3Com WXR100 3CRWXR10095A manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation 3Com WXR100 3CRWXR10095A. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel 3Com WXR100 3CRWXR10095A ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation 3Com WXR100 3CRWXR10095A décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation 3Com WXR100 3CRWXR10095A devrait contenir:
- informations sur les caractéristiques techniques du dispositif 3Com WXR100 3CRWXR10095A
- nom du fabricant et année de fabrication 3Com WXR100 3CRWXR10095A
- instructions d'utilisation, de réglage et d’entretien de l'équipement 3Com WXR100 3CRWXR10095A
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage 3Com WXR100 3CRWXR10095A ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles 3Com WXR100 3CRWXR10095A et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service 3Com en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées 3Com WXR100 3CRWXR10095A, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif 3Com WXR100 3CRWXR10095A, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation 3Com WXR100 3CRWXR10095A. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    http://www.3Com.com/ Part No. 10015910 Rev AB Publishe d Decembe r 2007 Wir eless LAN Mobility System W ireless LAN Switch and Contr oller Command Refer ence WX4400 3CRWX440095A WX2200 3CRWX220095A WX1200 3CRWX120695A WXR100 3CRWXR10095A[...]

  • Page 2

    3Com Corporati on 350 Campus Drive Marlborough, MA USA 01752-3064 Copyright © 2 007, 3Com Corporation. Al l rights reserved . No part of this documen tation may be repr oduced in any form or by any means or used to make any derivative work (such as tr anslation, transformation, or adaptation) without writt en permission from 3Com Corporation. 3Com[...]

  • Page 3

    C ONTENTS A BOUT T HIS G UIDE Conventions 23 Documentation 24 Documentation Comments 25 1 U SING THE C OMMAND -L INE I NTERFACE Overview 27 CLI Conventions 28 Command Prompt s 28 Syntax Notation 28 T ext Entry Conventions and Allowed Characters 29 MAC Addres s Notation 29 IP Addres s and Mask Notation 30 User Globs, MAC Address Globs, and VLAN Glob[...]

  • Page 4

    3 S YSTEM S ERVICE C OMMANDS Commands by Usage 41 clear banner motd 42 clear history 43 clear promp t 43 clear system 44 display banner mo td 45 display base-information 45 display license 46 display load 47 display system 47 help 50 history 51 quickstart 52 set auto-config 52 set banner acknowle dge 54 set banner motd 56 set confirm 57 set length [...]

  • Page 5

    clear port type 74 display port counters 75 display port-gr oup 76 display port mirr or 77 display port poe 78 display port status 79 display port media-type 81 monitor port counters 82 reset port 87 set ap 87 set port 89 set port-group 90 set port media-typ e 91 set port mirror 92 set port name 93 set port negotiation 9 3 set port poe 94 set port [...]

  • Page 6

    display vlan-profile 120 set fdb 121 set fdb agingtime 122 set security l2-restrict 123 set vlan name 124 set vlan port 125 set vlan tunnel -affinity 126 set vlan pr ofile 127 6 Q UALITY OF S ERVICE C OMMANDS Commands by Usage 129 clear qos 129 set qos cos-to-dscp-m ap 131 set qos dscp-to-cos-map 132 display qos 133 display qos dscp-table 134 7 IP [...]

  • Page 7

    display interface 152 display ip alias 153 display ip dns 154 display ip https 155 display ip ro ute 156 display ip telnet 158 display ntp 159 display snmp community 161 display snmp counters 162 display snmp notify pr ofile 162 display snmp notify target 162 display snmp stat us 163 display snmp usm 164 display summertime 164 display timedate 165 [...]

  • Page 8

    set snmp notify pr ofile 187 set snmp notify target 192 SNMPv3 with Info rms 192 SNMPv3 with T raps 1 93 SNMPv2c with Informs 194 SNMPv2c with T raps 195 SNMPv1 with T raps 1 95 set snmp protocol 197 set snmp security 198 set snmp usm 199 set summertime 202 set system ip-addr ess 203 set timedate 204 set timezone 205 telnet 206 traceroute 207 8 AAA[...]

  • Page 9

    clear usergr oup 227 clear usergroup attr 228 display aaa 229 display accounting statistics 232 display location po licy 234 display mobility-profile 235 set accounting {admin | console} 235 set accounting {d ot1x | mac | web | last-resort} 23 7 set authentication admin 239 set authentication cons ole 241 set authentication dot 1x 243 set authentic[...]

  • Page 10

    display mobility-domain config 282 display mobility-domain status 283 set mobility-domain member 284 set mobility-domain mode me mber secondary seed-ip 285 set mobility-domain mode member seed-ip 286 set mobility-domain mode se condary-seed domain-name 287 set mobility-domain mode seed domain-name 288 set domain security 289 10 N ETWORK D OMAIN C O[...]

