firewall policy before an existing policy. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-67 page 3-72 page 3-68 page 3-70 page 3-71 page 3-69 page 3-1 page 3-1 page 3-1 page 3-1
Adds a firewall policy to be effective on communications between a source site and a destination site. <sip> The source IP <snetmask> The source IPs network mask <dip> The destination site IP <dnetmask> The destination IPs network mask
Example admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0 Related Commands
delete move
Deletes firewall policies from the inbound list. Moves firewall policies either up or down in the list of policies.
<idx> all
Example
Deletes inbound firewall policy <idx> from the policy list. Deletes all inbound firewall policies.
admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 admin(network.fw.policy.inb)>del 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0
Inserts a new policy into the inbound firewall policy list at a specified index. <idx> The index in the firewall policy list where this policy is to be inserted. <sip> The source IP <snetmask> The source IPs network mask <dip> The destination site IP <dnetmask> The destination IPs network mask
Example admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>insert 1 209.239.160.44 255.255.255.224 192.168.55. 44 255.255.255.0 Inbound Policy Successfully inserted at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0
<idx>
Example:
admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.255.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0
Moves a firewall policy to a different position in the list and renumbers all affected items in the list.
Syntax move [up|down] <idx> Parameters
[up|down] <idx>
Example
Moves policy with index <idx> up or down one (to a lower or a higher number) in the policy list.
admin(network.fw.policy.inb)>list ---------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 2 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>move up 2 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 255.255.255.224 255.255.255.0 200: 201 0.0.0.0 allow nat port 0
Sets source IP address <Ip Addr> and IP netmask <netmask> for inbound firewall policy <idx>. Sets destination IP address <Ip Addr> and IP netmask <netmask> for inbound firewall policy <idx>. Sets transport protocol for inbound firewall policy <idx> to <tp> (one of all, tcp, udp, icmp, ah, esp, gre). sport <idx> <port1> Sets source port range for inbound firewall policy <idx> from <port1> [<port2>] (165535) to <port2> (165535). If <port2> is not specified, <port1> is used as the top end of the range. dport <idx> <port1> Sets destination port range for inbound firewall policy <idx> from <port1> (1 [<port2>] 65535) to <port2> (165535). If <port2> is not specified, <port1> is used as the top end of the range. rnat <idx> <Ip Addr> Sets reverse NAT IP address for inbound firewall policy <idx> to <Ip Addr> (a.b.c.d). rport <idx> <rport> Sets reverse NAT port for inbound firewall policy <idx> to <rport> (065535). action <idx> [allow|deny] Sets action of inbound firewall policy <idx> to allow or deny.
Example admin(network.fw.policy.inb)>set tp 1 gre admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>set sport 1 20 21 admin(network.fw.policy.inb)>set dport 1 200 201 admin(network.fw.policy.inb)>set action 1 allow admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0
saddr <idx> <Ip Addr> <netmask> daddr <idx> <Ip Addr> <netmask> tp <idx> <tp>
Adds a firewall policy. Sets firewall policy parameters. Deletes a firewall policy. Lists firewall policies. Moves a firewall policy to a different position in the list. Inserts a new firewall policy before an existing policy. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-74 page 3-79 page 3-75 page 3-77 page 3-78 page 3-76 page 3-1 page 3-1 page 3-1 page 3-1
Adds a firewall policy to be effective on communications between a source site and a destination site. <sip> The source IP <snetmask> The source IPs network mask <dip> The destination site IP <dnetmask> The destination IPs network mask
Example admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.255.255.224 Outbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0 Related Commands
delete move
Deletes firewall policies from the outbound list. Moves policies either up or down in the list of policies.
<idx> all
Example
Deletes inbound firewall policy <idx> from the policy list. Deletes all outbound firewall policies.
admin(network.fw.policy.outb)>list ---------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ---------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 admin(network.fw.policy.outb)>del 1 admin(network.fw.policy.outb)>list ---------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ---------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0
Inserts a new policy into the outbound firewall policy list at a specified index. <idx> The index in the firewall policy list where this policy is to be inserted. <sip> The source IP <snetmask> The source IPs network mask <dip> The destination site IP <dnetmask> The destination IPs network mask
Example admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>insert 1 209.239.160.44 255.255.255.224 192.168.55. 44 255.255.255.0 Outbound Policy Successfully inserted at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0
<idx>
Example
admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0
Moves an outbound firewall policy up or down in the policy list and renumbers the policy affected by the move.
Syntax move [up|down] <idx> Parameters
[up|down] <idx>
Example
Moves policy with index <idx> up or down one (to a lower or a higher number) in the policy list.
admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 2 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>move up 2 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ---------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 255.255.255.224 255.255.255.0 200: 201 0.0.0.0 allow nat port 0
saddr <idx> <Ip Addr> <netmask> daddr <idx> <Ip Addr> <netmask> tp <idx> <tp>
Sets source IP address <Ip Addr> and IP netmask <netmask> for outbound firewall policy <idx>. Sets destination IP address <Ip Addr> and IP netmask <netmask> for outbound firewall policy <idx>. Sets transport protocol for outbound firewall policy <idx> to <tp> (one of all, tcp, udp, icmp, ah, esp, gre). sport <idx> <port1> Sets source port range for outbound firewall policy <idx> from <port1> [<port2>] (165535) to <port2> (165535). If <port2> is not specified, <port1> is used as the top end of the range. dport <idx> <port1> Sets destination port range for outbound firewall policy <idx> from <port1> [<port2>] (165535) to <port2> (165535). If <port2> is not specified, <port1> is used as the top end of the range. nat <idx> <wan id> Sets NAT WAN ID for outbound firewall policy <idx> to <wan id> (0-8) where 0 = none, 1 = WAN 1, 2 = WAN 2, etc. action <idx> [allow|deny] Sets action of outbound firewall policy <idx> to allow or deny. logging <idx> Sets logging of outbound firewall policy <idx> to enable or disable. [enable|disable]
Example admin(network.fw.policy.outb)>set tp 1 gre admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>set sport 1 20 21 admin(network.fw.policy.outb)>set dport 1 200 201 admin(network.fw.policy.outb)>set action 1 allow admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0
NOTE: The submap menu can only be accessed when Subnet Access Override mode is disabled. To disable Subnet Access Override use the command
admin(network.fw)> set override disable
Adds subnet access exception rules. Deletes subnet access exception rules. Lists subnet access exception rules. Sets subnet access parameters. Shows subnet access parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-81 page 3-83 page 3-84 page 3-85 page 3-86 page 3-1 page 3-1 page 3-1 page 3-1
Adds a subnet access exception rule for communication. <from> The source subnet (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) <to> The destination subnet (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w=WAN) <name> The name of this exception rule. (1-7 characters) <trans> The transport protocol to deny access. (one of the following transport protocols: tcp, udp, icmp, ah, esp, gre, or all) <port1> <port2> Ports in the range <port1> to <port2>
Example admin(network.fw.submap)>add s1 w test gre 21 101 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80
admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------
<from> [<idx>|all]
<idx> Deletes access exception rule entry <idx> from subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6). all Deletes all access exception rule entries from subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6).
Example admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80 admin(network.fw.submap)>delete s1 2 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------
<from>
Example
Lists the access exception entries for <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6).
admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80 admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port
Sets the default subnet access rule. <from> The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6). <to> The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). <rule> The rule to be enforced. Select from allow or deny. subnet-logging Enables or disables logging for a subnet access rule. <from> <to> <from> The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, [enable|disable] s4 = subnet4, s5 = subnet5, s6 = subnet6). <to> The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). enable Enables he logging disable Disables logging logging <from> Enables, disables, or sets to default the logging for a subnet access exception rule. <to> <rule-name> <from> The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, [enable|disable|d s4 = subnet4, s5 = subnet5, s6 = subnet6). efault] <to> The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). enable Enables he logging disable Disables logging default Adopts subnet access configuration.
Example admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>set default s2 s4 deny admin(network.fw.submap)>set subnet-logging s2 s3 enable admin(network.fw.submap)>set logging s1 s2 s1s2allow default admin(network.fw.submap)>show default s2 ------------------------------------------------------------------------wan subnet1 subnet2 subnet3 subnet4 subnet5 subnet6 ------------------------------------------------------------------------deny allow allow allow deny allow allow (log enabled) admin(network.fw.submap)>
default <from>
Example
Shows all default access exception rules for subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) to all other subnets.
admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>set default s2 s4 deny admin(network.fw.submap)>set subnet-logging s2 s3 enable admin(network.fw.submap)>set logging s1 s2 s1s2allow default admin(network.fw.submap)>show default s2 ------------------------------------------------------------------------wan subnet1 subnet2 subnet3 subnet4 subnet5 subnet6 ------------------------------------------------------------------------deny allow allow allow deny allow allow (log enabled) admin(network.fw.submap)>
Goes to the DHCP submenu. Sets LAN parameters. Shows LAN parameters. Updates DNS for a subnet Updates DNS for all subnets Goes to the bridge submenu Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-93 page 3-88 page 3-90 page 3-91 page 3-92 page 3-101 page 3-1 page 3-1 page 3-1 page 3-1
Parameters
ipadr <idx> <ip> mask <idx> <netmask> dgw <idx> <ip> mode <idx> [enable|disable] name <idx> <name> port <port> <subnet> wlan <wlan> <subnet> stp <mode>
Sets the IP address of subnet <idx> (16) to the IP address <ip> in the form a.b.c.d. Sets the netmask of subnet <idx> (16) to IP address mask <netmask> in the form a.b.c.d. Sets the default gateway for the subnet <idx> (1-6) to the IP <ip>. Enables or disables the subnet identified by <idx> (16). Sets the name of the subnet <idx>(16) to <name> (can be up to 7 characters). Assigns port <port>(16) to the subnet indicated by <subnet> (none, s1, s2, s3, s4, s5, s6). Unassigns a port with <subnet> = none. Assigns WLAN number <wlan> to the subnet indicated by (none, s1, s2, s3, s4, s5, s6). Unassigns a WLAN with <subnet> = none. Enables or disables Spanning Tree Protocol (STP) for the subnets. Choose <mode> from enable or disable.
NOTE: STP is applied on mesh networks even if it is disabled through the set command.
Example admin(network.lan)>show lan 1 subnet name subnet interface ip address network mask ports wlans : : : : : : Subnet1 enable 192.168.0.1 255.255.255.0 port1 port2 port3 port4 port5 port6 wlan1
admin(network.lan)>set name admin(network.lan)>set port admin(network.lan)>set wlan admin(network.lan)>show lan subnet name subnet interface ip address network mask default gateway ports wlan vlan tag
1 NewName 4 none 2 s1 1 : : : : : : : : OfficeN enable 192.168.0.1 255.255.255.0 192.168.0.1 port1 port2 port3 port4 port5 wlan1 wlan3 1
admin(network.lan)> set stp enable admin(network.lan)> show stp STP Mode Related Commands : Enable
show lan
Shows the settings for the subnet <idx> (14). Shows the STP status for the device
admin(network.lan)>show lan 1 subnet name subnet interface ip address network mask ports wlans admin(network.lan)>set name admin(network.lan)>set port admin(network.lan)>set wlan admin(network.lan)>show lan subnet name subnet interface ip address network mask ports wlans admin(network.lan)> set stp enable admin(network.lan)> show stp STP Mode Related Commands : Enable : : : : : : Subnet1 enable 192.168.0.1 255.255.255.0 port1 port2 port3 port4 port5 port6 wlan1
1 NewName 4 none 2 s1 1 : : : : : : NewName enable 192.168.0.1 255.255.255.0 port1 port2 port3 port5 port6 wlan1 wlan2
Sets the parameters for a specified subnet (LAN). Enables or disables Spanning Tree Protocol for the device.
<idx>
Example
None
Example admin(network.lan)> updateAllDNS admin(network.lan)> Related Commands
updateDNS
Adds static DHCP address assignments. Deletes static DHCP address assignments. Lists static DHCP address assignments. Sets DHCP parameters. Shows DHCP parameters. Renews the DHCP IP address. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-94 page 3-95 page 3-96 page 3-97 page 3-99 page 3-100 page 3-1 page 3-1 page 3-1 page 3-1
Adds a static DHCP address assignment for subnet <idx> (1-6) where the device with the MAC address <mac> (aabbccddeeff format) is assigned the IP address <ip> (a.b.c.d format).
Example admin(network.lan.dhcp)>add 1 00A0F8F01234 192.160.24.6 admin(network.lan.dhcp)>add 1 00A1F1F24321 192.169.24.7 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 00A0F8F01234 192.160.24.6 2 00A1F1F24321 192.169.24.7 admin(network.lan.dhcp)>
<idx> [<entry>|all]
Deletes static DHCP assignment entries. <idx> The subnet index (1-6) <entry> The DHCP entry (1-30) all All entries.
Example admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------admin(network.lan.dhcp)>add 1 0011223344FF 191.168.0.42 admin(network.lan.dhcp)>add 1 4433221100AA 191.168.0.43 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 0011223344FF 191.168.0.42 2 4433221100AA 191.168.0.43 admin(network.lan.dhcp)>delete 1 1 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 4433221100AA 191.168.0.43 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 0011223344FF 191.168.0.42 2 4433221100AA 191.168.0.43
<idx>
Example
Lists the static DHCP address assignments for subnet <idx> (16).
admin(network.lan.dhcp)>add 1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)> admin(network.lan.dhcp)>add 1 12332244AABB 192.168.64.3 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 00A0F8F01234 192.168.63.5 2 12332244AABB 192.168.64.3
Sets the default gateway for subnet <idx> (16) to the IP address <a.b.c.d>. dns <a> <b> <c> Sets the primary/secondary DNS servers for the selected subnet. <a> The subnet (1-6) <b> The DNS server type (1=primary, 2=secondary) <c> The IP address of the server type selected in <b> in the a.b.c.d form. wins <idx> <a.b.c.d> Sets the WINS server for subnet <idx> (16) to the IP address <a.b.c.d>. lease <idx> <lease> Sets the DHCP lease time for subnet <idx> (16) to <lease> seconds (1999999). domain <idx> <dn> Sets the domain name for subnet <idx> (16) to the domain name <dn> (1 to 63 characters). mode <idx> <mode> Sets the DHCP mode for subnet <idx> (14) to <mode>. <mode> can be one of (none, client, server, relay) where: none disables DHCP node client enables the subnet to be a DHCP client server enables the subnet to be a DHCP server relay enables the subnet to be a DHCP relay range <a> <b> <c> Sets the DHCP assignment range for subnet <a> (16) from IP address <b> to another IP address <c>. relayserverip <idx> <a.b.c.d> Sets the DHCP relay server IP for subnet <idx> (1-6) to the IP <a.b.c.d>. ddnsmode <idx> <mode> Enables or disables DDNS for the subnet <idx> (1-6). <mode> can be one of enable or disable. fwdzone <idx> <fwdzone> Sets the DHCP forward zone for the subnet <idx> (1-6) to the zone specified by <fwdzone> (1 to 63 characters) ddnsusrcls <idx> <usrcls> Sets the DDNS user class <usrcls> to single or multiple for the subnet <idx> (1-6). tftp-server <idx> Sets the tftp-server IP for the subnet <idx> (1-6) to the IP <tftp-server> <tftp-server> bootfile <idx> <bootfile> Sets the bootfile name for the subnet <idx> (1-6) to the boot file name <boot-file> (max 31 characters)
Sets the IP addresses and ports numbers for WIAP enabled switches for the subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format a.b.c.d:xx and multiple addresses must be separated by comma. Sets the IP address for WIAP enabled switches for the subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format a.b.c.d and multiple addresses must be separated by a comma.
Example admin(network.lan.dhcp)>set dns 1 1 209.160.0.18 admin(network.lan.dhcp)>set dns 1 2 209.160.0.218 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server default gateway : 192.168.0.1 primary dns server : 209.160.0.18 secondary dns server : 209.160.0.218 wins server : 192.168.0.254 starting ip address : 192.168.0.11 ending ip address : 192.168.0.254 lease time : 10000 domain name : admin(network.lan.dhcp)>set domain 1 BigFishCo admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server default gateway : 192.168.0.1 primary dns server : 209.160.0.18 secondary dns server : 209.160.0.218 wins server : 192.168.0.254 starting ip address : 192.168.0.11 ending ip address : 192.168.0.254 lease time : 10000 domain name : BigFishCo admin(network.lan.dhcp)>
Displays the DHCP parameter settings for subnet <idx> (16). These parameters are set with the set command.
admin(network.lan.dhcp)>set dns 1 2 192.168.0.242 admin(network.lan.dhcp)>set dns 1 2 192.168.0.1 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server ddns mode : disable user class : default gateway : 192.168.0.50 primary dns server : 192.168.10.1 secondary dns server : 192.168.0.1 wins server : 192.168.0.254 starting ip address : 192.168.0.100 ending ip address : 192.168.0.254 relay server ip address : 0.0.0.0 lease time : 86400 domain name : forward zone : tftp-server : 0.0.0.0 bootfile : option-189 : option-43 : admin(network.lan.dhcp)>set domain 1 BigFishCo admin(network.lan.dhcp)>show dhcp 1 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server ddns mode : disable user class : default gateway : 192.168.0.50 primary dns server : 192.168.10.1 secondary dns server : 192.168.0.1 wins server : 192.168.0.254 starting ip address : 192.168.0.100 ending ip address : 192.168.0.254 relay server ip address : 0.0.0.0 lease time : 86400 domain name : BigFishCo forward zone : tftp-server : 0.0.0.0 bootfile : option-189 : option-43 :
None
Example admin(network.lan.dhcp)> renew
Shows the bridge configuration parameters Sets bridge configuration parameters Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-102 page 3-104 page 3-1 page 3-1 page 3-1 page 3-1
None
Example admin(network.lan.bridge)> show admin(network.lan.bridge)>show ** LAN1 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking ** LAN2 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking ** LAN3 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking ** LAN4 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking : : : : 32768 2 20 15
: 60 : disable : : : : 32768 2 20 15
: 60 : disable : : : : 32768 2 20 15
: 300 : disable
** LAN5 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking ** LAN6 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking admin(network.lan.bridge)>
: : : :
32768 2 20 15
: 300 : disable
Sets the bridge priority to <priority> (0-65535) for the lan <LANidx> (1-6) hello <LAN-idx> <hello> Sets the bridges hello time to <hello> (1-10) seconds for the lan <LAN-idx> (1-6) msgage <LAN-idx> <msgage> Sets the bridge message age time to <msgage> (6-40) seconds for lan <LAN-idx> (1-6) fwddelay <LAN-idx> <fwddelay> Sets the bridge forward delay time to <fwddelay> (4-30) seconds for lan <LAN-idx> (1-6) ageout <LAN-idx> <ageout> Sets the bridge forward table entry ageout to <ageout> (4-3600) seconds for lan <LAN-idx> (1-6). wireless-trunking <LAN-idx> <mode> Sets the wireless trunking mode <mode> (enable/disable) for lan <LAN-idx> (1-6)
Example admin(network.lan.bridge)>set priority 1 5 admin(network.lan.bridge)>set wireless-trunking 1 enable admin(network.lan.bridge)>show ** LAN1 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking ** LAN2 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) Entry Ageout Time (seconds) Wireless Trunking [...] : : : : 5 2 20 15
: 60 : enable : : : : 32768 2 20 15
: 60 : disable
Clears QoS parameters. Sets QoS parameters. Shows QoS parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-106 page 3-107 page 3-108 page 3-1 page 3-1 page 3-1 page 3-1
None
Example admin(network.qos)>clear queue Related Commands
set show
Sets the QoS parameters. Shows the QoS parameters and the QoS queuing statistics.
