3ComメーカーWXR100 3CRWXR10095Aの使用説明書/サービス説明書
ページ先へ移動 of 750
http://www.3Com.com/ Part No. 10015910 Rev AB Publishe d Decembe r 2007 Wir eless LAN Mobility System W ireless LAN Switch and Contr oller Command Refer ence WX4400 3CRWX440095A WX2200 3CRWX220095A WX.
3Com Corporati on 350 Campus Drive Marlborough, MA USA 01752-3064 Copyright © 2 007, 3Com Corporation. Al l rights reserved . No part of this documen tation may be repr oduced in any form or by any means or used to make any derivative work (such as tr anslation, transformation, or adaptation) without writt en permission from 3Com Corporation.
C ONTENTS A BOUT T HIS G UIDE Conventions 23 Documentation 24 Documentation Comments 25 1 U SING THE C OMMAND -L INE I NTERFACE Overview 27 CLI Conventions 28 Command Prompt s 28 Syntax Notation 28 T .
3 S YSTEM S ERVICE C OMMANDS Commands by Usage 41 clear banner motd 42 clear history 43 clear promp t 43 clear system 44 display banner mo td 45 display base-information 45 display license 46 display .
clear port type 74 display port counters 75 display port-gr oup 76 display port mirr or 77 display port poe 78 display port status 79 display port media-type 81 monitor port counters 82 reset port 87 .
display vlan-profile 120 set fdb 121 set fdb agingtime 122 set security l2-restrict 123 set vlan name 124 set vlan port 125 set vlan tunnel -affinity 126 set vlan pr ofile 127 6 Q UALITY OF S ERVICE C.
display interface 152 display ip alias 153 display ip dns 154 display ip https 155 display ip ro ute 156 display ip telnet 158 display ntp 159 display snmp community 161 display snmp counters 162 disp.
set snmp notify pr ofile 187 set snmp notify target 192 SNMPv3 with Info rms 192 SNMPv3 with T raps 1 93 SNMPv2c with Informs 194 SNMPv2c with T raps 195 SNMPv1 with T raps 1 95 set snmp protocol 197 .
clear usergr oup 227 clear usergroup attr 228 display aaa 229 display accounting statistics 232 display location po licy 234 display mobility-profile 235 set accounting {admin | console} 235 set accou.
display mobility-domain config 282 display mobility-domain status 283 set mobility-domain member 284 set mobility-domain mode me mber secondary seed-ip 285 set mobility-domain mode member seed-ip 286 .
display ap vlan 337 display auto-tune attribu tes 338 display auto-tune neigh bors 340 display ap boot-conf iguration 342 display ap connection 343 display ap global 345 display ap unconfigured 347 di.
set ap radio ch annel 387 set ap radio link-calibration 388 set ap radio load balancing 389 set ap radio load balancing gr oup 390 set ap radio m ode 391 set ap radio r adio-profile 392 set ap radio t.
set radio-pr ofile wmm 430 set radio-pr ofile wmm-pow ersave 430 set service-pr ofile attr 431 set service-profile auth-dot1x 433 set service-profile auth-fallthru 434 set service-profile auth-psk 435.
set service-profile tkip-mc-time 466 set service-pr ofile static-cos 467 set service-profile transmit-rates 468 set service-profile use-client-dscp 470 set service-pr ofile user -idle-timeou t 471 set.
set spantr ee portpri 507 set spantree portvlancost 508 set spantr ee portvlanpri 509 set spantree priority 510 set spantree uplinkfast 510 13 IGMP S NOOPING C OMMANDS Commands by usage 513 clear igmp.
display security acl res ource-usage 547 rollback security acl 551 set security acl 552 set security acl map 557 set security acl hit-sample-ra te 559 15 C RYPTOGRAPHY C OMMANDS Commands by Usage 562 .
17 802.1X M ANAGEMENT C OMMANDS Commands by Usage 593 clear dot1x bonded-p eriod 594 clear dot1x max-re q 595 clear dot1x port-cont rol 595 clear dot1x quiet-period 596 clear dot1x reauth-max 597 clea.
19 RF D ETECTION C OMMANDS Commands by Usage 629 clear rfdetect attack-list 630 clear rfdetect black-list 631 clear rfdetect ignore 631 clear rfdetect ssid-list 632 clear rfdetect vendor -list 633 rfp.
copy 667 delete 669 dir 670 install soda agent 673 display boot 674 display config 675 display version 677 load config 679 md5 681 mkdir 681 reset system 683 res tore 684 rmdir 685 save config 685 set.
display snoop 706 display snoop info 706 display snoop map 707 display snoop stats 708 23 S YSTEM L OG C OMMANDS Commands by Usage 711 clear log 711 display log buf fer 712 display log config 714 disp.
Purchase Extended W arranty and Professional Services 740 Access Software Downloads 740 Contact Us 740 T elephone T echnical S upport and Repair 741 I NDEX.
.
Conventions 23 A BOUT T HIS G UIDE This command refer ence explains Mobility System Software (MSS™) command line interface (CLI) that you enter on a 3Com WXR100 or WX1200 W ireless Switch or WX4400 or WX2200 W ir eless LAN Controller to configur e and manage the Mobility System™ wir eless LAN (WLAN).
24 A BOUT T HIS G UIDE This manual uses the follo wi ng text and syntax conventions: Documentation The MSS documentation set includ es the following documents. Wireless Switch Manager (3WXM) Rele ase Notes These notes provide information about the 3WXM sof tware r elease, including new features and bug fixes.
Documentation Comments 25 Wireless Switch Manager Ref erence Manual This manual shows you how to plan , configure, deploy , and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless Switch Manager (3WXM).
26 A BOUT T HIS G UIDE Please note that we can only r esp ond to comments and questions abo ut 3Com product documentation at this e-mail address. Qu estions related to T ech nical Support or sales should be di rected in the fir st instance to your network supplier .
1 U SING THE C OMMAND -L INE I NTERFACE This chapter discusse s the 3Com W ireless Switch Manager (3WXM) command-line interface (CLI). Described ar e: CLI conventions (see “CLI Conventions” on.
28 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE CLI Conventions Be awar e of the following MSS CL I conventions for command entry: “Command Prompts” on page 28 “Syntax Notation” o.
CLI Conventions 29 A vertical bar ( | ) separates mutually exclusive options within a list of possibilities. For example , you enter either enable or disable , not both, in the following command: .
30 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE IP Addr ess and Mask Notation MSS displays IP addresses in dotte d d ecimal notation — for example, 192.
CLI Conventions 31 T able 3 giv es examples of use r globs. MAC Address Globs A media access control (MAC) address glob is a similar method for matching some authentication, aut horization, and accounting (AAA) and forwarding database (FDB) commands to one or more 6-byte MAC addresses.
32 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE VLAN Globs A VLAN glob is a method for matching one of a set of local rules on an wireless LAN switch, known as th e location policy , to one or more users.
Command-Line Editing 33 A hyphen-separated ran ge of port numbers, with no spaces. For example: WX1200# reset port 1-3 Any combination of single numbers, lists, and ranges.
34 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE History Buffer Th e history buffer stores the last 63 co mmands you entered during a terminal session . Y ou can use the Up Arr ow and Down Arr ow keys to select a command that yo u want to repeat from the history buffer .
Using CLI Help 35 Using CLI Help The CLI provides online help. T o see t he full range of commands available at your access level, type the help command.
36 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE T o see all the variations, type one of the commands follo wed by a question mark (?). For exampl e: WX1200# display ip ? alias display ip aliases .
2 A CCESS C OMMANDS This chapter describes access comma nds used to control access to the Mobility Software System (MSS) command-line interface (CLI). Commands by Usage This chapter presents access services comma nds alphabetically . Use T able 5 to located commands in this chapter based on their use.
38 C HAPTER 2: A CCESS C OMMAND S enable Places the CLI session in enabled mo de, which pr ovides access to all commands requir ed for configur ing and monitoring the system. Syntax — enable Access — All. History — Introduced in MSS V ersio n 3.
set enablepass 39 set enablepass Sets the password that provides enabled access (for configur ation and monitoring) to the WX switch. Syntax — set enablepass Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — After typing the set enablepa ss command, pr ess Enter .
40 C HAPTER 2: A CCESS C OMMAND S.
3 S YSTEM S ERVICE C OMMANDS Use system services commands to configur e and monitor system information for a WX switch. Commands by Usage This chapter presents system service commands alphabe tically . Use T able 6 to locate commands in this chapter based on their use.
42 C HAPTER 3: S YSTEM S ERVICE C OMMANDS clear banner motd Deletes the message-of-the-day (MOTD) banner t hat is displayed before the login prompt for each CLI se ssion on the wir eless LAN switch. Syntax — clear banner motd Defaults — None. Access — Enabled.
clear history 43 clear history Deletes the command history buffer for the current CLI session. Syntax — clear history Defaults — None. Access — All. History — Introduced in MSS V ersion 3.0. Examples — T o clear the hist ory buffer , type the following command : WX4400# clear history success: command buffer was flushed.
44 C HAPTER 3: S YSTEM S ERVICE C OMMANDS clear system Clears the system config uration of the specified information. CAUTION: If you change the IP address, any currently co nfigured Mobility Domain operations cease. Y ou must reset the Mobility Domain.
display banner motd 45 display banner motd Shows the banner that was configured with the set banner motd command. Syntax — display banner motd Defaults — None.
46 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also display boot on page 674 display config on page 675 display license on page 46 display system on page 47 display version on pag e 677 display license Displays information about the license currently installed on the WX switch.
display load 47 display load Displays CPU usa ge on a WX switch. Syntax — display load Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 4.
48 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Examples — T o show system information, type the following command: WX4400# display system ==================================== =========================================== Product Name: WX4400 System Name: WX-bldg3 System Countrycode: US System Location: first-floor-bld g3 System Contact: tamara@example.
display system 49 System idle timeout Number of seconds MSS allows a CLI management session (console, Telnet, or SSH) to re main idle before terminating the session. (The system idle timeout can be configured using the set system idle-timeou t command.
50 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also clear system on page 44 set system contact on page 60 set system countrycode on page 61 set system idle-t imeout on page 65 set system location on page 67 set system name on page 68 help Displays a list of commands that ca n be used to conf igure and monitor the WX switch.
history 51 crypto Crypto, use 'crypto help' for more inf ormation delete Delete url dir Show list of files on flash device disable Disable privileged mode display Display, use 'display .
52 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also clear history on page 43 quickstart Runs a script that interactively helps you configure a new switch. (For more information, see the “CLI quickstart Command” section of the “WX Setup Methods” chapter in the W ireless LAN Switch and Controller Configuration Guide .
set auto-config 53 When the 3WXM server in the corporate ne twork receives the configuration request, the server look s in the currently open network plan for a switch configuration with the same mod el and serial number as the one in the configuration request.
54 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Examples — The following commands stage a WX switch to use the auto-config option. The net work where the switch is installed has a DHCP server , so the swi.
set banner acknowledge 55 message — Up to 32 alphanumeric characters, but not the delimiting character . Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 6.0. Usage Enable the MOTD prompt, then optionally specify a pr ompt message.
56 C HAPTER 3: S YSTEM S ERVICE C OMMANDS set banner motd Configures the banner string that is displayed before the beginning of each login prompt for each CLI session on the WX switch. Syntax — set banner motd “ text ” “ — Delimiting character that begins and en ds the message; for example, double quotes (“).
set confirm 57 set confirm Ena bles or disables the displa y of confirmation messages for commands that might have a large impact on the network. Syntax — set confirm { on | off } on — Enables confirmation messages. off — Disables confirmation messag es.
58 C HAPTER 3: S YSTEM S ERVICE C OMMANDS History — Introduced in MSS V ersio n 3.0. Usage — Use this command if the output of a CLI command is greater than the number of lines allowed by default for a terminal type.
set prompt 59 48 ports are enabled success: license was installed The additional ports refers to the number of additional MAPs the switch can boot and actively manage. See Also display license on page 46 set prompt Changes the CLI prompt for the WX switch to a string you specify .
60 C HAPTER 3: S YSTEM S ERVICE C OMMANDS display config on page 675 set system name on page 68 set system contact Stores a contact name for the WX switch. Syntax — set system contact string string — Alphanumeric string up to 256 characters lo ng, with no blank spaces.
set system countrycode 61 set system countrycode Defines the country-specific IEEE 802.11 regulations to enfor ce on the WX switch. Syntax — set system countrycode code code — T wo-letter code for the country of operation for the WX switch. Y ou can specify one of the codes listed in T able 8.
62 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Egypt EG Estonia EE Finland FI France FR Germany DE Greece GR Guatemala GT Honduras HN Hong Kong HK Hungary HU Iceland IS India IN Indonesia ID Ireland IE Isr.
set system countrycode 63 Mexico MX Morocco MA Namibia NA Netherlands NL New Zealand NZ Nigeria NG Norway NO Oman OM Pakistan PK Panama PA Paraguay PY Peru PE Philippines PH Poland PL Portugal PT Puer.
64 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Defaults — The factory default country code is None. Access — Enabled. History — Introduced in MSS V ersio n 3.0. Usage — Y ou must set the system count y c ode to a vali d value befor e using any set ap commands to configure a MAP .
set system idle-timeout 65 set system idle-timeout Specifies the maximum number of seconds a CLI management session with the switch can remain idle befor e MSS terminates the session. Syntax — set system idle-timeout seconds seconds — Number of sec onds a CLI management session can remain idle before MSS terminates the session.
66 C HAPTER 3: S YSTEM S ERVICE C OMMANDS set system ip-address Sets the system IP address so that it can be u sed by various services in the WX switch. CAUTION: Any currently configured Mobilit y Domain operations cease if you change the IP address. If you ch ange the addre ss, you must reset the Mobility Domain.
set system location 67 set system location Stores location information for the WX switch. Syntax — set system location string string — Alphanumeric string up to 256 characters long, w ith no blank spaces. Defaults — None. Access — Enabled.
68 C HAPTER 3: S YSTEM S ERVICE C OMMANDS set system name Chan ges the name of the WX switch fr om the def ault system name and also provides content for the CLI prompt, if you do not specify a prompt. Syntax — set system name string string — Alphanumeric string up to 256 characters lo ng, with no blank spaces.
4 P ORT C OMMANDS Use port commands to configure a nd manage individual ports and load-sharing port groups. Commands by Usage This chapter presents port commands al phabetically .
70 C HAPTER 4: P ORT C OMMANDS clear ap Removes a Distributed MAP . CAUTION: When you clear a Distributed MAP , MSS ends user sessions that are using the MAP . Syntax — clear ap { ap-number | all } ap-number — Number of the Distribut ed MAP(s) to r emove.
clear port counters 71 clear port counters Clears port statistics counters and resets them to 0. Syntax — clear port counters Defaults — None. Access — Enabled.
72 C HAPTER 4: P ORT C OMMANDS clear port media-type Disables the copper interface and r eenables the fiber interface on an WX4400 gigabit Ether net port. Syntax — clear port media-type port-list port-list — List of physical ports. MSS disables the copper interface and reenables the fiber interface on all the specified ports.
clear port mirror 73 Examples — The following co mmand clears the names of ports 1 through 3: WX4400# clear port 1-3 name See Also display port status on page 79 set port name on page 93 clear port mirr or Removes a port mirroring configuration.
74 C HAPTER 4: P ORT C OMMANDS History — Introduced in MSS V ersio n 3.0. Usage — This command applies only to the WX4400. This command does not affect a link that is already active on the port.
display port counters 75 Examples — The following co mmand clears port 5: WX1200# clear port type 5 This may disrupt currently authentic ated users. Are you sure? (y/n) [n] y success: change accepted. See Also set port type ap on p age 97 set port type wired-auth on page 100 display port counters Displays port statistics.
76 C HAPTER 4: P ORT C OMMANDS receive-etherstats — Shows Ethernet s tatistics for received packets. transmit-etherstats — Shows Ethernet statist ics for transmitted packets. port port-list — List of physical ports. If you do not specify a port list, MSS shows statistics for all ports.
display port mirror 77 Examples — The following co mmand displays the configuration of po rt group server2: WX1200# display port-group name serv er2 Port group: server2 is up Ports: 5, 7 T able 11 describes the fields in the display port-group output.
78 C HAPTER 4: P ORT C OMMANDS See Also display port mirror on page 77 set port mirror on page 92 display port poe Displays status inf ormation for ports on which Power over Eth ernet (PoE) is enabled. Syntax — display port poe [ port-list ] port-list — List of physical ports.
display port st atus 79 See Also set port poe on page 94 display port status Displays configuration and status information for ports. Syntax — display port status [ port-list ] port-list — List of physical ports. If you do not specify a port list, information is displayed for all ports.
80 C HAPTER 4: P ORT C OMMANDS Examples — The following co mmand displa ys information for all por ts on a WX1200 switch: WX1200# display port status Port Name Admin Oper Config Actual Type Media ==.
display port media-type 81 See Also clear port type on page 74 set port on page 89 set port name on page 93 set port negotiation on page 93 set port speed on page 95 set port t.
82 C HAPTER 4: P ORT C OMMANDS Examples — The following co mmand displays the enabled in terface types on all four ports of a WX4400 switch: WX4400# display port media-type Port Media Type ==================================== ======================= 1 GBIC 2 RJ45 3 GBIC 4 GBIC T able 14 describes the fields in this display .
monitor port counters 83 transmit-etherstats — Displays Ethernet statistics for transmitted packets first. Defaults — All types of statistics ar e displayed for all ports. MSS refr eshes the statistics every 5 seconds. This interval cannot be configured.
84 C HAPTER 4: P ORT C OMMANDS For error r eporting, the cyclic redundan cy check (CRC) errors include misalignment errors. Jumbo packets with valid CRCs ar e not counted. A short packet can be reported as a short packet, a CRC err or , or an overrun.
monitor port counters 85 packets Rx Unicast Number of unicast packets received. This number does not include packets that contain errors. Rx NonUnicast Number of broadcast and multicast packets received. This number does not include packets that contain errors.
86 C HAPTER 4: P ORT C OMMANDS See Also display port counters on page 75 collisions Single Co ll Total number of frames transmitted that experienced one collision before 64 bytes of the frame were transmitted on the network.
reset port 87 reset port Resets a port by toggling its link state an d Power over Ether net (PoE) state. Syntax — reset port port-list port-list — List of physical ports. MSS r esets all the specified ports. Defaults — None. Access — Enabled.
88 C HAPTER 4: P ORT C OMMANDS ap-number — Number for the Distributed MAP . The range of valid connection numbers depends on the WX switch model: For a WX4400, you can specify a number from 1 to 256. For a WX1200, you can specify a number from 1 to 30.
set port 89 See Also clear ap on page 7 0 clear port type on page 74 set port type ap on p age 97 set system countrycode on page 61 set port Admin istratively disabl es or reenables a por t. Syntax — set port { enable | disable } port-list enable — Enables the specified ports.
90 C HAPTER 4: P ORT C OMMANDS set port-group Configures a load-sharing port group. All ports in the gr oup function as a single logical link. Syntax — set port-group name group-name port-list mode { on | off } name group-name — Alphanumeric string of up to 255 characters, with no spaces.
set port media-type 91 See Also clear port-group on page 71 display port-group on pa ge 76 set port media-type Disables the fiber interface and en ables the copper interface on an WX4400 gigabit Ether net port. Syntax — set port media-type port-list rj45 port-list —List of physical p orts.
92 C HAPTER 4: P ORT C OMMANDS set port mirror Configures port mirroring. Port mirroring is a troubleshooting feature that copies (mirrors) traffic sent or r eceived by a WX port (the source port) to another port (the observer) on the sa me WX. Y ou can attach a protocol analyzer to the observer port to exam ine the source port’ s traffic.
set port name 93 set port name Assigns a name to a port. After na ming a port, you can use the port name or number in other CLI commands. Syntax — set port port name name port — Number of a physical port. Y ou can specify only one port. name name — Alphanumeric string of up to 16 characters, with no spaces.
94 C HAPTER 4: P ORT C OMMANDS Access — Enabled. History — Introduced in MSS V ersio n 3.0. Usage — WX1200 10/100 Ethernet ports supp ort half-duplex and full-duplex operation. 3Com recommends that you do not configure the mode o f an WX port so that one side of the link is set to autonegotiation while the other side is set to full-duplex.
set port speed 95 History — Introduced in MSS V ersion 3.0. Usage — This command does not apply to any gigabit Ether net ports or to ports 7 and 8 on the WX1200 switch.
96 C HAPTER 4: P ORT C OMMANDS Usage — 3Com r ecommends that you do not configure the mode of a WX port so that o ne side of the link is set t o autonegotiation while the other side is set to full-duplex. Although MSS allo ws this configuration, it can result in slow thr oughput on the link.
set port type ap 97 See Also set ip snmp server on page 180 set snmp community on page 185 set port type ap Configur es an WX switch port for a MAP access point. CAUTION: When you set the po rt type for MAP use, you must specify the PoE state (ena ble or disable) of the port.