  • Page 11

    display ap vlan 337 display auto-tune attribu tes 338 display auto-tune neigh bors 340 display ap boot-conf iguration 342 display ap connection 343 display ap global 345 display ap unconfigured 347 display load-balancin g group 348 display radio-prof ile 350 display service-profile 353 reset ap 362 set ap auto 362 set ap auto persistent 364 set ap [...]

  • Page 12

    set ap radio ch annel 387 set ap radio link-calibration 388 set ap radio load balancing 389 set ap radio load balancing gr oup 390 set ap radio m ode 391 set ap radio r adio-profile 392 set ap radio t x-power 393 set ap security 395 set ap upgrad e-firmwar e 396 set band-preference 397 set load-balanc ing mode 398 set load-balanc ing strictness 399[...]

  • Page 13

    set radio-pr ofile wmm 430 set radio-pr ofile wmm-pow ersave 430 set service-pr ofile attr 431 set service-profile auth-dot1x 433 set service-profile auth-fallthru 434 set service-profile auth-psk 435 set service-pr ofile beacon 436 set service-pr ofile bridging 437 set service-pr ofile cac-mode 438 set service-profile cac-session 439 set service-p[...]

  • Page 14

    set service-profile tkip-mc-time 466 set service-pr ofile static-cos 467 set service-profile transmit-rates 468 set service-profile use-client-dscp 470 set service-pr ofile user -idle-timeou t 471 set service-pr ofile web-portal-acl 472 set service-pr ofile web-portal-form 473 set service-profile web-portal-log out logout-url 475 set service-profil[...]

  • Page 15

    set spantr ee portpri 507 set spantree portvlancost 508 set spantr ee portvlanpri 509 set spantree priority 510 set spantree uplinkfast 510 13 IGMP S NOOPING C OMMANDS Commands by usage 513 clear igmp statistics 514 display igmp 514 display igmp mrouter 518 display igmp querier 519 display igmp receiver -table 521 display igmp statistics 523 set ig[...]

  • Page 16

    display security acl res ource-usage 547 rollback security acl 551 set security acl 552 set security acl map 557 set security acl hit-sample-ra te 559 15 C RYPTOGRAPHY C OMMANDS Commands by Usage 562 crypto ca-certificate 562 crypto certificate 564 crypto generate key 5 65 crypto generate request 566 crypto generate self-signed 568 crypto otp 570 c[...]

  • Page 17

    17 802.1X M ANAGEMENT C OMMANDS Commands by Usage 593 clear dot1x bonded-p eriod 594 clear dot1x max-re q 595 clear dot1x port-cont rol 595 clear dot1x quiet-period 596 clear dot1x reauth-max 597 clear dot1x reauth-period 597 clear dot1x timeout auth -server 598 clear dot1x timeout supplicant 598 clear dot1x tx-period 599 display dot1x 599 set dot1[...]

  • Page 18

    19 RF D ETECTION C OMMANDS Commands by Usage 629 clear rfdetect attack-list 630 clear rfdetect black-list 631 clear rfdetect ignore 631 clear rfdetect ssid-list 632 clear rfdetect vendor -list 633 rfping 634 display rfdetect attack-list 635 display rfdetect blac k-list 6 36 display rfdetect clients 637 display rfdetect countermeasures 639 display r[...]

  • Page 19

    copy 667 delete 669 dir 670 install soda agent 673 display boot 674 display config 675 display version 677 load config 679 md5 681 mkdir 681 reset system 683 res tore 684 rmdir 685 save config 685 set boot backu p-configuration 686 set boot conf iguration-file 687 set boot partitio n 688 uninstall soda agent 688 21 T RACE C OMMANDS Commands by Usag[...]

  • Page 20

    display snoop 706 display snoop info 706 display snoop map 707 display snoop stats 708 23 S YSTEM L OG C OMMANDS Commands by Usage 711 clear log 711 display log buf fer 712 display log config 714 display log trace 715 set log 716 set log mark 719 24 B OOT P ROM P T C OMMANDS Boot Pr ompt Commands by Usage 721 autoboot 722 boot 723 change 725 create[...]

  • Page 21

    Purchase Extended W arranty and Professional Services 740 Access Software Downloads 740 Contact Us 740 T elephone T echnical S upport and Repair 741 I NDEX[...]

  • Page 22

    [...]

  • Page 23

    Conventions 23 A BOUT T HIS G UIDE This command refer ence explains Mobility System Software (MSS™) command line interface (CLI) that you enter on a 3Com WXR100 or WX1200 W ireless Switch or WX4400 or WX2200 W ir eless LAN Controller to configur e and manage the Mobility System™ wir eless LAN (WLAN). Read this refer ence if you are a network ad[...]