Set bandwidth share mode <mode> (none, static, weighted or rate-limit) Set the weight for WLAN <idx> (18) to <weight> (110). A weight can only be set if the bandwidth share mode is set to weighted. Sets the bandwidth share threshold for WLAN <idx> (16) to speed <speed> <054000>
admin(network.qos)>set bw-share mode weighted admin(network.qos)>set bw-share weight 1 6 admin(network.qos)>set bw-share threshold 1 12000 admin(network.qos)>show bw-share BW Share Mode:weighted -------------------------------WLAN BW Share Weight -------------------------------1 6 2 1 3 1 4 1 5 1 6 1 7 1 8 1 admin(network.qos)> Related Commands
show clear
Shows the bandwidth settings and the queuing statistics. Clears the queuing statistics.
bw-share queuing
Example
Shows the bandwidth sharing settings. Displays the radio QoS queuing statistics.
admin(network.qos)>show bw BW Share Mode:static admin(network.qos)>show qu 1 BW Share Mode:static ------------------------------------------------------------------------Priority In Out Dropped ------------------------------------------------------------------------------------------------------------------------------------------------WLAN: 1 ------------------------------------------------------------------------0 0 0 0 1 0 0 0 2 0 0 0 admin(network.qos)> Related Commands
set clear
Adds user-defined routes. Deletes user-defined routes. Lists user-defined routes. Sets RIP parameters. Shows routes/RIP parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-110 page 3-111 page 3-112 page 3-113 page 3-114 page 3-1 page 3-1 page 3-1 page 3-1
Adds a route with destination IP address <dest>, IP netmask <netmask>, gateway IP address <gw>, interface subnet or WAN set to <iface> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6 or w = WAN), and metric set to <metric> (1 15).
Example admin(network.router)>add 202.57.42.6 255.255.255.224 202.57.42.1 s2 3 admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5
<idx> all
Example
Deletes the user-defined route <idx> (120) from the list. Deletes all user-defined routes.
admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5 admin(network.router)>delete 2 admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3
None
Example admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list ------------------------------------------------------------------------index destination netmask gateway interface metric ------------------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5
auth <auth> dir <dir> id <idx> <id> key <idx> <key> passwd <passwd> type <type> dgw-if <if>
Example
Sets RIP authentication type to <auth> to one of none, simple, or md5 Sets RIP direction to <dir> to one of rx = receive, tx = transmit, or both). Sets MD5 authentication ID for key <idx> (12) to the MD5 key id <id> (1 256). Sets the MD5 authentication ID for key <idx> (12) to MD5 key <key> (up to 16 characters). Sets password for simple authentication to <passwd> (1 to 16 characters). Sets RIP type to <type> to ne of off, ripv1, ripv2, or ripv1v2. Sets the Default Gateway Interface to <if> one of none, wan, s1, s2, s3, s4, s5, s6, and default.
admin(network.router)>set auth md5 admin(network.router)>set key 1 12345678 admin(network.router)>set key 2 87654321 admin(network.router)>show rip rip rip rip rip rip rip rip rip type direction authentication type simple auth password md5 id 1 md5 key 1 md5 id 2 md5 key 2 : : : : : : : : off both md5 ******** 1 ******** 1 ********S
admin(network.router)>set type ripv1 Warning: Having RIP enabled compromises your Subnet to Subnet firewall. admin(network.router)>show rip rip rip rip rip rip rip rip rip type direction authentication type simple auth password md5 id 1 md5 key 1 md5 id 2 md5 key 2 : : : : : : : : ripv1 both md5 ******** 1 ******** 1 ********
rip routes
Example
admin(network.router)>show rip rip type : off rip direction : both rip authentication type : md5 rip simple auth password : ******** rip md5 id 1 : 1 rip md5 key 1 : ******** rip md5 id 2 : 1 rip md5 key 2 : ******** admin(network.router)>show routes --------------------------------------------------------------------------index destination netmask gateway interface metric --------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 0.0.0.0 subnet3 0 2 192.168.1.0 255.255.255.0 0.0.0.0 subnet2 0 3 192.168.0.0 255.255.255.0 0.0.0.0 subnet1 0 4 192.168.24.0 255.255.255.0 0.0.0.0 wan 0 5 0.0.0.0 0.0.0.0 192.168.24.1 wan 0
Sets VLAN parameters. Shows VLAN parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-116 page 3-117 page 3-1 page 3-1 page 3-1 page 3-1
Syntax:
assign-mode <mode> default <vlan_id> vlan-id <subnet_id> <vlan_id> trunk-port <port> allow [vlans <list>|all|none] Assigns the VLAN assignment mode <mode> to one of user or port. Assigns the default VLAN ID to <vlan_id>, which is a number between 1 and 4094. Sets the VLAN ID for subnet <subnet_id> (one of s1, s2, s3, s4, s5,or s6) to <vlan_id> (14094). Sets the Trunk Port <port> to one of none or wan. Sets the list of VLANs allowed access to the trunk port. vlans <list> Sets the allowed VLANs from <list>, a comma separated list of VLAN Ids. all Sets the allowed VLANs to all VLANs. none Sets the list of allowed VLANs to none.
Example admin(network.vlan)>set assign-mode user admin(network.vlan)>set default 3 admin(network.vlan)>show vlan 3 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID Related Commands : : : : user 3 Subnet3 Yes
show
Displays the VLAN settings for the VLAN specified by <id> (14094). Displays the Trunk settings.
admin(network.vlan)>show vlan 3 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID admin(network.vlan)>show vlan 2 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID : : : : user 2 Subnet1 No : : : : user 3 Subnet3 Yes
admin(network.vlan)>set trunk-port wan admin(network.vlan)>set all vlans 1-20 admin(network.vlan)>show trunk Trunk Port Allowed VLANs Related Commands : WAN : 1-20
set
vpn nat app dyndns trunkipfpolicy renew set show quit save .. /
Goes to the VPN submenu. Goes to the NAT submenu. Goes to the outbound content filtering submenu. Goes to the Dynamic DNS submenu Goes to the Trunk Port IP Filter Policy submenu Renews the IP address. Sets WAN parameters. Shows WAN parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-144 page 3-138 page 3-123 page 3-129 page 3-133 page 3-119 page 3-120 page 3-122 page 3-1 page 3-1 page 3-1 page 3-1
None
Example admin(network.wan)>renew admin(network.wan)>
Sets the WAN parameters. In the Web interface, this functionality if provided by the Network->WAN screen.
Syntax set [dhcp|dgw|dns|ipadr|mask|mode|ppope|mtu] Parameters
Enables or disables the switch as a DHCP client. <mode> can be one of enable or disable. dgw <a.b.c.d> Sets the default gateway IP address to <a.b.c.d>. dns <idx> <a.b.c.d> Sets the IP address of one or two DNS servers, where <idx> indicates either the primary (1) or secondary (2) server, and <a.b.c.d> is the IP address of the server. ipadr <idx> <a.b.c.d> Sets up to 8 (using <idx> from 1 to 8) IP addresses <a.b.c.d> for the WAN interface of the switch. mask <a.b.c.d> Sets the subnet mask to <a.b.c.d>. mode <idx> <mode> Enables or disables the WAN interface associated with the given <idx> (1 8) as set using the set ipadr command. <mode> can be one of enable or disable. pppoe [idle|ka|mode|passwd| Sets PPPoE parameters. type|user|mss] idle <val> Sets the PPPoE idle value <val> (165535) seconds. ka <mode> Sets the PPPoE keep alive mode <mode> (enable, disable). mode <mode> Enables or disables PPPoE. <mode> can be one of enable or disable. passwd <password> Sets the PPPoE password to <password> (1 39 Characters) type <type> Sets the PPPoE authentication type to <type> (none, pap/ chap, pap, chap). user <username> Sets the PPPoE user name to <username> (1 47 Characters). mss <msssize> Sets the PPPoE maximum segment size to <msssize> (201460). mtu Sets MTU size of wan interface. The minimum value is 128 bytes and maximum is 1500 bytes.
Example admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set dhcp enable dgw 192.168.122.25 pppoe mode enable pppoe type chap pppoe user JohnDoe pppoe passwd @#$goodpassword%$#
dhcp <mode>
show ip Shows the IP settings for the WAN. show pppoe Shows the PPPoE settings for the WAN.
ip <idx>
Shows the general IP parameters for the WAN along with settings for the WAN interface associated with <idx> (where <idx> is in the range 18).
Note: If the WAN interface IP addresses have not been specified for <idx>, the IP and Mask values will be shown as 0.0.0.0.
pppoe mtu
Example
Shows all PPPoE settings. Sets MTU size of wan interface. The minimum value is 128 bytes and maximum is 1500 bytes.
admin(network.wan)>show ip 3 wan interface ip address network mask default gateway dhcp mode primary dns server secondary dns server admin(network.wan)>show pppoe pppoe mode ip address default gateway primary dns server secondary dns server pppoe keepalive mode pppoe authentication type pppoe idle time pppoe user name pppoe password pppoe MSS : : : : : : : : : : : disable 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 disable pap/chap 600 ******** 1452 : : : : : : : enable 0.0.0.0 0.0.0.0 192.168.24.1 enable 209.142.0.2 209.142.0.218
Adds app control commands to the deny list. Deletes app control commands from the deny list. Lists app control records. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-124 page 3-126 page 3-128 page 3-1 page 3-1 page 3-1 page 3-1
web [file Denies access to the specified web files. <filename>.<ext>| file <filename>.<ext> Denies specified web file name. <filename> can be up to 15 proxy|activex] characters and * can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified. proxy Denies web proxies activex Denies ActiveX files ftp Denies access to the following FTP commands: [put|get|ls|mkdir|c put Denies access to FTP put command d|pasv] get Denies access to FTP get command ls Denies access to FTP ls command mkdir Denies access to FTP mkdir command cd Denies access to FTP cd command pasv Denies access to FTP pasv command smtp Denies access to the following SMTP command: [helo|mail|rcpt| helo Denies access to the SMTP helo command data|quit|send| mail Denies access to the SMTP mail command saml|rset|vrfy| rcpt Denies access to the SMTP rcpt command expn] data Denies access to the SMTP data command quit Denies access to the SMTP quit command send Denies access to the SMTP send command saml Denies access to the SMTP saml command rset Denies access to the SMTP rset command vrfy Denies access to the SMTP vrfy command expn Denies access to the SMTP expn command
Example admin(network.wan.app)>addcmd ftp ? put get ls mkdir cd pasv : : : : : : store command retrieve command directory list command create directory command change directory command passive mode command
admin(network.wan.app)>addcmd ftp put admin(network.wan.app)>addcmd ftp cd admin(network.wan.app)>addcmd ftp pasv admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation : : : : : : deny allow allow allow deny deny
admin(network.wan.app)>addcmd smtp helo admin(network.wan.app)>addcmd smtp vrfy admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN admin(network.wan.app)> Related Commands : : : : : : : : : : deny allow allow allow allow allow allow allow deny allow
delcmd
web [file Deletes the specified web files from the access denied list. <filename>.<ext>| file <filename>.<ext> Denied web file name. <filename> can be up to 15 proxy|activex] characters and * can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified. proxy Web proxies activex ActiveX files ftp Deletes the following FTP commands from the access denied list. [put|get|ls|mkdir|c put FTP put command d|pasv] get FTP get command ls FTP ls command mkdir FTP mkdir command cd FTP cd command pasv FTP pasv command smtp Deletes the following SMTP command from the access denied list. [helo|mail|rcpt| helo SMTP helo command data|quit|send| mail SMTP mail command saml|rset|vrfy| rcpt SMTP rcpt command expn] data SMTP data command quit SMTP quit command send SMTP send command saml SMTP saml command rset SMTP rset command vrfy SMTP vrfy command expn SMTP expn command
Example admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory : : : : : deny allow allow allow deny
Passive Operation
: deny
admin(network.wan.app)>delcmd ftp put admin(network.wan.app)>delcmd ftp cd admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN : : : : : : : : : : deny allow allow allow allow allow allow allow deny allow : : : : : : allow allow allow allow allow deny
admin(network.wan.app)>delcmd smtp helo admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN Related Commands : : : : : : : : : : allow allow allow allow allow allow allow allow deny allow
addcmd
Lists Web/HTTP app control settings. Lists FTP app control settings. Lists SMTP app control record.
admin(network.wan.app)>list web HTTP Files/Commands Web Proxy ActiveX filename admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN admin(network.wan.app)> : : : : : : : : : : deny allow allow allow allow allow allow allow deny allow : : : : : : allow allow allow deny deny deny : deny : deny :
Displays the Dynamic DNS menu. DynDNS provides a facility to update the domain name information when the IP address associated with the domain name changes.
Syntax admin(network.wan)> dyndns admin(network.wan.dyndns)>
Sets the different Dynamic DNS parameters Displays the Dynamic DNS parameters and current status Manually updates the Dynamic DNS status Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-130 page 3-131 page 3-132 page 3-1 page 3-1 page 3-1 page 3-1
Parameters
mode <mode> Enables or disables DynDNS. <mode> can be enable or disable. username <username> Sets the DynDNS user name to <username> (1-32 characters) password <password> Sets the password to <password> (1-32 characters) for the DynDNS username <username>. hostname <hostname> Sets the DynDNS server host name to <hostname> (1-32 characters).
Example admin(network.wan.dyndns)>set admin(network.wan.dyndns)>set admin(network.wan.dyndns)>set admin(network.wan.dyndns)>set mode enable username JohnDoe password JohnDoe hostname motPropServ
admin(network.wan.dyndns)>show DynDNS Configuration Mode Username Password Hostname DynDNS Update Response IP Address Hostname Status : 192.168.10.1 : motPropServ : Connected : : : : enable JohnDoe ******** motPropServ
Displays the Dynamic DNS parameter information and the current status.
Syntax show Parameters
None
Example admin(network.wan.dyndns)>show DynDNS Configuration Mode Username Password Hostname DynDNS Update Response IP Address Hostname Status : 192.168.10.1 : motPropServ : Connected : : : : enable JohnDoe ******** motPropServ
None
Example admin(network.wan.dyndns)>update IP Address Hostname : 192.168.10.1 : motPropServ
Adds Trunk Port IP Filter association table entry Removes Trunk Port IP Filter association table entry Sets Trunk Port IP Filter association parameters Displays Trunk Port IP Filter association parameters Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-134 page 3-135 page 3-136 page 3-137 page 3-1 page 3-1 page 3-1 page 3-1
Name of the Trunk Port Filter entry The direction for the filter One of allow or deny.
all <index>
Example
Removes all trunk port IP filter association table entries. Remove trunk port ip filter association table entry at the index <index>.
Enables or disables the Trunk Port IP Filtering Sets the default properties for incoming and outgoing direction to either allow or deny.
admin(network.wan.trunkipfpolicy)>show ---------------------------------------------------------------Filter-Name Direction Action ---------------------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow
admin(network.wan.trunkipfpolicy)>set default outgoing deny admin(network.wan.trunkipfpolicy)>show -----------------------------------------------------------Filter-Name Direction Action -----------------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : deny
None
Example admin(network.wan.trunkipfpolicy)>show ---------------------------------------------------Filter-Name Direction Action ---------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : deny
admin(network.wan.trunkipfpolicy)>?
Adds NAT records. Deletes NAT records. Lists NAT records. Sets NAT parameters. Shows NAT parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-139 page 3-140 page 3-141 page 3-142 page 3-143 page 3-1 page 3-1 page 3-1 page 3-1
inb <idx> <name> Sets an inbound Network Address Translation (NAT) entry. <tran> <port1> <idx> The WAN address <port2> <ip> <name> The NAT entry name <dst_port> <tran> The transport protocol (one of cp, udp, icmp, ah, esp, gre, or all) <port1> The starting port number in a port range <port2> The ending port number in a port range <ip> The internal IP address <dst_port> The optional internal translation port
Example admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21 Related Commands
Deletes one of the inbound NAT entries from the list. Displays the list of inbound NAT entries.
Syntax:
inb <idx> [<entry>|all] Deletes a NAT table entry. <idx> The WAN index (18) <entry> The NAT entry (120) all All NAT entries associated with the WAN <idx> (18)
Example admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>delete inb 2 all ^ admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------Related Commands
Adds entries to the list of inbound NAT entries. Displays the list of inbound NAT entries.
Lists the inbound NAT entries associated with WAN port <idx> (18).
admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21 Related Commands
Deletes one of the inbound NAT entries from the list. Adds entries to the list of inbound NAT entries.
Sets the inbound NAT parameters. mode <idx> <mode> Sets the inbound NAT mode for the WAN with index <idx> (18). <mode> can be one of enable or disable. ip <idx> <a.b.c.d> Forward unspecified ports and to the IP <a.b.c.d> for the WAN with index <idx> (18). outb [ip|map] Sets the outbound NAT parameters. ip <idx> <a.b.c.d> Sets 1-to-1 NAT IP mapping entries where <idx> (18) is the index of the WAN to the ip address <a.b.c.d>. map <from> <to> Sets 1-to-many NAT mapping entries where <from> is one of s1, s2, s3, s4, s5, and s6. <to> is the Wan index (18) or none. type <idx> <type> Sets the type of NAT translation for WAN address index <idx> (18) to one of none, 1-to-1, or 1-to-many.
Example admin(network.wan.nat)>set type 1 1-to-1 admin(network.wan.nat)>set outb ip 1 209.239.44.36 admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type one to one nat ip address port forwarding mode port forwarding ip address one to many nat mapping : : : : : 1-to-1 209.239.44.36 enable 0.0.0.0 subnet1 subnet2 subnet3 subnet4 _
inb [mode|ip]
show
Example
nat
<idx>
admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type one to one nat ip address port forwarding mode port forwarding ip address one to many nat mapping : : : : : 1-to-1 209.239.44.36 enable 0.0.0.0 subnet1 subnet2 subnet3 subnet4
cmgr add set list delete stats ikestate reset quit save .. /
Goes to the cmgr (Certificate Manager) submenu. Adds an security policy database (SPD) entry. Sets SPD parameters. Lists SPD entries. Deletes SPD entries. Lists statistics for all active tunnels. Lists statistics for all active tunnels. Resets all VPN tunnels. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-156 page 3-145 page 3-150 page 3-148 page 3-146 page 3-155 page 3-147 page 3-149 page 3-1 page 3-1 page 3-1 page 3-1
Creates a tunnel named <name> (1 to 13 characters) to gain access to local subnet <LSubnet> (1, 2, 3, 4, 5, 6), through local WAN IP <LWanIP> from the remote subnet with address <RSubnetIP> and subnet mask <RSubnetMask> using the remote gateway <RGatewayIP>. The local WAN IP can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP server is then used to initiate the VPN tunnel. The VPN peer must set its Remote Gateway address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only.
Example admin(network.wan.vpn)>add Bob 1 209.239.160.55 206.107.22.45 255.255.255.224 206.107.22.2 If tunnel type is Manual, proper SPI values and Keys must be configured after adding the tunnel admin(network.wan.vpn)>list -----------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>
* <name>
Example
admin(network.wan.vpn)>list ------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>delete Bob admin(network.wan.vpn)>list ------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 admin(network.wan.vpn)>
Displays statistics for all active tunnels using Internet Key Exchange (IKE). In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key.
Syntax ikestate Parameters
None
Example admin(network.wan.vpn)>ikestate ---------------------------------------------------------------------Tunnel Name IKE State Dest IP Remaining Life ---------------------------------------------------------------------Eng2EngAnnex Not Connected -----Bob Not Connected -----admin(network.wan.vpn)>
<name>
Lists all tunnel entries. Lists detailed information about tunnel named <name>. Note that the <name> must match case with the name in the SPD entry. Bob is not equal to bob, as shown in the example below.