98 C HAPTER 4: P ORT C OMMANDS Defaults — All WX ports are network ports by default. MAP access point models AP2750, MAP- 241, and MAP-341 h ave a single radio that can be configured for 802.11a or 802.11b/g. Other MAP models have two radios. On two-ra dio models, one radio is always 802.
set port type ap 99 This command does not apply to any gigabit Ether net ports or to ports 7 and 8 on the WX1200 switch or port 3 on the WX22 00 switch. T o manage a MAP access point on a switch model that does not have 10/100 Ether net ports, use the set ap command to c onfigure a Distributed MAP connection on the swit ch.
100 C HAPTER 4: P ORT C OMMANDS See Also clear ap on page 7 0 clear port type on page 74 set ap radio antennatype on page 383 set ap on page 87 set port type wir ed-auth on page 100 set system countrycode on page 61 set port type wired-auth Configures a WX switch port for a wir ed authentication user .
set port type wired-auth 101 Usage — Y ou canno t set a port’ s type if the port is a member of a port VLAN. T o r emove a port from a VLAN, use the clear vlan command. T o reset a port as a network port, use the clear port type command. When you change port type, MSS applie s default sett ings appropriate for the port type.
102 C HAPTER 4: P ORT C OMMANDS Examples — The following co mmand sets port 2 for a wired authentication user: WX1200# set port type wired-auth 2 success: change accepted The following command sets .
5 VLAN C OMMANDS Use virtual LAN (VLAN) c ommands to configure and manage parameters for individual por t VLANs on network ports, and to display information about clients roaming within a mobility domain. Commands by usage This chapter presents VLAN commands alphabet ically .
104 C HAPTER 5: VLAN C OMMANDS clear fdb Deletes an entry fr om the forw arding database (FDB). Syntax — clear fdb { perm | static | dynamic | port port-list } [ vlan vlan-id ] [ tag tag-valu e ] perm — Clears permanent entries. A permanent entry does not age out and remains in the database even after a r eboot, reset, or power cycle.
clear security 12-restrict 105 History —Introduced in MSS V ersion 3.0. Usage — Y ou can delete forwarding da tabase entries based on entry type, port, or VLAN.
106 C HAPTER 5: VLAN C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 4.1. Usage — If you clear all MAC addresses, Layer 2 forwarding is no longer restricted in the VLAN. Clients wi thin the VLAN will be able to communicate dir ectly .
clear vlan 10 7 Examples — The following co mmand clears Layer 2 forwarding restriction statistics for VLAN abc_air : WX4400# clear security 12-restrict c ounters vlan abc_air success: change accepted.
108 C HAPTER 5: VLAN C OMMANDS Examples — The following co mmand removes port 1 fr om VLAN green : WX4400# clear vlan green port 1 This may disrupt user connectivity.
display fdb 10 9 If a VLAN profile is changed so that traffic that had been tunneled to an VX switch is now locall y switched by MAPs, or vice-versa, the sessions of clients associated with the MAPs where the VLAN profile is applied are terminated, and the clients mu st re-associate with the MAPs.
110 C HAPTER 5: VLAN C OMMANDS dynamic — Displays dynamic entries. A dynamic entry is automatically removed thr ough aging or after a reboot, r eset, or power cycle. system — Displays system entries. A sy stem entry is added by MSS. For example, the authentication protocols can add entries for wire d and wireless authentication users.
display fdb agingtime 111 T able 20 describes the fields in the display fdb output. See Also clear fdb on page 104 set fdb on page 121 display fdb agingtime Displays the aging timeout period for forwarding database entries. Syntax — display fdb agingtime [ vlan vlan-id] vlan vlan-id — VLAN name or number .
112 C HAPTER 5: VLAN C OMMANDS VLAN 2 aging time = 600 sec VLAN 1 aging time = 300 sec Because the forwarding database aging timeout period can b e configured only on an individual VLAN basis, the command lists the aging timeout period for each VLAN separately .
display roaming station 113 display roaming station Shows a list of the stations roaming to the wir eless LAN switch through a VLAN tunnel. Syntax — display roaming station [ vlan vlan-id ] [ peer ip-addr ] vlan vlan-id — Output is r estricted to stations usin g this VLAN.
114 C HAPTER 5: VLAN C OMMANDS See Also display roaming vlan on page 115 State State of the session: Setup — Station is attempting to roam to this WX switch. This switch has asked the WX from which the station is roaming for the station’s session info rmation and is waiting for a reply.
display roaming vlan 11 5 display roaming vlan Shows all VLANs in the mobility doma in, the WX switches servicing the VLANs, and their tunnel affinity values configured on each switch for the VLANs. Syntax — display roaming vlan Defaults — None. Access — Enabled.
116 C HAPTER 5: VLAN C OMMANDS display security 12-restrict Displays configuration information and statistics for Layer 2 forwarding restriction. Syntax — display security 12-restrict [v lan vlan-id | all] vlan-id — VLAN name or number . all — Displays information for all VLANs.
display tunnel 117 See Also clear security 12-restrict on page 105 clear security 12-re strict counters on page 106 set security l2-restrict on page 123 display tunnel Sh ows the tunnels from the wir eless LAN switch where you type the command.
118 C HAPTER 5: VLAN C OMMANDS See Also display vlan config on page 118 display vlan config Shows VLAN information. Syntax — display vlan config [ vlan-id ] vlan-id — VLAN name or number . If you do not specify a VLAN, information for all VLANs is displayed.
display vlan config 119 T able 25 describes the fields in this display . See Also clear security 12-restrict on page 105 set security l2-restrict on page 123 set vlan port on page 125 set vlan tunnel-affinity on page 126 T able 25 Output for display vlan config Field Description VLAN VLAN number.
120 C HAPTER 5: VLAN C OMMANDS display vlan-pr ofile Displays the contents of the VLAN pr ofiles configur ed on the WX switch. A VLAN pr ofile lists the VLANs for wh ich traffi c is locally switched by MAPs wher e the VLAN profile is applied.
set fdb 121 set fdb Adds a permanent or static en try to the fo rwarding database. Syntax — set fdb { perm | static } mac-addr port port-list vlan vlan-id [ tag tag-value ] perm — Adds a permanent entry . A permanent entry does not age out and remains in the database even a fter a reboot, reset, or power cycle.
122 C HAPTER 5: VLAN C OMMANDS See Also clear fdb on page 104 display fdb on page 109 set fdb agingtime Changes th e aging timeout period for dynamic entries in the forwarding database. Syntax — set fdb agingtime vlan-id age seconds vlan-id — VLAN name or number .
set security l2-restrict 123 set security l 2-restrict Restricts Layer 2 forwarding between clients in the same VLAN. When you restrict Layer 2 forwar ding in a VLAN, MSS allows Layer 2 forwarding only between a client and a set of MAC addresses, generally the VLAN’ s gateway routers.
124 C HAPTER 5: VLAN C OMMANDS set vlan name Creates a VLAN and assigns a number and name to it. Syntax — set vlan vlan-num name name vlan-num — VLAN number . Y ou can specify a number from 2 through 4093. name — String up to 16 alpha betic characters long.
set vlan port 125 set vlan port Assigns one or more network ports to a VLAN. Y ou also can add a virtual port to each network port by addi ng a tag value to the networ k port. Syntax — set vlan vlan-id port port-list [ tag ta g-value ] vlan-id — VLAN name or number .
126 C HAPTER 5: VLAN C OMMANDS set vlan tunnel-affinity Changes a wireless LAN switch’ s prefer ability within a m ob ility domain for tunneling user traffic for a VLAN.
set vlan profile 127 set vlan profile Configur es entries in a VLAN profile that can be applied to an MAP for local switching. Syntax — set vlan-profile profile-name vlan vlan-name [ tag tag-value ] profile-name — VLAN pr ofile name. vlan-name — Name of a VLAN.
128 C HAPTER 5: VLAN C OMMANDS.
6 Q UALITY OF S ERVICE C OMMANDS Use Quality of Service (QoS) commands to configure packet prioritization in MSS. Packet prioritization ensures that WX switches and MAP access points give prefer ential treatment to high-priority traffic such as voice and video.
130 C HAPTER 6: Q UALITY OF S ERVICE C OMM ANDS Classify inbound packets by mappin g their DSCP values to one of eight internal QoS values Classify outbound packets by marking their DSCP value.
set qos cos-to-dscp-map 131 set qos cos-to-dscp-map Changes the value to which MSS maps an internal QoS value when marking outbound packets. Syntax — set qos cos-to-dscp-map level dscp dscp -value level — Internal CoS value. Y ou can specify a number from 0 to 7.
132 C HAPTER 6: Q UALITY OF S ERVICE C OMM ANDS set qos dscp-to-cos-map Changes the inter nal QoS value to which MSS maps a packe t’ s DSCP value when classifying inbound packets. Syntax — set qos dscp-to-cos-map dscp-range cos level dscp-range — Y ou can specify the values as decimal numbers.
display qos 13 3 display qos Displays the switch’ s QoS settings. Syntax — display qos [default] default — Displays the default mappings. Defaults — None.
134 C HAPTER 6: Q UALITY OF S ERVICE C OMM ANDS display qos dscp-table Displays a table that m aps Differ entiated Services Code Point (DSCP) values to their equivalen t combinations of IP prec edence values and IP T oS values. Syntax — display qos dscp-table Defaults — None.
7 IP S ERVICES C OMMANDS Use IP services commands to conf igur e and manage IP interfaces, management services, the Domain Name Service (DNS), Network T ime Protocol ( NTP), aliases, and to ping a host or trace a r oute. Commands by Usage This chapter presents IP services commands alphabe tically .
136 C HAPTER 7: I P S ERVICES C OMMANDS HTTPS Management set ip https server on page 177 display ip https on page 155 DNS set ip dns on page 175 set ip dns domain on page 175 set ip dns serve r on pag.
clear interface 137 clear interface Removes an IP interface. Syntax — clear interface vlan-id ip vlan-id — VLAN name or number Defaults — None.
138 C HAPTER 7: I P S ERVICES C OMMANDS T opology reporting for dual-homed MAP access points Default source IP addr ess used in unsolicited communications such as AAA accounting reports and SN.
clear ip dns domain 13 9 clear ip dns domain Removes the default DNS domain name. Syntax — clear ip dns domain Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following co mmand remo ves the default DNS domain name from a WX switch: WX1200# clear ip dns domain Default DNS domain name cleared.
140 C HAPTER 7: I P S ERVICES C OMMANDS See Also clear ip dns domain on page 139 display ip dns on page 154 set ip dns on page 175 set ip dns domain on page 175 set ip dns server on page 176 clear ip r oute Removes a route fr om the IP route table.
clear ip telnet 141 clear ip telnet Resets the T elnet ser ver TCP port number to its default value. A WX listens for T elnet management traffic on the T elnet server port . Syntax — clear ip telnet Defaults — The default T elnet port number is 23.
142 C HAPTER 7: I P S ERVICES C OMMANDS Examples — The following co mmand removes NTP server 192.168.40.240 from a WX switch configuration: WX4400# clear ntp server 192.
clear snmp community 143 clear snmp community Clears an SNMP community string. Syntax — clear snmp community name comm-string comm-string — Name of the SNMP community you want to clear . Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.
144 C HAPTER 7: I P S ERVICES C OMMANDS See Also set snmp notify profile on page 187 display snmp notify pr ofile on page 162 clear snmp notify target Clears an SNMP notifi cation target. Syntax — clear snmp notify target target-num target-num — ID of the target.
clear summertime 145 Examples — The following co mmand clears SNMPv3 user snmpmgr1 : WX1200# clear snmp usm snmpmgr1 success: change accepted. See Also set snmp usm on page 199 display snmp usm on page 164 clear summertime Cl ears the summertime se tting from a WX.
146 C HAPTER 7: I P S ERVICES C OMMANDS clear system ip-address Clears the system IP addr ess. CAUTION: Clearing the system IP ad dress disrupts the system tasks that use the address. Syntax — clear system ip-address Defaults — None. Access — Enabled.
display arp 147 Examples — T o return the WX r eal-time cl ock to UTC, type the following command: WX4400# clear timezone success: change accepted. See Also clear summertime on page 145 set .
148 C HAPTER 7: I P S ERVICES C OMMANDS T able 29 describes the fields in this display . See Also set arp on page 168 set arp agingtime on page 169 display dhcp-client Displays DHCP client in formation for all VL ANs. Syntax — display dhcp-client Defaults — None.
display dhcp-client 14 9 Examples — The following co mmand displa ys DHCP client information: WX1200# display dhcp-client Interface: corpvlan(4) Configuration Status: Enabled DHCP State: IF_UP Lease Allocation: 65535 seconds Lease Remaining: 65532 seconds IP Address: 10.
150 C HAPTER 7: I P S ERVICES C OMMANDS display dhcp-server Displays MSS DHCP server information. Syntax — display dhcp-server [interface vlan-i d ] [verbose] interface vlan-id — Displays the IP addresses leased by the specified VLAN. verbose — Displays configuration and status information for the MSS DHCP server .
display dhcp -server 151 Default Gateway: 10.10.20.1 DNS Servers: 10.10.20.4 10.10.20 .5 DNS Domain Name: mycorp.com T able 31 and T able 32 describe the fields in these displays. T able 31 Output for display dhcp-server Field Description VLAN VLAN number Name VLAN name Address IP address leased by the server.
152 C HAPTER 7: I P S ERVICES C OMMANDS See Also set interface dhcp-server on page 172 display interface Displays the IP interfaces configured on the WX. Syntax — display interface [ vlan-id ] vlan-id — VLAN name or number . Defaults — If you do not specify a VLAN ID, interfaces for all VLANs are displayed.
display ip alias 15 3 See Also clear interface on pag e 137 set interface on page 170 set interface dhcp-client on page 171 display ip alias Displays the IP aliases configured on the WX. Syntax — display ip alias [ name ] name — Alias string.
154 C HAPTER 7: I P S ERVICES C OMMANDS T able 34 describes the fields in this display . See Also clear ip alias on page 138 set ip alias on page 174 display ip dns Displays the DNS serv ers used by the WX. Syntax — display ip dns Defaults — None.
display ip https 15 5 See Also clear ip dns domain on page 139 clear ip dns server on page 139 set ip dns on page 175 set ip dns domain on page 175 set ip dns server on pa ge 176 display ip https Shows information about the HTTPS management port.
156 C HAPTER 7: I P S ERVICES C OMMANDS See Also clear ip telnet on page 141 display ip telnet on page 158 set ip https server on page 177 set ip telnet on page 181 set ip telnet server on page 182 display ip route Displays the IP r oute table on the WX.
display ip ro ute 157 Usage — When you add an IP inte rface to a VLAN that is up, MSS a dds direct and local r outes for the interface to the route table.
158 C HAPTER 7: I P S ERVICES C OMMANDS See Also clear ip route on page 140 display interface on page 152 display vlan config on page 118 set interface on page 170 set ip rou te on page 178 display ip telnet Shows information about the T elnet management port .
display ntp 15 9 Examples — The following comman d shows the status and port number for the T elnet manage ment interface to the WX switch: WX4400> display ip telnet Server Status Port ---------------------------------- Enabled 23 T able 38 describes the fields in this display .
160 C HAPTER 7: I P S ERVICES C OMMANDS Examples — T o display NTP information for a WX switch, type the following command: WX4400> display ntp NTP client: enabled Current update-interval: 20(secs) Current time: Fri Feb 06 2004, 12:02 :57 Timezone is set to 'PST', offset fro m UTC is -8:0 hours.
display snmp community 161 See Also clear ntp server on page 141 clear summertime on page 145 clear timezone on pa ge 146 display timezone on page 165 set ntp on page 183 set n.
162 C HAPTER 7: I P S ERVICES C OMMANDS See Also clear snmp community on page 143 set snmp community on page 185 display snmp counters Displays SNMP statistics counters . Syntax — display snmp counters Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.
display snmp status 163 See Also clear snmp notify target on page 144 set snmp notify target on page 192 display snmp status Displays SNMP version and status infor mation. Syntax — display snmp status Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.
164 C HAPTER 7: I P S ERVICES C OMMANDS display snmp usm Displays information about SNMPv3 users. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. See Also clear snmp usm on page 144 display snmp usm on page 164 display summertime Displays a WX of fset time fr om its real-tim e clock time.
display timedate 165 set timedate on page 204 set timezone on pag e 205 display timedate Shows the date and time of day currently set on a WX real-time clock. Syntax — display timedate Defaults — None. Access — All. History —Introduced in MSS V ersion 3.
166 C HAPTER 7: I P S ERVICES C OMMANDS Examples — T o display the offset fr om UTC, type the following command: WX4400# display timezone Timezone set to 'pst', offset from U TC is -8 hour.
ping 167 Because the WX switch adds header in formation , the ICMP packet size is 8 bytes larger than the size you specify . source-ip ip-addr — IP address, in dotted decimal notation, to use as the source IP addr ess in the ping packets. source-ip vlan-name — VLAN name to use as the ping sour ce.
168 C HAPTER 7: I P S ERVICES C OMMANDS set arp Adds an ARP entry to the ARP table. Syntax — set arp { permanent | static | dyn amic } ip-addr mac-addr permanent — Adds a permanent entry . A permanent entry does not age out and remains in the database even after a reboot, re set, or power cycle.
set arp agingtime 169 set arp agingtime Changes the ag ing timeout for dynamic AR P entries. Syntax — set arp agingtime seconds seconds — Number of seconds an entry can r emain unused before MSS removes the entry . Y ou can specify from 0 through 1,000,000.
170 C HAPTER 7: I P S ERVICES C OMMANDS set interface Configures an IP interface on a VLAN. Syntax — set interface vlan-id ip { ip-addr mask | ip-addr/mask-length } vlan-id — VLAN name or number . ip-addr mask — IP addr ess and subnet mask in dotted decimal notation (for example, 10.
set interface dhcp-client 171 See Also clear interface on pag e 137 display interface on page 152 set interface dhcp-client on page 171 set interface dhcp-client Configures the DH CP client on a VLAN and allows the VLAN to obtain its IP interface from a DHCP server .
172 C HAPTER 7: I P S ERVICES C OMMANDS See Also clear interface on pag e 137 display dhcp-client on page 148 display interface on page 152 set interface dhcp-server Configures the MSS DHCP server .
set interface status 173 Access — Enabled. History —Introduced in MSS V ersion 4.0. Usage — By default, all addresses exce pt the host addr ess of the VLAN, the network broadcast addr ess, a nd the subnet broadcast addr ess are included in the range.
174 C HAPTER 7: I P S ERVICES C OMMANDS Examples — The following co mmand disabl es the IP in terface on VLA N mauve: WX4400# set interface mauve status down success: set interface mauve to down See.
set ip dns 175 set ip dns Enables or disables DNS on a wireless LAN switch. Syntax — set ip dns { enable | disable } enable — Enables DNS. disable — Disables DNS. Defaults — DNS is disabled by default. Access — Enabled. History — Introduced in MSS V ersion 3.
176 C HAPTER 7: I P S ERVICES C OMMANDS Aliases take precedence over DNS. When you enter a hostname, MSS checks for an alias with that name first, befor e using DNS to resolve the name. Examples — The following co mmand configures the default domain name example.
set ip https server 177 success: change accepted. WX1200# set ip dns server 10.10.30.6 9/24 secondary success: change accepted. See Also clear ip dns domain on page 139 clear ip dns server on .
178 C HAPTER 7: I P S ERVICES C OMMANDS set ip route Adds a static route to the IP route table. Syntax — set ip route { default | ip-addr mask | ip-addr/mask-length } gateway metric default — Default r oute. A WX switch uses the default route if an explicit route is not ava ilable for the destination.
set ip route 17 9 When you add multiple routes to the same destination, MSS groups the routes and or ders them from lowest cost at the top of the gr oup to highest cost at the botto m of the group.
180 C HAPTER 7: I P S ERVICES C OMMANDS set ip snmp server Enables or disables the SNMP service on the WX. Syntax — set ip snmp server { enable | disable } enable — Enables the SNMP service. disable — Disables the SNMP service. Defaults — The SNMP service is disabled by default.
set ip ssh server 181 See Also set ip ssh server on page 181 set ip ssh server Disables or reenables the SSH server on a WX. CAUTION: If you disable the SSH server , SSH access to the WX is also disabled. Syntax — set ip ssh server { enable | disable } enable — Enables the SSH server .
182 C HAPTER 7: I P S ERVICES C OMMANDS Defaults — The default T elnet port number is 23. Access — Enabled. History —Introduced in MSS V e rsion 3.0. Examples — The following co mmand changes the T elnet port number on a WX to 5000: WX4400# set ip telnet 5000 success: change accepted.
set ntp 183 See Also clear ip telnet on page 141 display ip https on page 155 display ip telnet on page 158 set ip https server on page 177 set ip telnet on page 181 set ntp Enables or disables the NTP client on a WX. Syntax — set ntp { enable | disable } enable — Enables the NTP cli ent.