  • Page 24

    24 A BOUT T HIS G UIDE This manual uses the follo wi ng text and syntax conventions: Documentation The MSS documentation set includ es the following documents.  Wireless Switch Manager (3WXM) Rele ase Notes These notes provide information about the 3WXM sof tware r elease, including new features and bug fixes.  Wireless LAN Switch and Control[...]

  • Page 25

    Documentation Comments 25  Wireless Switch Manager Ref erence Manual This manual shows you how to plan , configure, deploy , and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless Switch Manager (3WXM).  Wireless Switch Manager User’ s Guide This manual shows you how to plan, con figure, deploy , and manage the entir e WLA[...]

  • Page 26

    26 A BOUT T HIS G UIDE Please note that we can only r esp ond to comments and questions abo ut 3Com product documentation at this e-mail address. Qu estions related to T ech nical Support or sales should be di rected in the fir st instance to your network supplier .[...]

  • Page 27

    1 U SING THE C OMMAND -L INE I NTERFACE This chapter discusse s the 3Com W ireless Switch Manager (3WXM) command-line interface (CLI). Described ar e:  CLI conventions (see “CLI Conventions” on page 28)  Editing on the command line (see “Command-Line Editing” on page 33)  Using the CLI help feature (see “Using CLI Help” on page[...]

  • Page 28

    28 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE CLI Conventions Be awar e of the following MSS CL I conventions for command entry:  “Command Prompts” on page 28  “Syntax Notation” on page 28  “T ext Entry Conventions and A llowed Characters” on page 29  “User Globs, MAC Address Gl obs, and VLAN Globs” on page 30 [...]

  • Page 29

    CLI Conventions 29  A vertical bar ( | ) separates mutually exclusive options within a list of possibilities. For example , you enter either enable or disable , not both, in the following command: set port { enable | disable } port-list T ext Entry Conventions and Allowed Characters Unless otherwise indicated, the MSS CLI accepts standard ASCII [...]

  • Page 30

    30 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE IP Addr ess and Mask Notation MSS displays IP addresses in dotte d d ecimal notation — for example, 192.168.1.111. MSS makes use of both s ubnet masks and wildcard masks. Subnet Masks Unless otherwise noted, use classless interdomain routing (CIDR) format to express subnet masks — for exampl [...]

  • Page 31

    CLI Conventions 31 T able 3 giv es examples of use r globs. MAC Address Globs A media access control (MAC) address glob is a similar method for matching some authentication, aut horization, and accounting (AAA) and forwarding database (FDB) commands to one or more 6-byte MAC addresses. In a MAC addr ess glob, you can use a single asterisk (*) as a [...]

  • Page 32

    32 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE VLAN Globs A VLAN glob is a method for matching one of a set of local rules on an wireless LAN switch, known as th e location policy , to one or more users. MSS compares the VLAN glob, which can optionally contain wildcard characters, against the VLAN-Name att ribute returned by AAA, to determine[...]

  • Page 33

    Command-Line Editing 33  A hyphen-separated ran ge of port numbers, with no spaces. For example: WX1200# reset port 1-3  Any combination of single numbers, lists, and ranges. Hyphens take prec edence over commas. For example: WX1200# display port status 1-3,6 Virtual LAN Identification The names of virtual L ANs (VLANs), which are used in Mob[...]

  • Page 34

    34 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE History Buffer Th e history buffer stores the last 63 co mmands you entered during a terminal session . Y ou can use the Up Arr ow and Down Arr ow keys to select a command that yo u want to repeat from the history buffer . Ta b s The MSS CLI uses the T ab key for co mmand completion. Y ou can typ[...]

  • Page 35

    Using CLI Help 35 Using CLI Help The CLI provides online help. T o see t he full range of commands available at your access level, type the help command. For example: WX1200# help Commands: ------------------------------------ ------------------------------------- clear Clear, use 'clear help' for more inform ation commit Commit the conte[...]

  • Page 36

    36 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE T o see all the variations, type one of the commands follo wed by a question mark (?). For exampl e: WX1200# display ip ? alias display ip aliases dns display DNS status https display ip https route display ip route table telnet display ip telnet T o determine the port on which T elnet is running[...]

  • Page 37

    2 A CCESS C OMMANDS This chapter describes access comma nds used to control access to the Mobility Software System (MSS) command-line interface (CLI). Commands by Usage This chapter presents access services comma nds alphabetically . Use T able 5 to located commands in this chapter based on their use. disable Changes the CLI session fr om enab led [...]

  • Page 38

    38 C HAPTER 2: A CCESS C OMMAND S enable Places the CLI session in enabled mo de, which pr ovides access to all commands requir ed for configur ing and monitoring the system. Syntax — enable Access — All. History — Introduced in MSS V ersio n 3.0. Usage — MSS displays a password pr om pt to challenge you with the enable password. T o enable[...]