Example admin(network.wan.vpn)>list ------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>list bob bad index value admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: ------------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : None Encryption Type : ESP Encryption Algorithm : DES ESP Inbound SPI : 0x00000100 ESP Outbound SPI : 0x00000100
None
Example admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)>
set ipsecdel <name> <mode> set auto-initiation <name> <mode> set auto-initiate-interval <interval> Parameters
Sets the Local ID type for IKE authentication for SPD <name> (1 to 13 characters) to <idtype> (one of IP, FQDN, or UFQDN). Sets the Remote ID type for IKE authentication for SPD <name> (1 to 13 characters) to <idtype> (one of IP, FQDN, or UFQDN). Sets the Local ID data for IKE authentication for SPD <name> (1 to 13 characters) to <iddata>. This value is not required when the ID type is set to IP. Sets the Remote ID data for IKE authentication for SPD <name> (1 to 13 characters) to <idtype>. Sets the Operation Mode of IKE for SPD <name> (1 to 13 characters) to 4. <opmode> can be one of Main or Aggr(essive). Sets the IKE Authentication type for SPD <name> (1 to 13 characters) to <authtype> (one of PSK or RSA). Sets the IKE Authentication Algorithm for SPD <name> (1 to 13 characters) to <authalgo>. <authalgo> can be either MD5 or SHA1. Sets the IKE Pre-Shared Key for SPD <name> (1 to 13 characters) to <psk> (149 characters). ike encalgo <name> Sets the IKE Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo> <encalgo> (one of DES, 3DES, AES128, AES192, or AES256). ike lifetime <name> Sets the IKE Key life time in seconds for SPD <name> (1 to 13 characters) to <lifetime> <lifetime> seconds. ike group <name> Sets the IKE Diffie-Hellman Group for SPD <name> (1 to 13 characters) to <group> <group> (one of G768 or G1024) type <name> <type> Sets the authentication type of SPD <name> (1 to 13 characters) to <type> (Auto or Manual). sub <name> <sub> Sets the Local Subnet (1, 2, 3, 4, 5 or 6) for SPD <name> (1 to 13 characters) to subnet number <sub> (1, 2, 3, 4, 5 or 6). remip <name> <remip> Sets the IP address for the remote end of SPD <name> (1 to 13 characters) to remote ip <remip> (a.b.c.d). remmask <name> Sets the IP Mask for the remote end of SPD <name> (1 to 13 characters) to <remmask> <remmask> (a.b.c.d). remgw <name> Sets the Remote IP gateway for SPD <name> (1 to 13 characters) to be <remgw> <remgw> (a.b.c.d). Set this value to 0.0.0.0 to support tunneling to VPN peer which is a DHCP client. authalgo <name> Sets the authentication algorithm for SPD <name> (1 to 13 characters) to <authalgo> <authalgo> (one of None, MD5, or SHA1).
ike myidtype <name> <idtype> ike remidtype <name> <idtype> ike myiddata <name> <iddata> ike remiddata <name> <iddata> ike opmode <name> <opmode> ike authtype <name> <authtype> ike authalgo <name> <authalgo> ike psk <name> <psk>
authkey <name> Sets the AH authentication key (if SPD type is Manual) for tunnel <name> (1 to 13 <direction> <authkey> characters) with the direction <direction> set to IN or OUT, and the manual authentication key set to <authkey>. (The key size is 32 hex characters for MD5, and 40 hex characters for SHA1). enctype <name> Sets the Encryption type for SPD <name> (1 to 13 characters) to <enctype> (one <enctype> of None, ESP, or ESP-AUTH). encalgo <name> Sets the Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo> <encalgo> (one of DES, 3DES, AES128, AES192, or AES256). espauthalgo <name> Sets ESP Authentication Algorithm for SPD <name> to <espauthalgo> (one of MD5 or SHA1). <espauthalgo> enckey <name> Sets the Manual Encryption Key in ASCII for SPD <name> and direction <direction> <enckey> <direction> (IN or OUT) to the key <enckey>. The size of the key depends on the encryption algorithm. - 16 hex chars for DES - 48 hex chars for 3DES - 32 hex chars for AES128 - 48 hex chars for AES192 - 64 hex chars for AES256 espauthkey <name> Sets Manual ESP Authentication Key for SPD <name> (1 to 13 characters) either <direction> for direction <direction> (IN or OUT) to <espauthkey>, an ASCII string of hex <espauthkey> characters. If authalgo is set to MD5, the provide 32 hex characters. If authalgo is set to SHA1, provide 40 hex characters. spi <name> <algo> Sets the direction <direction> (IN(bound) or OUT(bound)) SPI for <algo> (AUTH <direction> <spi> (Manual Authentication) or ESP) for SPD <name> (1 to 13 characters) to <spi> (a hex value more than 0xFF). localgw <name> <ip> Sets the Local WAN IP to <ip> (a.b.c.d) for a SPI <name> (1 to 13 characters). The local WAN IP (local gateway) can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP server is then used to initiate the VPN tunnel. The VPN peer must set its Remote Gateway address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only. usepfs <name> Enables or disables Perfect Forward Secrecy for SPD <name> (1 to 13 characters). <usepfs> salife <name> <life Sets SA life time to <lifetime> seconds (minimum 300). time> ipsecdel <name> Enables the deletion of IPSEC SA when IKE SA is deleted for the tunnel named <mode> <name> (1 to 13 characters). auto-initiation <name> Enables / disables auto-initiation by WS2000 for the tunnel named <name> (1 to <mode> 13 characters). auto-initiate-interval Sets the time duration between two consecutive auto-initiation attempts. This <time> time duration is in seconds.
Example admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: -----------------------------------------------------------------------Name : Bob Local Subnet : 1
Tunnel Type Remote IP Remote IP Mask Remote Security Gateway Local Security Gateway AH Algorithm Encryption Type Encryption Algorithm ESP Inbound SPI ESP Outbound SPI
: : : : : : : : : :
Manual 206.107.22.45 255.255.255.224 206.107.22.2 209.239.160.55 None ESP DES 0x00000100 0x00000100
admin(network.wan.vpn)>set usepfs Bob enable admin(network.wan.vpn)>set spi Bob ESP IN abcde admin(network.wan.vpn)>set spi Bob ESP OUT cdef23 admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: ------------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : None Encryption Type : ESP Encryption Algorithm : DES ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23 admin(network.wan.vpn)>set authalgo Bob MD5 admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: -----------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : MD5 Encryption Type : ESP Encryption Algorithm : DES Auth Inbound SPI : 0x00000100 Auth Outbound SPI : 0x00000100 ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23 admin(network.wan.vpn)>set authkey Bob IN 12345678901234567890123456789012 admin(network.wan.vpn)>set authkey Bob OUT 11111111112222222222333333333344 admin(network.wan.vpn)>set spi Bob AUTH IN 2233445 admin(network.wan.vpn)>set spi Bob AUTH OUT 33344 admin(network.wan.vpn)>list Bob -------------------------------------------------------------------------
Detail listing of VPN entry: -----------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : MD5 Encryption Type : ESP Encryption Algorithm : DES Auth Inbound SPI : 0x02233445 Auth Outbound SPI : 0x00033344 ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23
None
Example admin(network.wan.vpn)>stats -----------------------------------------------------------------------Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx) -----------------------------------------------------------------------Eng2EngAnnex Not Active Bob Not Active
genreq loadca loadself showreq listprivkey listself listca delprivkey delself delca expcert impcert quit save .. /
Generates a Certificate Request. Loads a trusted certificate from CA. Loads a self certificate signed by CA. Displays a certificate request in PEM format. Lists names of private keys. Lists the self certificate loaded. Lists the trusted certificate loaded. Deletes the private key. Deletes the self certificate. Deletes the trusted certificate. Exports the certificate file. Imports the certificate file. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-162 page 3-167 page 3-168 page 3-169 page 3-165 page 3-166 page 3-164 page 3-158 page 3-159 page 3-157 page 3-160 page 3-163 page 3-1 page 3-1 page 3-1 page 3-1
Exports the certificate with specified filename <file name> by either ftp or tftp. The tftp or ftp options for this file transfer will use the settings for the configuration file settings. See System Config set Command for information on how to set the tftp/ftp options.
Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>expcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands
impcert
Imports a certificate.
Exports the private key ID name to a file. The exported file will be in the same directory as used for importing or exporting configuration files.
Syntax export-req ftp <idname> <filename> Parameters
Exports the private key ID name to a file. This file is exported to the same directory as used for exporting or importing configuration files.
Syntax:
genreq <IDname> <Subject> ...optional arguments... Generates a self-certificate request for a Certification Authority (CA), where <IDname> is the private key ID (up to 7 characters) and <subject> is the subject name (up to 49 characters). A number of optional arguments can also be specified as indicated below.
-ou <Organization Unit> -on <Organization Name> -cn <City Name> -st <State> -p <Postal Code> -cc <Country Code> -e <Email Address> -d <Domain Name> -i <IP Address> -sa <Signature Algorithm> -k <Key Size>
Organization Unit (1 to 49 chars) Organization Name (1 to 49 chars) City Name of Organization (1 to 49 chars) State Name (1 to 49 chars) Postal code (9 digits) Country code (2 chars) E-mail Address (1 to 49 chars) Domain Name (1 to 49 chars) IP Address (a.b.c.d) Signature Algorithm (one of MD5-RSA or SHA1-RSA) Key size in bits (one of 512, 1024, or 2048)
Note: The parameters in {curly brackets} are optional. Check with the CA to determine what fields are necessary. For example, most CAs require an email address and an IP address, but not the address of the organization. Example admin(network.wan.vpn.cmgr)>genreq MyCert2 MySubject -ou MyDept -on MyCompany Please wait. It may take some time... -----BEGIN CERTIFICATE REQUEST----MIHzMIGeAgEAMDkxEjAQBgNVBAoTCU15Q29tcGFueTEPMA0GA1UECxMGTXlEZXB0 MRIwEAYDVQQDEwlNeVN1YmplY3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtKcX plKFCFAJymTFX71yuxY1fdS7UEhKjBsH7pdqnJnsASK6ZQGAqerjpKScWV1mzYn4 1q2+mgGnCvaZUlIo7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG/C1f Bj8AszttSo/bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX/d6+Q1SMbs+tG4RP0lRSr iWDyuvwx -----END CERTIFICATE REQUEST-----
[ftp|tftp] <filename>
Imports the certificate with specified filename <file name> by either ftp or tftp. The tftp or ftp options for this file transfer will use the settings for the configuration file settings. See System Config set Command for information on how to set the tftp/ftp options.
Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>impcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands
None
Example admin(network.wan.vpn.cmgr)>listca Trusted Certificate List:
None
Example admin(network.wan.vpn.cmgr)>listprivkey ------------------------------------------------------------------------Private Key Name Certificate Associated -------------------------------------------------------------------------
None
Example admin(network.wan.vpn.cmgr)>listself Self Certificate List:
loadca
Loads the trusted certificate (in PEM format) that is pasted into the command line. ftp <filename> (Optional parameter) Loads a CA certificate from a FTP server. <filename> is the name of the certificate file to load. The default path for loading the file is the same as used for importing or exporting configuration files.
Example admin(network.wan.vpn.cmgr)>loadca ftp cert1 Starting file transfer ... Certificate transferred successfully admin(network.wan.vpn.cmgr)>loadca Currently Only certificates in PEM format can be uploaded Enter 'Ctrl C' to abort. Paste the certificate:
Loads the self certificate signed by the CA with name <IDname>. Loads the self certificate <IDName> from a file <filename> on an FTP server. The certificate file is loaded from the same directory as used for importing or exporting configuration files.
admin(network.wan.vpn.cmgr)> loadself ftp MyCert mycert.cert Starting file transfer ... admin(network.wan.vpn.cmgr)> admin(network.wan.vpn.cmgr)>loadself MyCert Currently Only certificates in PEM format can be uploaded. Paste the certificate:
showreq <IDname>
Displays a certificate request named <IDname> generated from the genreq command.
add delete list rogueap enhancedrogueap muprobe hotspot wlanipfpolicy set show quit save .. /
Adds MU access control list entries. Deletes MU access control list entries. Lists MU access control list entries. Goes to the rogue AP submenu. Goes to the Enhanced Rogue AP submenu. Goes to the MU Probe submenu Goes to the Hotspot submenu Goes to WLAN IPF policy submenu. Sets WLAN parameters. Shows WLAN parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-171 page 3-172 page 3-173 page 3-181 page 3-207 page 3-210 page 3-213 page 3-226 page 3-174 page 3-179 page 3-1 page 3-1 page 3-1 page 3-1
Adds an entry to the MU access control list, where <idx> is the WLAN index (18), <mac1> is the starting MAC address (e.g., 001122334455), and <mac2> is ending MAC address in the acceptable range. <name> is the name of the MU ACL.
Example admin(network.wlan)>add 1 000000000000 112233445566 admin(network.wlan)>list 1 -----------------------------------------------------------------------index start mac end mac -----------------------------------------------------------------------1 000000000000 112233445566 admin(network.wlan)> Related Commands
delete list
Deletes entries from the MU access control list. Shows entries in the MU access control list.
Deletes specified entry or entries from mobile unit (MU) access control list.
Syntax delete <idx> [<entry>|all] Parameters
<idx> [<entry>|all]
Deletes MU ACL entries. <entry> Deletes MU access control list entry <entry> (130) for WLAN <idx> (18). all Deletes all access control list entries for the WLAN specified by <idx>.
Example admin(network.wlan)>add 1 223344556677 334455667788 admin(network.wlan)>list 1 -----------------------------------------------------------------------index start mac end mac -----------------------------------------------------------------------1 000000000000 112233445566 2 223344556677 334455667788 admin(network.wlan)>delete 1 2 admin(network.wlan)>list 1 ------------------------------------------------------------------------index start mac end mac -----------------------------------------------------------------------1 000000000000 112233445566 admin(network.wlan)> Related Commands
add list
Adds entries to the MU access control list. Displays entries in the MU access control list.
Lists the entries in the mobile unit (MU) access control list.
Syntax list <idx> Parameters
list <idx>
Example
Displays the entries in the MU access control list for WLAN <idx> (18).
admin(network.wlan)>list 1 ------------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------------1 000000000000 112233445566 Related Commands
add Adds entries to the MU access control list. delete Deletes entries from the MU access control list.
set mcast <widx> <midx> <mac> set [mode|no-mu-mu|vop] <idx> <mode> set name <idx> <name> set vlan-id <idx> <vlan-id>
[key|type|phrase|rotate-mode|interval|wpa2|preauth|pmk] key <idx> <key> type <idx> <type> phrase <idx> <phrase> [rotate-mode|wpa2|preauth|pmk] <idx> <mode> interval <idx> <interval> [key|type|phrase|rotate-mode|interval|mixed-mode|preauth|oppkey <idx> <key> type <idx> <type> phrase <idx> <phrase> [rotate-mode|mixed-mode|preauth|opp-pmk] <idx> <mode> interval <idx> <interval>
set ccmp pmk] set ccmp set ccmp set tkip set tkip set tkip
set wep-mcm [index|key] set wep-mcm index <a> <b> set wep-mcm key <a> <b> <c> set mu-inact <timeout> set wep_shared <mode> set handshake-timeout <idx> <timeout> set handshake-retry-count <idx> <retry-count> Parameters
Sets the default MU access control mode <mode> to allow or deny for WLAN <idx> (18). Sets default Access Port adoption mode <mode> to allow or deny for WLAN <idx> (18). Sets the authentication type for WLAN <idx> (18) to <type> (none, eap, or kerberos).
Note: EAP parameters are only in effect if eap is specified for the authentication method (set auth <idx> <type>).
Enables or disables the broadcast ESS answer for the WLAN <idx> (1 8). eap adv mu-quiet <idx> Sets the EAP MU/supplicant quiet period for WLAN <idx> (18) to <period> <period> seconds (165535). eap adv mu-tx <idx> <period> Sets the EAP MU/supplicant TX period for WLAN <idx> (18) to <period> seconds (165535). eap adv mu-timeout <idx> Sets the EAP MU/supplicant timeout for WLAN <idx> (18) to <timeout> <timeout> seconds (1255). eap adv mu-retry <idx> <retry> Sets the EAP maximum number of MU retries to <retry> (110) for WLAN <idx> (18). eap adv server-timeout <idx> Sets the server timeout for WLAN <idx> (18) to <timeout> seconds (1 <timeout> 255). eap adv server-retry <idx> Sets the maximum number of server retries for WLAN <idx> (18) to <retry> <retry> (110).
eap server <idx> <rsidx> <ip> eap port <idx> <rsidx> <port> eap rad-acct mode <idx> <mode> eap rad-acct retry-count <idx> <count> eap rad-acct timeout <idx> <time> eap rad-bind-interface <idx> <server> <interface>
Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN <idx> (18) to IP address <ip>. Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN <idx> (18) to <port>. Enables/disables RADIUS accounting for WLAN <idx> (18).
Sets RADIUS accounting retry count to <count> (110) for WLAN <idx> (18). Sets RADIUS accounting retry timeout to <time> seconds (1255) for WLAN <idx> (18). 0 indicates no timeout. Binds the RADIUS server type <server> (1 - Primary, 2 - Secondary) to the interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2, ...s6-Subnet 6, w-wan) for the WLAN <idx> (18). eap reauth mode <idx> enable/ Enables or disables the EAP reauthentication parameters for WLAN <idx> disable (18). eap reauth period <idx> Sets the reauthentication period for WLAN <idx> (18) to <period> <period> seconds (309999). eap reauth retry <idx> <retry> Sets the maximum number of reauthentication retries to <retry> (199) for WLAN <idx> (18). eap secret <idx> <rsidx> Sets the EAP shared secret <secret> (1127 characters) for server <secret> <rsidx> (1-primary or 2-secondary) on WLAN <idx> (18).
Note: Kerberos parameters are only in effect if kerberos is specified for the authentication method (set auth <idx> <type>).
Sets the remote syslog server for WLAN <idx> (18) to the IP address <ip> (a.b.c.d). eap syslog mode <idx> enable/ Enables/disables remote syslog for WLAN <idx> (18). disable enc <idx> <type> Sets the encryption type to <type> (one of none, wep40, wep104, keyguard, tkip, or ccmp) for WLAN <idx> (18).
Note: TKIP parameters are only in effect if tkip is selected as the encryption type.
Sets the 802.11 ESS ID for WLAN <idx> (18) to <ess>. Sets the Kerberos password to <password> (121 characters) for WLAN <idx> (18). Sets the Kerberos port to <port> (KDC port) for server <ksidx> (1-primary, 2-backup, or 3-remote) for WLAN <idx> (18). kerb realm <idx> <realm> Sets the Kerberos realm name for WLAN <idx> (18) to <realm> (163 characters). kerb server <idx> <ksidx> <ip> Sets the Kerberos server <ksidx> (1-primary, 2-backup, or 3-remote) IP address for WLAN <idx> (18) to <ip>. kerb user <idx> <name> Sets the Kerberos user name for WLAN <idx> (18) to <name> (121 characters). mcast <idx> <midx> <mic> Sets the multicast group address <midx> (1, 2) for WLAN <idx> (18) to MAC address <mac>. mode <idx> <mode> Enables or disables WLAN <idx> (18). name <idx> <name> Sets the name of WLAN <idx> (18) to <name> (17 characters).
ess <idx> <ess> kerb passwd <idx> <password> kerb port <idx> <ksidx> <port>
Enables or disables the stoppage of MU-to-MU communication for WLAN <idx> (18). vop <idx> <mode> Enables or disables the voice priority mode for WLAN <idx> (18). tkip key <idx> <key> Sets the TKIP key to <key> (164 hex digits) for WLAN <idx> (18). tkip type <idx> <type> Sets the TKIP key type to phrase or key for WLAN <idx> (18). tkip phrase <idx> <phrase> Sets the TKIP ASCII pass phrase to <phrase> (863 characters) for WLAN <idx> (18). tkip rotate-mode <idx> <mode> Enables or disabled the broadcast key rotation for WLAN <idx> (18). tkip interval <idx> <interval> Sets the broadcast key rotation interval to <interval> seconds (300 604800) for WLAN <idx> (18). ccmp key <idx> <key> Sets the CCMP key to <key> (164 hex digits) for WLAN <idx> (18). Must be specified when type parameter is set to key. ccmp type <idx> phrase/ Sets the CCMP key type to phrase or key for WLAN <idx> (18). key ccmp phrase <idx> <phrase> Sets the CCMP ASCII pass phrase for WLAN <idx> (18) to <phrase> (8 63 characters). Must be specified when type parameter is set to phrase. ccmp rotate-mode <idx> Enables or disables the broadcast key rotation for WLAN <idx> (18). enable/disable ccmp interval <idx> <interval> Sets the broadcast key rotation interval for WLAN <idx> (18) to <interval> (300604800) seconds. Enables or disables mixed mode (allowing WPA-TKIP clients) for WLAN ccmp mixed-mode <idx> enable/disable <idx> (18). ccmp preauth <idx> enable/ Enables or disables pre-authentication (fast roaming) for WLAN <idx> (1 disable 8). ccmp opp-pmk <idx> enable/ Enables or disables opportunistic PMK caching (fast roaming) for WLAN disable <idx> (18).
Note: The WEP authentication mechanism saves up to four different keys (one for each WLAN). It is not a requirement to set all keys, but you must associate a WLAN with the appropriate key.
wep-mcm index <idx> <kidx> Selects the WEP/KeyGuard key (from one of the four potential values of <kidx> (14) for WLAN <idx> (18). wep-mcm key <idx> <kidx> Sets the WEP/KeyGuard key for key index <kidx> (14) for WLAN <idx> <key> (18) to <key> 1 to 26 (hex digits). vlan-id <idx> <vlan-id> Sets the VLAN-ID mapping to WLAN <idx> (18) to VLAN <vlan-id> (1 4094). mu-inact <timeout> Sets the MU inactivity timeout value to <timeout> (1-60) minutes. wep_shared <mode> Enables or disables WEP shared mode. handshake-timeout <idx> Sets the 802.11i handshake timeout value to <timeout> (100-2000 ms) for <timeout> the WLAN <idx> (18). This feature is provided to prevent those MUs that do not receive EAPOL messages from restarting the association procedure. The default retry for these MUs is 2 seconds. This switch is provided to control the retry for EAPOL messages to a value that is less than 2 seconds.