184 C HAPTER 7: I P S ERVICES C OMMANDS set ntp server Configures a WX to use an NTP server . Syntax — set ntp server ip-addr ip-addr — IP addr ess of the NTP server , in dotted decimal not ation. Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 3.
set ntp update-interval 18 5 set ntp update-interval Changes how often a WX sends queries to th e NTP servers for updates. Syntax — set ntp update-interval seconds seconds — Number of seconds between queries. Y ou can specify from 16 thr ough 1,024 seconds.
186 C HAPTER 7: I P S ERVICES C OMMANDS read-notify — Allows an SNMP management application using the string to get object values on the switch but not to set them. The switch can use the string to send notifications. notify-only — Allows the WX to use the string to send notifications.
set snmp notify profile 187 See Also clear snmp community on page 143 set ip snmp server on page 180 set snmp notify target on page 192 set snmp notify profile on page 187 set snmp.
188 C HAPTER 7: I P S ERVICES C OMMANDS AP TimeoutT raps— Generated when a MAP access point fails to respond to the WX switch. AuthenT r aps— Generated when the WX switch’ s SNM P engine receives a bad community string.
set snmp notify profile 189 DAPConnectW arningT raps —Generated when a Distribut ed MAP whose fingerprint has not been configured in MSS establishes a management session with the switch. DeviceFailT raps— Generated when an event with an Alert severity occurs.
190 C HAPTER 7: I P S ERVICES C OMMANDS RFDetectDoSPortT raps —Generated when MSS detects an associate request flood, r eassociate request flood, or disassociate request flood. RFDetectDoST raps —Genera ted when MSS detects a DoS atta ck other than an associat e request flo od, reassociate r equest flood, or disassociate request flood.
set snmp notify profile 191 WX1200# set snmp notify profile snmp prof_rfdetect send RFDetectAdhocUserTraps success: change accepted. WX1200# set snmp notify profile snmp prof_rfdetect send RFDetectAdhocUserDisappearTraps success: change accepted.
192 C HAPTER 7: I P S ERVICES C OMMANDS See Also clear snmp notify profile on page 143 set ip snmp server on page 180 set snmp community on page 185 set snmp notify target on page 192 .
set snmp notify target 193 username — USM username. This option is applicable only when the SNMP version is usm . If the user will send informs rather than traps, you also must specify the snmp-engine-id of the target. snmp-engine-id — SNMP engine ID of the target.
194 C HAPTER 7: I P S ERVICES C OMMANDS username — USM username. This option is applicable only when the SNMP version is usm . profile p rofile-name — Notification profile this SNMP user will use to specify the notification types to send or drop.
set snmp notify target 195 SNMPv2c with T raps T o configure a notification target for traps from SNMPv2c, use the following command: Syntax — set snmp notify ta rget target -num ip-addr [ :udp-port-numb er ] v2c community-string trap [profile profile-name ] target-num — ID for the target.
196 C HAPTER 7: I P S ERVICES C OMMANDS Usage — The inform or trap option specifies whether the MSS SNMP engine expects the target to acknowle dge notifications sent to the target by the WX switch. Use inform if you want acknowledgements. Use trap if you do not want acknowledgements.
set snmp pr otocol 197 set snmp protocol Enables an SNMP pr otocol. MSS supports SNMPv1, SNMPv2c, and SNMPv3. Syntax — set snmp protocol {v1 | v2c | usm | all} {enable | disable} v1 — SNMPv1 V2c — SNMPv2c usm — SNMPv3 (with the user security model) all — Enables all supported versions of SNMP .
198 C HAPTER 7: I P S ERVICES C OMMANDS set snmp security Sets the minimum level of securi ty MSS requir es for SNMP message exchanges. Syntax — set snmp security {unsecured | authenticate d | encrypted | auth-req-unsec-notify} unsecured — SNMP message exchanges are not secure.
set snmp usm 19 9 set snmp usm on page 199 display snmp status on page 163 set snmp usm Creates a USM user for SNMPv3. This command d oes not appl y to SN MPv1 or SNMPv2c. For these SNMP versions, use the set snmp community command to configure community strings.
200 C HAPTER 7: I P S ERVICES C OMMANDS notify-only —The switch can use the string to send n otifications. read-write —An SNMP management app licatio n using the string can get and set object values on the switch. notify-read-write — An SNMP management application using the string can get and set object values on the switch.
set snmp usm 20 1 Defaults — No SNMPv3 users are configur ed by default. When you configure an SNMPv3 user , the default access is read-only , and the default authentication and encryption types are both none . Access — Enabled. History — Introduced in MSS V ersion 4.
202 C HAPTER 7: I P S ERVICES C OMMANDS set summertime Offsets the real-time clock of a WX by +1 hour and returns it to standard time for daylight savings time or a similar summertime period.
set system ip-address 203 Examples — T o enable summertime and set the summertime time zone to PDT (Pacific Daylight Time ), type the following command: WX1200# set summertime PDT success: change ac.
204 C HAPTER 7: I P S ERVICES C OMMANDS Examples — The following co mmands configure an IP interface on VLAN taupe and configure the interface to be the system IP address: WX4400# set interface taupe ip 10.10 .20.20/24 success: set ip address 10.10.
set timezone 205 Examples — The following co mmand sets the date to March 13, 2003 and time to 11:11:12: WX4400# set timedate date feb 29 200 4 time 23:58:00 Time now is: Sun Feb 29 2004, 23:58:02 P.
206 C HAPTER 7: I P S ERVICES C OMMANDS Examples — T o set the time zone for Paci fic Standard Time (PST ), type the following command: WX1200# set timezone PST -8 Timezone is set to 'PST', offset fro m UTC is -8:0 hours.
traceroute 207 Examples — In the following example, an administrator establishes a T elnet session with another device and enters a command on th e remote device: WX4400# telnet 10.10.10.90 Session 0 pty tty2.d Trying 10.10.10 .90... Connected to 10.
208 C HAPTER 7: I P S ERVICES C OMMANDS dnf — Sets the Do Not Fragme nt bit in the ping packet to prevent the packet from being fragmented. no-dns — Pr events MSS from performing a DNS lookup for each hop to the destination host. port port-num — TCP port number listening for the traceroute probes.
traceroute 209 The first row of the display indicates the target host, the maximum number of hops, and the packet size. Each numbered r ow displays information about one hop. The rows are displayed in the or der in which the hops occur , beg inning with the hop closest to the WX switch.
210 C HAPTER 7: I P S ERVICES C OMMANDS.
8 AAA C OMMANDS Use authentication, authorization, and accounting (AAA) commands to provide a secur e network connection and a recor d of user activity . Location policy commands override an y virtual LAN (VLAN) or security ACL assignment by AAA or the local WX database to help you control access locally .
212 C HAPTER 8: AAA C OMMANDS Local Authorization for Password Users set user on page 271 clear user on page 224 set user attr on page 273 clear user attr on page 225 set usergroup on page 275 clear u.
clear accounting 213 clear accounting Removes accountin g services for specified wireless users with administrat ive acce ss or net work access. Syntax — clear accounting { admin | dot1x } { user- glob } admin — Users with administrative access to the WX through a console connection or through a T elnet or Web View connection.
214 C HAPTER 8: AAA C OMMANDS Examples — The following co mmand remo ves accounting services for authorized network user Nin: WX4400# clear accounting dot1x Nin success: change accepted.
clear authentication console 215 clear authentication mac on page 217 clear authentication mac on page 217 clear authentication proxy on page 218 display aaa on page 229 set authentication admin on page 239 clear authentication console Removes an authentication rule fo r administ rative access through the Console.
216 C HAPTER 8: AAA C OMMANDS clear authentication mac on page 217 clear authentication proxy on page 218 set authentication console on page 241 clear authentication dot1x Removes an 802.
clear authentication mac 217 clear authentication proxy on page 218 display aaa on page 229 set authentication dot1x on page 243 clear authentication mac Removes a MAC authentication rule. Syntax — clear authentication mac { ssid ssid-name | wired } mac-addr-glob ssid ssid-name — SSID name to apply the authentication.
218 C HAPTER 8: AAA C OMMANDS clear authentication proxy Removes a proxy rule for thir d-party AP users. Syntax — clear authentication proxy ssid ssid-na me user-glob ssid ssid-name — SSID name to which th is authentication rule applies. user-glob — User -glob associated with the rule you are removing.
clear location policy 219 Examples — The following co mmand re moves WebAAA for SSID research and usergl ob temp*@thiscorp.com : WX4400# clear authentication web ssi d research temp*@thiscorp.
220 C HAPTER 8: AAA C OMMANDS See Also display location policy on page 234 set location policy on page 256 clear mac-user Removes a user profile from the loca l database on the WX fo r a user authenticated by a MAC address. (T o remove a user pr ofile in RADIUS, see the documentation for your RADIUS server .
clear mac-user attr 221 clear mac-user attr Removes an authorization attribute from the user profile in the local database on the WX switch, for a user who is authenticated by a MAC address. (T o remove an authorization attribute in RADIUS, see the documentation for your RADIUS server .
222 C HAPTER 8: AAA C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Removing a MAC user fr om a MAC user group removes the group name fr om the user’ s profile, but does not delete the user group from the local WX database.
clear mac-usergroup attr 223 See Also clear mac-usergroup attr on page 223 display aaa on page 229 set mac-usergroup attr on page 267 clear mac-usergroup attr Removes an authorization attribute fr om a MAC user group in the local database on the WX, for a g roup of users who are authenticated by a MAC address.
224 C HAPTER 8: AAA C OMMANDS clear mobility-profile Removes a Mobility Profile entirely . Syntax — clear mobility-profile name name — Name of an existing Mobility Profile. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.
clear user attr 225 Examples — The following co mmand delete s the user profile for user Nin: WX4400# clear user Nin success: change accepted. See Also display aaa on page 229 set user on page 271 clear user attr Removes an authorization attribute fr om the user profile in the local database on the WX for a user with a password.
226 C HAPTER 8: AAA C OMMANDS clear user gr oup Removes a user with a p assword fr om membership in a user group in the local database on the WX. (T o remove a user fr om a user group in RADIUS, see the documentation for your RADIUS server .) Syntax — clear user username group username — Username of a user with a password.
clear usergroup 227 History — Introduced in MSS 6.0. Usage — If a user’ s password has expir ed, or the user is unable to log in within the configur ed limit for login attemp ts, then the user is locked out of the system, and cannot gain ac cess without the intervention of an adminstrator .
228 C HAPTER 8: AAA C OMMANDS See Also clear usergroup attr on page 228 display aaa on page 229 set usergroup on page 275 clear usergroup attr Removes an authorization attribute from a user group in the local database on the WX. (T o remove an authorization attribut e in RADIUS, see the documentation for your RADIUS server .
display aaa 229 display aaa Displays all curr ent AAA settings. Syntax — display aaa Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Web Portal section added, to indicate the state of the WebAAA featur e in MSS V ersion 4.
230 C HAPTER 8: AAA C OMMANDS user last-resort-guestssid Vlan-Name = k2 user last-resort-any Vlan-Name = foo mac-user 01:02:03:04:05:06 usergroup eastcoasters session-timeout = 99 T able 42 describes the fields that can appear in display aaa output .
display aaa 231 See Also set accounting {admin | console} on page 235 set authentication admin on page 239 set authentication console on page 241 set authentication dot1x on page 243 .
232 C HAPTER 8: AAA C OMMANDS display accounting statistics Displays the AAA accounting recor ds for wireless users. The r ecords ar e stored in the local database on the WX. (T o display RADIUS accounting record s, see the documentation for your RADIUS server .
display accounting s tatistics 233 AAA_ACCT_SVC_ATTR=2 AAA_VLAN_NAME_ATTR=default Calling-Station-Id=00-06-25-12-06-38 Nas-Port-Id=3/1 Called-Station-Id=00-0B-0E-00-CC-01 AAA_SSID_ATTR=vineet-dot1x T able 43 describes the fields that can appear in display accounting statistics output.
234 C HAPTER 8: AAA C OMMANDS See Also clear accounting on page 213 display aaa on page 229 set accounting {admin | console} on page 235 display location policy Displays the list of location policy ru les that make up the location policy on an WX switch.
display mobility-profile 235 display mobility-profile Displays the named Mobility Pr ofile. If you do not specify a Mobility Profile name, this command shows a ll Mobility Profile nam es and port lists on the WX. Syntax — display mobility-profile [ name ] name — Name of an existing Mobility Profile.
236 C HAPTER 8: AAA C OMMANDS Specify a username, use the doub le-asterisk wildcard character ( ** ) to specify all user names, or use the single-ast erisk wildcard character ( * ) to specify a set of usernames up to or following the first delimiter character—either an at sign (@) or a period (.
set accounting {dot1x | mac | web | last-resort} 237 See Also clear accounting on page 213 display accounting statistics on page 232 set accounting {dot1x | mac | web | last-resort} Sets up accounting services for spec ified wireless users with network access, and defines the accounting recor ds and where they ar e sent.
238 C HAPTER 8: AAA C OMMANDS start-stop — Sends accounting recor ds at the start and end of a network session. stop-only — Sends accounting recor ds only at the end of a network session. method1, method2, method3, method4 — At least one of up to four methods that MSS uses to process accounting r ecords.
set authentication admin 239 set authentication admin Configures authentication and defines where it is performed for specified users with administrat ive access through T elnet or Web Manager .
240 C HAPTER 8: AAA C OMMANDS History —Introduced in MSS V ersion 3.0. The syntax descriptions for the set authentication commands are separated for clarity . However , the options and behavior for the set authentication admin command are th e same as in previous releases.
set authentication console 241 set authentication mac on page 247 set authentication web on page 254 set authentication console Configures authentication and defines where it is performed for specified users with administrative acce ss through a console connection.
242 C HAPTER 8: AAA C OMMANDS Defaults — By default, authentication is deactivated for all console users, and the default authenticat ion method in a console aut hentication rule is none . MSS requir es no user name or password, by default. These users can press Enter at the prompts for administrative access.
set authenticatio n dot1x 243 set authentication admin on page 239 set authentication dot1x on page 243 set authentication mac on page 247 set authentication mac on page 247 set au.
244 C HAPTER 8: AAA C OMMANDS Provides mutual authentication, integrity-protected negotiation, and key exchange Requires X.509 public key certificates on both sides o f the connection Provides encrypt.
set authenticatio n dot1x 245 Defaults — By default, authen tication is unconfigured for all clients with network access through MAP ports or wired authentication ports on the WX switch. Connection, au thorization, and accounting are also disabled for these use rs.
246 C HAPTER 8: AAA C OMMANDS If the username does not match an authenticat ion rule for the SSID the user is attempting to access, MSS uses the fallthru authentication type configured for the SSID, which can be last-resort , web-portal (for We bAAA), or none .
set authentication mac 247 set authentication mac Configures authentication and defines where it is performed for specified non-802. 1X users with network access thr ough a media acc ess contro l (MAC) addr ess.
248 C HAPTER 8: AAA C OMMANDS If you specify multiple au thentication methods in th e set authentication mac command, MSS applies th em in the order in which they appear in the command, with these r esults: If the first method responds with pa ss or fail, the evaluation is final.
set authentication max-attempts 249 set authentication max-attempts Specifies the maximum number of logi n attempts users can make before being locked out of the system. Syntax — set authentication max-attempts number Defaults — For T elnet or SSH sessions, a maximum of 4 failed login attempts are allowed by default.
250 C HAPTER 8: AAA C OMMANDS set authentication max-attempts Specifies the maximum number of logi n attempts users can make before being locked out of the system. Syntax — set authentication max-attempts number number — Number of allowable login attempts for a user .
set authentication mini mum-p asswor d-leng th 251 set authentication minimum-password -length Specifies the minimum allowabl e length for user passwor ds. Syntax — set authentication minimum-password-length length length — Minimum nu mber of character s that can be in a user password.
252 C HAPTER 8: AAA C OMMANDS set authentication password-r estrict Activates password r estrictions for network and administrative users. Syntax — set authenticat ion password-restrict { enabl e | disable } enable — Enables passwor d restri ctions on the WX.
set authentication proxy 253 See Also clear user lockout on page 226 set authentication minimum-password-length on page 251 set authentication max-attempts on page 250 set authentication proxy Configures a proxy authentication ru le for a third-party AP’ s wireless users.
254 C HAPTER 8: AAA C OMMANDS See Also clear authentication proxy on page 218 set radius proxy client on page 585 set radius proxy po rt on page 586 set authentication web Configures an authentication rule to allow a user to log in to the network using a web page served by the WX.
set authentication web 255 Defaults — By def ault, authentication is unconfigured for all clients with network access through MAP ports or wired authentication ports on the WX switch. Connection, au thorization, and accounting are also disabled for these use rs.
256 C HAPTER 8: AAA C OMMANDS Examples — The following co mmand config ures a W ebAAA rule in the local WX database for SSID ourcorp and userglob rnd* : WX4400# set authentication web ssid ourcorp rnd* local success: change accepted.
set location policy 257 inacl inacl-name — Name of an existing security ACL to apply to packets sent to the WX with attri butes matching the location policy rule.
258 C HAPTER 8: AAA C OMMANDS For user -glob , specify a user name, use the double-asterisk wildcard character ( ** ) to specify all user names, or use the single-asterisk wildcard character ( * ) to specify a set of usernames up to or follo wing the first delimiter character , either an at sign (@) or a period (.
set location policy 259 When applying security ACLs: Use inacl inac l-name to filter traffic that enters the WX from users via a MAP access port or wir ed authentication port , or from the network via a network port.
260 C HAPTER 8: AAA C OMMANDS The following command places all users who are authorized for SSID tempvendor_a into VLAN kiosk_1 : WX1200# set location policy permit vlan kiosk_1 iff ssid eq tempvendor.
set mac-user attr 261 See Also clear mac-user on page 220 display aaa on page 229 set mac-user attr Assigns an authorization attribute in the local database on the WX to a user authenticating with a MAC address. (T o assign authorization attributes through RADIUS, see the documentation for your RADIUS server .
262 C HAPTER 8: AAA C OMMANDS T able 44 Authentication Attributes for Local Users Attribute Description Valid Value(s) encryption-type Type of encryption required for access by the client. Clients who attempt to use an unauthorized encrypti on method are rejected.
set mac-user attr 263 filter-id Inbound or outb ound ACL to apply to the user. If configured in the WX local database, this attribute can be an access control list (ACL) to filter outbound or inbound traffic. Use the following format: filter -id inboundacl .
264 C HAPTER 8: AAA C OMMANDS service-type Type of access requested by the user. One of the following numbers: 2 —Framed; for network user access 6 —Administrative; for administrative access to the WX, with authorization to access the enabled (configuration) mode.
set mac-user attr 265 time-of-day (network access mode only) Day(s) and time(s) during which the user is permitted to log into the network. After authorization, the user session can last until either the Time-Of-Day range or the Session-Timeout duration (if set) expires, whichever is shorter.
266 C HAPTER 8: AAA C OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — T o change the val ue of an attribute, enter set mac-user attr with the new valu e. T o delete an attr ibute, use clear mac-user attr .
set mac-usergroup attr 26 7 Y ou can as sign attributes to individual MAC users and to MAC user groups. If attributes are configur ed for a MAC user and also for the group the MAC user is in, the attributes assigned to the individual MAC user take precedence for that user .
268 C HAPTER 8: AAA C OMMANDS attribute-name value — Name and value of an attribute used to authorize all MAC users in the group for a particular service or sess ion characteristic. (For a list of author ization attributes, see T able 44 on page 262.
set mobility-profile 269 set mobility-profile Creates a Mobility Profile and specifies the MAP acce ss point and/or wired authentication ports on the WX switch through which any user assigned to the profile is allowed access.
270 C HAPTER 8: AAA C OMMANDS CAUTION: When the Mo bility Profile feature is enabled, a user is den ied access if assigned a Mobility-Profile attribute in the local WX database or RADIUS server when no Mobility Prof ile of that name exists on the WX. T o change the ports in a profile, use set mobility-profile again w ith the updated port list.
set mobility-profile mode 271 set mobility-profile mode Enables or disables the Mobility Profile featur e on the WX switch. CAUTION: When the Mo bility Profile feature is enable d, a user is denied access if assigned a Mobility-Profile attri bute in the local WX database or RADIUS server when no Mobility Prof ile of that name exists on the WX.
272 C HAPTER 8: AAA C OMMANDS encrypted — Indicates that the password string you entered is already in its encrypted form. If you use this option, MSS does not encrypt the disp layed form of t he password string, and instead displays the string exactly as you entere d it.
set user attr 273 set user attr Configures an authorization attribut e in the local database on the WX switch for a user with a passwor d. (T o assign authorization attr ibutes in RADIUS, see the documentation for your RADIUS server .) Syntax — set user username attr attribute-name v alue username — Username of a user with a password.