  • Page 39

    set enablepass 39 set enablepass Sets the password that provides enabled access (for configur ation and monitoring) to the WX switch. Syntax — set enablepass Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — After typing the set enablepa ss command, pr ess Enter . If you are entering the first enable pas[...]

  • Page 40

    40 C HAPTER 2: A CCESS C OMMAND S[...]

  • Page 41

    3 S YSTEM S ERVICE C OMMANDS Use system services commands to configur e and monitor system information for a WX switch. Commands by Usage This chapter presents system service commands alphabe tically . Use T able 6 to locate commands in this chapter based on their use. Ta b l e 6 System Services Commands by Usage Type Command Configur ation quickst[...]

  • Page 42

    42 C HAPTER 3: S YSTEM S ERVICE C OMMANDS clear banner motd Deletes the message-of-the-day (MOTD) banner t hat is displayed before the login prompt for each CLI se ssion on the wir eless LAN switch. Syntax — clear banner motd Defaults — None. Access — Enabled. History — Introduced in MSS V ersio n 3.0. Examples — T o clear a banner , type[...]

  • Page 43

    clear history 43 clear history Deletes the command history buffer for the current CLI session. Syntax — clear history Defaults — None. Access — All. History — Introduced in MSS V ersion 3.0. Examples — T o clear the hist ory buffer , type the following command : WX4400# clear history success: command buffer was flushed. See Also  histo[...]

  • Page 44

    44 C HAPTER 3: S YSTEM S ERVICE C OMMANDS clear system Clears the system config uration of the specified information. CAUTION: If you change the IP address, any currently co nfigured Mobility Domain operations cease. Y ou must reset the Mobility Domain. Syntax — clear system [ contact | countrycode | idle-timeout | ip-address | location | name ] [...]

  • Page 45

    display banner motd 45 display banner motd Shows the banner that was configured with the set banner motd command. Syntax — display banner motd Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — T o show the banner with the message of the day , type the following command: WX4400# display banner motd hel[...]

  • Page 46

    46 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also  display boot on page 674  display config on page 675  display license on page 46  display system on page 47  display version on pag e 677 display license Displays information about the license currently installed on the WX switch. Syntax — display license Defaults — None. Access[...]

  • Page 47

    display load 47 display load Displays CPU usa ge on a WX switch. Syntax — display load Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 4.1. Examples — T o display the CPU load recorded fr om the time the WX switch was booted, as well as fr om the previous time the display load command was run, type the following co[...]

  • Page 48

    48 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Examples — T o show system information, type the following command: WX4400# display system ==================================== =========================================== Product Name: WX4400 System Name: WX-bldg3 System Countrycode: US System Location: first-floor-bld g3 System Contact: tamara@example.c[...]

  • Page 49

    display system 49 System idle timeout Number of seconds MSS allows a CLI management session (console, Telnet, or SSH) to re main idle before terminating the session. (The system idle timeout can be configured using the set system idle-timeou t command.) System MAC WX switch’s media access co ntrol (MAC) machine address set at the factory, in 6-by[...]

  • Page 50

    50 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also  clear system on page 44  set system contact on page 60  set system countrycode on page 61  set system idle-t imeout on page 65  set system location on page 67  set system name on page 68 help Displays a list of commands that ca n be used to conf igure and monitor the WX switch. S[...]

  • Page 51

    history 51 crypto Crypto, use 'crypto help' for more inf ormation delete Delete url dir Show list of files on flash device disable Disable privileged mode display Display, use 'display help' for more i nformation disp tech support Display technical support info rmation exit Exit from the Admin session help Show this help screen [...]

  • Page 52

    52 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also  clear history on page 43 quickstart Runs a script that interactively helps you configure a new switch. (For more information, see the “CLI quickstart Command” section of the “WX Setup Methods” chapter in the W ireless LAN Switch and Controller Configuration Guide .) CAUTION: The quickst[...]

  • Page 53

    set auto-config 53 When the 3WXM server in the corporate ne twork receives the configuration request, the server look s in the currently open network plan for a switch configuration with the same mod el and serial number as the one in the configuration request.  If the network plan contains a configuration with a matching mo del and serial numbe[...]

  • Page 54

    54 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Examples — The following commands stage a WX switch to use the auto-config option. The net work where the switch is installed has a DHCP server , so the switch is configured to use the MSS DHCP client to obtain an IP address, defaul t gateway address, DNS domain name, and DNS server IP addresses: 1 Config[...]

  • Page 55

    set banner acknowledge 55  message — Up to 32 alphanumeric characters, but not the delimiting character . Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 6.0. Usage Enable the MOTD prompt, then optionally specify a pr ompt message. When a user logs into the WX switch using the CLI, the configur ed MOTD banner is d[...]