Sets the 802.11i handshake retry count to <retry-count> (1-10) for the WLAN <idx> (18). This in conjunction with the handshake-timeout command controls the handshake retry time and retry count for those MUs that do not receive EAPOL messages. Enables or disables secure beacon for the WLAN <idx> (18) Enables or disables PMK validation across association and EAPOL packets Enable or disables STP on wireless side
admin(network.wlan)>set name 1 store admin(network.wlan)>set name 2 backoff admin(network.wlan)>set auth 1 kerberos Kerberos requires WEP 104 or Keyguard. The encryption type has been changed to W EP104. admin(network.wlan)>set no-mu-mu 1 enable admin(network.wlan)>show wlan 1 wlan name ess identifier wlan mode subnet vlan_id enc type auth type voice prioritization disallow mu to mu answer broadcast ess secure beacon mode default mu acl mode default ap adopt mode multicast address 1 multicast address 2 handshake timeout in milliseconds handshake retry count admin(network.wlan)> : : : : : : : : : : : : : : : : : WLAN1 101 enable s1 1 none none enable disable disable disable allow all allow all 01005E000000 09000E000000 2000 3
Syntax:
eap <idx> kerb <idx> tkip <idx> ccmp <idx> wep-mcm <idx> wlan <idx> mu-inact wep_shared enforce-pmkvalidation wireless-stp
Example admin(network.wlan)>show tkip 1 tkip tkip tkip tkip tkip key type phrase key rotate mode rotate interval : : : : : phrase ******** ******** disable 86400
Shows the EAP parameters for WLAN <idx> (18). Shows the Kerberos parameters for WLAN <idx> (18). Shows the TKIP parameters for WLAN <idx> (18). Shows the CCMP parameters for WLAN <idx> (18). Shows the WEP/Keyguard parameters for WLAN <idx> (18). Shows the basic WLAN parameters for WLAN <idx> (18). Shows the MU inactivity timeout value. Shows the WEP Shared parameters. Shows enforce-pmk-validation configuration value Show wireless STP configuration
admin(network.wlan)>show ccmp 1 ccmp key type ccmp phrase ccmp key ccmp rotate mode ccmp rotate interval ccmp mixed mode (allow WPA) 802.11i preauthentication Opportunistic PMK Caching : : : : : : : : phrase ******** ******** disable 86400 disable disable enable
admin(network.wlan)>show wep-mcm 1 wep wep wep wep wep key key key key key index 1 2 3 4 : : : : : 1 ******** ******** ******** ********
admin(network.wlan)>show wlan 1 wlan name ess identifier wlan mode enc type auth type voice prioritization disallow mu to mu answer broadcast ess default mu acl mode default ap adopt mode multicast address 1 multicast address 2 admin(network.wlan)>show eap 1 server ip 1 server ip 2 server port 1 server port 2 eap secret 1 eap secret 2 eap remote syslog mode syslog server ip Bind interface (for server 1) Bind interface (for server 2) eap reauth mode eap reauth retries eap reauth period eap eap eap eap eap eap mu quiet period mu tx period mu timeout mu retries server timeout server retries : : : : : : : : : : 0.0.0.0 0.0.0.0 1812 1812 ******** ******** disable 0.0.0.0 s1 none : : : : : : : : : : : : WLAN1 101 enable none none enable disable disable allow all allow all 01005E000000 09000E000000
: disable : 2 : 3600 : : : : : : 10 5 10 2 5 2
radius accounting retry mode radius accounting retry timeout radius accounting retry count
: disable : 10 : 2
Related Commands
set
Shows current rogue AP configuration. Sets rogue AP parameters. Goes to the rule list submenu. Goes to the approved AP list submenu. Goes to the rogue AP list submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-183 page 3-182 page 3-202 page 3-184 page 3-189 page 3-1 page 3-1 page 3-1 page 3-1
Sets the different Rogue AP parameters muscan Sets MU scanning parameters apscan Sets AP scanning parameters. detscan Sets Detector scanning parameters. For this feature to work, you must set one of the Access Ports as a Detector AP. fullapscan Sets full AP scanning parameter. For this feature to work, you must set one of the Access Ports as a Full Detector AP. Each of the above options have these settings mode <mode> <mode> can be enable or disable. Use this to enable or disable a rogue ap parameter interval <interval> Sets the scanning interval for rogue ap detection. <interval> can be between 5 to 65535 minutes. For fullapscan, the interval is in seconds. Enables or disables mobile unit scanning.
Example admin(network.wlan.rogueap)>set apscan mode enable admin(network.wlan.rogueap)>set apscan int 60 Related Commands
show
None
Example admin(network.wlan.rogueap)>show mu scan : disabled mu scan interval : 60 minutes ap scan : disabled ap scan interval : 60 minutes detector ap scan : disabled detector ap scan interval : 60 minutes full detector ap scan : disabled full detector ap scan interval : 60 seconds Related Commands
set
Shows the approved AP list. Displays the ageout time for an approved list entry. Approves an AP. Erases the list. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-188 page 3-185 page 3-186 page 3-187 page 3-1 page 3-1 page 3-1 page 3-1
ageout <interval>
Example
Sets the number of minutes, the <interval> (01000), before an entry in the approved list is automatically removed.
erase
Approves an AP.
Syntax approve [<index>|all] Parameters
approve [<index>|all]
Example
approve <index> Approves an access point from the list based on the location specified by <index>. approve all Approves all access points in the list.
erase
none
Example admin(network.wlan.rogueap.approvedlist)>erase all admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout index ----ap -: 30 minutes essid ------
Related Commands
approve show
Adds an Access Port to the approved list. Displays the approved list.
None
Example admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout index ----ap -: 30 minutes essid ------
Related Commands
show locate muscan ageout approve erase set deauth quit save .. /
Displays the rogue list entries. Goes to the submenu for locating a rogue AP. Goes to the submenu for on-demand MU polling. Displays the ageout time for a rogue list entry. Approves a rogue AP. Erases the list. Sets rogue AP related parameters Configuration related to Rogue AP Containment. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-193 page 3-196 page 3-199 page 3-190 page 3-191 page 3-192 page 3-194 page 3-195 page 3-1 page 3-1 page 3-1 page 3-1
ageout <time>
Example
Sets the ageout time for the entry associated to <time> (11000) minutes.
locate show
Locates a rogue AP. Shows the rogue AP list parameters and entries.
approve [<index>|all]
Example
approve <index> Puts the rogue AP <index> into the approved AP list. approve all Puts all the entries of the rogue list into the approved AP list.
show
None
Example admin(network.wlan.rogueap.roguelist)>erase all Example
show
show [all|<index>|deauthlist]
Displays Rogue AP lists. all Displays the complete list of rogue APs. <index> Displays detailed information for the rogue AP with index number <index>. deauth-list Displays the Rogue AP Containment list
Example admin(network.wlan.rogueap.roguelist)>show all rogue ap list ++++++++++++++++++++ rogue list ageout : 0 minutes
locate approve
Syntax:
RAP-Containment <mode> deauth-interval <interval> deauth-all <mode>
Example admin(network.wlan.rogueap)>set RAP-Containment enable admin(network.wlan.rogueap)>set deauth-interval 10 admin(network.wlan.rogueap)>set deauth-all enable Related Commands
Enables or disables Rogue AP Containment feature. Sets the Rogue AP de-authentication interval to <interval> (1300) seconds. This is the time after which MUs associated to a Rogue AP is deauthenticated. Enables or disables deauthenticating all rogue APs in the containment list.
show
Manages the Rogue AP Containment list by adding APs, their MAC address to the list and deleting APs from the list.
Syntax deauth [add-to-list|add-mac-to-list|remove-from-list] <index> deauth all Parameters
deauth all
Example
Adds or removes APs from the ACL. add-to-list <index> Adds an AP to the Rogue AP containment list at the position specified by <index>. add-mac-to-list <index> Adds the MAC address of a Rogue AP to the Rogue AP containment list at the position specified by <index>. remove-from-list <index> Removes a MAC from the Rogue AP Containment list. Removes all the contents from the Rogue AP Containment list
Starts locating a rogue AP. Lists results of the locate rogue AP scan. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-198 page 3-200 page 3-1 page 3-1 page 3-1 page 3-1
3.35.1 Network WLAN Rogue AP Rogue List Locate list Command list
Network WLAN Rogue AP Rogue List Locate Commands
None
Example admin(network.wlan.rogueap.roguelist.locate)>list Related Commands
start
3.35.2 Network WLAN Rogue AP Rogue List Locate start Command start
Network WLAN Rogue AP Rogue List Locate Commands
Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the rogue AP, and <essid> is the ESSID for the rogue AP.
list
Starts a rogue AP scan using on-demand MU polling. Lists the rogue APs found during the scan. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-201 page 3-200 page 3-1 page 3-1 page 3-1 page 3-1
3.36.1 Network WLAN Rogue AP Rogue List MU Scan list Command list
Network WLAN Rogue AP Roguelist Commands
None
Example admin(network.wlan.rogueap.roguelist.muscan)>list Related Commands
start
3.36.2 Network WLAN Rogue AP Rogue List MU Scan start Command start
Network WLAN Rogue AP Roguelist Commands
Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the rogue AP, and <ESSID> is the ESSID for the rogue AP.
list
Displays the rule list. Adds an entry to the rule list. Deletes an entry from the rule list. Authorizes all Symbol APs. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-206 page 3-203 page 3-205 page 3-204 page 3-1 page 3-1 page 3-1 page 3-1
Adds an entry into the rule list to allow an AP with the mac address <MAC> and the ESSID <ESSID>.
admin(network.wlan.rogueap.rulelist)>add 00a0f8f31212 mywlan admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----1 : disabled essid -----mywlan
ap -00:a0:f8:f3:12:12
show
authsymbolap <mode> Enables or disables automatic authorization of all Symbol APs. <mode> can be enable or disable.
Example admin(network.wlan.rogueap.rulelist)>auth enable admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----1 : enabled essid -----mywlan
ap -00:a0:f8:f3:12:12
Related Commands
show
Shows all the rules in the rule list and shows status of the Symbol AP automatic authorization.
delete [all|<idx>]
Deletes entries in the rule list. all Deletes all entries in the rule list. <idx> Deletes the entry at the <idx> index in the rule list.
Example admin(network.wlan.rogueap.rulelist)>delete all admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----ap -: enabled essid ------
Related Commands
show
None
Example admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----1 : enabled essid -----mywlan
ap -00:a0:f8:f3:12:12
Related Commands
delete add
Deletes entries from the rule list. Adds entries to the rule list.
Displays the Enhanced Rogue AP parameters. Sets the Enhanced Rogue AP parameters Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-208 page 3-209 page 3-1 page 3-1 page 3-1 page 3-1
None
Example admin(network.wlan.enhancedrogueap)>show Enhanced RAP mode ERAP scan interval ERAP scan duration Channel Set for Radio A Channel Set for Radio B/G : disabled : 10 seconds : 100 milli seconds : :
admin(network.wlan.enhancedrogueap)>
Parameters
mode <mode> scaninterval <scaninterval> scanduration <scanduration> A_channels {<channelset>} BG_channels {<channelset>} erase
Example
Enables or disables the Enhanced Rogue AP feature Sets the Enhanced Rogue AP feature scan interval. Sets the Enhanced Rogue AP feature scan duration Sets A channels to scan for Enhanced Rogue AP feature. <channelset> (Optional) Enter a list of valid channels for A Radio. Sets BG channels to scan for Enhanced Rogue AP feature <channelset> (Optional) Enter a list of valid channels for b/g Radio. Clears the Enhanced Rogue AP feature list.
admin(network.wlan.enhancedrogueap)> show Enhanced RAP mode : disabled ERAP scan interval : 10 seconds ERAP scan duration : 100 milli seconds Channel Set for Radio A : Channel Set for Radio B/G : admin(network.wlan.enhancedrogueap)> set mode enable admin(network.wlan.enhancedrogueap)> set scaninterval 33 admin(network.wlan.enhancedrogueap)> set scanduration 110 admin(network.wlan.enhancedrogueap)> set A_channels 36 40 admin(network.wlan.enhancedrogueap)> set BG_channels 1 2 3 admin(network.wlan.enhancedrogueap)> show Enhanced RAP mode ERAP scan interval ERAP scan duration Channel Set for Radio A Channel Set for Radio B/G : : : : : enabled 33 seconds 110 milli seconds 36, 40, 1, 2, 3,
Shows the MU Probe Table configuration Sets the MU Probe Table configuration Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-211 page 3-212 page 3-1 page 3-1 page 3-1 page 3-1
None
Example admin(network.wlan.muprobe)> show mu probe table mu probe table size mu probe window : disabled : 200 MUs (number of rows could be more) : 30 seconds
Parameters
Enables or disables MU Probe scans. <mode> can be enable or disable. Sets the size <size> in number of rows of the MU Probe Table. Erases the MU Probe Table Sets the MU Probe time window to <value> (5-300) seconds.
admin(network.wlan.muprobe)> show mu probe table mu probe table size mu probe window admin(network.wlan.muprobe)> admin(network.wlan.muprobe)> admin(network.wlan.muprobe)> admin(network.wlan.muprobe)> mu probe table mu probe table size mu probe window : disabled : 200 MUs (number of rows could be more) : 30 seconds set mode enable set size 100 set window 50 show : enabled : 100 MUs (number of rows could be more) : 50 seconds
Sets the hotspot parameters Displays the hotspot parameters Imports hotspot display pages Sets hotspot RADIUS configuration. Goes to a submenu. Sets the hotspot white-list. Goes to a submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-214 page 3-216 page 3-217 page 3-218 page 3-222 page 3-1 page 3-1 page 3-1 page 3-1
Parameters
hotspot-session-timeout <hotspot-session-timeout>
hotspot-cred-cache <hotspot-cred-cache>
Example
Enables or disables hotspot for a WLAN with the index value <idx> (18). Sets the location of the welcome page for Hotspot for a WLAN with the index <idx> (1-8). <page-loc> can be one of default, cf, url. When <page-loc> is default, the default pages are shown. When <page-loc> is cf, the pages for login, welcome, and fail are stored on the CF card and are displayed from there. When <page-loc> is url, the pages are displayed from a URL. The URL information is provided through the set exturl command. Sets the URL locations for the hotspot login, welcome, and fail pages for a WLAN with the index value <idx> (1-8). <page> should be one of login, welcome, or fail and indicates the page type. <url> is the fully qualified path to the page indicated by the <page> value. Sets the HTTP mode for the hotspot for the WLAN with index <idx> (1-8). <http-mode> can be one of http or https. HTTP indicates that connections to the hotspot does not use security. HTTPS indicates use of security. Sets the timeout value for the hotspot to <hotspot-session-timeout> minutes. This value is global and is applicable to all WLANs. The default value for <hotspot-session-timeout> is 20 minutes and the maximum value that can be entered is 1440 minutes (1 day). Enables or disables hotspot user credential caching for the WS2000.
admin(network.wlan.hotspot)> show hotspot 1 WLAN 1 Hotspot Mode Hotspot Page Location External Login URL External Welcome URL : disable : default : :
External Fail URL Http Mode admin(network.wlan.hotspot)> admin(network.wlan.hotspot)> admin(network.wlan.hotspot)> hotspt/login.htm admin(network.wlan.hotspot)> hotspt/welcome.htm admin(network.wlan.hotspot)> hotspt/fail.htm admin(network.wlan.hotspot)> WLAN 1 Hotspot Mode Hotspot Page Location External Login URL External Welcome URL welcome.htm External Fail URL Http Mode
: : https set mode 1 enable set page-loc 1 url set exturl 1 login //192.168.1.10/wlan1/ set exturl 1 welcome //192.168.1.10/wlan1/ set exturl 1 fail //192.168.1.10/wlan1/ show hotspot 1 : : : : enable url //192.168.1.10/wlan1/hotspt/login.htm //192.168.1.10/wlan1/hotspt/
: //192.168.1.10/wlan1/hotspt/fail.htm : https
Displays the hotspot configuration settings. Displays the white list rules. Displays the global hotspot session timeout value. Displays the enable/disable status for hotspot user credentials caching.
admin(network.wlan.hotspot)> show hotspot 1 WLAN 1 Hotspot Mode Hotspot Page Location External Login URL External Welcome URL welcome.htm External Fail URL Http Mode : : : : enable url //192.168.1.10/wlan1/hotspt/login.htm //192.168.1.10/wlan1/hotspt/
: //192.168.1.10/wlan1/hotspt/fail.htm : https
admin(network.wlan.hotspot)> show white-list 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 admin(network.wlan.hotspot)> show hs-session-timeout Hotspot Session Timeout : 10 admin(network.wlan.hotspot)> show hs-cred-caching Hotspot Credential Cache Mode : Disabled
Imports the html pages for the welcome, login, and fail screens.
Syntax import <idx> <page> Parameters
import <idx> <page> Imports the specified page for the WLAN with index <idx> (1-8). <page> must be one of login, welcome, or fail. Paste the html page into the console.
Example admin(network.wlan.hotspot)> import 1 login Enter 'Ctrl C' to abort. Paste the HTML Page: <html> <Head> <title>Office1 WLAN - Login Page</title> </head> <body> <h1 align="center">Office1 Wireless LAN - Login Page</h1> <HR width=50%> <p align ="center"><b>Please enter your login information below</b></p> <form action="login.asp> <center> <table width=25%> <tr> <tD>User Name</td> <td><input > </input></td> </tr> <tr> <td>Password</td> <td><input type=password> </input></td> </tr> </table> <br> <button type=submit> <strong>Login</strong> </button> <hr width=50%> <p>Page usage monitored and IP captured. Do not login if not authorized.</p> </center> </form> </body> </html>
Displays the RADIUS server commands for hotspot. RADIUS is used to authenticate hotspot users.
Syntax admin(network.wlan.hotspot)> radius admin(network.wlan.hotspot.radius)>
Shows RADIUS configuration settings. Sets RADIUS configuration Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-219 page 3-220 page 3-1 page 3-1 page 3-1 page 3-1
Displays the RADIUS information for the WLAN with the index <idx> (1-8).
show radius 1 127.0.0.1 1812 ****** 0.0.0.0 1812 ****** disable 1 1
admin(network.wlan.hotspot.radius)> Primary Server Ip adr : Primary Server Port : Primary Server Secret : Secondary Server Ip adr : Secondary Server Port : Secondary Server Secret : Accounting Mode : Accounting Timeout : Accounting Retry-count :
Configures the RADIUS server information for hotspots for each WLAN.
Syntax set [server|port|secret|acct-mode|acct-timeout|acct-retry| bind-interface|auth-mode] set set set set set set set set server <idx> <srvr_type> <ipadr> port <idx> <srvr_type> <port> secret <idx> <srvr_type> <secret> acct-mode <idx> <mode> acct-timeout <idx> <timeout> acct-retry <idx> <retry_count> bind-interface <idx> <server> <interface> auth-mode <idx> <mode>
Parameters
acct-timeout <idx> <timeout> acct-retry <idx> <retry-count> bind-interface <idx> <server> <interface> auth-mode <idx> <mode>
Sets the IP address <ipadr> of the RADIUS server for the WLAN with index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. Sets the port <port> of the RADIUS server for the WLAN with the index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. Sets the secret <secret> for accessing the RADIUS server for the WLAN with the index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. Enables or disables accounting mode for the RADIUS server for the WLAN with the index <idx> (1-8). When enabled, RADIUS accounting log is written to the CF card when the RADIUS server is not reachable. Sets the time duration <timeout> (1-255) seconds after which RADIUS logs are written to the CF card. Sets the number of re-tries <retry-count> (1-10) made before RADIUS logs are written to the CF card. Binds the RADIUS server type <server> (Primary or Secondary) to the interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2, ...s6-Subnet 6, w-wan) for the WLAN <idx> (18). Sets the radius authentication mode to either PAP or CHAP. This is used to encrypt authentication packets when authenticating with radius servers located on the WAN side of WS2000.
set set set set set server server port 1 port 1 secret 1 primary 192.169.1.222 1 secondary 192.169.1.223 primary 1812 secondary 1812 1 primary hello1
admin(network.wlan.hotspot.radius)> set secret 1 secondary hello2 admin(network.wlan.hotspot.radius)> set acct-mode 1 enable admin(network.wlan.hotspot.radius)> set acct-timeout 1 90 admin(network.wlan.hotspot.radius)> set acct-retry 1 8 admin(network.wlan.hotspot.radius)> set bind-interface 1 primary s1 admin(network.wlan.hotspot.radius)> set auth-mode 1 PAP admin(network.wlan.hotspot.radius)>show radius 1 Primary Server Ip adr : 192.168.1.222 Primary Server Port : 1812 Primary Server Secret : ****** Primary client bind interface : s1 Secondary Server Ip adr : 192.169.1.223 Secondary Server Port : 1812 Secondary Server Secret : ****** Secondary client bind interface : none Accounting Mode : disable Accounting Timeout : 10 Accounting Retry-count : 3 RADIUS auth-mode : PAP admin(network.wlan.hotspot.radius)>
Displays the White-list submenu. White-list is a list of devices that can use the hotspot.