274 C HAPTER 8: AAA C OMMANDS The following command limits the days and time s when user Student1 can access the network, t o 5 p.m. to 2 a.m. every weekday , and all day Saturday and Sunday: WX4400# set user Student1 attr time- of-day Wk1700-0200,Sa,Su success: change accepted.
set user group 275 set user group Adds a user to a user group. The user must have a password and a profile that exists in the local database on the WX. (T o configure a user in RADIUS, se e the documentation for your RADIUS server .) Syntax — set user username group group-n ame username — Username of a user with a password.
276 C HAPTER 8: AAA C OMMANDS attribute-name value — Name and value of an attribute you are using to authorize all users in the group for a particular service or session characterist ic. For a list of authorization attributes an d values that you can assign to users, see T able 44 on page 262.
set usergroup expire-password-in 277 set usergroup expire-passwor d-in Specifies how long the passwords for the users in user group ar e valid before they must be r eset. Syntax set usergroup group- name expire-passwor d-in time group-name — Name of a group for password users.
278 C HAPTER 8: AAA C OMMANDS set web-portal Globally enables or disables WebAAA on a WX switch. Syntax — set web-portal { enable | disable } enable — Enables W ebAAA on the switch. disable — Disables W ebAAA on the switch. Defaults — Enabled.
9 M OBILITY D OMAIN C OMMANDS Use Mobility Domain commands to configure and manage Mobility Domain groups. A Mobility Domain is a system of WX switches and MAP access points working together to support a roaming user (client). One WX acts as a seed switch, which maintains and distri butes a list of IP addresses of the domain members.
280 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS clear mobility-domain Clears all Mobility Domain configur ation and information fr om a WX , regar dless of whether the WX is a seed or a member of a Mobility Domain. Syntax — clear mobility-domain Defaults — None.
display mobility-domain 28 1 Usage — This command has no effect if the WX member is not configured as part of a Mobility Domain or the current WX is not the seed. Examples — The following command clea rs a Mobility Domain member with the IP address 192.
282 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS See Also clear mobility-domain on page 280 set mobility-domain member on page 284 set mobility-domain mode member seed-ip on page 286 display mobility-domain config Displays the configuration of the Mobility Domain.
display mobility -domain status 28 3 display mobility-domain status On the seed WX, displays the Mob ility Domain status and members. Syntax — display mobility-domain status Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.
284 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS set mobility-domain member On the seed WX, adds a member to the list of Mobility Domain members. If the current WX is not configur ed as a seed, this command is rejected.
set mobility-domain mode member secondary seed-ip 285 set mobility-domain mode member secondary seed-ip Sets the IP address of the secondary seed WX on a no nseed WX.
286 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS set mobility-domain mode member seed-ip On a nonseed WX, sets the IP address of the seed WX. This command is used on a member WX to configure it as a member . If the WX is currently part of another Mobility Domain or using another seed, this command overwrites that configuration .
set mobility-domain mode se condary-seed domain-name 287 set mobility-domain mode secondary-seed domain-name Sets the current WX as a secondary-seed device for the Mobility Domain. Syntax — set mobility-domain mode secondary-seed domain-name mob-domain-name seed-ip primary-seed -ip-addr mob-domain-name — Name of the Mobility Domain.
288 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS Examples — The following comma nd configures this WX a s the secondary seed in a Mobility Domain named Pleasanton: WX# set mobility-domain mode seconda r.
set domain security 289 See Also clear mobility-domain member on page 280 display mobility-domain status on page 283 set domain security Sets mobility domain security to r equi red (enabled) or no ne (disabled) on the wireless LAN switch.
290 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS.
10 N ETWORK D OMAIN C OMMANDS Use Network Domain commands to c onfigure and manage Net work Domain groups. A Network Domain is a group of geographically dispersed Mobility Domains that share information over a W AN link.
292 C HAPTER 10: N ETWORK D OMAIN C OMMANDS clear network-domain Clears all Network Domain configuration and information from a WX , reg a rdl e ss of w he t he r th e WX is a seed or a member of a Network Domain. Syntax — clear network-domain Defaults — None.
clear network-domain mode 293 clear network-domain mode Removes the Network Domain seed or member configuration from the WX. Syntax — clear network-domain mode {seed | member} seed — Clears the Network Domain seed configuration from the WX switch.
294 C HAPTER 10: N ETWORK D OMAIN C OMMANDS clear network-domain peer Removes the configuration of a Network Domain peer from a WX configured as a Network Domain seed. Syntax — clear network-domain peer { ip-addr | al l} ip-addr — IP addr ess of the Network Domain peer in dotted decimal notation.
clear network-domain seed-ip 295 clear network-domain seed-ip Removes the specified Network Domain seed from the WX configuration. When you enter this command, the Network Domain TCP connections between the WX switch and the specified Network Domain seed are closed.
296 C HAPTER 10: N ETWORK D OMAIN C OMMANDS display network-domain Displays the status of Networ k Doma in seeds and members. Syntax — display network-domain Defaults — None. Access — Enabled. History —Introduced in MSS 4.1. Examples — T o display Net work Domain status, type the following command.
display network-domain 297 T able 49 describes the fields in the display . See Also clear network-domain on page 292 set network-domain m ode member seed- ip on page 298 set network-domain.
298 C HAPTER 10: N ETWORK D OMAIN C OMMANDS set network-domain mode member seed-ip Sets the IP a ddress of a Network Doma in seed. This command is used for configuring a WX as a memb er of a Network Domain. Y ou can specify multiple Network Domain seeds and configure one as the primary seed.
set network-domain peer 299 See Also clear network-domain on page 292 display network-domain on page 296 set network-domain peer On a Network Domain seed, configures one or mor e WX as redundant Network Domain seeds.
300 C HAPTER 10: N ETWORK D OMAIN C OMMANDS set network-domain mode seed domain-name Creates a Network Domain by setting the current WX as a seed device and naming the Network Domain. Syntax — set network-domain mode seed do main-name net-domain-name net-domain-name — Name of the Network D omain.
11 M ANAGED A CCESS P OINT C OMMANDS Use MAP access point commands to configur e and manage MAP acce ss points. Be sure to do the follo wing before using the commands: Define the country-speci fic IEEE 802.1 1 regulations on the WX switch. (See set system countrycode on page 61.
302 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap radio auto-tun e max- retransmissions on page 385 set ap radio link-calibration on page 388 set ap radio mode on page 391 set ap radio radio-.
MAP Access Point Commands by Usage 30 3 set radio-profile max-tx-lifetime on page 415 set radio-profile preamble-l ength on page 419 set radio-profile rts-threshold on page 423 Authentication and Encr.
304 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS QoS and V oIP set radio-profil e qos-mode on page 420 set radio-profile wmm-powersave on page 430 set service-pr ofile cac-mode on page 438 set serv.
MAP Access Point Commands by Usage 30 5 set radio-profile auto -tune channel-lockdown on page 405 set radio-profile auto-t une power -config on page 406 set radio-profile auto-tune power -interval on .
306 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display ap unconfig ured on page 347 display ap qos-stats on page 326 display ap etherstats on page 327 MAP Local Switching set ap local-switchin g .
clear ap local-switching vlan-profile 30 7 clear ap local-switching vlan-profile Clears the VLAN profile that had been applied t o an MAP to use with local switching. Syntax — clear { ap ap-number local-switchi ng vlan-profile ap-number — Index value that identifies the MAP on the WX switch.
308 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS clear ap radio Disables a MAP radio and resets it to its factory default settings. Syntax — clear ap ap-num } radio { 1 | 2 | all } ap ap- number — Index value that identifies the MAP on the WX.
clear ap radio 30 9 Access — Enabled History —Introduced in MSS V ersion 3.0. V ersion 6.0 removed the dap option for distributed MAPs. Usage — When you clear a radio, MSS performs the following actions: Clears the transmit power , channel, and exter nal ante nna setting from the radio.
310 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS clear ap boot-configuration Removes the static IP address configuration for a Distributed MAP . Syntax — clear ap boot-configuration apnum ap ap-number — Index value that identifies the MAP on the WX.
clear ap radio load-bal ancing group 311 clear ap radio load-balancing group Removes a MAP radio from its load-balancing group. Syntax clear ap ap-number radio {1 | 2} load-balancing g roup ap ap-number — Index value that identifies the MAP on the WX.
312 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS clear radio-profile Removes a radio profile or resets one of the profile’ s parameters to its default value.
clear service-profile 313 The following commands disable the rad ios using radio profile rptest and remove the pr ofile: WX4400# set radio-profile rptest mod e disable WX4400# clear radio-profile rptest success: change accepted.
314 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History — Introduced in MSS V ersion 3.0. Options added to clear SODA parameters in V ersion 4.2. Usage — If the service profile is mapped to a radio pr ofile, you must remove it fr om the radio profile first.
display ap arp 315 Examples — The following command displa ys ARP entries for AP 7: WX# display ap arp 7 AP 7: Host HW Address VLAN State Type ---------------------- ------------- ---- ----- -------- ------- 10.5.4.51 00:0b:0e:00:04:0c 1 EXPIRED DYNAMIC 10.
316 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display ap config Displays global and radio-specific settings for a MAP access point. Syntax — display ap config [ port-list [ radio { 1 | 2 }]] ap-number — Index value that identifies the MAP o n the WX.
display ap config 317 T able 53 Output for display ap config Field Description Port WX port number to which th e MAP is connected, if specified for the MAP. AP Index number that identifies the MAP to the WX. Serial-Id Serial ID of the MAP access point.
318 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also display ap connection on page 34 3 display ap global on page 345 display ap unconfigured on pag e 347 display radio-profile.
display ap co unters 319 set ap radio mode on page 391 set ap radio antennatype on page 383 set ap radio channel on page 387 set ap radio radio-profile on page 392 set ap radio tx-power on page 393 display ap counters Displays MAP access point an d radio statistics co unters.
320 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand shows statistics counters for Distributed MAP 7: WX1200# display ap counters 7 AP: 7 radio: 1 ==================.
display ap co unters 321 T able 54 describes the fields in this display . T able 54 Output for display ap counters Field Description AP Distributed MAP number. Port WX port number (if the MAP is directly connected to the WX and the WX port is configured as a MAP access point).
322 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS CCMP Pkt Transfer Ct Total number of CCMP packets sent and received by the radio. Radio Recv Phy Err Ct Number of times radar caused packet errors. If this counter increments rapidly, there is a problem in the RF environment.
display ap co unters 323 User Sessions Number of clients currently associated with the radio. Generally, this counter is equa l to th e number of sess ions listed for the radio in display se ssions output.
324 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Noise Floor Received si gnal strength at which the MAP can no longer distinguish 802.11 packets from ambient RF noise. A value around -90 or higher is goo d for an 802.11b/g radio. A value around -80 or higher is good for an 802.
display ap fdb 325 See Also display sessions network on page 620 display ap fdb Displays the entries in a specified MPís forwarding database. Syntax — display ap fdb ap-number ap-number — Index value that identifies the MAP on the WX. Defaults — None.
326 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also set ap local-switching mode on page 379 set vlan profile on page 127 display ap qos-stats Displays stat istics for MAP forwarding queues. Syntax — display ap qos-stats [ ap-number ][ clear ] ap-number — Index value that identifies the MAP on the WX.
display ap etherstats 327 T able 56 describes the fields in this display . display ap etherstats Displays Ethern et statistics for an Ethernet po rt on a MAP . Syntax — display ap etherstats ap-number ap-number — Index value that identifies the MAP on the WX.
328 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand displays Ether net statistics for the Ether net ports on Distributed MAP 1: WX4400# display ap etherstats 1 AP: .
display ap group 329 display ap gr oup Depr ecated in MSS V ersion 6.0. T o display information about RF load balancing, see “display load -balancing group” on page 348. display ap mesh-links Displays information about the links an MAP has to Mesh APs and Mesh Portal APs.
330 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command mesh link information for AP 7: WX# display ap mesh-links 7 AP: 7 IP-addr: 1.
display ap status 331 See Also set ap boot-configuration mesh ssid on page 373 set service-profile mesh on page 450 display ap status Displays MAP access point an d radio status info rmation.
332 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command displays th e status of a MAP access point: WX4400# display ap status 7 Dap: 1, IP-addr: 10.
display ap status 333 The following command uses the terse option to display brief information for MAPs: WX# display ap status terse Total number of entries: 120 Operational: 1, Image Downloading: 0 ,.
334 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS State State of the MAP: init — The MAP has been recognized by the WX but has not yet begun booting. booting — The MAP has asked the WX for a boot image. image down loading — The MAP is receiving a boot image from the WX.
display ap status 335 Radio 1 type Radio 2 type 802.11 type and configur ation state of the radio. The configure succeed state indicates that the MAP has received configuration parameters for the radio and t he radio is ready to accept client connections.
336 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Radio 1 type Radio 2 type (cont.) The following information appe ars for external antenna s: External antenna dete cted, configured as antenna-model —Indicates that an external antenna has been detected, and lists the antenna model confi gured on the radio.
display ap vlan 337 display ap vlan Displays information about the VLANs that are either locally switched by the specified MAP or tunneled fr om the MAP to an WX switch. Syntax — display ap vlan ap-number ap-number — Index value that identifies the MAP on the WX.
338 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T able 61 describes the fields in the display ap vlan ou tput. See Also set ap local-switching mode on pag e 379 set vlan profile on page 12.
display auto-tune attributes 339 Examples — The following co mmand displa ys RF attribute inform ation for radio 1 on the directly conne cted MAP access point on port 2: WX1200# display auto-tune at.
340 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display auto-tune neighbors Displays the other 3Com radios and third-party 802.11 radios that a 3Com radio can hear .
display auto-tune neighbors 341 Examples — The following co mmand displa ys neighbor information for radio 1 on the directly connected MAP access point on port 2: WX1200# display auto-tune neighbors.
342 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display ap boot-configuration Displays information a bout the static IP address configuration (if any) on a Distributed MAP . Syntax — display ap boot-configuration ap-number ap-number — Index value that identifies the MAP on the WX.
display ap connection 343 display ap connection Displays the system IP address of the WX switch that booted a Distributed MAP . Syntax — display ap connection [ ap-number | serial-id serial-ID ] ap-number — Index value that identifies the MAP on the WX.
344 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS History —Introduced in MSS V ersion 3.0. V ers ion 6.0 removed the dap option. Usage — The serial-id parameter displays the active conn ection for the specified Distributed MAP even if that MAP is not configured on this WX switch.
display ap global 345 See Also display ap config on page 316 display ap global on page 345 display ap unconfigured on pag e 347 display ap global Displays connection information for Distributed MAPs configured on a WX.
346 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The follo wing command displays configurat ion information for all the Distributed MAPs configured on a WX switch: WX4400# display ap global Total number of entries: 8 AP Serial Id WX IP Address Bias --- ----------- --------------- ---- 1 M9DE48B012F00 10.
display ap unco nfigured 347 display ap unconfigured Displays Distributed MAPs that are physically connected to the network but that are not configured on any WX switches. Syntax — display ap unconfigured Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.
348 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also display ap connection on page 34 3 display ap global on page 345 display load-balancing group Displays an RF load balancing gr oupí s memb er radios and current load for each radio.
display load-balanci ng group 349 Examples — The following command displays information about the MAP radios that are in the same group as radio 1 on MAP 3: Radios in the same load-balancing gr oup as: ap3/radio1 ------------------------------------ -------------- IP address AP Radio Overlap ------------------ ---- ----- ------- 10.
350 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display radio-profile Displays radio pr ofile information. Syntax — display radio-profile { name | ? } name — Displays information about the named radio profile. ? — Displays a list of radio pr ofiles.
display radio-profile 351 T able 69 describes the fields in this display . T able 69 Output for display radio-profile Field Description Beacon Interval Rate (in milliseconds) at which each MAP radio in the profile advertises the beaconed SSID.
352 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also set radio-profile active-scan on pag e 400 set radio-profile auto -tune channel-config on page 402 set radio-profile auto -tune.
display service-profile 353 set radio-profile max-tx-lifetime on pag e 415 set radio-profile mode on page 416 set radio-profile pr eamble-length on page 419 set radio-profile qo s-mode on page 420 set radio-profile rts-thr eshold on page 423 display service-profile Displays service profi le information.
354 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS CAC mode CAC sessions User idle timeout Idle client probing Web Portal Session Timeout T ransmit rates fo r 11a / 11b / 11g: beacon rate multicast rate mandatory rate standard rates disabled rates V ersion 6.
display service-profile 355 Examples — The following co mmand disp lays information for service profile spl : WX1200# display service-profile sp1 ssid-name: corp2 ssid-type: crypto Beacon: y es Prox.
356 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T able 70 Output for display service-profile Field Description ssid-name Service set identifier (SSID) ma naged by this service profile. ssid-type SSID type: crypto — Wireless traffic for the SSID is encrypted.
display service-profile 357 Sygate On-Demand (SODA) Whether SODA functionality is enabled for the service profile. When SODA functional ity is enabled, connecting clients download SODA agent files , which perform security checks on the client.
358 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS CAC mode Call Admission Control mode: none—CAC is disabled. session—CAC is based on the number of active user sessions. If a MAP radio reaches the maximum number of active user sessions specifie d in the CAC session field, the MAP radio rejects new connection attempts.
display service-profile 359 WEP Key 3 value State of static WEP key number 3: none — The key is not configured. preset — The key is configured. WEP Key 4 value State of static WEP key number 4: none — The key is not configured. preset — The key is configured.
360 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also set service-profile auth-dot1x on pag e 433 set service-profile auth-fallthru on pag e 434 set service-profile auth-psk on page.
display service-profile 361 set service-profile no-br oadcast on page 451 set service-profile pr oxy-arp on page 452 set service-profile psk-phrase on page 453 set service-profile psk-.
362 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS res e t a p Restarts a MAP access point. Syntax — reset ap ap-number ap ap-number — Index value that identifies the MAP on the WX. dap dap-num — Number of a Distributed MAP to reset. Defaults — None.
set ap auto 363 The profile uses the default radio profile by default. Y ou can chan ge the profile using the set ap auto radio radio-pr ofile command. Y ou can use set ap auto commands to change setting s for the parameters listed in T able 71. (The commands are listed in the “See Also” section.
364 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap blink on page 368 set ap group on page 379 set ap radio auto-tune max-power on page 384 set ap radio auto-tune max- re transm.
set ap auto radiotype 365 set ap auto radiotype Sets the radio type for single-MAP ra dios t hat use the MAP configuration profile. Syntax — set ap auto [radiotype {11a | 11b| 11g}] radiotype {11a | 11b| 11g} — Radio type. (The 11a option applies only to single-radio models .
366 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap auto mode Enables a WX profile for automatic Distributed MAP configuration. Syntax — set ap auto mode {enable | disa ble} enable — Enables the MAP configuration profile. disable — Disables the MAP configuration profile.
set ap bias 36 7 set ap bias Changes the bias for a MAP . Bias is t he priority of one WX over ot her WX switches for booting and configuring th e MAP . Syntax — set ap ap-number auto bias { high | low } ap ap-number — Index value that identifies the MAP on the WX.
368 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command changes the bias for a Distributed MAP to low: WX4400# set dap 1 bias low success: change accepted. See Also display ap config on page 316 set ap blink Enable s or disables LED blink mode on a MAP to make it ea sy to identify .
set ap boot- configuration ip 369 set ap boot- configuration ip Specifies static IP address in formation for a Distributed MAP . Syntax — set ap ap-number boot-configra tion ip ip-addr netmask mask-.
370 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also clear ap boot-configuration on page 310 display ap boot-configuration on page 342 set ap boot-configuration vlan on page 375 set ap boot- configuration mesh mode Enables WLAN mesh services on the MAP .
set ap boot-configuration mesh psk-phrase 371 set ap boot-configuration mesh psk-phrase Specifies a preshared key (PSK) phrase that a Mesh AP uses for authentication to its Mesh Portal AP . Syntax — set ap ap-number boot-configuration mesh psk-phrase passphrase ap ap-number — Index value that identifies the MAP on the WX.
372 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap boot-configuration mesh psk-raw Configures a raw hexadecimal pr eshared key (PSK) to use for authenticating a Mesh AP to a Mesh Portal AP . Radios use the PSK as a pairwise master key (PMK) to derive unique pairwise session keys for individual WP A clients.
set ap boot-configuration mesh ssid 373 set ap boot-configuration mesh ssid Specifies the name of the SSID a Me sh AP attempts to associate with when it is booted. Syntax — set ap ap-number boot-configura tion mesh ssid mesh-ssid ap ap-number — Index value that identifies the MAP on the WX.
374 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap boot- configuration switch Specifies the WX a Distributed MAP contacts an d attempts to use as its boot device.
set ap boot-con figuration vlan 375 WX1200# set ap 1 boot- configuration switch switch-ip 172.16.0.21 mode enable success: change accepted. The following command configures Distributed MAP 1 to use the WX with the name wxr2 as its boot devi ce . The DNS server at 172.