  • Page 56

    56 C HAPTER 3: S YSTEM S ERVICE C OMMANDS set banner motd Configures the banner string that is displayed before the beginning of each login prompt for each CLI session on the WX switch. Syntax — set banner motd “ text ”  “ — Delimiting character that begins and en ds the message; for example, double quotes (“).  text — Up to 200[...]

  • Page 57

    set confirm 57 set confirm Ena bles or disables the displa y of confirmation messages for commands that might have a large impact on the network. Syntax — set confirm { on | off }  on — Enables confirmation messages.  off — Disables confirmation messag es. Defaults — Configuration messages are enabled. Access — Enabled. History — [...]

  • Page 58

    58 C HAPTER 3: S YSTEM S ERVICE C OMMANDS History — Introduced in MSS V ersio n 3.0. Usage — Use this command if the output of a CLI command is greater than the number of lines allowed by default for a terminal type. Examples — T o set the number of lines displayed to 100, type the following command: WX4400# set length 100 success: screen len[...]

  • Page 59

    set prompt 59 48 ports are enabled success: license was installed The additional ports refers to the number of additional MAPs the switch can boot and actively manage. See Also  display license on page 46 set prompt Changes the CLI prompt for the WX switch to a string you specify . Syntax — set prompt string  string — Alphanumeric string [...]

  • Page 60

    60 C HAPTER 3: S YSTEM S ERVICE C OMMANDS  display config on page 675  set system name on page 68 set system contact Stores a contact name for the WX switch. Syntax — set system contact string  string — Alphanumeric string up to 256 characters lo ng, with no blank spaces. Defaults — None. Access — Enabled. History — Introduced in[...]

  • Page 61

    set system countrycode 61 set system countrycode Defines the country-specific IEEE 802.11 regulations to enfor ce on the WX switch. Syntax — set system countrycode code  code — T wo-letter code for the country of operation for the WX switch. Y ou can specify one of the codes listed in T able 8. Ta b l e 8 Country Codes Country Cod e Algeria [...]

  • Page 62

    62 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Egypt EG Estonia EE Finland FI France FR Germany DE Greece GR Guatemala GT Honduras HN Hong Kong HK Hungary HU Iceland IS India IN Indonesia ID Ireland IE Israel IL Italy IT Jamaica JM Japan JP Jordan JO Kazakhstan KZ Kenya KE Kuwait KW Latvia LV Lebano n LB Liechtenstein LI Lithuania LT Luxembourg LU Maced[...]

  • Page 63

    set system countrycode 63 Mexico MX Morocco MA Namibia NA Netherlands NL New Zealand NZ Nigeria NG Norway NO Oman OM Pakistan PK Panama PA Paraguay PY Peru PE Philippines PH Poland PL Portugal PT Puerto Rico PR Qatar QA Romania RO Russia RU Saudi Arabia SA Serbia CS Singapore SG Slovakia SK Slovenia SI South Africa ZA South Korea KR Spain ES Sri La[...]

  • Page 64

    64 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Defaults — The factory default country code is None. Access — Enabled. History — Introduced in MSS V ersio n 3.0. Usage — Y ou must set the system count y c ode to a vali d value befor e using any set ap commands to configure a MAP . Examples — T o set the country code to Canada, type the followin[...]

  • Page 65

    set system idle-timeout 65 set system idle-timeout Specifies the maximum number of seconds a CLI management session with the switch can remain idle befor e MSS terminates the session. Syntax — set system idle-timeout seconds  seconds — Number of sec onds a CLI management session can remain idle before MSS terminates the session. Y ou can spe[...]

  • Page 66

    66 C HAPTER 3: S YSTEM S ERVICE C OMMANDS set system ip-address Sets the system IP address so that it can be u sed by various services in the WX switch. CAUTION: Any currently configured Mobilit y Domain operations cease if you change the IP address. If you ch ange the addre ss, you must reset the Mobility Domain. Syntax — set system ip-address i[...]

  • Page 67

    set system location 67 set system location Stores location information for the WX switch. Syntax — set system location string  string — Alphanumeric string up to 256 characters long, w ith no blank spaces. Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — Y ou canno t include spaces in the system lo[...]

  • Page 68

    68 C HAPTER 3: S YSTEM S ERVICE C OMMANDS set system name Chan ges the name of the WX switch fr om the def ault system name and also provides content for the CLI prompt, if you do not specify a prompt. Syntax — set system name string  string — Alphanumeric string up to 256 characters lo ng, with no blank spaces. Use a unique name for each WX[...]