Syntax admin(network.wlan.hotspot)> white-list admin(network.wlan.hotspot.whitelist)>
Adds hotspot white-list entries. Clears the hotspot white-list entries. Displays the hotspot white-list entries. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-223 page 3-225 page 3-225 page 3-1 page 3-1 page 3-1 page 3-1
Adds an entry to the WLAN hotspot white-list. White-list is a list of devices that can access the hotspot.
Syntax add rule <wlan_idx> <ipadr> Parameters
Adds an IP entry <ipadr> to the White-list for the WLAN specified by the index <wlan_idx> (1-8)
admin(network.wlan.hotspot.whitelist)> add rule 1 192.168.1.67 admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67
clear rule all Clears all the hotspot white-list entries. clear rule <wlan_idx> all Clears all the hotspot white-list entries for the WLAN specified by the <wlan_idx> (1-8) value. clear rule <wlan_idx> <ipadr> Clears a specific IP address <ipadr> from the hotspot white-list entries for the WLAN specified by the <wlan_idx> (1-8) value.
Example admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67 admin(network.wlan.hotspot.whitelist)> clear rule 1 192.168.1.67 admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 admin(network.wlan.hotspot.whitelist)> clear rule all admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address -------------------------------------------------------------------------
show white-rules <idx> Displays the hotspot white-list for the WLAN with the index <idx> (1-8).
Example admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67
Sets the WLAN IP Filter Policy configurations. Adds entries to the WLAN IP Filter table. Deletes entries from the WLAN IP Filter table. Displays the WLAN IP filter table. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-227 page 3-228 page 3-229 page 3-230 page 3-1 page 3-1 page 3-1 page 3-1
Sets the WLAN IP filter policy configuration. IP Filters have to be set up through the Network > IPFilter menu.
Syntax set [ipf-mode|default] set ipf-mode <wlan-idx> <ipf-mode> set default [incoming|outgoing] <wlan-idx> <action>
Syntax:
ipf-mode <wlan-idx> <ipf-mode> default [incoming|outgoing] <wlan-idx> <action> Sets the IP filter mode <ipf-mode> (enable/disable) for the WLAN with the index <idx> (1-8). incoming Sets the default incoming action to <action> (allow/deny) for IP filtering for he WLAN with the index <idx> (1-8). outgoing Sets the default outgoing action to <action> (allow/deny) for IP filtering for he WLAN with the index <idx> (1-8).
Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action : disable : deny : deny
admin(network.wlan.wlanipfpolicy)> set ipf-mode 1 enable admin(network.wlan.wlanipfpolicy)> set default outgoing 1 allow admin(network.wlan.wlanipfpolicy)> set default incoming 1 allow admin(network.wlan.wlanipfpolicy)>show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow
Adds a new IP Filter association table entry. IP Filters have to be set up through the Network > IPFilter menu.
Syntax add <wlan-idx> <filter-name> <direction> <action> Parameters
add <wlan-idx> <filter-name> <direction> <action> Adds a new IP Filter association table entry. The <filter-name> is the name of the filter to be added to the WLAN specified by the <wlan-idx> (1-8). The <direction> could be incoming or outgoing. The <action> could be allow or deny.
Example admin(network.wlan.wlanipfpolicy)> add 1 allow_tcp incoming allow admin(network.wlan.wlanipfpolicy)> add 1 allow_tcp outgoing deny admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow
Syntax:
delete <wlan-idx> [all|<index>]
Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow
Deletes an IP Filter association table entry. The WLAN is specified by the <wlan-idx> (1-8). <index> indicates the filter to delete. all is used to delete all entries from the IP Filter association table.
admin(network.wlan.wlanipfpolicy)> del 1 2 admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow
show <wlan-idx> Displays the IP filter association table for the WLAN with the index <wlan-idx> (1-8).
Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode Default Incoming Action Default Outgoing Action : enable : allow : allow
Shows the port configuration settings. Sets the port configuration Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-233 page 3-232 page 3-1 page 3-1 page 3-1 page 3-1
Enables or disables auto negotiation. When enabled, the port negotiates the speed and the duplex type. <auto-negotiation> can be one of enable or disable. <idx> (port1-port6, wan) is the port number. Sets the speed for the port with the index <idx> (port1-port6, wan). Set <speed> from 10M or 100M. Sets the duplex mode for the port with the index <idx> (port1-port6, wan). Set the <duplex> value from full or half.
admin(network.port)> show port1 auto-negotiation speed duplex admin(network.port)> admin(network.port)> admin(network.port)> admin(network.port)> auto-negotiation speed duplex : disable : 10M : half set auto-negotiation port1 enable set speed port1 100M set duplex port1 full show port1 : enable : 100M : full
show <idx>
Example
Displays the port configuration settings for the port <idx> (port1-port6, wan).
Displays the IP Filter submenu. IP based filtering allows administrators to configure Incoming and Outgoing IP filtering policies on packets within the same Subnet / WLAN and between wired and wireless hosts. Filters can be set up based on IP Address or as a default rule for all IPs in a given direction.
Syntax admin(network)> ipfilter admin(network.ipfilter)>
Adds a filter to the global IP Filter table. Deletes a filter from the global IP Filter table. Shows the global IP Filter table. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-235 page 3-236 page 3-237 page 3-1 page 3-1 page 3-1 page 3-1
add <filter-name> <protocol> <port> <start-src-address> <end-src-address> <start-dest-address> <enddest-address> Adds an IP Filter with <filter-name> to the IP Filter table. <protocol> can be one of tcp, udp, icmp, pim, gre, rsvp, idp, pup, egp, ipip, esp, ah, igmp, ipv6, compr_h, raw_ip. <port> is the port number. Could also be all. <start-src-address> to <end-src-address> is the source ip range for which this filter is applied <start-dest-address> to <end-dest-address> is the destination ip range for which this filter is applied.
Example admin(network.ipfilter)> add port80tcp TCP 80 192.168.1.100 192.168.1.250 0.0.0.0 0.0.0.0 admin(network.ipfilter)> show ------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0 port80tcp TCP 192.168.1.100 0.0.0.0 NO 80 192.168.1.250 0.0.0.0
del [all|<index>] Deletes IP Filter table entries. del <index> Deletes the global IP Filter table entry at <index>. del all Deletes all entries of the global IP Filter table.
Example admin(network.ipfilter)> del 3 admin(network.ipfilter)> show ------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0
None
Example admin(network.ipfilter)> show ------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0
Description:
Displays the Wireless Intrusion Protection System (WIPS) submenu.
Syntax admin(network)> wips admin(network.wips)>
Sets WIPS parameters. Displays WIPS parameters Lists the APs and Sensors discovered. Converts APs to dedicated WIPS sensors Revers dedicated WIPS sensors to APs Sends WIPS configuration to the sensors Goes to the Defaults submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-239 page 3-240 page 3-241 page 3-242 page 3-243 page 3-244 page 3-245 page 3-1 page 3-1 page 3-1 page 3-1
Enables or disables WIPS mode Shows sensor configuration <mac> Shows mac-Sensor MAC address
list [sensors|aps]
Example
list aps Lists the sensor APs list sensors Lists the discovered APs
admin(network.wips)> list sensors ------------------------------------------------------------------------Idx Sensor MAC IP address ------------------------------------------------------------------------1 00a0f8bf8a70 192.168.0.167 admin(network.wips)> list APs ------------------------------------------------------------------------Idx AP MAC Conversion State ------------------------------------------------------------------------1 00a0f8bf8a70
Converts an existing AP to a dedicated Sensor device. This command is only valid for Motorola AP300.
Syntax convert <mac1> <mac2> ... Parameters
Converts the list of AP represented by their MAC addresses <mac1> <mac2>... to dedicated sensor devices.
admin(network.wips)> convert 00a0f8bf8a70 Conversion is started in the background admin(network.wips)> list sensors ------------------------------------------------------------------------Idx Sensor MAC IP address ------------------------------------------------------------------------1 00a0f8bf8a70 192.168.0.167
Reverts a dedicated Sensor device to an AP. This command is only valid for Motorola AP300.
Syntax revert <mac1> <mac2> ...
Syntax:
revert <mac1> <mac2> Converts the list of Sensors represented by their MAC addresses <mac1> ... <mac2>... to APs.
Example admin(network.wips)> revert 00a0f8bf8a70 Revert is started in the background admin(network.wips)> list aps ---------------------------------------------------------------------------Idx AP MAC Conversion State ---------------------------------------------------------------------------1 00a0f8bf8a70
update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>} Sends the configuration information to the sensor device, where: <mac> is the MAC address of the sensor device. <dhcp_mode> is the dhcp mode. Mode can be either client or static. <ipaddr> is the IP address of the sensor device. This field is only required when the <dhcp_mode> is static. <mask> is the subnet mask for the IP address of the sensor device. This field is only required when the <dhcp_mode> is static. <dgw> is the default gateway for the sensor device. This field is only required when the <dhcp_mode> is static. <pwips> is the IP address of the primary WIPS server. <swips> is the IP address of the secondary WIPS server. This value is optional.
Example admin(network.wips)> show sensor 00a0f8bf8a70 Sensor MAC DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server : : : : : : : 00a0f8bf8a70 client 192.168.1.107 255.255.255.0 192.168.1.1 192.168.0.20 192.168.0.21
admin(network.wips)> update 00a0f8bf8a70 static 192.168.1.108 255.255.255.0 192.168.1.10 192.168 .0.20 192.168.0.21 admin(network.wips)> show sensor 00a0f8bf8a70 Sensor MAC DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server : : : : : : : 00a0f8bf8a70 client 192.168.2.100 255.255.255.0 192.168.2.1 192.168.0.20 192.168.0.21
Shows the WIPS default configuration settings. Sets the Sensor default configuration for WIPS. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-247 page 3-246 page 3-1 page 3-1 page 3-1 page 3-1
Sets the default WIPS configuration settings. These settings are used when WIPS configurations are not changed.
Syntax set mode <mode> set [ipaddr|mask|dgw|pwips|swips] <a.b.c.d>
Syntax:
mode <mode> ipaddr <a.b.c.d> mask <a.b.c.d> dgw <a.b.c.d> pwips <a.b.c.d> swips <a.b.c.d>
Example admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server : : : : : : set mode enable set ipaddr 192.168.0.10 set mask 255.255.255.0 set dgw 192.168.0.1 set pwips 192.168.0.20 set swips192.168.0.21 show
Sets the default mode to enable or disable. Sets the IP address to <a.b.c.d> for the WIPS sensor. Sets the network mask to <a.b.c.d> for the WIPS sensor Sets the default gateway for the WIPS sensor to <a.b.c.d> Sets the primary WIPS server to <a.b.c.d> Sets the secondary WIPS server to <a.b.c.d>.
None
Example admin(network.wips.default)> show DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server : : : : : : client 192.168.0.10 255.255.255.0 192.168.0.1 192.168.0.20 192.168.0.21
Shows WIDS status and statistics Sets WIDS parameters Removes WIDS MU List entries Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-254 page 3-250 page 3-249 page 3-1 page 3-1 page 3-1 page 3-1
delete [all|<idx>]
Example
all Deletes all the MU from the list. <idx> Deletes MU list entry at the index <idx>.
Parameters
mode <mode> Enables or disables WIDS. <mode> can be enable or disable. detect-window Sets the duration for which WIDS information is collected to <detect-window> (5<detect-window> 300) seconds. Once collected, the information is sent for analysis. The deafult value for <detect-window> is 10 seconds.
anomaly-detect [mode|filterageout]
Configures the anomaly detection mode. mode <violation-type> <mode> Enables or disables anomaly detection for each violation type <violation-type>. <mode> can be enable or disable. <violation-type> can be one of the following: all - all the anomalies. null-dst - NULL destination MAC anomaly same-src-dst - Same source and destination IP anomaly mcas-src - Multicast source MAC anomaly weak-wep-iv - Weak WEP initialization vector anomaly tkip-cntr-meas - TKIP Countermeasures anomaly invalid-frame-len - Invalid frame length anomaly filter-ageout <type> <filter-ageout> Sets the number of seconds a mobile unit is filtered out. <type> is the violation type and can be one of: all - all the anomalies. null-dst - NULL destination MAC anomaly same-src-dst - Same source and destination IP anomaly mcas-src - Multicast source MAC anomaly weak-wep-iv - Weak WEP initialization vector anomaly tkip-cntr-meas - TKIP Countermeasures anomaly invalid-frame-len - Invalid frame length anomaly <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds. 0 disables this option.
excess-op [threshold|filterageout]
Sets the threshold of events allowed in the detection window per MU. threshold [mu|radio|switch] <type> <threshold> Sets the threshold values for mu, radio, or switch. <type> is the violation type and can be one of: all - all types of excessive operations probe-req - Probe Request frames auth-assoc-req - 802.11 Authentication and Association Request deauth-disassoc-req - Disassociation and Deauthentication frames auth-fails - Failures reported by Authentication servers crypto-replay-fails - TKIP/CCMP IV replay check failure 80211-replay-fails - 802.11 replay check failure decrypt-fails - decryption failures unassoc-frames - frames from unassociated stations eap-starts - EAP (802.1x) Start frames <threshold> (0-65535) is the threshold value in seconds, 0 disables this option filter-ageout <type> <filter-ageout> Sets the number of seconds a mobile unit is filtered out. <type> is the violation type and can be one of: all - all the anomalies. null-dst - NULL destination MAC anomaly same-src-dst - Same source and destination IP anomaly mcas-src - Multicast source MAC anomaly weak-wep-iv - Weak WEP initialization vector anomaly tkip-cntr-meas - TKIP Countermeasures anomaly invalid-frame-len - Invalid frame length anomaly <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds. 0 disables this option.
set mode enable set detect-window 25 set anomaly-detect mode all enable set anomaly-detect filter-ageout all 120 set excess-op threshold mu all 80 set excess-op filter-ageout all 80 show wids : Enabled : 10 (Secs) Threshold (0 == disabled) mu 80 80 80 80 radio 0 0 0 0 switch 0 0 0 0 Filter-Ageout 80 80 80 80
Example admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> WIDS feature is Detect Window Excessive Operations :: (Secs) -------------------probe-req : auth-assoc-req : deauth-disassoc-req : auth-fails :
crypto-replay-fails 80211-replay-fails decrypt-fails unassoc-frames eap-starts Anomaly Analysis ---------------null-dst same-src-dst mcast-src weak-wep-iv tkip-cntr-meas invalid-frame-len
: : : : : :: : : : : : :
0 0 0 0 0
0 0 0 0 0
80 80 80 80 80
show [wids|filter]
Example
wids Displays the default WIDS configuration values. filter Displays the filter configuration values.
admin(network.wids)> show wids WIDS feature is Detect Window Excessive Operations :: (Secs) -------------------probe-req : auth-assoc-req : deauth-disassoc-req : auth-fails : crypto-replay-fails : 80211-replay-fails : decrypt-fails : unassoc-frames : eap-starts : Anomaly Analysis ---------------null-dst same-src-dst mcast-src weak-wep-iv tkip-cntr-meas invalid-frame-len :: : : : : : : : Enabled : 10 (Secs) Threshold (0 == disabled) mu 80 80 80 80 80 80 80 80 80 Status enabled enabled enabled enabled enabled enabled radio 0 0 0 0 0 0 0 0 0 switch 0 0 0 0 0 0 0 0 0 Filter-Ageout 80 80 80 80 80 80 80 80 80
Goes to the Keyword submenu Goes to the Whitelist submenu Goes to the Blacklist submenu Goes to the Trusted IP submenu Sets the URL Filter configuration information Displays URL Filter configuration information Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-258 page 3-263 page 3-267 page 3-271 page 3-256 page 3-257 page 3-1 page 3-1 page 3-1 page 3-1
Parameters
Sets the URL Filter mode. <mode> can be enable or disable. Sets the TCP Port for URL Filtering to <tcp-port>. Sets the error message to the string <error-msg> for URL Filtering. This error message is displayed when there is an error while accessing the page the user had requested. Sets the default action for URL Filtering when reverse DNS look-up fails. <action> can be one of allow or deny.
admin(network.urlfilter)> show URL Filter Mode TCP Port Number Error Message : Disable : 0 :
admin(network.urlfilter)>admin(network.urlfilter)>set mode enable admin(network.urlfilter)>set tcp-port 100 admin(network.urlfilter)>set error-msg "Error message" admin(network.urlfilter)>set action deny admin(network.urlfilter)>show URL Filter Mode TCP Port Number Error Message Action on DNSRD reply failure : : : : Disable 80 policies of your service provider deny
None
Example admin(network.urlfilter)>show URL Filter Mode TCP Port Number Error Message Action on DNSRD reply failure : : : : Disable 80 policies of your service provider deny
Adds a new keyword and action to the keyword filter table Deletes keyword from the keyword filter table Removes all keywords in the keyword filter table Displays the URL Filter Keyword table entries Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-259 page 3-260 page 3-261 page 3-262 page 3-1 page 3-1 page 3-1 page 3-1
Adds a filter to the keyword filter table. <keyword> The keyword to be searched <action> allow or deny. The action to be performed when the <keyword> is found.
admin(network.urlfilter.keyword)>add share deny admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share deny admin(network.urlfilter.keyword)>add trading deny admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share deny trading deny admin(network.urlfilter.keyword)>
delete <keyword> Deletes the keyword <keyword> from the URL Filter keyword table.
Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share deny trading deny admin(network.urlfilter.keyword)>delete share admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action trading Deny admin(network.urlfilter.keyword)>
None
Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord share trading stocks stock admin(network.urlfilter.keyword)>removeall admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord
Action
None
Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share Deny trading Deny
Adds a whitelist entry to the URL whitelist table. Deletes a whitelist entry from the URL whitelist table. Displays the URL whitelist table entries. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-264 page 3-265 page 3-266 page 3-1 page 3-1 page 3-1 page 3-1
add <whitelist>
Example
Adds a whitelist entry into the whitelist table. <whitelist> is an URL to be added.
admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com admin(network.urlfilter.whitelist)>add moto.com admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com admin(network.urlfilter.whitelist)>
delete [<whitelist>|all]
Example
Deletes the entries from the URL whitelist table. <whitelist> deletes the specified URL from the URL whitelist table all deletes all URLs from the URL whitelist table
admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com motoo.com admin(network.urlfilter.whitelist)>delete motoo.com admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com admin(network.urlfilter.whitelist)>delete all admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS---------
None
Example admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com admin(network.urlfilter.whitelist)>
Adds an URL to the blacklist table Deletes a URL from the blacklist table Displays the URL blacklist table entries Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-268 page 3-269 page 3-270 page 3-1 page 3-1 page 3-1 page 3-1
add <blacklist>
Example
admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com admin(network.urlfilter.blacklist)>add trading.com admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com admin(network.urlfilter.blacklist)>
del [<blacklist>|all]
Example
Deletes the entries from the URL blacklist table. <blacklist> The URL to be removed from the blacklist table. all Removes all URLs from the URL blacklist table.
admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com dipmail.com admin(network.urlfilter.blacklist)>delete dipmail.com admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com admin(network.urlfilter.blacklist)>delete all admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS---------
None
Example admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com admin(network.urlfilter.blacklist)>
Adds an IP to the trusted IP list Deletes an IP from the trusted IP list Displays the list of trusted IPs Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 3-272 page 3-273 page 3-274 page 3-1 page 3-1 page 3-1 page 3-1
add <trustip>
Example
admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 admin(network.urlfilter.trustip)>add 192.168.10.10 admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>
del [<trustip>|all] Deletes trusted IP entries from the trusted IP list. <trustedip> Deletes the IP <trustedip> from the trusted IP list all Deletes all trusted IPs from the trusted IP list.