376 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Usage — When this command is config ur ed, all Ethernet frames emitted from the Distributed MAP ar e formatted with an 802.1Q tag with a specified VLAN number . Frames sent to the Distributed MAP that are not tagged with this value ar e ignored.
set ap fingerprint 377 fingerprint — The 16-digit hexa decimal number of the fi ngerprint. Use a colon between each digit. Ma ke sure the fing erprint you enter matches the fingerprint used by the MAP . Defaults — None. Access — Enabled. History —Introduced in MSS 4.
378 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap for ce-image- download Configures a MAP to download a softw are im age from the WX instead of loading the image locally stor ed on the MAP . Syntax — set ap auto force-image-downloa d {enable | disable} ap auto —Configures for ced image download for the MAP configuration profile.
set ap group 379 set ap group Deprecated in MSS V ersion 6.0. T o co nfigure RF load balancing, see “set load-balancing mode” on page 398. set ap location Specifies information about th e physical location of a MAP .
380 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS If local switching is enabled on an MAP , but no VLAN pr ofile is configured, then a default VLAN profile is used.
set ap name 381 Examples — The following command specifies that MAP 7 use VLAN profile locals : WX# set ap 7 local-switching vlan-pr ofile locals success: change accepted. See Also clear ap local-switching vlan-pr ofile on page 307 set ap local-switching mode on page 379 set vlan profile on page 127 set ap name Chan ges a MAP name.
382 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap radio antenna-location Specifies the location (indoors or ou t doors) of an exter nal antenna.
set ap radio antennatype 383 set ap radio antennatype Sets the model number for an external antenna. Syntax — set ap ap-number radio { 1|2} antennatype {ANT1060 | ANT1120 | ANT1180 | ANT5060 | ANT5120 | ANT5180 | ANT-1360-OUT | ANT-5360-OUT |ANT-512 0-OUT | internal } ap ap-number — Index value that identifies the MAP on the WX.
384 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Defaults — All radios use the internal antenna by default, if the MAP model has an internal antenna. The MP-62 0 802.11b/g radio uses model ANT -1360-OUT by def ault. The MP-620 802.11a radio uses model ANT -5360-OUT by def ault.
set ap radio auto-tune max- retransmissions 385 Defaults — The default maximu m power setting t hat RF Auto-T uning can set on a radio is the highest setting allowed for the country of operation or highest settin g supporte d on the hardware, whichever is lower .
386 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Defaults — The default is 10 percent. Access — Enabled. History —Introduced in MSS V ersion 3.0. Option auto added for configuration of the MAP configuration profile. V er sion 6.0 re moved the dap option.
set ap radio channel 387 A radio also can increase power , in 1 dBm increments, if a client falls below the minimum allowed data rate. After a radio increases power , all clients must be at the minimum data rate or higher and the maximum retransmissions must be within the al lowed percentile, before the radio begins reducing power again.
388 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Usage — Y ou can co nfigure the transmit power of a radio on the same command line. Use the tx-power option. This command is not valid if dynami c ch annel tuning (RF Auto-T uning) is enabled. Examples — The following co mmand configures the channel on the 802.
set ap radio load balancing 389 Usage — A Mesh Portal MAP can be configur ed to emit link calibration packets to assist with positioning the Mesh AP . A link calibration packet is an unencrypted 802.11 managemen t packet of type Action . When enabled on an MAP , link calibration packets ar e sent at a rate of 5 per secon d.
390 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS disable — Disables link calibration packets for the MAP radio. Defaults — Disabled. Access — Enabled. History — Introduced in MSS V ersion 6.0. Usage — By default, RF load balancing is enabled on al l MAP radios.
set ap radio mode 391 rebalance — Configures the MAP radio to disassociate its client sessions and rebalance th em whenever a new MAP radio is ad ded to the load balancing group. Defaults — By default, MAP radios are not part of an RF load balancing gr oup.
392 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS mode disable — Disables a radio. Defaults — MAP access point radios are disabled by default. Access — Enabled. History —Introduced in MSS V ersion 3.0. Option auto added for configuration of the MAP configuration profile.
set ap radio tx-power 393 radio-profile name — Radio profile name of up to 16 alphan umeric characters, with no spaces. mode enable — Enables radios on the sp ecified ports with th e parameter settings in t he specified radio profile. mode disable — Disables radios on the specified ports.
394 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS tx-power power-level — Number of decibels in r elation to 1 milliwatt (dBm). The valid valu es depend on the country of operation.
set ap security 395 set ap security Sets security requir ements for mana gement sess ions between a WX and its Distributed MAPs. This feature applies to Distributed MA Ps only , not to directly connected MAPs configured on MAP access ports.
396 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand configures a WX to r equire Distributed MAPs to have encryption keys: WX4400# set ap security require See Also .
set band-preference 397 set band-prefer ence Configures MSS to steer clients that support both the 802.11a and 802.11b/g radio bands to a specific radio on an MAP for the purpose of RF load balancing. Syntax — set band-preference { none | 11bg | 11a } none — When a client supports bo th 802.
398 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set load-balancing mode Disables or reena bles RF load balancing glob baly on the WXMAP. Syntax — set load-balancing mode {enable | disable } enable — Enable s RF load balancing globa lly on the WX.
set load-balancing strictness 399 set load-balancing strictness Controls the degr ee to which MSS ba lances the client load among MAPs when performing RF load balancing. Syntax — set load-balancing strictness {low | med | high | max } low — No clients are denied service.
400 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS At the other end of the spectrum, when max strictness is specified, if an MAP radio has r eached its maximum clie nt load, MSS make s it invisible to new clients, causing them to at tempt to connect t o other MAP radios.
set radio-profile auto-tune 11a-channel-range 401 disable — Configures radios to scan only passively for r ogues by listening for beacons and probe r esponses. Defaults — Active scanning is enabled by default. Access — Enabled. History —Introduced in MSS V ersion 4.
402 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand en ables the 80 2.11a radio to select any available channel in the 802.11a range: WX1200# set radio-profile test auto- tune 11a-channel-range all-bands success: change accepted.
set radio-profile auto-tune channel-holddown 403 Examples — The following co mmand disa bles dynamic channel tuning for radios in the rp2 radio profile: WX4400# set radio-profile rp2 auto-t une channel-config disable success: change accepted.
404 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand changes the channel holdd own for radios in radio profile rp2 to 600 seconds: WX4400# set radio-profile rp2 auto-t une channel-holddown 600 success: change accepted.
set radio-profile auto -tu ne channel-lo ckdown 405 Examples — The following command sets the channel interval for radios in radio pr ofile rp2 to 2700 seconds (45 minutes): WX4400# set radio-profile rp2 auto-tune channel-interval 2700 success: change accepted.
406 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command lock s down the channel settings for radios in radio profile rp2 : WX# set radio-profile rp2 auto-tune channel-lo.
set radio-profile auto-tune power-interval 407 Examples — The following command enab les dynamic power tuning for radios in the rp2 radio profile: WX4400# set radio-profile rp2 auto-t une power-config enable success: change accepted.
408 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also display service-profile on page 353 set ap radio auto-tune max- re transmissions on page 385 set radio-profile auto-tune power -config on page 406 set radio-profile auto-tune power -lockdown Locks down the current power settings on all radios in a radio pr ofile.
set radio-profile auto-tune power-ramp-interval 409 set radio-profile auto-tune power -ramp-interv al Changes the interval at which power is increased or decreased, in 1 dBm increments, on radios in a radio pr ofile until the optimum power level calculated by RF Auto-T uning is reached.
410 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou must disable all rad ios that are using a radio pr ofile before you can change pa rameters in t he profile. Use the set radio-profile mode command .
set radio-profile countermeasures 41 1 configured — Configur es radios to attack only devices in the attack list on the WX switch (on-demand countermeasures).
412 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile dtim-interval Changes the number of times after ever y beacon that each MAP radio in a radio profile sends a delivery tra f fic indication map (DTIM). A MAP sends the multicast and broadcast frames stored in its buf fers to clients who request them in r esponse to the DTIM.
set radio-profile frag-threshold 413 set radio-profile frag-threshold Changes the fragmentation threshold for the MAP radios in a radio profile. The fragmentation threshold is the threshold at which the long-retry-count is applicable insted of the short-retry-count.
414 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also display radio-profile on page 350 set radio-profile mode on page 416 set radio-profile rts-thr eshold on page 423 set servi.
set radio-profile max-tx-lifetime 415 See Also display radio-profile on page 350 set radio-profile mode on page 416 set radio-profile max-tx-lifetime on pag e 415 set radio-profile max-tx-lifetime Changes the maximum transmit threshold for the MAP radios in a radio profile.
416 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile mode Creates a new radio profile, and disables or reenables all MAP radios that are using a specific pr ofile. Syntax — set radio-profile name [ mode { enable | disable }] radio-profile name — Radio pr ofile name of up to 16 alp hanumeric characters, with no spaces.
set radio-profile mode 417 Access — Enabled. History —Introduced in MSS V ersion 3.0. V ersion 4.2 made the following changes: Removed the following parame ters that no longer apply: 11g-only long-retry short-retry The wmm parameter name changed to qos-mode .
418 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T o change a parameter in a radio pr ofile, you must first disable all the radios in the profile. After you complete the change, you can reenable the radios. T o enable or disable specific radios without disabling all of them, use the set ap radio command.
set radio-profile preamble-length 419 set radio-profile preamble-length Changes the preamble length for which an 802.11b/g MAP radio advertises support. This co mma nd does not apply to 802.11a. Syntax — set radio-profile name preamble-length { long | short } name — Radio profile name.
420 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile qos-mode Sets the prioritization mode for forwarding queues on MAP radios managed by the radio profile. Syntax — set radio-profile name qos-mode { svp | wmm } svp — Optimizes fo rwarding prioriti zation of MAP radios for SpectraLink V oice Priority (SVP).
set radio-profile rfid-mode 421 set radio-profile rfid-mode Enables MAP radios manage d by a radio profile to function as location recei vers in an AeroScout Visi bility Sy stem. An Aer oScout Visibility System allows system administ rators to tr ack mobile assets using RFID tags.
422 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Defaults — Data rate enforcement is disabled by default. Access — Enabled. History — Introduced in MSS V ersion 6.
set radio-profile rts-threshold 423 See Also display ap counters on page 319 set service-profile transmit-rates on page 468 set radio-profile rts-threshold Changes the RTS threshold for the MAP radios in a radio profile.
424 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile service-profile Maps a service profile to a radio profile. All radios that use the radio profile also use the parameter settin gs, including SSID and encryption settings, in the service profile.
set radio-profile service-profile 425 cipher-ccmp disable Does not use Counter with Cipher Block Chaining Message Authentication Code Protocol (CCMP) to encrypt traffi c sent to WPA clients. cipher-tkip enable When the WPA IE is enabled, uses Temporal Key Integrity Protocol (TKIP) to encrypt traffic sent to WPA clients.
426 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS shared-key-auth disable Does not use shared- key authentication. This parameter does not enable PSK authentication for WP A. To enable PSK encryption for WPA, use the set radio-profile auth-psk command.
set radio-profile service-profile 427 transmit-rates 802.11a: mandatory: 6.0 ,12.0,24.0 beacon-rate: 6.0 multicast-rate: auto disabled: none 802.11b: mandatory: 1.0,2.0 beacon-rate: 2.0 multicast-rate: auto disabled: none 802.11g: mandatory: 1.0,2.0,5.
428 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou must configure the service profile before you can map it to a radio profile. Y ou can map the same service pr ofile to more than one radio profile.
set radio-profile service-profile 429 set service-profile cac-mode on page 438 set service-profile cac-se ssion on page 439 set service-profile cipher -ccmp on pag e 440 set service-pr.
430 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile short-r etry Deprecated in MSS V ersion 4.2. In 4.2, this parameter is associated with service pr ofiles instead of rad io profiles. See set ser vice-profile short-re try-count on page 456.
set service-profile attr 431 Usage — U-APSD is supported only for QoS mode WMM. If WMM is not enabled on the radio profile, use the set radio-pr ofile qos-mode command to enable it. Examples — The following co mmand enab les U-APSD on radio pr ofile rp1: WX2200# set radio-profile rp1 wmm-po wersave enable success: change accepted.
432 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS The SSID default attributes ar e applied in addition to any attributes su pplied for the user by the RADIUS server or the local database.
set service-profile auth-dot1x 433 See Also display service-profile on page 353 display sessions network on page 620 set service-profile auth-dot1x Disables or reenables 802.
434 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also display service-profile on page 353 set service-profile auth-psk on page 435 set service-profile psk-phrase on page 453 set service-profile wpa-ie on page 481 set service-profile auth-fallthru Specifies the au thentication type f or users who do no t match an 802.
set service-profile auth-psk 435 Access — Enabled. History —Introduced in MSS V ersion 3.0. Option for WebAAA fallthru authentication type changed from web-auth to web-portal in MSS V ersion 4.1. Usage — The last-resort fallthru authentication type allows any user to access any SSID managed by the service profile.
436 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — This command affects authentication of WP A client s only . T o use PSK authentication, you also must configure a passphrase or key .
set service-profile brid ging 437 enable — Enables beaconing of the SSID managed by the service profile. disable — Disables beaconing of the SSID managed by the service profile. Defaults — Beaconing is e nabled by defa ult. Access — Enabled.
438 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Usage — WLAN mesh services can be used in a wire less bridge configuration, implementing MAPs as bridge end points in a transp arent Layer 2 bridge. A typical application of wireless bridging is to provide network connectivity between two bu ildings using a wireless link.
set service-profile cac-session 439 Examples — The following co mmand enables session-based CAC on service profile sp1 : WX4400# set service-profile sp1 cac-mode session success: change accepted.
440 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile cipher -ccmp Enables Counter with Cipher Block Chaining Message Aut hentication Code Pr otocol (CCMP) encr yption with WP A clients, for a service pr ofile. Syntax — set service-profile name cipher-ccmp { enable | disable } name — Service pr ofile name.
set service-profile cipher-tkip 441 set service-profile cipher -tkip Disables or reenables T emporal Key Integr ity Protocol (TKIP) encryption in a service profile. Syntax — set service-profile name cipher-tkip { enable | disable } name — Service pr ofile name.
442 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile cipher -wep104 Enables dynamic W ired Equivalent Privacy (WEP) with 104-bit keys, in a service profile. Syntax — set service-profile name cipher-w ep104 { enable | disable } name — Service pr ofile name.
set service-profile cipher-wep40 44 3 See Also display service-profile on page 353 set service-profile cipher -ccmp on pag e 440 set service-profile cipher -tkip on pag e 441 set servi.
444 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T o support non-WP A clients that use static WEP , you must configure static WEP keys. Use the set service-profile wep key-index command.
set service-profile dhcp-restrict 445 WX4400# set service-profile sp1 cos 7 success: change accepted. See Also display service-profile on page 353 set service-profile static-cos on page 467 set service-profile dhcp-restrict Enables or disabl es DHCP Restrict on a service pr ofile.
446 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile idle-client-probing Disables or reenables periodic keepalives from MAP radios to clien ts on a service profile’ s SSID. Wh en idle-client probing is enabled, the MAP radio sends a unicast null-data frame to each client every 10 seconds.
set service-profile keep-initial-vlan 447 set service-profile keep-initial-vlan Configures MAP radios managed by the radio pr ofile to leave a roamed user on the VLAN assigned by the switch wher e the user logged on. When this option is disabled, a user’ s VLAN is r eassigned by each WX switch to which a user roam s.
448 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile load-balancing- exempt Exempts a service profile from performin g RF load balancing. Syntax — set service-profile name load-balancing -exempt {enable | disable} name — Service profile name.
set service-profile long-retry-count 449 set service-profile long-retry-count Changes the long retry threshold fo r a service profile . Th e long retry threshold specifies the nu mber of times a radio can send a long unicast frame without receiving an acknowle dgment.
450 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile mesh Creates a service pr ofile for use with WLAN mesh services. Syntax — set service-profile name mesh mode {enable | disable} name — Service profile name. enable — Enables mesh services for the service profil e.
set service-profile no-broadcast 451 set service-profile no-broadcast Disables or reena bles the no-broad cast mode. The no-broadcast mode helps reduce traffic overhead on an SS ID by having more SSID bandwidth available for unicast traffic.
452 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand enables the no-broadcast mode on service profile sp1 : WX4400# set service-profile sp1 no-broadcast enable success: change accepted.
set service-profile psk-phrase 453 Examples — The following command en ables proxy ARP on service profile sp1 : WX4400# set service-profile sp1 prox y-arp enable success: change accepted.
454 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand c onfigures service pr ofile sp3 to use passphrase “123456789 0123<>?=+&% The quick brown fox jumps .
set service-profile rsn-ie 455 Examples — The following co mmand c onfigures service pr ofile sp3 to use a raw PSK with PSK clients: WX4400# set service-profile sp3 psk-raw c25d3fe4483e867 d1df96eaacdf8b02451fa0836162e758100f 5f6b87965e59d success: change accepted.
456 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile shar ed-key-auth Enables shared-key authentication, in a service profile. Use this command only if advised to do so by 3Com. This command does not enable preshare d key (PSK) authentication f or Wi-Fi Pro tected Access (WP A).
set service-profile soda agent-directory 457 threshold — Number of times a radio can send the same short unicast frame. Y ou can enter a value from 1 thr ough 15. Defaults — The default short unicast retry thr eshold is 5 attempts. Examples — Enabled.
458 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand specifies soda-agent as the location for SODA agent files for service profile sp 1: WX4400# set service-profile sp1 soda agent-directory soda-agent success: change accepted.
set service-profile soda failure-p age 459 When the enforce checks option is enabled, upon successful completion of the SODA agent checks, the client performs an HTTP Get operation to load the success page. Upon loading the success page, the client is granted access to the network.
460 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Usage — Use this command to specify a custom page to be loaded by the client when the SO DA agent checks fail. After this page is loaded, the specified remediation ACL takes ef fect, or if there is no r emediation ACL configured, then the client is disconnected from the network.
set service-profile sod a logout-page 46 1 History —Introduced in MSS V ersion 4.2. Usage — When a client closes the SODA virtual desktop, the client is automatically disconnected from the network. Y ou can use this command to specify a page that loads when the client closes the SODA virtual desktop.
462 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile soda mode Enables or disables Sygate On-Deman d (SODA) functionality for a service profile. Syntax — set service-profile name soda mode { ena ble | disable } name — Service pr ofile name.
set service-profile soda remediation-acl 46 3 set service-profile soda remediation-acl Specifies an ACL to be applied to a client if it fails th e checks performed by the SODA agent. Syntax — set service-profile name soda remediati on-acl acl-name name — Service pr ofile name.
464 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile soda success-page Specifies a page on the WX that load s w hen a client passes the security checks performed b y the SODA agent. Syntax — set service-profile name soda success-p age page name — Service pr ofile name.
set service-profile ssid-name 465 See Also display service-profile on page 353 set service-profile soda enforce-checks on page 458 set service-profile soda mode on page 462 set service-profile ssid-name Configures the SSID name in a service pr ofile.
466 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile ssid-type Specifies whether the SSID managed by a service profile is encrypted or unencrypted. Syntax — set service-profile name ssid-type [ clear | crypto ] name — Service pr ofile name.
set service-profile static-cos 46 7 History —Introduced in MSS V ersion 3.0. Usage — Countermeasures apply only to TKIP and WEP clients. This includes WP A WEP clients and no n-WP A WEP clients. CCMP clients are not affected. The TKIP cipher suite must be enabled.
468 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Defaults — Static CoS is disabled by default. Access — Enabled. History —Introduced in MSS V ersion 4.
set service-profile transmit-rates 469 The valid rates depend on the radio type: 11a —6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0 11b —1.0, 2.0, 5.5, 11.0 11g —1.0, 2.0, 5.5, 6.0, 9.0, 11.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0 Use a comma to separate mult iple rates; for example: 6.
470 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS beacon-rate : 11a— 6.0 11b— 2.0 11g— 2.0 multicast-rate — auto for all radio types. Access — Enabled. History —Introd uced in MSS Version 4.2. Usage — If you disable a rate, you can not use the rate as a mandatory rate or the beacon or multicast rate.
set service-profile user-idle-timeout 471 History — If this command is enabled in the service pr ofile, the 802.11 QoS level is ignored, and MSS classifies QoS level of IP packets based on their DSCP value.
472 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS WX4400# set service-profile sp1 user-idle-timeout 360 success: change accepted. See Also display service-profile on page 353 set service-pro.
set service-profile web-portal-form 473 The Web-Portal ACL applies only to users who log on using Web Portal, and applies only during authentication. After a Web Portal user is authenticated, the Web Portal ACL no longer applies. ACLs and other user attributes assigned to the username a re applied instead.