  • Page 69

    4 P ORT C OMMANDS Use port commands to configure a nd manage individual ports and load-sharing port groups. Commands by Usage This chapter presents port commands al phabetically . Use T able 9 to locate commands in this chapter based on their use. Ta b l e 9 Port Commands by Usage Type Command Port T ype se t port type ap on page 97 set ap on page [...]

  • Page 70

    70 C HAPTER 4: P ORT C OMMANDS clear ap Removes a Distributed MAP . CAUTION: When you clear a Distributed MAP , MSS ends user sessions that are using the MAP . Syntax — clear ap { ap-number | all }  ap-number — Number of the Distribut ed MAP(s) to r emove.  all — Clear all distributed MAPs. Defaults — None. Access — Enabled. History[...]

  • Page 71

    clear port counters 71 clear port counters Clears port statistics counters and resets them to 0. Syntax — clear port counters Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following co mmand clears all port statistics cou nters and resets them to 0: WX4400# clear port counters success: cleared[...]

  • Page 72

    72 C HAPTER 4: P ORT C OMMANDS clear port media-type Disables the copper interface and r eenables the fiber interface on an WX4400 gigabit Ether net port. Syntax — clear port media-type port-list  port-list — List of physical ports. MSS disables the copper interface and reenables the fiber interface on all the specified ports. Defaults — T[...]

  • Page 73

    clear port mirror 73 Examples — The following co mmand clears the names of ports 1 through 3: WX4400# clear port 1-3 name See Also  display port status on page 79  set port name on page 93 clear port mirr or Removes a port mirroring configuration. Syntax — clear port mirror Defaults — None. Access — Enabled. History — Introduced in [...]

  • Page 74

    74 C HAPTER 4: P ORT C OMMANDS History — Introduced in MSS V ersio n 3.0. Usage — This command applies only to the WX4400. This command does not affect a link that is already active on the port. Examples — The following command clears the prefer ence set on port 2 on a WX4400 switch: WX4400# clear port preference 2 See Also  display port s[...]

  • Page 75

    display port counters 75 Examples — The following co mmand clears port 5: WX1200# clear port type 5 This may disrupt currently authentic ated users. Are you sure? (y/n) [n] y success: change accepted. See Also  set port type ap on p age 97  set port type wired-auth on page 100 display port counters Displays port statistics. Syntax — displ[...]

  • Page 76

    76 C HAPTER 4: P ORT C OMMANDS  receive-etherstats — Shows Ethernet s tatistics for received packets.  transmit-etherstats — Shows Ethernet statist ics for transmitted packets.  port port-list — List of physical ports. If you do not specify a port list, MSS shows statistics for all ports. Defaults — None. Access — All. History ?[...]

  • Page 77

    display port mirror 77 Examples — The following co mmand displays the configuration of po rt group server2: WX1200# display port-group name serv er2 Port group: server2 is up Ports: 5, 7 T able 11 describes the fields in the display port-group output. See Also  clear port-group on page 71  set port-group on page 90 display port mirr or Disp[...]

  • Page 78

    78 C HAPTER 4: P ORT C OMMANDS See Also  display port mirror on page 77  set port mirror on page 92 display port poe Displays status inf ormation for ports on which Power over Eth ernet (PoE) is enabled. Syntax — display port poe [ port-list ]  port-list — List of physical ports. If you do not specify a port list, PoE information is di[...]

  • Page 79

    display port st atus 79 See Also  set port poe on page 94 display port status Displays configuration and status information for ports. Syntax — display port status [ port-list ]  port-list — List of physical ports. If you do not specify a port list, information is displayed for all ports. Defaults — None. Access — All. History — Int[...]

  • Page 80

    80 C HAPTER 4: P ORT C OMMANDS Examples — The following co mmand displa ys information for all por ts on a WX1200 switch: WX1200# display port status Port Name Admin Oper Config Actual Type Media ==================================== =========================================== 1 1 up up auto 100/full network 10/100BaseTx 2 2 up up auto 100/full ap[...]

  • Page 81

    display port media-type 81 See Also  clear port type on page 74  set port on page 89  set port name on page 93  set port negotiation on page 93  set port speed on page 95  set port type ap on p age 97  set port type wired-auth on page 100 display port media-type Displays the enabled interface types on a WX4400 sw itch’ s giga[...]

  • Page 82

    82 C HAPTER 4: P ORT C OMMANDS Examples — The following co mmand displays the enabled in terface types on all four ports of a WX4400 switch: WX4400# display port media-type Port Media Type ==================================== ======================= 1 GBIC 2 RJ45 3 GBIC 4 GBIC T able 14 describes the fields in this display . See Also  clear po[...]

  • Page 83

    monitor port counters 83  transmit-etherstats — Displays Ethernet statistics for transmitted packets first. Defaults — All types of statistics ar e displayed for all ports. MSS refr eshes the statistics every 5 seconds. This interval cannot be configured. Statistics types are displayed in the following or der by default:  Octets  Packe[...]