Example admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 192.168.11.9 admin(network.urlfilter.trustip)>del 192.168.11.9 admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>
None
Example admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>
4.1 system
Admin Menu Commands
lastpw exec config logs ntp snmp userdb radius test WS2000 authentication ssh redundancy cf http save quit .. /
Displays the last debug password. Execute a linux command. Goes to the config submenu. Goes to the logs submenu. Goes to the NTP submenu. Goes to the SNMP submenu. Goes to the userdb submenu. Goes to the RADIUS submenu. Goes to the test submenu. Goes to the WS2000 submenu. Goes to the authentication submenu. Goes to the SSH submenu. Goes to the redundancy submenu. Goes to the CF submenu. Goes to the HTTP submenu Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu
page 4-2 page 4-3 page 4-10 page 4-22 page 4-28 page 4-70 page 4-92 page 4-33 page 4-127 page 4-113 page 4-4 page 4-89 page 4-66 page 4-122 page 4-124 page 2-6 page 2-5 page 2-7 page 2-8
This command displays the MAC address for the switch, the previous admin password for the switch, and the number of times the current admin password has been used along with how many more times it will be valid.
Syntax lastpw Parameters
None
Example admin(system)>lastpw WS2000 MAC Address is 00:a0:f8:6f:d8:fc Last Password was symbol12 Current password used 0 times, valid 4 more time(s)
Goes to the RADIUS submenu. Sets the mode. Shows the authentication parameters. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 4-7 page 4-5 page 4-6 page 4-1 page 4-1 page 4-1
Sets the parameter that specifies how user authentication is taking place.
Syntax set [mode|auth-loc] [local|radius]
Syntax:
set mode [local|radius] Sets the authentication mode. If set to local, the internal User Database will serve as the data source. If set to radius, the switch will use an external LDAP server for the information. If radius is the mode, then the parameters under the radius submenu must to be set. Sets the Airbeam user authentication to either the local database or the RADIUS server. If set to radius, the switch will use an external LDAP server for the authentication. If radius is the authentication location, then the RADIUS server is used for authentication.
Example admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode : local admin(system.authentication)> Related Commands
set
Sets the parameters to specify that the external RADIUS server is used for user authentication.
None
Example admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode : local radius user location and type : radius admin(system.authentication)> Related Commands
set
Sets the RADIUS authentication parameters. Shows the RADIUS authentication parameters. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 4-8 page 4-9 page 4-1 page 4-1 page 4-1
Sets the IP address for the RADIUS authentication proxy server to the IP address <IP>. auth-server-port <port> Specifies the TCP/IP port number <port> for the RADIUS server that will act as a proxy server. The default port is 1812. shared-secret <password> Sets a shared secret <password> for each suffix that is used for authentication with the RADIUS proxy server.
Example admin(system.authentication.radius)>set auth-server-ip 192.168.0.4 admin(system.authentication.radius)>set auth-server-port 1812 admin(system.authentication.radius)>set shared mysecret admin(system.authentication.radius)> admin(system.authentication.radius)>show all radius server ip : 192.168.0.4 radius server port : 1812 radius server shared secret : ********
None
Example admin(system.authentication.radius)> set auth-server-ip 192.168.0.4 admin(system.authentication.radius)> set auth-server-port 1812 admin(system.authentication.radius)> set shared mysecret admin(system.authentication.radius)>show all radius server ip : 192.168.0.4 radius server port : 1812 radius server shared secret : ******** Related Commands
set
default export import partial set show update sensor-fw-update loadtocf save quit .. /
Restores default configuration Exports configuration from the system Imports configuration to the system Restores partial default configuration Sets import/export parameters Shows import/export parameters Performs firmware update Performs firmware update for the sensors Loads the current firmware to a CF card Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu
page 4-11 page 4-12 page 4-14 page 4-15 page 4-16 page 4-18 page 4-19 page 4-20 page 4-21 page 2-6 page 2-5 page 2-7 page 2-8
None
Example admin(system.config)>default Are you sure you want to default the configuration? (yes/no):yes ************************************************************************* System will now restore default configuration. You will need to set the country code for correct operation. ************************************************************************* Restoring default configuration : [ In progress ]
Syntax:
export Exports the system configuration. [ftp|tftp|terminal ftp Exports the configuration to the FTP server. Use the set command to set the sftp] server, user, password, and file name before using this command. tftp Exports the configuration to the TFTP server. Use the set command to set the IP address for the TFTP server before using the command. terminal Exports the configuration to the terminal. sftp Exports the configuration to the sftp server.
Example
// WS2000 menu set name WS2000 set loc Extra\20office set email fred@symbol.com set cc us set airbeam mode disable set airbeam enc-passwd a11e00942773 set applet lan enable set applet wan enable set applet slan enable set applet swan enable set cli lan enable set cli wan enable set snmp lan enable set snmp wan enable / system config --More--
Imports configuration from external devices. ftp Imports the configuration from the FTP server. Use the set command to set the server, user, password, and file. tftp Imports the configuration from the TFTP server. Use the set command to set the server and file. default-and-apply Import the configuration from the FTP or TFTP server. Use this command to first set the device to factory defaults before applying the imported configuration. This command is optional. sftp Imports the comfiguration from the SFTP server.
Example
Resets the switch's configuration to the factory default settings for all settings except the WAN and some SNMP related settings. The following settings will remain intact when using Restore Partial Default Configuration: All settings on the WAN page SNMP access to the WS 2000 on the WS 2000 Access page All settings on the SNMP Access page Before using this feature, consider exporting the current configuration for safekeeping.
Syntax partial Parameters
None
Example admin(system.config)>partial Are you sure you want to partially default WS 2000? (yes/no):yes ************************************************************************* System will now restore default configuration. You will need to set the country code for correct operation. ************************************************************************* Restoring default configuration Related Commands : [ In progress ]
export
set import-enc-password <mode> set bind-interface <bind-interface> set ap300 [file|path|max-size|legacy-mode] Parameters
server <ipaddress> user <username> passwd <password> file <filename> cfgpath <path> fw [ file <filename>| path <path>| boot [on-board-flash| compact-flash]| active-partition [primary|secondary]
Sets the FTP/TFTP server IP address to <ipaddress> in the format a.b.c.d. Sets the FTP user name to <username> (up to 47 characters). Sets the FTP password to <password> (up to 39 characters). Sets the configuration file name to <filename> (up to 39 characters). Sets the configuration file path to <path> (up to 31 characters) Sets the firmware information for the device. file <filename> Sets the firmware filename to <filename> (up to 39 characters). path <path> Sets the firmware file path to <path> (up to 39 characters). boot [on-board-flash|compact-flash] Sets the firmware boot device to either the on board flash (on-board-flash) or the compact flash card (compactflash) attached to the WS 2000 Wireless Switch. active-partition [primary|secondary] Sets the active partition on the compact flash card to either of primary or secondary.
Sets sensor firmware information. file <filename> Sets the sensor firmware file name to <filename> (up to 39 characters). path <path> Sets the firmware file path for the sensor to <path> (up to 39 characters). max-size <size> Sets the maximum file size of the sensor firmware file to <size>. import-enc-password Enables or disables the import of encrypted passwords for the admin and <mode> manager logins. <mode> can be one of enable or disable. bind-interface <bind- Sets the interface to bind <bind-interface> (s1-s6, w, none where s1-Subnet 1, interface> s2-Subnet 2,..., s6-Subnet 6, w-WAN) during ftp. ap300 [file|path| Sets AP300 firmware update parameters. max-size|legacy-mode] file <filename> Sets AP300 firmware file name filename Sets the file name. The range is 1 to 39 characters. path Sets firmware file path max-size Sets maximum size for AP300 firmware file legacy-mode Sets AP300 fw legacy mode
Example
Firmware Example
admin(system.config)>set fw file mf_01050000160B.bin admin(system.config)>set fw path /tftp/myadmin/ admin(system.config)>update tftp s1
None
Example admin(system.config)> show all ftp/tftp server ip address ftp user name ftp password cfg filename config filepath firmware filepath firmware filename sensor firmware filepath sensor firmware filename max size of sensor firmware file import enc admin password mode boot source device active partition of Compact Flash ftp/sftp/tftp server ip address ftp/sftp user name ftp/sftp password cfg filename config filepath firmware filepath firmware filename sensor firmware filepath sensor firmware filename max size of sensor firmware file ap300 firmware filepath ap300 firmware filename max size of ap300 firmware file AP300 firmware legacy mode import enc admin password mode boot source device active partition of Compact Flash bind interface : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 157.235.208.196 admin ******** v23.26b.bin /home/ftp/admin/2k/ /home/ftp/admin/2k/ v23.26b.bin /home/ftp/admin/2k/ leo_sensor.bin 512000 disable on-board-flash primary 192.168.0.11 guest ******** cfg.txt /home/guest/ mf_02040300010B.bin leo_sensor.bin 512000 wiap.bin 512000 disable disable on-board-flash primary none
Sets how firmware updates will occur. Select between ftp, sftp and tftp. <iface> specifies the interface (location), as follows: s1 = subnet1 s2 = subnet2 s3 = subnet3 s4 = subnet4 s5 = subnet5 s6 = subnet6 w = wan Before using this command, use set server to set the IP address for the FTP/TFTP server. If using the ftp mode, also use set user and set passwd to allow login to the FTP server.
Note: When update mode is sftp,then the parameter iface is not required.
update cf
Example
Indicates that firmware updates will occur from the switchs compact flash slot. (Undoes an ftp/tftp/sftp setting.)
Performs firmware update for the sensors. When sensor firmware update is done, No restart is required. New sensors receive the updated firmware. Existing sensors must be reverted and then reassigned for them to get the new sensor firmware image.
Syntax sensor-fw-update [ftp|tftp|sftp] Parameters
sensor-fw-update [ftp|tftp]
Updates the sensor firmware. ftp Updates the sensor firmware from the specified FTP server. tftp Updates the sensor firmware from the specified TFTP server. sftp Updates the sensor firmware from the specified SFTP server.
This command loads and updates the firmware to the CF card. This is used for dual boot.
Syntax loadtocf [cf|ftp|tftp|sftp] <image-type>
Syntax:
cf <image-type> Loads the image to the CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. In this case, the image source is the CF card and the destination is also the CF card. Loads the image to a CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using FTP and stores it on the target partition. Loads the image to a CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using TFTP and stores it on the target partition. Loads binary image to cf using sftp.The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using SFTP and stores it on the target partition.
ftp <image-type>
tftp <image-type>
sftp <image-type>
Deletes core files. Sets log options and parameters. Sends log and core files. Shows logging options. Views system log. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-23 page 4-25 page 4-24 page 4-26 page 4-27 page 4-1 page 4-1 page 4-1 page 4-1
None
Example admin(system.logs)>delete
Sends log and core files through FTP to a location specified with the set command. Use the set command to set the FTP login and site information first.
Syntax send Parameters
None
Example admin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness admin(system.logs)>show all log level ext syslog server logging ext syslog server ip address ftp/tftp server ip address ftp user name ftp password admin(system.logs)>send File transfer File transfer admin(system.logs)> Related Commands : [ In progress ] : [ Done ] : : : : : : L6 Info disable 0.0.0.0 192.168.0.10 fred ********
set Sets the parameters associated with log operations, such as send. show all Displays the log related settings.
Parameters
Sets the external syslog server IP address to <ip> (a.b.c.d). Sets the level of the events that will be logged. All event with a level at or above <level> (L0L7) will be saved in the system log. L0:Emergency L1:Alert L2:Critical L3:Errors L4:Warning L5:Notice L6:Info L7:Debug mode <mode> Enables or disables ext syslog server logging. <mode> is either enable or disable. cf_logging_mode <mode> Enables or disables logging to CF card if connection to the Syslog server fails. <mode> is either enable or disable. server <ip> Sets the FTP server IP address to <ip> (a.b.c.d). user <username> Sets the FTP user name to <username> (147 characters). passwd <password> Sets the FTP password to <password> (139 characters).
Example admin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness admin(system.logs)>show all log level ext syslog server logging ext syslog server ip address ftp/tftp server ip address ftp user name ftp password : : : : : : L6 Info disable 0.0.0.0 192.168.0.10 fred ********
None
Example admin(system.logs)>set user user1 admin(system.logs)>set passwd hello admin(system.logs)>show all log level ext syslog server logging syslog server logging on CF ext syslog server ip address ftp/tftp server ip address ftp user name ftp password Related Commands : : : : : : : L4 Warning enable disable 0.0.0.0 196.168.10.1 admin ********
set
None
Example admin(system.logs)>view Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). Jan 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:15:43 (none) last message repeated 2 times Jan 7 16:16:01 (none) CC: 4:16pm up 6 days, 16:16, load average: 0.00, 0.01, 0.00 Jan 7 16:16:01 (none) CC: Mem: 62384 32520 29864 0 0 Jan 7 16:16:01 (none) CC: 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf7 000034dc 00000000 00000000 00000000 Jan 7 16:16:13 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:16:44 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance . . .
Shows NTP parameters settings. Sets NTP parameters. Shows the date, time and time zone Shows the list of time zones Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-30 page 4-29 page 4-31 page 4-32 page 4-1 page 4-1 page 4-1 page 4-1
Syntax:
mode <mode> intrvl <interval> Enables or disables NTP. <mode> is either enable or disable. Sets the length of time to <interval> (in minutes) for the switch to synchronize its time with an NTP server. server <idx> Sets the NTP server IP address <ip/hostname> (a.b.c.d or host url); specify one of <ip/hostname> the three NTP servers with <idx> (1, 2, or 3). This value can also be a host name of the NTP server. When the value is a host name, the domain name IP should be set under the (system.ws2000) menu on the CLI. port <idx> <port> Sets the NTP port for the indicated server <idx> to <port> (165535). time <yyyy> <MM> Sets the WS2000 system time manually. Time is in the format YYYY MM DD hh mm <dd> <hh> <mm> ss (Example: 2008 02 24 11 25 32) <ss> zone <zone-idx> Sets the time zone to the <zone-idx> value. This value can be found by using the (system.ntp)>zone-list command.
Example admin(system.ntp)>set mode enable admin(system.ntp)>set server 1 203.21.37.18 admin(system.ntp)>set port 1 345 admin(system.ntp)>show all ntp mode server ip 1 server ip 2 server ip 3 server port 1 server port 2 server port 3 current time admin(system.ntp)> : : : : : : : : enable 203.21.37.18 0.0.0.0 0.0.0.0 345 123 123 1970-01-07 23:29:05
None
Example admin(system.ntp)>show all ntp mode server ip 1 server ip 2 server ip 3 server port 1 server port 2 server port 3 current time Related Commands : : : : : : : : enable 114.233.112.4 0.0.0.0 0.0.0.0 123 123 123 2004-10-07 22:58:24
set
None
Example admin(system.ntp)> date-zone Date/Time : Thu 1970-Jan-01 05:53:25 +0530 IST Time Zone : Asia/Calcutta admin(system.ntp)>
None
Example admin(system.ntp)>zone-list ---------------------------------------------Index | TimeZone ---------------------------------------------1 | Africa/Abidjan 2 | Africa/Accra 3 | Africa/Addis_Ababa 4 | Africa/Algiers 5 | Africa/Asmera 6 | Africa/Bamako 7 | Africa/Bangui 8 | Africa/Banjul 9 | Africa/Bissau 10 | Africa/Blantyre <Hit any key to continue> 11 | Africa/Brazzaville 12 | Africa/Bujumbura 13 | Africa/Cairo 14 | Africa/Casablanca 15 | Africa/Ceuta 16 | Africa/Conakry 17 | Africa/Dakar 18 | Africa/Dar_es_Salaam 19 | Africa/Djibouti <Hit any key to continue> 20 | Africa/Douala 21 | Africa/El_Aaiun 22 | Africa/Freetown 23 | Africa/Gaborone 24 | Africa/Harare 25 | Africa/Johannesburg 26 | Africa/Kampala 27 | Africa/Khartoum 28 | Africa/Kigali <Hit any key to continue>
eap policy ldap proxy client generate-dh-param set show quit save .. /
Goes to the EAP submenu. Goes to the access policy submenu. Goes to the LDAP submenu. Goes to the proxy submenu. Goes to the client submenu. Generates the DH Param file required for EAP-TLS/TTLS Sets the RADIUS parameters. Shows the RADIUS parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-41 page 4-57 page 4-51 page 4-60 page 4-37 page 4-34 page 4-35 page 4-36 page 4-1 page 4-1 page 4-1 page 4-1
Generates the DH Params file for supporting Cipher Suit v 0x13 (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) for EAP-TLS./TTLS protocols. If this file does not exist when the WS2000 is booted, it is created. This command provides a facility to create the DH Params file as required.
Syntax generate-dh-param Parameters
None
Example admin(system.radius)>generate-dh-param This will take several minutes. Please wait until the operation is complete. DH Parameter file will not get created if interrupted... admin(system.radius)>
Sets the RADIUS database to either the local database or an LDAP server.
Syntax set database [local|ldap|ldaps] Parameters
Sets the RADIUS server to the local database (local) or an LDAP server (ldap) or a secured LDAP server (ldaps).
show all
None
Example admin(system.radius)>set database ldap admin(system.radius)>show all Database : ldap Related Commands
set
Adds a RADIUS client. Deletes a RADIUS client. Displays a list of configured clients. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-38 page 4-39 page 4-40 page 4-1 page 4-1 page 4-1 page 4-1
Adds a RADIUS client with IP address <ip>, netmask <mask>, and shared secret <secret>.
admin(system.radius.client)>add 192.168.46.4 225.225.225.0 mysecret admin(system.radius.client)>show List of Radius Clients : ------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret -----------------------------------------------------------------------1 192.168.46.4 225.225.225.0 admin(system.radius.client)> ******
Related Commands
del show
del <ip>
Example
------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------1 192.168.46.4 225.225.225.0 ****** 2 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)>del 192.168.46.4 admin(system.radius.client)>show List of Radius Clients : ------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------1 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)> Related Commands
add show
Adds a RADIUS client to the list. Displays the list of RADIUS clients.
None
Example admin(system.radius.client)>show List of Radius Clients :
------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------1 192.168.46.4 225.225.225.0 ****** 2 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)> Related Commands
add del
Adds a RADIUS client to the list. Deletes a RADIUS client from the list.
Goes to the PEAP submenu. Goes to the TTLS submenu. Imports the EAP certificates. Sets the EAP parameters. Shows the EAP parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-45 page 4-48 page 4-42 page 4-43 page 4-44 page 4-1 page 4-1 page 4-1 page 4-1
Imports a server certificate with the certificate ID <cert id>. Imports a Trusted Certificate with certificate ID <cert id>.
show cert
Sets the EAP parameters. To configure each of the selected authentication types, go to the submenu associated with each type.
Syntax set auth [peap|ttls|both] Parameters
auth [peap|ttls|both]
Example
Sets the default authorization type to one of PEAP or TTLS or both. When selected, go to the submenu associated with the selection to finish the setup.
admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type : peap Related Commands
show all
show [all|cert]
Displays EAP parameters all Displays the default EAP authentication settings. cert - Displays a list of certificates.
Example admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type : peap Example
set
Sets the PEAP authentication type. Shows the PEAP authentication type. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-46 page 4-47 page 4-1 page 4-1 page 4-1 page 4-1
set auth <peap type> Sets the authentication type for PEAP to <peap type> (GTC or MTCHAPv2).
Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type : gtc Related Commands
show
None
Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type : gtc Related Commands
set
Sets the TTLS authentication type. Shows the TTLS authentication type. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-49 page 4-50 page 4-1 page 4-1 page 4-1 page 4-1
Sets the authentication type for TTLS to <auth type> (PAP, MD5, or MSCHAPv2).
admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type : md5 Related Commands
show
None
Example admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type : md5 Related Commands
set
Sets the LDAP parameters. Shows the LDAP parameters. Imports Secured LDAP certificates. Joins the A D domain. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-52 page 4-54 page 4-55 page 4-56 page 4-1 page 4-1 page 4-1 page 4-1
Parameters
ipadr <ip> domain <domain> port <port> binddn <binddn> basedn <basedn> passwd <password> login <login attr> pass_attr <password attr> groupname <groupname attr> filter membership <group attr> adagent <mode> pri-domain <mode> admin-uname <username> admin-pass <password>
Sets LDAP server IP address to <ip>. Sets LDAP domain name to a fully qualified domain name <domain>. Use when using LDAPS or AD agent Sets LDAP server port to <port>. Sets LDAP bind distinguished name to <binddn> (a string of characters). Sets LDAP Base distinguished name to <basedn> (a string of characters). Sets LDAP server password to <password> (a string of characters). Sets LDAP login attribute to <login attr> (a string of characters). Sets LDAP password attribute to <password attr> (a string of characters). Sets LDAP group name attribute to <groupname attr> (a string of characters). Sets LDAP membership filter with appropriate settings Sets LDAP membership attribute to <group attr> (a string of characters). Enables or disables the A D agent feature. <mode> is either enable or disable. Enables or disables setting primary domain for A D agent. <mode> is either enable or disable. Sets the administrator user name to <username> for the LDAP domain Sets the administrator password to <password> for the LDAP domain
Example admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP : 192.168.42.23 LDAP Server Port : 56 LDAP Bind DN : dfkjkkj LDAP Base DN : o=mobion LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{UserName}}) LDAP Password Attribute : userPassword LDAP Group Name Attribute : cn LDAP Group Membership Filter : LDAP Group Membership Attribute : mygroup admin(system.radius.ldap)> Related Commands
show
Description:
Displays the LDAP parameters.
Syntax show all Parameters
None
Example admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP : 192.168.42.23 LDAP Server Port : 56 LDAP Bind DN : dfkjkkj LDAP Base DN : o=mobion LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{UserName}}) LDAP Password Attribute : userPassword LDAP Group Name Attribute : cn LDAP Group Membership Filter : LDAP Group Membership Attribute : mygroup admin(system.radius.ldap)> Related Commands
set
import Import Secure LDAP certificates. [client|cacert] client Imports self certificate <cert-id> <cert-id> ca-cert Imports the trusted certificate authority certificate <cert-id>
Example admin(system.radius.ldap)> import client LdapClient admin(system.radius.ldap)> import cacert LdapTrusted
None
Example admin(system.radius.ldap)> join
Sets the groups access policy. Shows the groups access policy. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-58 page 4-59 page 4-1 page 4-1 page 4-1 page 4-1
set <group> <idx> Gives the group <group> access to WLAN with a list of indexes <idx>. The list <idx> can either be a single index or several indexes separated by spaces. The group <group> must be already defined. See System User Database Group Commands for information about defining groups.
Example admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies : g1 : 2 3 4 g2 : No Wlans Related Commands
show
None
Example admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies : g1 : 2 3 4 g2 : No Wlans Related Commands
set
Adds a proxy realm. Deletes a proxy realm. Removes all proxy server records. Sets the proxy server parameters. Shows the proxy server parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-61 page 4-62 page 4-63 page 4-64 page 4-65 page 4-1 page 4-1 page 4-1 page 4-1
Add a proxy realm with realm name <realm>, RADIUS server IP address <ip>, port <port>, and shared secret <secret>.
admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------1 realm1 192.168.102.42 225 ****** Related Commands
Displays this list of defined proxy servers. Deletes a proxy server from the list.
del <realm>
Example
admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------1 realm1 192.168.102.42 225 ****** admin(system.radius.proxy)>del realm1 admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------Related Commands
add show
None
Example admin(system.radius.proxy)> clearall
Syntax:
delay <delay> count <count>
Example admin(system.radius.proxy)>set delay 7 admin(system.radius.proxy)>set count 4 admin(system.radius.proxy)>show proxy Proxy Server Retry Count : 4 Proxy Server Retry Delay : 7 admin(system.radius.proxy)> Example
Sets the retry delay of the proxy server to <delay> minute (510). Sets the retry count of the proxy server to <count> (36).
show proxy
show [proxy|realm] Displays proxy server parameters. proxy Displays the proxy server parameters. realm Displays proxy server realm information.
Example admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------1 realm1 192.168.102.42 225 ****** admin(system.radius.proxy)>set delay 7 admin(system.radius.proxy)>set count 4 admin(system.radius.proxy)>show proxy Proxy Server Retry Count : 4 Proxy Server Retry Delay : 7 admin(system.radius.proxy)> Related Commands
set add
Sets the proxy server retry parameters. Adds a proxy server realm to the list.
Sets redundancy parameters. Shows redundancy settings. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-67 page 4-69 page 4-1 page 4-1 page 4-1 page 4-1
Parameters
Sets the switch to the <mode> (primary or secondary). Indicates that the switch is either the primary or secondary (standby) switch when redundancy is enabled. This parameter can only be set if the op_state parameter is set to redundancy. op-state <state> Sets the redundancy operation state of the switch to one of the following <state>: standaloneThe switch has no redundancy capabilities and operates independently of any other WS 2000 switches on the network. This is the default setting. redundancyTwo WS 2000 switches are connected, with one set as a primary and the other as a standby. upgradeThe primary and standby switches must run the same version of the switch firmware for redundancy to work correctly. If the firmware on only one of the switches is updated, redundancy is disabled and the Operational State is automatically set to Upgrade. heartbeat <interval> Sets the heartbeat interval for the switch to <interval> (160) seconds. revertdelay <delay> Specifies the amount of time <delay> (120 minutes) after not receiving a heartbeat packet before the secondary (standby) switch will take over. redundancy <subnet> Sets the redundancy state <state> (enable or disable) for the subnet <subnet> <state> (s1, s2. s3, s4, s5, s6). preempt <mode> Enables to prevent system stand-by on redundant switches. <mode> can be enable or disable. virtualip <subnet> Sets the virtual IP address to <ip> for each redundant subnet <subnet>. <ip>
Example admin(system.redundancy)>set mode standby can not set the value when the op_state is either upgrade or standalone admin(system.redundancy)>set op-state redundancy admin(system.redundancy)>set mode standby admin(system.redundancy)>
mode <mode>
Related Commands
show
None
Example admin(system.redundancy)>show all redundancy configured mode redundancy operational mode redundancy operational state heart beat interval revert delay heart beat interface Related Commands : : : : : : primary VRRP daemon not running standalone 3 seconds 5 minutes 1
set
Goes to the SNMP access submenu. Goes to the SNMP traps submenu. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-71 page 4-78 page 4-1 page 4-1 page 4-1 page 4-1
Adds SNMP access entries. Deletes SNMP access entries. Lists SNMP access entries. Shows SNMP v3 engine ID. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-72 page 4-74 page 4-76 page 4-77 page 4-1 page 4-1 page 4-1 page 4-1
Adds an entry to the SNMP access control list with <ip1> as the starting IP address and <ip2> and the ending IP address. v1v2c <comm> Adds an SNMP v1/v2c configuration. <access> [<oid>|all] <comm> The community (131 characters) <access> The read/write access set to (ro (read only) or rw (read/write) <oid> The Object Identifier. <oid> is a string of 1127 numbers in dot notation, such as 2.3.4.5.6 or all for all objects. v3 <user> <access> Adds an SNMP v3 user definition. [<oid> / all] <sec> <user> The username (131 characters). <auth> <pass1> <priv> <access> The read/write access set to ro (read only) or rw (read/write) <pass2> <oid> The Object Identifier. <oid> is a string of 1127 numbers in dot notation, such as 1.3.6.1 or all for all objects) <sec> The security type. <sec> is set to one of none, auth, or auth/priv. The following parameters must be specified if <sec> is set to auth/priv: <auth> The authentication algorithm. Can be one of md5 or sha1. Must be set if <sec> is set to auth or auth/priv. <pass1> The password (831 characters) for authentication. Must be provided if <sec> is set to auth or auth/priv. <priv> The privacy algorithm. Set to des or aes. Must be set if <sec> is set to auth/priv. <pass2> Privacy password (831 characters). Must be provided if <sec> is set to auth/priv.
Example admin(system.snmp.access)>add acl 209.236.24.1 209.236.24.46 admin(system.snmp.access)>list acl ---------------------------------------------------------------index start ip end ip ---------------------------------------------------------------1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>add v3 fred rw 1.3.6.6 none admin(system.snmp.access)>list v3 all
index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password
: : : : : : : : :
admin(system.snmp.access)>add v3 judy rw 1.3.6.1 auth/priv md5 changeme des changemetoo admin(system.snmp.access)>list v3 2 index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : 2 judy read/write 1.3.6.1 auth/priv md5 ******** des *******
Deletes SNMP access entries. acl Deletes SNMP access list entries v1v2c Deletes entries from the SNMP v1/v2 configuration list v3 Deletes entries from the SNMP v3 configuration list. <idx> Deletes entry with index <idx> all Deletes all entries.
Example admin(system.snmp.access)>list acl ------------------------------------------------------------------------index start ip end ip ------------------------------------------------------------------------1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>delete acl all admin(system.snmp.access)>list acl ------------------------------------------------------------------------index start ip end ip ------------------------------------------------------------------------admin(system.snmp.access)>list v3 all index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : : : : : : : : : : 1 fred read/write 1.3.6.6 none md5 ******** des ******** 2 judy read/write 1.3.6.1 auth/priv md5 ******** des ********
admin(system.snmp.access)>delete v3 2 admin(system.snmp.access)>list v3 all index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password admin(system.snmp.access)> : : : : : : : : : 1 fred read/write 1.3.6.6 none md5 ******** des ********
list [acl|v1v2c]
acl Lists SNMP access control list entries. v1v2c Lists SNMP v1/v2c configuration entries. list v3 [<idx>|all] Lists SNMP v3 user definition with index <idx>. all lists all SNMP v3 user definitions.
Example admin(system.snmp.access)>list acl ---------------------------------------------------------------index start ip end ip ---------------------------------------------------------------1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>list v3 all index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : 1 fred read/write 1.3.6.6 none md5 ******** des ********
admin(system.snmp.access)>list v3 2 index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : 2 judy read/write 1.3.6.1 auth/priv md5 ******** des *******
None
Example admin(system.snmp.access)>show eid WS2000 snmp v3 engine id admin(system.snmp.access)> : 0000018457D71CDFF86FD8FC
Adds SNMP trap entries. Deletes SNMP trap entries. Lists SNMP trap entries. Sets SNMP trap parameters. Shows SNMP trap parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-79 page 4-81 page 4-82 page 4-83 page 4-87 page 4-1 page 4-1 page 4-1 page 4-1
Adds an SNMP v1/v2c trap entry. <ip> The destination IP address <port> The destination UDP port number. <comm> The community (131 characters) <ver> The SNMP version number. (v1 or v2) Adds an SNMP v3 trap entry. <ip> The destination IP address <port> The destination UDP port number. <user> The username (131 characters). <sec> The security type. <sec> is set to one of none, auth, or auth/priv. The following parameters must be specified if <sec> is set to auth/priv: <auth> The authentication algorithm. Can be one of md5 or sha1. Must be set if <sec> is set to auth or auth/priv. <pass1> The password (831 characters) for authentication. Must be provided if <sec> is set to auth or auth/priv. <priv> The privacy algorithm. Set to des or aes. Must be set if <sec> is set to auth/priv. <pass2> Privacy password (831 characters). Must be provided if <sec> is set to auth/priv.
Example admin(system.snmp.traps)>add v1v2 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------index dest ip dest port community version ---------------------------------------------------------------------1 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>add v1v2 209.255.32.1 334 jumbo v2 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------index dest ip dest port community version ---------------------------------------------------------------------1 203.223.24.2 333 mycomm v1 2 209.255.32.1 334 jumbo v2
admin(system.snmp.traps)>add v3 192.168.103.3 80 bomuser auth md5 bomuser1 admin(system.snmp.traps)>add v3 182.168.103.4 80 blistuser auth/priv md5 blistuser des listuser admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : : : : : : : : : : 1 192.168.103.3 80 bomuser auth md5 ******** des ******** 2 182.168.103.4 80 blistuser auth/priv md5 ******** des ********
Deletes SNMP access entries. acl Deletes SNMP access list entries v1v2c Deletes entries from the SNMP v1/v2 configuration list v3 Deletes entries from the SNMP v3 configuration list. <idx> Deletes entry with index <idx> all Deletes all entries.
Example admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : : : : : : : : : : 1 192.168.103.3 80 bomuser auth md5 ******** des ******** 2 182.168.103.4 80 blistuser auth/priv md5 ******** des ********
admin(system.snmp.traps)>delete v3 1 admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : 1 182.168.103.4 80 blistuser auth/priv md5 ******** des ********
list v1v2c Lists SNMP v1/v2c traps entries. list v3 [<idx>|all] Lists SNMP v3 traps definition with index <idx>. all lists all SNMP v3 traps definitions.
Example admin(system.snmp.traps)>list v1 ------------------------------------------------------------------------index dest ip dest port community version ------------------------------------------------------------------------1 197.168.10.1 80 HTTPUser v2 2 197.168.10.2 1056 AllUsers v2 admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password : : : : : : : : : 1 182.168.103.4 80 blistuser auth/priv md5 ******** des ********
set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc|mu-unassoc| mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt|ap-denied-adopt|ap-radar| rogue-ap|hotspot-mu-state|user-login-failure|interface|admin-passwd-change| dyndns-update|wids-mu|wids-radio|wids-switch|ips] <mode> Sets the different SNMP parameters. <mode> can be one of enable or disable. cold Configuration changed trap cfg Configuration mode trap lowcf Low compact flash memory trap port Physical port status change trap dos-attack Denial of Service (DOS) attack trap snmp-auth Authentication failure trap snmp-acl SNMP ACL violation trap mu-assoc MU associated trap mu-unassoc MU un-associated trap mu-deny-assoc MU denied association trap mu-deny-auth MU authentication denied trap ap-adop AP adopted trap ap-unadop AP un-adopted trap ap-denied-adopt AP denied trap ap-radar AP radar trap rogue-ap Rogue AP trap hotspot-mu-state Hotspot MU change state trap user-login-failure User login failure trap ips Intrusion Prevention System trap interface Interface status change trap
dos-rate-limit <seconds> rate <rate> Sets the rate value for rate and scope combination for DOS traps. <scope> <value> <rate> The rate value to monitor. Can be one of pkts packets greater than <value> (0 9999.99). mbps throughput greater than <value> (0 108.00) MBPS. avg-bps bit speed less than <value> (0 108.00) MBPS. pct-nu non unicast packets percentage greater than <value> (0 100.00) avg-signal negative average signal worse than <value> (0 100.00) avg-retries average retries greater than <value> (0 16.00) pctdropped dropped packet percentage greater than <value> (0 100.00) pct-undecrypted undecryptable packet percentage greater than <value> (0 100.00) assoc-mus number of associated MUs greater than <value> (0 32.00 when scope is AP, 200.00 otherwise.) <scope> The scope where the rate applies to. <scope> can be one of switch, wlan, ap, mu) <value> The value in the range as specified for each <rate>.
Allowed Range for <value>
admin-passwd-change Admin password change trap dyndns-update Dynamic DNS update trap wids-mu WIDS MU event trap wids-radio WIDS radio event trap wids-switch WIDS switch event trap cf-thresh Compact Flash memory trap min-pkt Packets required for rate traps to fire Sets the low memory on compact flash trap to the value <memory_kb> (0 2147483647 kilobytes). Sets the minimum number of packets <pkt> required for the rate traps to fire. <pkt> can be a value in the range 0 65535. Sets the rate limit to <seconds> ((0 2147483647 seconds) for DOS traps.
<rate> Choices
Interpretation
Allowed <scope>
Packets/second > <value> Throughput > <value> Average bit speed in mbps < <value> % not UNICAST > <value> Negative average signal < <value> Average retries > <value> % dropped packets > <value> % undecryptable > <value> Number of associated MUs > <value>
NOTE: <value> can be a number with up to two decimal places, except for assoc_mus, which must be an integer.
Example admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory SNMP Network Traps physical port status change denial of service SNMP Traps snmp auth failure snmp acl violation SNMP MU Traps mu mu mu mu associated unassociated denied association denied authentication : : : : disable disable disable disable : disable : disable : disable : disable : disable : disable : disable
SNMP AP Traps ap ap ap ap adopted unadopted denied adoption radar detection : : : : disable disable disable disable
SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 800 denial of service trap rate limit : 10 admin(system.snmp.traps)>set cold enable admin(system.snmp.traps)>set port enable admin(system.snmp.traps)>set dos-attack enable admin(system.snmp.traps)>set mu-unassoc enable admin(system.snmp.traps)>set ap-radar enable admin(system.snmp.traps)>set min-pkt 1000 admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory : enable : disable : disable
SNMP Network Traps physical port status change denial of service SNMP Traps snmp auth failure snmp acl violation SNMP MU Traps mu mu mu mu associated unassociated denied association denied authentication : : : : disable enable disable disable : disable : disable : enable : enable
SNMP AP Traps ap ap ap ap adopted unadopted denied adoption radar detection : : : : disable disable disable enable
SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 1000 denial of service trap rate limit : 10 admin(system.snmp.traps)>
show [trap|rate-trap] Displays trap settings. trap Displays SNMP trap parameter settings. rate-trap Shows SNMP rate-trap parameter settings.
Example admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory SNMP Network Traps physical port status change denial of service SNMP Traps snmp auth failure snmp acl violation SNMP MU Traps mu mu mu mu associated unassociated denied association denied authentication : : : : disable enable disable disable : disable : disable : enable : enable : enable : disable : disable
SNMP AP Traps ap ap ap ap adopted unadopted denied adoption radar detection : : : : disable disable disable enable
SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 1000 denial of service trap rate limit : 10
admin(system.snmp.traps)>show rate-trap SNMP Switch Rate Traps pkts/s greater than : disable throughput(Mbps) greater than : disable num of associated mu greater than : disable SNMP Wlan Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than pct non-unicast greater than -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than num of associated mu greater than SNMP Portal Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than pct non-unicast greater than -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than num of associated mu greater than SNMP Mu Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than pct non-unicast greater than -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than admin(system.snmp.traps)> : : : : : : : : disable disable disable disable disable disable disable disable : : : : : : : : : disable disable disable disable disable disable disable disable disable : : : : : : : : : disable disable disable disable disable disable disable disable disable
Sets SSH parameters Shows SSH parameters. Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-90 page 4-91 page 4-1 page 4-1 page 4-1
Sets the maximum time <authentication timeout> (065535 seconds) allowed for SSH authentication to occur before executing a timeout. Sets the maximum amount of inactive time <inactive timeout> (065535 seconds) for an SSH connection before a timeout occurs and the user is dropped.
admin(system.ssh)>set auth-timeout 60 admin(system.ssh)>set inactiv 2000 admin(system.ssh)>show all Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000 admin(system.ssh)> Related Commands
None
Example admin(system.ssh)>set auth-timeout 60 admin(system.ssh)>set inactiv 2000 admin(system.ssh)>show all Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000 admin(system.ssh)> Related Commands
set
Goes to the user submenu. Goes to the group submenu. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-103 page 4-93 page 4-1 page 4-1 page 4-1 page 4-1
Creates a new group. Deletes a group. Deletes all the listed groups Adds a user to a group. Removes a user from a group. Sets group parameters. Shows the existing groups. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-95 page 4-96 page 4-98 page 4-94 page 4-99 page 4-100 page 4-102 page 4-1 page 4-1 page 4-1 page 4-1
Adds the user specified by <userID> to the group <groupID>. <userID> must already be defined in the database. User the add command from the (system.userdb.users) menu to add a new user.
admin(system.userdb.group)>add fred g1 admin(system.userdb.group)>add joe g1 admin(system.userdb.group)>add joe g2 admin(system.userdb.group)>show user g1 List of Users of Group : fred joe admin(system.userdb.group)>show user g2 List of Users of Group : joe Related Commands
show users
create <group> <vlan-id> Creates a new group with the ID <group>. <group> can be an alphanumeric string. Users in the group are automatically assigned the vlan-id as specified by <vlan-id>.