474 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T o use WebAAA, the fallthru authentica tion ty pe in the service profile that manages the SSID must be set to web . T o use WebAAA for a wired authentication port, edit the port configuration with the set port type wired-auth command.
set service-profile web-portal-logout lo gout-url 475 set service-profile web-portal-logout logout-url Specifies the URL that is requested when the user clicks the button to terminate his or her session in the Mobility Domain. Syntax — set service-profile profile-n ame web-portal-logout logout-url url name — Service pr ofile name.
476 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command configures the W eb Portal logout URL as: wifizone.3Com.com/logout.h tml for service profile sp1 . WX# set service-profile sp1 web-port al-logout logout-url https://wifizone.
set service-profile web-portal-session-timeout 47 7 Examples — The following command enables the W eb Portal logout functionality for service profile sp1 .
478 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Note that the Web Portal WebAAA se ssion timeout period applies only to Web Portal WebAAA sessions alr eady authenticated with a user name and password. For all other W eb Portal WebAAA sessions, the default Web Portal WebAAA session timeout period of 5 second s is used.
set service-profile wep active-unicast- index 479 See Also display service-profile on page 353 set service-profile we p active-unicast- index on page 479 set service-profile wep key-index .
480 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile wep key-index Sets the value of one of four static Wired-Equivalent Privacy (WEP) keys for static WEP encryption. Syntax — set service-profile name wep key-in dex num key value name — Service pr ofile name.
set service-profile wpa-ie 481 set service-profile wpa-ie Enables the WP A infor mation element (IE) in wireless frames. The WP A IE advertises the WP A authentication meth ods and cipher suites supp orted by radios in the radio profil e mapped to the service profile.
482 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS.
12 STP C OMMANDS Use Spanning T ree Pr otocol (STP) command s to configure and manage spanning trees on the virtual LANs (VLANs) configured on a wir eless LAN switch or controller , to maintain a loop-free network. STP Commands by Usage This chapter presents STP command s alphabetically .
484 C HAPTER 12: STP C OMMANDS clear spantree portcost Resets to the default value t he cost of a network p ort or ports on paths to the STP root bridge in all VLANs on a WX. Syntax — clear spantree portcost port-list port-list — List of ports.
clear spantree portpri 48 5 clear spantree portpri Resets to the default value the priority of a network port or ports for selection as part of the path to th e STP root bridge in all VLANs on a wireless LAN switch or contr oller . Syntax — clear spantree portpri port-list port-list — List of ports.
486 C HAPTER 12: STP C OMMANDS vlan vlan-id — VLAN name or number . MSS resets the cost for only the specified VLAN. Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 3.0. Usage — MSS does not change a port’ s cost for VLANs other than the one(s) you specify .
clear spantree statistics 487 History —Introduced in MSS V ersion 3.0. Usage — MSS does not change a port’ s prior ity for VLANs other than the one(s) you specify . Examples — The following command resets the STP priority for port 2 in VLAN avocado: WX4400# clear spantree portvlanpri 2 vlan avocado success: change accepted.
488 C HAPTER 12: STP C OMMANDS display spantree Displays STP configuration and port- state information. Syntax — display spantree [ port-list | vlan vlan- id ][ active ] port-list — List of ports. If you do not specify any ports, MSS displays STP information for all ports.
display spantree 489 7 1 Forwarding 19 128 Disabled 8 1 Disabled 19 128 Disabled 9 1 Disabled 19 128 Disabled 17 1 STP Off 19 128 Disabled 18 1 STP Off 19 128 Disabled T able 75 describes the fields in this display . T able 75 Output for display spantree Field Description VLAN VLAN number.
490 C HAPTER 12: STP C OMMANDS Port Port numb er. Only network ports are listed. STP does not apply to 3Com Wireless LAN Managed Access Point AP2750 ports or wired authentication ports.
display spantree backbonefast 49 1 See Also display spantree blockedp orts on page 492 display spantree backbonefast Indicates whether the STP backbone fa st convergence featur e is enabled or disabled. Syntax — display spantree backbonefast Defaults — None.
492 C HAPTER 12: STP C OMMANDS Examples — The following example shows the command out put on a WX switch with backbone fast convergence enabled: WX4400# display spantree backbonefas t Backbonefast i.
display spantree portfast 493 display spantree portfast Displays STP uplink fast convergence information for all network ports or for one or more network ports . Syntax — display spantree portfast [ port-list ] port-list — List of ports. If you do not specify any ports, MSS displays uplink fast convergence information for all por ts.
494 C HAPTER 12: STP C OMMANDS display spantree portvlancost Shows the cost o f a port on a path t o the STP root bridge, for each of the port’ s VLANs. Syntax — display spantree portvlancost port-list port-list — List of ports. Defaults — None.
display spantree statistics 495 Usage — The command displays statisti cs separately for each port. Examples — The following co mmand shows STP statistics for port 1: WX4400# display spantree stati.
496 C HAPTER 12: STP C OMMANDS topology change timer value 0 hold timer INACTIVE hold timer value 0 delay root port timer INACTIVE delay root port timer value 0 delay root port timer restarted is FALS.
display spantree statistics 497 T able 77 Output for display spantree statistics Field Descri ption Port Port number. VLAN VLAN ID. Spanning Tree enabled for vlan State of the STP feature on the VLAN. port spanning tree State of the STP feature on the port.
498 C HAPTER 12: STP C OMMANDS config_pending I ndicates whether a configured BPDU is to be transmitted on expiration of the hold timer for the port. port_inconsistency Indicates whether the port is in an inconsistent state. config BPDU’s xmitted Number of BPDUs transmitted from the port.
display spantree statistics 499 hold timer Status of the hold timer. This timer ensures that configured BPDUs are not trans mitted too frequently through any bridge port.
500 C HAPTER 12: STP C OMMANDS See Also clear spantree stati stics on page 487 display spantree uplinkfast Shows uplink fast convergence infor m ation for one VLAN or all VLANs. Syntax — display spantree uplinkfast [ vlan vlan- id ] vlan vlan-id — VLAN name or number .
set spantree 501 See Also set spantree uplinkfast on page 510 set spantree Enables or disables STP on one VLAN or all VLANs configured on a WX switch. Syntax — set spantree { enable | disable } [{ all | vlan vlan-id | port port- list vlan-id }] enable — Enables STP .
502 C HAPTER 12: STP C OMMANDS See Also display spantree on page 488 set spantree backbonefast Enables or disables STP ba ckbone fa st convergence on a wireless LAN switch. This feature accelerates a port’ s recovery following the failure of an indirect link.
set spantree fwddelay 503 set spantree fwddelay Changes the period of time after a t opology change that a WX switch which is not the root bridge waits to begin forwar ding Layer 2 traffic on one or all of its configured VLANs. (The r oot bridge always forwards traffic.
504 C HAPTER 12: STP C OMMANDS Access — Enabled. History —Introduced in MSS V e rsion 3.0. Examples — The following co mmand change s the hello interval for all VLANs to 4 seconds: WX4400# set spantree hello 4 all success: change accepted.
set spantree portcost 505 set spantree portcost Changes the cost that transmission through a network port or ports in the default VLAN on a wireless LAN switch adds to the total cost of a path to the STP root bridge. Syntax — set spantree portcost port-list cost co st port-list — List of ports.
506 C HAPTER 12: STP C OMMANDS See Also clear spantree portcost on page 484 clear spantree portvlancost on page 485 display spantree on page 488 display spantree portvlancost on page 4.
set spantree portpri 50 7 set spantree portpri Changes the STP priority of a network port or ports for select ion as part of the path to the STP root bridge in the default VLAN on a wireless LAN switch. Syntax — set spantree portpri port-list priority value port-list — List of ports.
508 C HAPTER 12: STP C OMMANDS set spantree portvlancost Changes the cost of a network por t or ports on paths to the STP root bridge for a specific VLAN on a wireless LAN switch. Syntax — set spantree portvlancost port-lis t cost cost { all | vlan vlan-id } port-list — List of ports.
set spantree portvlanpri 50 9 set spantree portvlanpri Changes the priority of a network port or ports for selectio n as part of the path to the STP root bridge, on one VLAN or all VLANs. Syntax — set spantree portvlanpri port-list priority value { all | vlan vlan-id } port-list — List of ports.
510 C HAPTER 12: STP C OMMANDS set spantree priority Changes the STP root bridge priority of a wir eless LAN switch on one or all of its VLANs. Syntax — set spantree priority value { all | vlan vlan-id} priority value — Priority value. Y ou can specify a value from 0 through 65,535.
set spantree uplinkfast 511 History —Introduced in MSS V ersion 3.0. Usage — The uplink fast convergence feature is applicable to bridges that are acting as access switch es to the network core (distribution layer) but are not in the core themselves.
512 C HAPTER 12: STP C OMMANDS.
13 IGMP S NOOPING C OMMANDS Use Internet Group Management Pr otocol (IGMP) snooping commands to configure and manage multicast traff ic reduction on a WX. Commands by usage This chapter presents IGMP snooping commands alphabetically . Use the following table to locate commands in this chapter based on their use.
514 C HAPTER 13: IGMP S NOOPING C OMMANDS clear igmp statistics Clears IGMP statistics count ers on one VLAN or all VLANs on a wireless LAN switch and r esets them to 0. Syntax — clear igmp statistics [ vlan vlan-id ] vlan vlan-id — VLAN name or number .
display igmp 51 5 Examples — The followin g command displays IGMP information for VLAN orange : WX1200# display igmp vlan orange VLAN: orange IGMP is enabled Proxy reporting is on Mrouter solicitati.
516 C HAPTER 13: IGMP S NOOPING C OMMANDS T able 81 describes the fields in this display . T able 81 Output for display igmp Field Descri ption VLAN VLAN name. MSS displays info rmation separately for each VLAN. IGMP is enabled (disabled) IGMP state. Proxy reporting Proxy reporting state.
display igmp 51 7 TTL Number of seconds befo re this entry ages out if not refreshed. For static multicast route r entries, the time-to-live (TTL) value is undef . Static multicast router entries do not age out. Group IP address of a multicast group. The display igmp receiver -table com mand shows the sa me information as these receiver fields.
518 C HAPTER 13: IGMP S NOOPING C OMMANDS See Also display igmp mrouter on page 518 display igmp querier on page 519 display igmp receiver -table o n page 521 display igmp statistic s on page 523 display igmp mrouter Displays the multicast routers in a WX’ s subnet, on one VLAN or all VLANs.
display igmp querier 519 See Also display igmp mrouter on page 518 set igmp mr outer on page 527 display igmp querier Shows information about the active multicast querier , on one VLAN or all VLANs. Queriers are listed separately for each VLAN.
520 C HAPTER 13: IGMP S NOOPING C OMMANDS History — Introduced in MSS V ersion 3.0. Examples — The followin g command displa ys querier infor mation for VLAN orange : WX1200# display igmp querier vlan or ange Querier for vlan orange Port Querier-IP Querier-MAC TTL ---- --------------- --------------- -- ----- 1 193.
display igmp receiver-table 521 See Also set igmp querier on page 533 display igmp receiver -table Displays the receivers to which a WX forwar ds multicast traffic. Y ou can display receivers for all VLANs, a si ngle VLAN, or a group or groups identified by group address and network mask.
522 C HAPTER 13: IGMP S NOOPING C OMMANDS The following command lists all r eceivers for multicast groups 237.255.255.1 t hrough 237.255.255.255, in all VLANs: WX1200# display igmp receiver-table group 237.255.255.0/24 VLAN: red Session Port Receiver-IP Receiver-MAC TTL --------------- ---- --------------- ----------------- ----- 237.
display igmp stati stics 52 3 display igmp statistics Shows IGMP statistics. Syntax — display igmp statistics [ vlan vlan-id ] vlan vlan-id — VLAN name or number . If you do not specify a VLAN, MSS displays IGMP statis tics for all VLANs. Defaults — None.
524 C HAPTER 13: IGMP S NOOPING C OMMANDS T able 85 Output of display igmp statistics Field Description IGMP statistics for vlan VLAN name. Statistics are lis ted separately for each VLAN.
set igmp 525 See Also clear igmp statistics on page 514 set igmp Disables or reenables IGMP snooping on one VLAN or all VLANs on a wireless LAN switch. Syntax — set igmp { enable | disable } [ vlan vlan-id ] enable — Enables IGMP snooping.
526 C HAPTER 13: IGMP S NOOPING C OMMANDS set igmp lmqi Changes the IGMP last member query interval timer on one VLAN or all VLANs on a wirel ess LAN switch.
set igmp mrouter 527 set igmp mrouter Adds or removes a port in a WX’ s list of ports on which it forwards traffic to multicast routers. Static multicas t ports are immediately added to or removed fr om the list of router ports and do not age out. Syntax — set igmp mrouter port port-list { enable | disable } port port-list — Port list.
528 C HAPTER 13: IGMP S NOOPING C OMMANDS set igmp mrsol Enables or disables multicast router solicitation by a WX. Syntax — set igmp mrsol { enable | disable } [ vlan vlan-id ] enable — Enables multicast r outer solicitation. disable — Disables multicast router solicitation.
set igmp oqi 529 Usage — Y ou canno t add MAP access ports or wired authentication ports as stat ic multicast port s. However , MSS can dynamic ally add these port types to the list of multicast ports based on multicast traffic.
530 C HAPTER 13: IGMP S NOOPING C OMMANDS See Also set igmp lmqi on page 526 set igmp qi on page 531 set igmp qri on page 532 set igmp querier on page 533 set igmp mr outer on page 527 set igmp rv on page 534 set igmp proxy-r eport Disables or reenables proxy r eporting by a WX on one VLAN or all VLANs.
set igmp qi 531 set igmp qi Changes the IGMP query interval ti mer on one VLAN or all VLANs on a WX. Syntax — set igmp qi seconds [ vlan vlan-id ] qi seconds — Number of seconds t hat elapse between general queries sent by the WX when the WX switch is the querier for the subnet.
532 C HAPTER 13: IGMP S NOOPING C OMMANDS set igmp qri Changes the IGMP query r esponse in terval timer on one VLAN or all VLANs on a WX. Syntax — set igmp qri tenth-seconds [ vlan vlan-i d ] qr.
set igmp querier 53 3 set igmp querier Enables or disables the IGMP pseudo-querier on a WX, on one VLAN or all VLANs. Syntax — set igmp querier { enable | disable } [ vl an vlan-id ] enable — Enables the pseudo-querier . disable — Disables t he pseudo-querier .
534 C HAPTER 13: IGMP S NOOPING C OMMANDS Defaults — By default, n o ports are static multicast receiver ports. Access — Enabled. History — Introduced in MSS V ersio n 3.0. Usage — Y ou canno t add MAP access ports or wired authentication ports as static multicast ports.
set igmp rv 535 See Also set igmp oqi on page 529 set igmp qi on page 531 set igmp qri on page 532.
536 C HAPTER 13: IGMP S NOOPING C OMMANDS.
14 S ECURITY ACL C OMMANDS Use security ACL commands to configure and monitor security access control lists (ACLs). Security ACLs filt er packets to restrict or permit network usage by certain users or traffic types, and can assign to packets a class of service (CoS) to define th e pr iority of tr eatment for packet filtering.
538 C HAPTER 14: S ECURITY ACL C OMM ANDS clear security acl Clears a specified security ACL, an access contr ol entry (ACE), or all security ACLs, from the edit buffe r . When used with the command commit securi ty acl , clears the ACE from the running configuration.
clear security acl map 53 9 WX4400# display security acl info al l ACL information for all set security acl ip acl_133 (hits #1 0) ------------------------------------ --------------------- 1.
540 C HAPTER 14: S ECURITY ACL C OMM ANDS Syntax — clear security acl map { acl-name | all } { vlan vlan-id | port port-list [ tag tag-value ] | ap ap-num } { in | out } acl-name — Name of an existing security ACL to clear . ACL names start with a letter and ar e case-insensitive.
commit security acl 541 T o clear all physical ports, virtual ports , and VLANs on a WX switch of the ACLs mapped for incoming and outgoi ng traffic, type the following command: WX4400# clear security acl map all success: change accepted.
542 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — The following co mmands commit all the security ACLs in the edit buffer to the configuration, display a summary of the committed ACLs, and show t.
display security acl editbuffer 543 WX4400# display security acl ACL table ACL Type Class Mapping ---------------------------- ---- -- ---- ------- acl_123 IP Static Port 2 In acl_133 IP Static Port 4.
544 C HAPTER 14: S ECURITY ACL C OMM ANDS T o view details about these uncommitted ACLs, type the following command. WX4400# display security acl info al l editbuffer ACL edit-buffer information for all set security acl ip acl-111 (ACEs 3, add 3, del 0, modified 2) ------------------------------------ ---------------- 1.
display security acl in fo 545 Examples — T o display the security ACL hits on a WX switch, type the following command: WX4400# display security acl hits ACL hit-counters Index Counter ACL-name ----.
546 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — T o display the con tents of all security ACLs committed on a WX switch, type the following command: WX4400# display security acl info ACL information for all set security acl ip acl_123 (hits #5 462) ------------------------------------ --------------------- 1.
display security acl resource-usage 547 Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following command displays the port to which security ACL acl_111 is mapped : W.
548 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — T o display security ACL res ource usage, type the following command: WX4400# display security acl resourc e-usage ACL resources Classifier tree .
display security acl resource-usage 549 T able 87 Output of display security acl resour ce-usage Field Description Number of rules Number of security ACEs cu rrently mapped to ports or VLANs. Number of leaf nodes Number of security ACL data en tries stored in the rule tree.
550 C HAPTER 14: S ECURITY ACL C OMM ANDS LUdef in use Number of the lo okup definition (LUdef) table currently in use for packet handling. Default action pointer Memory address used for packet handling, from which default action data is obtained when necessary.
rollback security acl 551 rollback security acl Clears changes made to the secur ity ACL edit buffer since it was last saved. The ACL is rolled back to its state after the last commit security acl command was entered. All uncommit ted ACLs in the edit buf fer ar e cleared.
552 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — The following co mmands show the edit buffer befor e a rollbac k, clear any changes in the edit buf fer to security acl_122 , and show the ed it .
set security acl 553 By ICMP packets Syntax — set security acl ip acl-name { permi t [ cos cos ] | deny } icmp { source-ip-add r mask destination-ip-addr mask [ type icmp-type ] [ code icmp-code ] [.
554 C HAPTER 14: S ECURITY ACL C OMM ANDS 0 or 3—Best effort. Packets are queued in MAP forwarding queue 3. 4 or 5—Video. Packets are que ued in MAP forwarding queue 2. Use CoS level 4 or 5 for voice over IP (V oIP) packets other than SpectraLink V oice Priority (SVP).
set security acl 555 (For a complete list of TCP and UDP port numbers, see www .iana.org/assign ments/port-numbers .) destination-ip-addr mask — IP addr ess and wildcard mask of the network or host to which the packet is being sent. Specify both address and mask in dotted decimal not ation.
556 C HAPTER 14: S ECURITY ACL C OMM ANDS before editbuffer-index — Inserts the new ACE in front of another ACE in the security ACL. Specify the number of the existing ACE in the edit buffer . Index numbers start at 1. (T o display the edit buffer , use display security acl editbuf fer .
set security acl map 557 The following command adds an ACE to acl_123 that denies packets from IP addr ess 192.168.2.1 1: WX4400# s et security acl ip acl_123 deny 192.168.2.11 0.0.0.0 The following command creates acl_125 by defining an ACE that denies TCP packets from sour ce IP address 1 92.
558 C HAPTER 14: S ECURITY ACL C OMM ANDS Syntax — set security acl map acl-name { v l an vlan-id | port port-list [ tag tag-list ] | ap ap-num } { in | out } acl-name — Name of an existing security ACL to map. ACL names start with a letter and ar e case-insensitive.
set security acl hit-sample-rate 559 See Also clear security acl map on page 539 commit security acl on page 541 set mac-user attr on page 261 set mac-usergroup attr on page 267 se.
560 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — The first command sets MSS to sample ACL hits every 15 seconds. The second and third commands display the results. The results show that 916 packets matching security acl_153 wer e sent since the ACL was mapped.
15 C RYPTOGRAPHY C OMMANDS A digital certificate is a form of elec tr onic identification for co mputers. The WX requires digital certificates to authenticate its communications to 3WXM and Web Manager, to W ebA AA clients, and to Extensible Authentication Protocol (EAP) client s for which the WX performs all EAP processing.
562 C HAPTER 15: C RYPTOGRA PHY C OMMANDS Commands by Usage This chapter presents cryptography comma nds alphabetically . Use T able 88 to locate commands in this chapter based on their use. crypto ca-certificate Installs a certificate authority’ s own PKCS #7 certificate into the WX certificate and ke y storage area.
crypto ca-certificate 563 PEM-formatted certificate — ASCII text representation of the certificate authority PKCS #7 certificate, consisting of up to 5120 characters that you have obtaine d from the certificate authority . Defaults — None. Access — Enabled.