  • Page 84

    84 C HAPTER 4: P ORT C OMMANDS For error r eporting, the cyclic redundan cy check (CRC) errors include misalignment errors. Jumbo packets with valid CRCs ar e not counted. A short packet can be reported as a short packet, a CRC err or , or an overrun. In some circumstances, the transmitted octets counter might increment a small amount for a port wi[...]

  • Page 85

    monitor port counters 85 packets Rx Unicast Number of unicast packets received. This number does not include packets that contain errors. Rx NonUnicast Number of broadcast and multicast packets received. This number does not include packets that contain errors. Tx Unicast Number of unicast packets transmitted. This number does not include packets t[...]

  • Page 86

    86 C HAPTER 4: P ORT C OMMANDS See Also  display port counters on page 75 collisions Single Co ll Total number of frames transmitted that experienced one collision before 64 bytes of the frame were transmitted on the network. Multiple Coll Total number of frames transmitted that experienced more than one collision before 64 bytes of the frame we[...]

  • Page 87

    reset port 87 reset port Resets a port by toggling its link state an d Power over Ether net (PoE) state. Syntax — reset port port-list  port-list — List of physical ports. MSS r esets all the specified ports. Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — The r eset command disables the port’ s[...]

  • Page 88

    88 C HAPTER 4: P ORT C OMMANDS  ap-number — Number for the Distributed MAP . The range of valid connection numbers depends on the WX switch model:  For a WX4400, you can specify a number from 1 to 256.  For a WX1200, you can specify a number from 1 to 30.  serial-id serial-ID — MAP access point serial ID. The serial ID is listed on [...]

  • Page 89

    set port 89 See Also  clear ap on page 7 0  clear port type on page 74  set port type ap on p age 97  set system countrycode on page 61 set port Admin istratively disabl es or reenables a por t. Syntax — set port { enable | disable } port-list  enable — Enables the specified ports.  disable — Disables the specifie d ports. ?[...]

  • Page 90

    90 C HAPTER 4: P ORT C OMMANDS set port-group Configures a load-sharing port group. All ports in the gr oup function as a single logical link. Syntax — set port-group name group-name port-list mode { on | off }  name group-name — Alphanumeric string of up to 255 characters, with no spaces.  port-list — List of physical ports. All the po[...]

  • Page 91

    set port media-type 91 See Also  clear port-group on page 71  display port-group on pa ge 76 set port media-type Disables the fiber interface and en ables the copper interface on an WX4400 gigabit Ether net port. Syntax — set port media-type port-list rj45  port-list —List of physical p orts. MSS sets t he preference on all the specifi[...]

  • Page 92

    92 C HAPTER 4: P ORT C OMMANDS set port mirror Configures port mirroring. Port mirroring is a troubleshooting feature that copies (mirrors) traffic sent or r eceived by a WX port (the source port) to another port (the observer) on the sa me WX. Y ou can attach a protocol analyzer to the observer port to exam ine the source port’ s traffic. Both t[...]

  • Page 93

    set port name 93 set port name Assigns a name to a port. After na ming a port, you can use the port name or number in other CLI commands. Syntax — set port port name name  port — Number of a physical port. Y ou can specify only one port.  name name — Alphanumeric string of up to 16 characters, with no spaces. Defaults — None. Access ?[...]

  • Page 94

    94 C HAPTER 4: P ORT C OMMANDS Access — Enabled. History — Introduced in MSS V ersio n 3.0. Usage — WX1200 10/100 Ethernet ports supp ort half-duplex and full-duplex operation. 3Com recommends that you do not configure the mode o f an WX port so that one side of the link is set to autonegotiation while the other side is set to full-duplex. Al[...]

  • Page 95

    set port speed 95 History — Introduced in MSS V ersion 3.0. Usage — This command does not apply to any gigabit Ether net ports or to ports 7 and 8 on the WX1200 switch. Examples — The following co mmand disables PoE on ports 4 an d 5, which are connected to a MAP access point: WX1200# set port poe 4,5 disable If you are enabling power on thes[...]

  • Page 96

    96 C HAPTER 4: P ORT C OMMANDS Usage — 3Com r ecommends that you do not configure the mode of a WX port so that o ne side of the link is set t o autonegotiation while the other side is set to full-duplex. Although MSS allo ws this configuration, it can result in slow thr oughput on the link. The slow throughput occurs because the side that is con[...]

  • Page 97

    set port type ap 97 See Also  set ip snmp server on page 180  set snmp community on page 185 set port type ap Configur es an WX switch port for a MAP access point. CAUTION: When you set the po rt type for MAP use, you must specify the PoE state (ena ble or disable) of the port. Use the WX switch’ s PoE to power 3Com MAP access points only .[...]