Example:
admin(system.userdb.group)>create g1 10 admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days admin(system.userdb.group)> Related Commands : : : : : : g1 NO 10 0000 2359 All
delete Deletes a group. show groups Displays a list of groups in the database.
delete <groupID>
Example
Deletes the group <group> from the database. A warning occurs if there are still users assigned to that group.
admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days : : : : : : : : : : : : : : : : : : g1 NO 10 0000 2359 All g2 NO 6 0000 2359 All g3 NO 1 0000 2359 All
admin(system.userdb.group)>delete g2 admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group : : : : : : g1 NO 10 0000 2359 All
: g3 : NO
: : : :
Clears all the groups in the Groups list. Before clearing all the groups, ensure that no user account is associated to the groups.
Syntax clearall Parameters
None
Example admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days : : : : : : : : : : : : : : : : : : g1 NO 10 0000 2359 All g3 NO 1 0000 2359 All g2 NO 15 0000 2359 All
No Groups
admin(system.userdb.group)>show users g1 List of Users of Group : John Jane admin(system.userdb.group)>remove Jane g1 admin(system.userdb.group)>show users g1 List of Users of Group : John admin(system.userdb.group)> Related Commands
Parameters
vlan <group> <vlan> start-time <group> <time> end-time <group> <time> day-access <group> [all|weekdays|<days>
Sets the vlan id of a group <group> to <vlan> (1 4094). Sets the time when a user belonging to a group <group> can start authenticating (login) with the WS2000. Start-time is in 24hr format. Sets the time after which a user belonging to a group <group> cannot authenticate (login) with the WS2000. End-time is in 24hr format. Sets the access days for a group <group>. all Sets the access days to all days of the week including Saturdays and Sundays. weekday Sets the access days to all week days excluding Saturdays and Sunday. <days> Sets the access days as specified. Each item in this list is to be separated by a space. <days> can be mo, tu, we, th, fr, sa, su. Sets the group identified by <group> as a guest group.
set vlan Group1 1 set start-time Group1 0730 set end-time Group1 2230 set day-access Group1 mo tu we fr sa su show groups : : : : : : : : : : : : GroupOfAdmins NO 1 0000 2359 All GroupOfLevel1Users NO 1 0730 2230 Mo Tu We Fr Sa Su
guest-group <group>
Example
admin(system.userdb.group)> admin(system.userdb.group)> admin(system.userdb.group)> admin(system.userdb.group)> admin(system.userdb.group)> List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days
admin(system.userdb.group)> set guest-group Group1 admin(system.userdb.group)>set guest-group guests admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days : : : : : : : : : : : : : : : : : : g1 NO 10 0000 2359 All g2 NO 6 0600 2000 Weekdays guests YES 9 0000 2359 All
Displays user database groups information. group Displays a list of the defined groups. users <group> Displays a list of users in group <group>.
admin(system.userdb.group)>show groups admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days Groupname Guest Group VanId Start Time Expiry Time Access on Days : : : : : : : : : : : : : : : : : : g1 NO 1 0000 2359 All g2 NO 1 0000 2359 ALL g3 NO 1 0000 2359 All
Adds a new user to the database. Deletes a user from the database. Removes all User IDs Sets the password for a user. Shows a list of users and group information about a user. Manages guest users Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-104 page 4-105 page 4-106 page 4-107 page 4-108 page 4-109 page 4-1 page 4-1 page 4-1 page 4-1
add <userid> <password> Adds a user to the database with the ID <userid> and password <password> (1 8 characters).
Example admin(system.userdb.user)>add fred fredpass admin(system.userdb.user)>add joe joepass admin(system.userdb.user)>add sally sallypa admin(system.userdb.user)> List of User Ids : fred joe sally Related Commands
Show a list of the users in the database. Deletes a user from the database.
del <userid>
Example
admin(system.userdb.user)>show users List of User Ids : John Jane Bill Amanda admin(system.userdb.user)>del Bill admin(system.userdb.user)>show users List of User Ids : John Jane Amanda Related Commands
Guest User NO NO NO NO
Guest User NO NO NO
add Adds a user to the database. show users Displays a list of users in the database.
None
Example admin(system.userdb.user)>show users List of User Ids : John Jane Bill Amanda admin(system.userdb.user)> admin(system.userdb.user)> clearall admin(system.userdb.user)> admin(system.userdb.user)> show users entries = 0 List of User Ids : No Users Guest User NO NO NO NO :
Guest User
add
Displays group membership and user information. groups <userid> Displays the list of groups that a user with <userid> belongs. users Displays a list of all defined users in the database.
Example admin(system.userdb.user)>show user List of User Ids : Guest User John NO Jane NO Bill NO Amanda NOadmin(system.userdb.user)>.. admin(system.userdb.user)>group admin(system.userdb.group)>create g1 admin(system.userdb.group)>add John g1 admin(system.userdb.group)>.. admin(system.userdb.user)>user admin(system.userdb.user)>show groups John List of Groups of user : g1 Related Commands :
add
Sets the parameters for guest users. Shows the list of guest users Clears guest users and guest groups. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-110 page 4-111 page 4-112 page 4-1 page 4-1 page 4-1 page 4-1
Adds the guest user <guest-user> to the guest user group <guest-group>.
Sets the start date for a guest user <guest-user>. This is the date and time combination from when a guest user can access the resources. <date-time> value must be in the MM:DD:YYYY-hh:mm format (02:24:2008-21:06). Sets the date when the guest user account <guest-user> expires. This is the date and time combination after which the account becomes inactive. <date-time> value must be in the MM:DD:YYYY-hh:mm format (02.24:2008-21:06).
admin(system.userdb.user.guest)> set guest-user guest1 GroupOfGuestUsers admin(system.userdb.user.guest)> show users Guest Username Belongs to Group Start Date Time Expiry Date Time : : : : guest1 GroupOfGuestUsers 01:16:1970-01:10 01:17:1970-01:10
admin(system.userdb.user.guest)> set start-date guest1 01:01:2008-00:00 admin(system.userdb.user.guest)> set expiry-date guest1 01:31:2008-23:59 admin(system.userdb.user.guest)> show users Guest Username Belongs to Group Start Date Time Expiry Date Time : : : : guest1 GroupOfGuestUsers 01:01:2008-00:00 01:31:2008-23:59
show [guests|users]
Displays guest information. groups Displays the list of guest user groups users Displays the list of guest users.
Example admin(system.userdb.user.guest)> show users Guest Username Belongs to Group Start Date Time Expiry Date Time : : : : guest1 GroupOfGuestUsers 01:01:2008-00:00 01:31:2008-23:59
admin(system.userdb.user.guest)> show groups Guest Groupname VanId Start Time Expiry Time Access on Days : : : : : GroupOfGuestUsers 1 0000 2359 Weekdays
Clears all guest user and guest user groups from the local database.
Syntax clear [guest-group|guest-user] clear guest-group <guest-group> clear guest-user <guest-user> Parameters
Clears the guest group indicated by <guest-group> Clears the guest user indicated by <guest-user>
admin(system.userdb.user.guest)> clear guest-group GroupOfGuestUsers admin(system.userdb.user.guest)> clear guest-user guest1 admin(system.userdb.user.guest)> show groups No Guest Groups
Adds an administrative user Removes an administrative user Restarts the WS 2000 Wireless Switch Sets WS 2000 system parameters. Shows WS 2000 system parameter settings. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-114 page 4-115 page 4-116 page 4-117 page 4-121 page 4-1 page 4-1 page 4-1 page 4-1
Adds a device that is allowed administrative access to the switch over WLAN.
Syntax add administrator <ip> Parameters
Removes a device that is allowed administrative access to the switch over WLAN.
Syntax delete administrator [<ip>|all] Parameters
Removes the specified device that is allowed administrative access of the switch from WLAN . <ip> Removes the device specified by <ip>. all Removes all devices
Example admin(system.ws2000)> delete administrator 192.168.0.10 admin(system.ws2000)> delete administrator all admin(system.ws2000)>
None
Example admin(system.ws2000)>restart Restarting system. WS 2000 Wireless Switch 2.4.0.0-011B Copyright(c) Motorola Inc. 2003-2008. All rights reserved. Press escape key to run boot firmware ........ Power On Self Test testing testing testing testing ... Starting iGateway Apps(1).... Starting iGateway Apps(2).... Using switch.o Starting Wireless Switch.... Configuring iGateway.... Starting SNMP.... Using led.o Starting WS2000 CLI.... Login: ram nor flash nand flash ethernet : : : : pass pass pass pass
set [ftp|ssh|snmp] [lan|wan] [mode <mode>|logging <mode>] set [applet|cli] [lan|wan|slan|swan] [mode <mode>|logging <mode>] set set set set set set set set email <email> cc <country-code> loc <location> name <device-name> domain-name <domain> timeout <timeout> limited-access <mode> dns-ip <ip>;
Parameters
airbeam mode <mode> airbeam passwd <passwd> airbeam logging <mode> applet [lan|wan|slan|swan] [mode <mode>| logging <mode>]
Enables or disables airbeam access. <mode> can be one of enable or disable. Sets the airbeam password to <passwd> (139 characters). Sets the logging mode for airbeam access.<mode> can be one of enable or disable. Configures access to the applet. lan mode <mode> Enables/disables http applet access from LAN. wlan mode <mode> Enables/disables http applet access from WAN. slan mode <mode> Enables/disables https applet access from LAN. swan mode <mode> Enables/disables https applet access from WAN. <mode> can be one of enable or disable. logging <mode> Enables/disables logging for each access type. Sets the WS2000 two-letter country code to <country-code>.
cc <country-code>
cli [lan|wan|slan|swan] Configures access to the Command Line Interface (CLI). [mode <mode>| lan mode <mode> Enables/disables http applet access from LAN. logging <mode>] wlan mode <mode> Enables/disables http applet access from WAN. slan mode <mode> Enables/disables https applet access from LAN. swan mode <mode> Enables/disables https applet access from WAN. <mode> can be one of enable or disable. logging <mode> Enables/disables logging for each access type. email Sets the WS2000 admin email address to <email> (159 characters). <email> ftp [lan|wan] [mode Configures access to FTP <mode>| lan mode <mode> Enables/disables http applet access from LAN. logging <mode>] wlan mode <mode> Enables/disables http applet access from WAN. <mode> can be one of enable or disable. logging <mode> Enables/disables logging for each access type. loc <location> Sets the WS2000 system location to <location> (159 characters). name <device-name> Sets the WS2000 system name to <device-name> (159 characters). ssh [lan|wan] [mode Configures secure shell access (SSH) to the device. <mode>| lan mode <mode> Enables/disables http applet access from LAN. logging <mode>] wlan mode <mode> Enables/disables http applet access from WAN. <mode> can be one of enable or disable. logging <mode> Enables/disables logging for each access type. snmp [lan|wan] [mode Configures SNMP access to the device. <mode>| lan mode <mode> Enables/disables http applet access from LAN. logging <mode>] wlan mode <mode> Enables/disables http applet access from WAN. <mode> can be one of enable or disable. logging <mode> Enables/disables logging for each access type. timeout <time-out> Sets the idle timeout to <time-out> value in minutes (01440). Setting the value to 0 indicates not to timeout. limited-access <mode> Enables/disables management access to the WS2000 across subnets. When enabled, administrative access to the subnet interface is available only from hosts in the same subnet. When disabled, hosts from any subnet can access any subnets interface. <mode> can be one of enable or disable. dns-ip <ip> Sets the IP address of the Domain Name Server to resolve domain names to the IP address <ip>. domain-name <domain- Sets the name of the domain to <domain-name> for this WS2000. name> sslv2 <mode> Sets SSLv2 mode <mode> Enables/disables mode for apache support-sshv1 Sets SSHv1 mode. <mode> Enables/disables mode for sshv1 dns-relay-mode Sets DNS relay mode <mode> Enables/disables dns relay mode.
Example admin(system.ws2000)>show all system name : system location : system Domain Name : admin email address : system uptime : WS2000 firmware version : WS2000 firmware build time : country code : applet http access from lan : applet http access from wan : applet https access from lan : applet https access from wan : cli telnet access from lan : cli telnet access from wan : snmp access from lan : snmp access from wan : airbeam/ftp lan access mode : airbeam/ftp wan access mode : ssh wan access mode : ssh lan access mode : airbeam access user name : airbeam access password : http/s timeout interval in minutes: limit ws2000 access : System Wide DNS IP Address : Atlanta1 Atlanta Field Office docteam.motorola.com LeoExample@motorola.com 0 days 4 hours 33 minutes 2.3.1.0-004X Sat-May-31-00:42:16-IST-2008 us enable enable enable enable enable enable enable enable disable disable enable enable airbeam ******** 0 disable 192.168.0.1
admin(system.ws2000)>set name BldgC admin(system.ws2000)>set email johndoe@motorola.com admin(system.ws2000)>set applet lan enable admin(system.ws2000)>set airbeam mode enable admin(system.ws2000)>set airbeam passwd changeme admin(system.ws2000)>show all system name system location system Domain Name admin email address system uptime WS2000 firmware version WS2000 firmware build time country code applet http access from lan applet http access from wan applet https access from lan applet https access from wan cli telnet access from lan cli telnet access from wan snmp access from lan snmp access from wan airbeam/ftp lan access mode airbeam/ftp wan access mode ssh wan access mode ssh lan access mode airbeam access user name airbeam access password : : : : : : : : : : : : : : : : : : : : : : BldgC Atlanta Field Office docteam.motorola.com johndoe@motorola.com 0 days 4 hours 41 minutes 2.3.1.0-004X Sat-May-31-00:42:16-IST-2008 us enable enable enable enable enable enable enable enable disable disable enable enable airbeam ********
http/s timeout interval in minutes: 0 limit ws2000 access : disable System Wide DNS IP Address : 192.168.0.1 admin(system.ws2000)>
None
Example admin(system.ws2000)>show all system name : system location : system Domain Name : admin email address : system uptime : WS2000 firmware version : WS2000 firmware build time : country code : applet http access from lan : applet http access from wan : applet https access from lan : applet https access from wan : cli telnet access from lan : cli telnet access from wan : snmp access from lan : snmp access from wan : airbeam/ftp lan access mode : airbeam/ftp wan access mode : ssh wan access mode : ssh lan access mode : airbeam access user name : airbeam access password : http/s timeout interval in minutes: limit ws2000 access : System Wide DNS IP Address : admin(system.ws2000)> Atlanta1 Atlanta Field Office docteam.motorola.com LeoExample@motorola.com 0 days 4 hours 33 minutes 2.3.1.0-004X Sat-May-31-00:42:16-IST-2008 us enable enable enable enable enable enable enable enable disable disable enable enable airbeam ******** 0 disable 192.168.0.1
ls quit .. /
Lists the content of the CF card Quits the CLI Goes to the parent menu Goes to the root menu
ls <directory-name>
Example
Imports the Secured HTTP self certificate Shows all the Secured HTTP certificates. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-125 page 4-126 page 4-1 page 4-1 page 4-1 page 4-1
import self <cert-id> Imports the Secured HTTP Self Certificate identified by the ID <cert-id>.
Example admin(system.http)> import self 1
None
Example admin(system.http)> show all http self certificate admin(system.http)> : default
Sets the different test parameters Displays the different test parameters and their set values. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu
page 4-128 page 4-129 page 4-1 page 4-1 page 4-1 page 4-1
None
Example admin(system.test)> show all admin(system.test)>show all half fc window for ap100 val broadcasts in psp val drop bc pre wep val rate scale disable val wireless disable val psp fix more data val wpa2 tkip disabled val wpa ie before rsn ie val disable wpa countermeasures val WME enable Wisp alignment padding enable Proxy arp enable Weighted WME enable ARP Check enable SIP src/dst port check : : : : : : : : : : : : : : : [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 ........ ........ ........ ........ ........ ........ ........ ........ .......0 ......0. .....1.. ....1... ...0.... ..1..... .1...... .......0 ......1. .....1.. ....0... ...0.... ..0..... .0...... 0....... ........ ........ ........ ........ ........ ........ ........ ] ] ] ] ] ] ] ] ] ] ] ] ] ] ]
int1 max lan hosts max clients/Portal int4 str1 str2 str3 str4
: : : : : : : :
Statistics Commands
Statistics commands are used to view the different statistical information of the WS2000 Wireless Switch.
5.1 stats
Admin Menu Commands
Shows system status and statistics Goes to the RF Submenu Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu
page 5-2 page 5-5 page 2-6 page 2-5 page 2-7 page 2-8
Displays the system status and statistics for either the specified subnet or the WAN.
Syntax show [leases|subnet|wan|stp|ips] show show show show show show show leases subnet <idx> wan stp <idx> ips [global-stats|category-stats] ips global-stats ips category-stats <category-name>
Parameters
Show the leases issued by the switch. Shows subnet status, where <idx> (16) is the index number of the subnet (LAN) to show. show wan Shows WAN status. show stp <idx> Shows the LAN Spanning Tree Protocol statistics for the subnet <idx> (1-6). show ips global-stats Shows the IPS Global statistics show ips category-stats Show the IPS statistics for a category. Select <category> from: <category> TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS, TCPRPC, UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, TCP, UDP, ICMP, IP To display stats for all IPS signature categories do not pass any parameter to <category>.
Example
tx overruns : 0 tx carrier errors : 0 Port 1 link status : up speed : 100 Mbps Port 2 link status : up speed : 100 Mbps Port 3 link status : down Port 4 link status : down Port 5 link status : down Port 6 link status : down WLAN Interfaces wlans : wlan1
Port Interface Table: ------------------------------------------------------------------------Designated Designated Designated Port - State - Cost Root Bridge Port Designated Cost ------------------------------------------------------------------------ixp0v0 Fwding 100 8000.00157000C851 8000.00157000C851 8001 0 ixp1v0 Fwding 100 8000.00157000C851 8000.00157000C851 8002 0
Shows RF statistics. Resets/clears all RF statistics. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
page 5-7 page 5-6 page 5-1 page 5-1 page 5-1 page 5-1
None
Example admin(stats.rf)>reset admin(stats.rf)>
Syntax:
show all [wlan|ap|mu| Shows all statistics for: mesh-base|mesh-client] wlan Shows all WLAN status. ap Shows all Access Port status. mu Shows all mobile unit (MU) status. mesh-base Shows all mesh-base statistics mesh-client Shows all mesh-client statistics show wlan <idx> Shows the specified WLANs statistics, where <idx> is the index number of the WLAN. show ap <idx> Shows the specified Access Ports statistics, where <idx> is the index number of the Access Port (112). show mu <mu> Shows the specified mobile units statistics, where <mu> is the index number of the mobile unit (1200). show mesh-base <base> Shows the statistics for the mesh base with index <base> (1-36). show mesh-client Shows the statistics for the mesh client with index <client> (1-72). <client> show total Shows total switch statistics.
Example admin(stats.rf)>show all wlan Index Name Status Index Name Status Index Name Status Index : 1 : WLAN1 : Enabled : 2 : WLAN2 : Disabled : 3 : WLAN3 : Disabled : 4
Name Status Index Name Status Index Name Status Index Name Status Index Name Status admin(stats.rf)>show wlan 1 Name ESSID Subnet Adopted APs Number of Associated MUs Packets per second Throughput Average Bit Speed Non-Unicast Packets Signal Noise Signal-to-Noise Average Number of Retries Dropped Packets Undecryptable Packets admin(stats.rf)>show all ap ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status
: WLAN4 : Disabled : 5 : WLAN5 : Disabled : 6 : WLAN6 : Disabled : 7 : WLAN7 : Disabled : 8 : WLAN8 : Disabled
: : : : :
: 0.00 pps : 0.00 Mbps : 0.00 Mbps : 0.00 % : 0.0 dBm : 0.0 dBm : 0.0 dBm : 0.00 Retries : 0.00 % : 0.00 % : 1 : not connected : 2 : connected : 3 : not connected : 4 : not connected : 5 : not connected : 6 : not connected
ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status ap index ap status admin(stats.rf)>show ap 2 Name Location Radio Type Current Channel Adopted By Number of Associated Mus Packets per Throughput Average Bit Approximate Non-Unicast second Speed Utilization Packets : : : : : : : : : : :
: 7 : not connected : 8 : not connected : 9 : not connected : 10 : not connected : 11 : not connected : 12 : not connected AP2 802.11 B 1 WLAN1 0 0.13 pps 0.00 Mbps 0.00 Mbps 0.00 % 100.00 %
Signal Noise Signal-to-Noise Average Number of Retries Dropped Packets Undecryptable Packets
: 0.0 dBm : 0.0 dBm : 0.0 dBm : 0.00 Retries : 0.00 % : 0.00 %