564 C HAPTER 15: C RYPTOGRA PHY C OMMANDS crypto certificate Installs one of the WX switch’ s PKCS #7 certificates into the certificate and key storage area on the WX switch. The cert ificate, which is issued and signed by a certificate authority , authenticates the WX switch either to 3WXM or Web Manager, or to 802.
crypto generate key 565 Examples — The following co mmand installs a certificate: WX4400# crypto certificate admin Enter PEM-encoded certificate -----BEGIN CERTIFICATE----- MIIBdTCP3wIBADA2MQswCQYDVQQGEwJVUzEL MAkGA1UECBMCQOExGjAYBgNVBAMU EXR1Y2hwdWJzQHRycHouY29tMIGfMAOGCSqG SIb3DQEBAQAA4GNADCBiQKBgQC4 .
566 C HAPTER 15: C RYPTOGRA PHY C OMMANDS History —Introduced in MSS V ersion 3.0. W ebaaa option renamed to web in MSS V ersion 4.1. Usage — Y ou can overwrite a key by ge nerating another key of the same type. SSH requir es an SSH authentication ke y , but you can allow MSS to generate it automatically .
crypto generate request 567 State Name string — (Optio nal) Specify the name of the state, in up to 64 alphanumeric characters. Space s are allowed. Locality Name string — (Optional) Specify the name of the locality , in up to 80 alphanumeric characters with no spaces.
568 C HAPTER 15: C RYPTOGRA PHY C OMMANDS Examples — T o request an administrative certificate from a certificate authority , type the following command: WX4400# crypto generate request admi n Count.
crypto generate self-signed 56 9 After you ty pe the command, you ar e pr ompted for the follo wing variables: Country Name string — (Optional) Specify the abbreviation for the country in which the WX switch is operating, in 2 alphanumeric characters with no spaces.
570 C HAPTER 15: C RYPTOGRA PHY C OMMANDS T o generate a self-signed administrati ve certificate, type the follow ing command: WX4400# crypto generate self-signed admin Country Name: State Name: Locality Name: Organizational Name: Organizational Unit: Common Name: wx1@example.
crypto otp 57 1 Note: On an WX switch that handles communications to and from Microsoft Windows clients, use a one-time pass word of 31 charact ers or fewer . The following characters can not be used as part of th e one-time password of a PKCS #12 file: Quotation marks (“ ”) Question mark (?) Ampersan d (&) Defaults — None.
572 C HAPTER 15: C RYPTOGRA PHY C OMMANDS crypto pkcs12 Unpack s a PKCS #12 object file into the certificate and key stora ge area on the WX switch. This object file contains a public-private key pair , an WX certificate signed by a certifica te authority , and the certificate authority’ s certificate.
display crypto ca-certificate 573 Examples — The following co mmands copy a PKCS #12 object file for an EAP certificate an d key pair—and op tionally the certificate authority’ s own certificate.
574 C HAPTER 15: C RYPTOGRA PHY C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. W ebaaa option renamed to web in MSS V ersion 4.
display crypto certificate 575 Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Webaaa option renamed to web in MSS V ersio n 4.1. Usage — Y ou mu st have generated a self -signed certificate or obtained a certificate from a certificate authority before displaying information about the certificate.
576 C HAPTER 15: C RYPTOGRA PHY C OMMANDS display crypto key domain Displays domain key information. Syntax — display crypto key domain Defaults — None.
16 RADIUS AND S ERVER G RO U P C OMMANDS Use RADIUS commands to set up communication between a WX switch and groups of up to four RADIUS servers for re mote authenticatio n, authorization, and accounting (AAA) of administrat ors and network users. Commands by Usage This chapter presents RADIUS commands alp habetically .
578 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS clear radius Resets parameters that were globall y configured for RADIUS servers to their default values.
clear radius client system-ip 579 WX4400# clear radius timeout success: change accepted. See Also display aaa on page 229 set radius on page 582 set radius server on page 587 clear radius .
580 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS clear radius pr oxy client Removes RADIUS proxy client entries for third-party APs. Syntax — clear radius proxy client all Defaults — None.
clear radius server 581 clear radius server Removes the named RADIUS server from the WX configuration. Syntax — clear radius server server-name server-name — Name of a RADIUS server con figured t o perform re mote AAA services fo r the WX switch.
582 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS Examples — T o remove the server gr oup sg-77 type the following command: WX4400# clear server group sg-77 success: change accepted.
set radius 583 MSS encrypts the display form of the string in display config and display aaa output. retransmit number — Number of transmission attempts the WX switch makes before declaring an unr esponsive RADIUS server unavailable. Y ou can specify from 1 to 100 retries.
584 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS See Also clear radius server on page 581 display aaa on page 229 set radius server on page 587 set radius client system-ip Causes all R.
set radius proxy cli ent 585 set radius proxy client Adds a RADIUS proxy entry for a third-party AP . The proxy entry specifies the IP address of the AP and the UDP ports on which the WX switch listens for RADIUS traffic fr om the AP .
586 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS set radius proxy port Configures the WX port connected to a third-party AP as a RADIUS proxy for the SSID suppor ted by the AP . Syntax — set radius proxy port port-list [tag ta g-value ] ssid ssid-name port port-list — WX port(s) connected to the thir d-party AP .
set radius server 587 set radius server Configures RADIUS servers and thei r parameters. By default, the WX switch automatically sets all thes e values except the password (key).
588 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS author-password password — Passwor d used for authorization to a RADIUS server for MAC users.
set server group 589 Examples — T o set a RADIUS server named RS42 with IP address 198.162.1.1 to use the default acco unt ing and authorization por ts with a timeout interval of 30 s econds, two transmit attempts, 5 minutes of dead time, and a key string o f keys4u , type the follo wing command: WX1200# set radius server RS42 address 198.
590 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS Do not use the same name for a R ADIUS server and a RADIUS server group. Examples — T o set server group shorebirds with members her on , egret , and sandpiper , type the following command: WX1200# set server group shorebirds members heron egret sandpiper success: change accepted.
set server group load-balanc e 591 Examples — T o enable l oad balancing be tween the member s of server group shorebirds , type the following command: WX1200# set server group shorebirds load-balance enable success: change accepted.
592 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS.
17 802.1X M ANAGEMENT C OMMANDS Use 802. IEEE X management commands to modify the default settings for IEEE 802.1X sessions on an WX. Fo r best results, ch ange the settings only if you are awar e of a problem with 802.1X performance on the WX. CAUTION: 802.
594 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS clear dot1x bonded-period Resets the Bonded Auth™ (bonded authentication) period to its d efault value. The bonded period is the number of seconds MSS retains session information for an authenticated machin e while waiting for an 802.
clear dot1x max-req 595 See Also display dot1x on page 599 set dot1x bonded-period on page 603 clear dot1x max- req Resets to the default setting the nu mber of Extensible Authent ication Protocol (EAP) r equests that th e WX switch retransmits to a supplicant (client).
596 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS Usage — This command is overridden by the set dot1x authcontrol command. The clear dot1x port-control command r eturns port contr ol to the method configured. This command applies only to wired authentication ports.
clear dot1x reauth-max 597 clear dot1x re auth-max Resets the maxi mum number of reaut horization attemp ts to the default setting. Syntax — clear dot1x reauth-max Defaults — The default is 2 attempts. Access — Enabled. History —Introduced in MSS V ersion 3.
598 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS clear dot1x timeout auth-server Resets to the default setting the nu mber of seconds that must elapse before the WX times out a request to a RADIUS server . Syntax — clear dot1x timeout auth-server Defaults — The default is 3 0 seconds.
clear dot1x tx-period 599 clear dot1x tx-period Resets to the default setting the nu mber of seconds that mus t elapse before the WX switch r etransmits an EAP over LAN (EAPoL) packet. Syntax — clear dot1x tx-period Defaults — The default is 5 seconds.
600 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS History —Introduced in MSS V ersion 3.0. Format of 802.1X authentication rule informat ion in display dot1x config output changed in MSS V ersion 3. 2. The rules are still l isted at the top of the display , but more information is shown for each rule.
display dot1x 60 1 802.1X parameter setting ---------------- ------- supplicant timeout 30 auth-server timeout 30 quiet period 5 transmit period 5 reauthentication period 3600 maximum requests 2 key t.
602 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS set dot1x authcontrol Provides a global override mechanism for 802.1X authentication configuration on wired authentication ports. Syntax — set dot1x authcontrol { enable | d isable } enable — Allows all wir ed authentication ports running 802.
set dot1x bonded-period 60 3 Defaults — By default, authenticati on control for individual wir ed authentication is enabled. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — This command applies only to wired authentication ports.
604 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS Usage — Normally , the Bonded Auth period needs to be set only if the network has Bonded Auth clients that use dynamic WEP , or use WEP-40 or WEP-104 encryption with WP A or RS N. These clients can be affected by the 802.
set dot1x max-req 605 Examples — T ype the following comma nd to enable key transmission: WX4400# set dot1x key-tx enable success: dot1x key transmission enab led.
606 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS set dot1x port-control Determines the 802.1 X authenticati on behavior on individual wired authentication ports or groups of ports.
set dot1x quiet-period 607 set dot1x quiet-period Sets the number of seconds a W X remains quiet and does not respond to a supplicant after a failed authentication. Syntax — set dot1x quiet-period seconds seconds — Specify a value between 0 and 65,535.
608 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS See Also display dot1x on page 599 set dot1x reauth-max on page 608 set dot1x reauth-period on page 609 set dot1x re auth-max Sets the number of reauthentication attempts that the WX switch makes before the supplicant (client) becomes unauthorized.
set dot1x reauth-period 609 set dot1x re auth-period Sets the number of seconds that must elapse before the WX switch attempts reauthentication. Syntax — set dot1x reauth-period seconds seconds — Specify a value between 60 (1 minute) and 1,641,600 (19 days).
610 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS See Also display dot1x on page 599 clear dot1x timeout auth-server on page 598 set dot1x timeout supplicant Sets the number of seconds that must elapse before the WX switch times out an authentication s ession with a supplicant (client).
set dot1x wep-rekey 611 Examples — T ype the following co mmand to set the number of seconds before the WX switch r etransmits an EAPoL packet to 300: WX4400# set dot1x tx-period 300 success: dot1x tx-period set to 300.
612 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS set dot1x wep-rekey-period Sets the interval for rotating th e WEP broadcast and multicast keys. Syntax — set dot1x wep-rekey-period second s seconds — Specif y a value between 30 an d 1,641,600 (19 day s).
18 S ESSION M ANAGEMENT C OMMANDS Use session management commands to display and cl ear administrative and ne twork user sessions. Commands by Usage This chapter presents session manage ment commands al phabetically . Use T able 94 to locate commands in this chapter based on their use.
614 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS telnet client [ session-id ] — Clears all T elnet client sessions from the CLI to remote devices, or clears an individual session identified by session ID. mesh-ap [ session-id ] — Clears all Mesh AP sessions, or clears an individual Mesh AP session identified by session ID.
clear sessions network 615 clear sessions network Clears all network sessions for a specif ied user name or set of usern ames, MAC addr ess or set of MAC addresse s, virtual LAN (VLAN) or set of VLANs, or session ID.
616 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS Examples — T o clear all sessions for MAC address 00:01:02:03:04:05, type the following command: WX4400# clear sessions network mac-a ddr 00:01:02:03:.
display sessions 617 telnet — Displays sessions for all user s with administrative access to the WX switch through a T elnet connection. telnet client — Displays T e lnet sessions from the CLI to r emote devices. Defaults — None. Access — All, except for dis play sessions telnet client , which has enabled access.
618 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS T o view information about T elnet client sessions, type the following command: WX4400# display sessions telnet clie nt Session Server Address Server P ort Client Port ------- -------------- -------- ---- ----------- 0 192.
display sessions mesh-ap 619 display sessions mesh-ap Displays summary or verbose informat ion about Mesh AP sessions on the WX . Syntax — display sessions mesh-ap [ session-id sess ion-id | verbose ] session-id local-session-id — Displays the specified Mesh AP session.
620 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS See also “clear sessions” on page 613 display sessions network Displays summary or verbo se inform ation about all network sessions, or network sessions for a specified user name or set of user names, MAC address or set of MAC addresses, VLAN or set of VLANs, or session ID.
display sessions network 621 Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Output ad ded to the disp lay network sessions verbose command to indicate the user’ s authorization attributes and whether they were supplied thr ough AAA or through configur ed SSID defaults in a service profile in MSS V ersio n 4.
622 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS The following command displays su mmary information about all the sessions of users whose names begin with E : WX1200# display sessions network use r E* User Sess IP or MAC VLAN Port/ Name ID Address Name Radio --------------------------- ---- --------------- ------------ ----- EXAMPLESingh 12* 10.
display sessions network 623 Start-Date=05/04/11-10:00 (AAA) 1 sessions total (T able 99 on page 624 describes th e addition al fields of the verbose output of display sessions network commands.
624 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS Sess ID Locally unique number th at identi fies this session. An asterisk (*) next to the session ID indicates fully active sessions. IP or MAC Address IP address of the session user, or the user’s MAC address if the user has not yet received an IP address.
display sessions network 625 State Status of the session: AUTH, ASSOC REQ — Client is being associated by the 802.1X protocol. AUTH AND ASSOC — Client is being associated by the 802.1X protocol, and the user is being authenticated. AUTHORIZING — User has been authenticated (for exam ple, by the 802.
626 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS T able 100 display sessions network session-id Output Field Description Global Id A u nique session identifier within the Mobility Domain. State Status of the session: AUTH, ASSOC REQ — Client is being ass ociated by th e 802.
display sessions network 627 See Also clear sessions network on page 615 Authentication Method Extensible Auth entication Protocol (EAP) type used to authenticate the session user, and the IP addr es s of the authentication server.
628 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS.
19 RF D ETECTION C OMMANDS MSS automatically performs RF detect ion scans on enabled and disabled radios to detect rogue access points. A rogue access point is a BSSID (MAC address associated with an SS ID) that does not belong to a 3Com switch and is not a member of the ignore list configured on the seed switch of the Mobility Domain.
630 C HAPTER 19: RF D ET ECTION C OMMANDS clear rfdetect attack-list Removes a MAC address fr om the attack list. Syntax — clear rfdetect attack-list mac-addr mac-addr — MAC address you want to remove fr om the att ack list. Defaults — None.
clear rfdetect black-list 631 See Also clear rfdetect attack-list on p age 630 display rfdetect attack-list on page 635 clear rfdetect black-list Removes a MAC address fr om the client black list. Syntax — clear rfdetect black-list mac-addr mac-addr — MAC address you want to remove fr om the black list.
632 C HAPTER 19: RF D ET ECTION C OMMANDS Examples — The f ollowing command removes BSSID aa:bb:cc:11:22:33 from the ignor e list for RF scans: WX1200# clear rfdetect ignore aa:bb: cc:11:22:33 success: aa:bb:cc:11:22:33 is no lon ger ignored.
clear rfdetect vendor-list 633 clear rfdetect vendor -list Removes an entry from the permitted vendor list. Syntax — clear rfdetect vendor-list {client | ap} mac-addr | all client | ap — Specifies whether the entry is for an AP brand or a client brand.
634 C HAPTER 19: RF D ET ECTION C OMMANDS rfping Provides information about the RF link between the WX and the client based on sending test packets to the client. Syntax — rfping {mac mac-addr | session-id se ssion-id } mac-addr — T ests the R F link between the WX and the client with the specified MAC address.
display rfdetect attack-list 635 See Also display rfdetect data on page 642 display rfdetect visible on page 650 display rfdetect attack-list Displays information about the MA C addresses in the attack list. Syntax — display rfdetect attack-list Defaults — None.
636 C HAPTER 19: RF D ET ECTION C OMMANDS display rfdetect black-list Displays information abut the c lients in the client black list. Syntax — display rfdetect black-list Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 4.
display rf detect client s 63 7 display rfdetect clients Displays the wir eless clients detected by a WX switch. Syntax — display rfdetect clients [mac mac-addr ] mac mac-addr — Displays detailed informat ion for a specific client. Defaults — None.
638 C HAPTER 19: RF D ET ECTION C OMMANDS T able 103 display rfdetect clients Output Field Description Client MAC MAC address of the client. Client Vendor Company that manufactures or sells the client. AP MAC MAC address of the radio with which the rogue client is associated.
display rfdetect countermeasures 639 display rfdetect countermeasures Displays the current status of countermeasures against rogues in the Mobility Domain. Syntax — display rfdetect countermeasure s Defaults — None. Access — Enabled. History —Output no longer lists rogues for which co untermeasures have not been starte d in MSS V ers ion 4.
640 C HAPTER 19: RF D ET ECTION C OMMANDS T able 105 describes the fields in this display . See Also set radio-profile countermeasur es on page 410 display rfdetect counters Displays statisti cs for rogue and Intr usion Detection System (IDS) activity detected by the MAPs managed by a WX switch.
display rfdete ct counters 641 Examples — The following command sho ws counters for rogue activity detected by a WX switch: WX4400# display rfdetect counters Type Current Total ------------------------------------ -------------- ------------ ------------ Rogue access points 0 0 Interfering access points 139 1116 Rogue 802.
642 C HAPTER 19: RF D ET ECTION C OMMANDS display rfdetect data Displays all the BSSIDs det ected by an individual WX switch d uring an RF detection scan. The data includes BSSIDs t ransmitted by other 3Com radios as well as by thir d-party access points .
display rfdetect data 643 See Also display rfdetect mobility-domain on page 644 display rfdetect visible on page 650 T able 106 display rfdetect data Output Field Description BSSID BSSID detected by a MAP radio on this WX switch. Vendor Company that manufactures or se lls the rogue device.
644 C HAPTER 19: RF D ET ECTION C OMMANDS display rfdetect ignore Displays the BSSIDs of third-party devices that MSS ignor es during RF scans. MSS does not gene rate log messages or traps for the devices in the ignore list. Syntax — display rfdetect ignore Defaults — None.
display rfdetect mobility-domain 645 Usage — This command is valid only on the seed switch of the Mobility Domain. T o display rogue inform ation for an individual switch, use the display rfdetect data command on that switch. Only rogues ar e listed.
646 C HAPTER 19: RF D ET ECTION C OMMANDS WX-IPaddress: 10.8.121.102 Port/Ra dio/Ch: 3/1/1 Mac: 00:0b:0e:00:0a:6a Device-type: interfering Adhoc: no Crypto-types: clear RSSI: -75 SSID: 3Com-webaaa WX-IPaddress: 10.
display rfdetect mobility-domain 647 T able 107 and T ab le 108 describe the fields in these displays. T able 107 display rfdetect mobility-domain Output Field Description BSSID MAC address of the SSID used by the detected device. Vendor Company that manufactures or sells the rogue device.
648 C HAPTER 19: RF D ET ECTION C OMMANDS See Also display rfdetect data on page 642 display rfdetect visible on page 650 Crypto-Types Encryption type: clear (no encryption) ccmp tkip wep104 (WPA 104-bit W EP) wep40 (WPA 40-bit WEP) wep (non-WPA WEP) WX-IPaddress System IP address of the WX sw itch that detected the rogue.
display rfdetect ssid-list 649 display rfdetect ssid-list Displays the entries in the permitted SSID list. Syntax — display rfdetect ssid-list Defaults — None.
650 C HAPTER 19: RF D ET ECTION C OMMANDS Examples — The following example shows the permitt ed vendor list on WX switch: WX1200# display rfdetect vendor-list Total number of entries: 1 OUI Type ---.
display rfdetect visible 651 Usage — If a 3Com radio is supporti ng more than one SSID, each of the corresponding BSSIDs is listed separately . T o display rogue information for th e entir e Mobility Domain, use the display rfdetect mobility-domain command on the seed switch.
652 C HAPTER 19: RF D ET ECTION C OMMANDS See Also display rfdetect data on page 642 display rfdetect mobility-domain on page 644 set rfdetect active-scan Disables or reenables active RF dete ction scan ning on a WX switch.
set rfdetect attack-list 653 set rfdetect attack-list Adds an entry to the attack list. The attack list specifies the MAC addresses of devices that MSS should issue countermeasures against whenever the devices ar e detected on the network. The attack list can contain the MAC addresses of APs and clients.
654 C HAPTER 19: RF D ET ECTION C OMMANDS set rfdetect black-list Adds an entry to the client black list. The client black list specifies clients that are not allowed on the network.
set rfdetect countermeasures mac 65 5 Syntax — set rfdetect countermeasures { ena ble | disable } enable — Enables countermea sures. disable — Disables countermeasures. Defaults — Countermeasures are disabled by default. Access — Enabled.
656 C HAPTER 19: RF D ET ECTION C OMMANDS Y ou can start coun termeasures against mor e than one BSSID by typing additional set rfdetect countermeasures mac commands. After you type the first set rfdetect countermeasures mac command, MSS does not issue co untermeasures against any devices except the on es you specify using this command.
set rfdetect log 657 Usage — Use this command to identify third-party APs and other devices you are alr eady aware of and do not want MSS to r eport following RF scans. If you try to initiate countermeasures against a device on the ignore list, the ignore list takes precedence and MSS does not issue the countermeasures.
658 C HAPTER 19: RF D ET ECTION C OMMANDS History —Introduced in MSS V ersion 3.0. Usage — This command is valid only on the seed switch of the Mobility Domain. The log messages for rogues are gene rated only on the seed and appear only in the seed’ s log message buffer .
set rfdetect signature key 659 Examples — The following co mmand en ables MAP signatures on a WX switch: WX1200# set rfdetect signature enabl e success: signature is now enabled. set rfdetect signature key Creates an encrypted RF fingerprint key to use as a signatur e for a MAP .
660 C HAPTER 19: RF D ET ECTION C OMMANDS If you add a device that MSS has classified as a rogue to the permitted SSID list, but not to the ignore list, MSS can still classify the device as a rogue. Adding an entry to the permitte d SSID list merely indicates that the device is using an allowed SSID.
test rflink 661 If you add a device that MSS has classified as a rogue to the permitted vendor list, but not to the ignore list, MSS can still classify the device as a rogue. Adding an entry to the permit ted vendo r list merely indicates that the device is from an allowed vendo r.
662 C HAPTER 19: RF D ET ECTION C OMMANDS Examples — The following co mmand tests the RF link between the WX switch and the client with MAC address 00:0e:9b:bf:ad:13: WX4400# test rflink mac 00:0e:9.
20 F ILE M ANAGEMENT C OMMANDS Use file management commands to ma nage system files and to display software and boot information. Commands by Usage This chapter presents file management co mmands alphabetically . Use T able 111 to locate commands in this chapter based on their use.
664 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS backup Creates an ar chive of WX system file s and optionally , user file, in Unix tape archive ( tar ) format. Syntax — backup system [tftp:/ip-addr/]filename [all | critical] Defaults — All. Access — Enabled.
backup 665 Arc hive files create d by the all option ar e larger than files cr eated by the critical option. The file size depends o n the files in the u ser area, and the file can be quite large if the us er ar ea contains image files. The backup command places the boo t configuration file into the archive.
666 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS clear boot backup-configuration Clears the filename specified as the backup configuration file. In the event that MSS cannot read the config uration file at boot time, a backup configuration file is not used.
copy 667 WX4400# reset system force ...... rebooting ...... See Also display config on page 675 reset system on page 683 copy Performs the following co py operations: Copies a file f rom a TF TP se rver to nonvolatile stor age. Copies a file from nonvolatile stor age or temporary storage to a TF TP server .
668 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 3.0. Usage — The filename and file: filename URLs are equivalent. Y ou can use either URL to refer to a file in an WX switch’ s nonvolatile memory .
delete 669 The following commands rename test-config to new-config by copying it from one name to the other in the same location, then deleting test-config : WX4400# copy test-config new-config WX4400# delete test-config success: file deleted. The following command copies file corpa-log in.
670 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Examples — The follow ing co mmands copy file testconfig to a TF TP server and delete the file from nonvolatile storage: WX4400# copy testconfig tftp://10.1. 1.1/testconfig success: sent 365 bytes in 0.401 sec onds [ 910 bytes/sec] WX4400# delete testconfig success: file deleted.
dir 671 Examples — The following co mmand displays the files in the root directory: WX4400# dir ==================================== =========================================== file: Filename Size C.
672 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS The following command limit s the output to the contents of th e user files area: WX4400# dir file: ==================================== ==================.
install soda agent 673 See Also copy on page 667 delete on page 669 install soda agent Installs Sygate On-Demand (SODA) ag ent files in a directory on the WX switch. Syntax — install soda agent agent-file agent dir ectory directory agent-file — N a m e o f a .
674 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Usage — The install soda agent command installs a .zip file containing SODA agent files into a directory on the WX switch. Prior to installing the SODA agent files, you must have already copied the .zip file to the WX switch.
display config 675 T able 114 describes the fields in the display boot output . See Also display version on pag e 677 reset system on page 683 set boot configuration-file on page 687 display config Displays the configuration running on the WX.
676 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS ip-config l2acl log mobility-domain network-domain ntp portconfig port-group qos radio-profile rfdetect ser.
display version 677 Usage — If you do not use one of the optional par ameters, configuration commands that set nondefault values are displayed for all configuration ar eas.
678 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Examples — The following co mmand displays version information for a WX switch: WX1200# display version Mobility System Software, Ve rsion: 4.1.0 QA 67 Copyright (c) 2002, 2003, 20 04, 2005 3Com Corporation.
load config 67 9 T able 115 describes the fields in the display version output. See Also display boot on page 674 load config Loads configuration commands from a file and r eplaces the WX switch’ s running configuration with the commands in the loaded file.
680 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Defaults — The default file location is nonvolatile storage. The current version supports loading a conf iguration file only from the switch’ s nonvolatile storage. Y ou canno t load a configurat ion file di rectly from a TF TP ser ver .
md5 681 md5 Calculates the MD5 checksum for a file in the switch’ s nonvolatile storage. Syntax — md5 [boot0: | boot1:] filename boot0: | boot1: — Boot partition into which you copied the file. filename — Name of the file. Defaults — None.
682 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Examples — The following commands crea te a subdirectory called corp2 and display the root dir ectory to verify the result: WX4400# mkdir corp2 success: change accepted.
reset system 683 reset system Restar ts an WX switch and reboots the softwar e. Syntax — reset system [ force ] force — Immediately restarts the system and reboots, without comparing the running co nfiguration to the configuratio n file. Defaults — None.
684 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS res t o re Unzips a system archive created by the backup command and copies the files from the ar chive onto the switch . Syntax restore system [tftp:/ip-addr/]filename [al l | critical] Defaults — Critical.
rmdir 685 See Also backup on page 664 rmdir Removes a subdirectory fr om nonvolatile storage. Syntax — rmdir [ subdirname ] subdirname — Subdirectory name. Specify between 1 and 32 alphanumeric characters , with no spaces. Defaults — None.
686 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Access — Enabled. History —Introduced in MSS V e rsion 3.0. Usage — If you do not specify a filename, MS S replaces the configuration file loaded during the most recent r eboot.
set boot configuration-file 68 7 History —Introduced in MSS V ersion 4.1. Examples — The following command specifies a file called backup.cfg as the backup configuration file on the WX swit ch: WX1200# set boot backup-configuratio n backup.cfg success: backup boot config filename set.
688 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS set boot partition Specifies the boot partition in which to look for the system image file following the next system reset, softwar e reload, or power cycle. Syntax — set boot partition { boot0 | boot1 } boot0 — Boot partition 0.
uninstall soda agent 689 Usage — The uninstall soda command removes the SODA agent directory and all of its contents. All files in the specified directory ar e removed. The command removes the dir ectory and its contents, rega rdless of whether it contains SODA agent files.
690 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS.
21 T RACE C OMMANDS Use trace commands to perform diag nostic routines. While MSS allows you to run many types of traces, this chapter describes commands for those traces you are most likely to use. Fo r a complete listing of the types of traces MSS allows, type the set trace ? command.
692 C HAPTER 21: T RACE C OMMANDS clear log trace Deletes the log messages stor ed in the trace buf fer . Syntax — clear log trace Defaults — None.
display trace 693 T o clear the session manag er trace, ty pe the followi ng command: WX4400# clear trace sm success: clear trace sm See Also display trace on page 693 set trace authentication.
694 C HAPTER 21: T RACE C OMMANDS save trace Saves the accumulated trace data for enabled traces to a file in the WX switch’ s nonvolatile storage. Syntax — save trace filename filename — Name for the trace file. T o save the file in a subdir ectory , specify the subdir ectory name, then a slash.
set trace authorization 695 Examples — The following co mmand sta rts a trace for information about user jose’ s authentication: WX4400# set trace authentication use r jose success: change accepted. See Also clear trace on page 692 display trace on page 693 set trace authorization T r aces authorization informatio n.
696 C HAPTER 21: T RACE C OMMANDS See Also clear trace on page 692 display trace on page 693 set trace dot1x T races 802.1X sessions. Syntax — set trace dot1x [ mac-addr mac-addr ess ] [ port port-num ] [ user username ] [ level level ] mac-addr mac-address — T races a MAC address.
set trace sm 697 set trace sm T races session manager activity . Syntax — set trace sm [ mac-addr mac-address ] [ port port-n um ] [ user username ] [ level level ] mac-addr mac-address — T races a MAC address. Spec ify a MAC address, using colons to separate the octets (for example, 00:11:22:aa:bb:cc).
698 C HAPTER 21: T RACE C OMMANDS.
22 S NOOP C OMMANDS Use snoop commands to monitor wire less traffic , by using a MAP as a sniffing devi ce. The MAP copies the sniffed 802.11 packets and sends the copies to an observer , which is typically a protocol analyzer such as Ethereal or T ethereal.
700 C HAPTER 22: S NOOP C OMMANDS clear snoop Deletes a snoop filter . Syntax — clear snoop filter-name filter-name — Name of the snoop filter .
set snoop 701 Examples — The following command removes snoop filter snoop2 from radio 2 on Distributed MAP 3: WX1200# clear snoop map snoop2 ap 3 radio 2 success: change accepted. The following command removes all snoop filter mappings from all radios: WX1200# clear snoop map all success: change accepted.
702 C HAPTER 22: S NOOP C OMMANDS T o match on packets to or from a specific MAC address, use the dest-mac or src-mac option. T o match on both sen d and receive traffic for a host add ress, use the host-mac opt ion. T o match on a traffic flow (sour ce and destination MAC addresses), use the mac-pair option.
set snoop 703 The MAP that is running a snoop filter forwards snooped packets directly to the observer . This is a one-way communication, from the MAP to the observer . If the observer is not pres ent, the MAP still sends the snoop packets, which u se bandwidth.
704 C HAPTER 22: S NOOP C OMMANDS set snoop map Maps a snoop filter to a radio on a MA P . A snoop filter does take effect until you map it to a radio and enable the filter . Syntax — set snoop map filter-name ap ap-num rad io {1 | 2} filter-name — Name of the snoop filter .
set snoop mode 705 set snoop mode Enables a sno op filter . A snoop filter does not take effect until you map it to a MAP radio and ena ble the filter . Syntax — set snoop { filter-name | all} mode {enable [stop-after num-pkts ] | disable} filter-name | all — Name of the snoop f ilter .
706 C HAPTER 22: S NOOP C OMMANDS display snoop Displays the MAP radio mapping f or all snoop filters. Syntax — display snoop Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Usage — T o display the mappings for a specific MAP radio, use the display snoop map command.
display snoop map 707 Examples — The following command shows the snoop filters con figured in the examples above: WX1200# display snoop info snoop1: observer 10.
708 C HAPTER 22: S NOOP C OMMANDS display snoop stats Displays stat istics for enabled sn oop filters. Syntax — display snoop stats [ filter-name [ ap-num [radio {1 | 2}]]] filter-name — Name of the snoop filter .
display snoop stats 709 T able 118 describes the fields in this display . T able 118 display snoop stats Output Field Description Filter Name of the snoop filter. Dap Distributed MAP containing the ra dio to which the filter is mapped. Radio Radio to which the filter is mapped.
710 C HAPTER 22: S NOOP C OMMANDS.
23 S YSTEM L OG C OMMANDS Use the system log commands to recor d information fo r monitoring and troubleshooting. MSS system logs are based on RFC 3164, which defines the log protocol. Commands by Usage This chapter present system log commands alphabetically .
712 C HAPTER 23: S YSTEM L OG C OMMANDS Access — Enabled. History — Introduced in MSS V ersio n 3.0. Examples — T o stop sending system logging messages to a server at 192.168.253.11, type the following command: WX4400# clear log server 192.168.
display log buffer 713 severity severity-level — Displays messages at a severity level greater than or equal to the leve l specified. Specify one of the following: emergency — The WX switch is unusable. alert — Action must be taken immediately .
714 C HAPTER 23: S YSTEM L OG C OMMANDS See Also clear log on page 711 display log config on page 714 display log config Displays log configur ation information. Syntax — display log config Defaults — None. Access — Enabled. History — Introduced in MSS V ersio n 3.
display log trace 71 5 display log trace Displays system information sto red in the nonvolatile log buffer or the trace buffer . Syntax — display log trace [{ + | - | / } number- of-messages ] [ facility facility-name ] [ matching s tring ] [ severity severity-level ] trace — Displays the log messa ges in the trace buffer .
716 C HAPTER 23: S YSTEM L OG C OMMANDS Defaults — None. Access — Enabled. History — Introduced in MSS V ersio n 3.0. Examples — T ype the following command to see the facilities for which you.
set log 717 Logging state (enabled or disabled) T o override the session defaults for an individual session, type the set log command from within the session and use the current optio n. trace — Sets log parameters for trace files. Port port-nu mber — Sets the TCP port for sending messages to th e syslog server .
718 C HAPTER 23: S YSTEM L OG C OMMANDS If you do not specify a local facility , MSS sends the messages with their default MSS facilities. For example, AAA messages ar e sent with facility 4 and boot messages ar e se nt with facility 20 by default. enable — Enables messages to the specified target.
set log mark 719 set log mark Configures MSS to generate mark messages at regular intervals. The mark messages indicate the current system time and date. 3Com can use the mark messages to dete rmine the approx imate time when a system restart or other event causing a syst em outage occurred.
720 C HAPTER 23: S YSTEM L OG C OMMANDS.
24 B OOT P RO M P T C OMMANDS Boot prompt commands enable you to perform basic tasks, including booting a system image file, from the boot prompt (boot>). A CLI session enters the bo ot prompt if MSS does not boot successfully or you intentionally interrupt the boot process.
722 C HAPTER 24: B OOT P ROMPT C OMMANDS autoboot Displays or changes the state of the aut oboot option. The autoboot option controls whether a WX switch automat ically boots a system image after initializing the hardwar e, followi ng a system reset or power cycle.
boot 723 boot Loads and executes a system image file. Syntax — boot [ BT= type ] [ DEV= device ] [ FN= fi lename ] [ HA= ip-addr ] [ FL= num ] [ OPT= option ] [ OPT+= option ] BT= type — Boot type: c — Compact flash. Boots using nonvolatile storage or a flash card.
724 C HAPTER 24: B OOT P ROMPT C OMMANDS Usage — If you use an optional para meter , the para meter s etting overrides the setting of the same pa rameter in the currently active boot profile. However , the boot profile itself is not changed. T o display the currently active boot profile, use the display command.
change 725 change Changes parameters in the currently active boot profile. (For information about boot profiles, see display on page 730.) Syntax — change Defaults — The default boot type is c (compa ct flash).
726 C HAPTER 24: B OOT P ROMPT C OMMANDS The following command enters the configuration mode for the currently active boot profile and configur es the WX switch (in this example, an WXR100) to boot using a TF TP server: boot> change Changing the default configuration i s not recommended.
delete 727 Usage — A WX switch can have up to four boot profiles. The boot profiles ar e stored in slots, number ed 0 through 3. When you create a new profile, the system uses the next available slot for the pr ofile.
728 C HAPTER 24: B OOT P ROMPT C OMMANDS Usage — When yo u type the delete command, the next-lower numbered boot profile becomes the ac tive profile. For example, if the currently ac tive profile is number 3, pr ofile number 2 be co mes active after you type delete to delete profile 3.
diag 729 Examples — The following command displays the current setting of the DHCP option: boot> dhcp DHCP is currently enabled. The following command disables the DHCP option: boot> dhcp DHCP is currently disabled. See Also boot on page 723 diag Accesses the dia gnostic mode.
730 C HAPTER 24: B OOT P ROMPT C OMMANDS Access — Boot prompt. History —Introduced in MSS V e rsion 3.0. Usage — T o display the system image software versions, use the fver command. This command does not list the boot code versions. T o display the boot code versions, use the version command.
display 731 A WX switch can have up to four boot profiles, number ed 0 through 3. Only one boot profile can be active at a time. Y ou can create, change, and delete boot profiles. Y ou also can activate another boot profile in place of the currently active one.
732 C HAPTER 24: B OOT P ROMPT C OMMANDS See Also change on page 725 cr eate on page 726 delete on page 727 next on page 735 fver Displays the version of a system image file installed in a specific location on a WX switch.
help 733 Access — Boot prompt. History —Introduced in MSS V ersion 3.0. Usage — T o display the imag e filenames, use the dir command. This command does not list the boot code versions. T o disp lay the boot code versions, use the version command.
734 C HAPTER 24: B OOT P ROMPT C OMMANDS Examples — The following co mmand displa ys detailed information for the fver command: boot> help fver fver Display the version of the specified device:filename.
next 735 Examples — T o display a list of the commands available at the boot prompt, type the following command: boot> ls ls Display a list of all commands and descriptions. help Display help information for each command. autoboot Display the state of, enable, or disable the autoboot option.
736 C HAPTER 24: B OOT P ROMPT C OMMANDS Examples — T o activate the boot profile in the next slot and display the profile, type the following command: boot> next BOOT Index: 0 BOOT TYPE: c DEVIC.
test 737 3Com WX-4400 Bootstrap/Bootloade r Version 3.0.2 Re lease Compiled on Wed Sep 22 09:18:47 PDT 2004 by Bootstrap 0 version: 3.1 Active Bootloader 0 version: 3. 0.2 Active Bootstrap 1 version: 3.1 Bootloader 1 version: 3. 0.1 WX-4400 Board Revision: 2.
738 C HAPTER 24: B OOT P ROMPT C OMMANDS Examples — The following command displays the current setting of the poweron test flag: boot> test The diagnostic execution flag is not set. See Also boot on page 723 version Displays version informatio n for a WX switch’ s hardwar e and boot code.
A O BTAINING S UPPORT FOR Y OUR 3C OM P R ODUCTS 3Com offers pr oduct registration, ca se management, and r epair services through eSupport.3com.com . Y ou must have a user name and password to access these services, which ar e described in this appendix.
740 A PPENDIX A: O BTAINING S UPPORT FOR Y OUR 3C OM P RODUCTS Purchase Extended W arranty and Professional Services T o enhanc e response times or extend y our warranty be nefits, you can purchase value-added services such as 24x7 telephone technical support, software upgrades, onsite assistance, or advanced hardware replacement.
Contact Us 741 T elephone T echnical Support and Repair T o obtain telephone support as part of your warranty and other service benefits, you must first register your pr oduct at: http://eSupport.
742 A PPENDIX A: O BTAINING S UPPORT FOR Y OUR 3C OM P RODUCTS Pakistan Call the U.S. direct by dialing 00 800 01001, th en dialing 800 763 6780 Sri Lanka Call the U.
Contact Us 743 US and Canada — T elephone T echnical Support and Repair All locations: Network Jacks; Wired or Wireless Ne twork Interface Cards: All other 3Com products: 1 847-262-0070 1 800 876 32.
744 A PPENDIX A: O BTAINING S UPPORT FOR Y OUR 3C OM P RODUCTS.
I NDEX A autoboot 722 B backup 664 boot 723 C change 725 clear accounting 213 clear ap 70 clear ap boot-configuration 310 clear ap local-s witching vlan-pr ofile 307 clear ap radio 308 clear authentic.
746 I NDEX clear snmp notify profile 143 clear snmp notify target 144 clear snoop 700 clear snoop map 700 clear spantree portcost 484 clear spantree portpri 485 clear spantree portvlancost 485 clear s.
I NDEX 747 display network-domain 296 display ntp 159 display port counters 75 display port media-type 81 display port mirror 77 display port poe 78 display port status 79 display port-group 76 displa.
748 I NDEX reset port 87 reset sy stem 683 rest ore 684 rfping 634 rmdir 685 rollback security acl 551 S save config 685 save trace 694 set acco unting {admin | console} 235 set accountin g {dot1x | m.
I NDEX 749 set license 58 set load-balancing strictness 399 set location policy 256 set log 716 set log buffer 716 set log console 716 set log current 716 set log mark 719 set log server 716 set log s.
750 I NDEX set service-profile cos 444 set service-profile dhcp-restrict 445 set service-profile idle-client-probing 446 set service-profile keep-initial-vlan 447 set service-profile load-balancing- 4.
デバイス3Com WXR100 3CRWXR10095Aの購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
3Com WXR100 3CRWXR10095Aをまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこには3Com WXR100 3CRWXR10095Aの技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。3Com WXR100 3CRWXR10095Aの取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。3Com WXR100 3CRWXR10095Aで得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
3Com WXR100 3CRWXR10095Aを既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又は3Com WXR100 3CRWXR10095Aの不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、3Com WXR100 3CRWXR10095Aに関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわち3Com WXR100 3CRWXR10095Aデバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。