  • Page 98

    98 C HAPTER 4: P ORT C OMMANDS Defaults — All WX ports are network ports by default. MAP access point models AP2750, MAP- 241, and MAP-341 h ave a single radio that can be configured for 802.11a or 802.11b/g. Other MAP models have two radios. On two-ra dio models, one radio is always 802.11a. The other radio is 802.11b/g, but can be configured fo[...]

  • Page 99

    set port type ap 99 This command does not apply to any gigabit Ether net ports or to ports 7 and 8 on the WX1200 switch or port 3 on the WX22 00 switch. T o manage a MAP access point on a switch model that does not have 10/100 Ether net ports, use the set ap command to c onfigure a Distributed MAP connection on the swit ch. Examples — The followi[...]

  • Page 100

    100 C HAPTER 4: P ORT C OMMANDS See Also  clear ap on page 7 0  clear port type on page 74  set ap radio antennatype on page 383  set ap on page 87  set port type wir ed-auth on page 100  set system countrycode on page 61 set port type wired-auth Configures a WX switch port for a wir ed authentication user . Before changing the po[...]

  • Page 101

    set port type wired-auth 101 Usage — Y ou canno t set a port’ s type if the port is a member of a port VLAN. T o r emove a port from a VLAN, use the clear vlan command. T o reset a port as a network port, use the clear port type command. When you change port type, MSS applie s default sett ings appropriate for the port type. T able 18 lists the[...]

  • Page 102

    102 C HAPTER 4: P ORT C OMMANDS Examples — The following co mmand sets port 2 for a wired authentication user: WX1200# set port type wired-auth 2 success: change accepted The following command sets port 7 for a wired authentication user and specifies a maximum of thr ee simultaneous user sessions: WX1200# set port type wired-auth 7 m ax-sessions [...]

  • Page 103

    5 VLAN C OMMANDS Use virtual LAN (VLAN) c ommands to configure and manage parameters for individual por t VLANs on network ports, and to display information about clients roaming within a mobility domain. Commands by usage This chapter presents VLAN commands alphabet ically . Use T able 19 to locate commands in this chapter based on their use. T ab[...]

  • Page 104

    104 C HAPTER 5: VLAN C OMMANDS clear fdb Deletes an entry fr om the forw arding database (FDB). Syntax — clear fdb { perm | static | dynamic | port port-list } [ vlan vlan-id ] [ tag tag-valu e ]  perm — Clears permanent entries. A permanent entry does not age out and remains in the database even after a r eboot, reset, or power cycle. Y ou [...]

  • Page 105

    clear security 12-restrict 105 History —Introduced in MSS V ersion 3.0. Usage — Y ou can delete forwarding da tabase entries based on entry type, port, or VLAN. A VLAN name or number is required for deleting permanent or static entries. Examples — The following co mmand clears all static forwarding database entries that match VLAN blue : WX44[...]

  • Page 106

    106 C HAPTER 5: VLAN C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 4.1. Usage — If you clear all MAC addresses, Layer 2 forwarding is no longer restricted in the VLAN. Clients wi thin the VLAN will be able to communicate dir ectly . T o clear the statistics counters witho ut removing any MAC addr esses, use the clear securit[...]

  • Page 107

    clear vlan 10 7 Examples — The following co mmand clears Layer 2 forwarding restriction statistics for VLAN abc_air : WX4400# clear security 12-restrict c ounters vlan abc_air success: change accepted. See Also  clear security 12-restrict on page 105  set security l2-restrict on page 123  display security 12-restrict on page 116 clear vl[...]

  • Page 108

    108 C HAPTER 5: VLAN C OMMANDS Examples — The following co mmand removes port 1 fr om VLAN green : WX4400# clear vlan green port 1 This may disrupt user connectivity. Do you wish to continue? (y/n) [n] y success: change accepted. The following command re moves port 4, whic h uses tag value 6 9, from VLAN red : WX1200# clear vlan red port 4 tag 69[...]

  • Page 109

    display fdb 10 9 If a VLAN profile is changed so that traffic that had been tunneled to an VX switch is now locall y switched by MAPs, or vice-versa, the sessions of clients associated with the MAPs where the VLAN profile is applied are terminated, and the clients mu st re-associate with the MAPs. Examples — The following command removes the entr[...]

  • Page 110

    110 C HAPTER 5: VLAN C OMMANDS  dynamic — Displays dynamic entries. A dynamic entry is automatically removed thr ough aging or after a reboot, r eset, or power cycle.  system — Displays system entries. A sy stem entry is added by MSS. For example, the authentication protocols can add entries for wire d and wireless authentication users. ?[...]

  • Page 111

    display fdb agingtime 111 T able 20 describes the fields in the display fdb output. See Also  clear fdb on page 104  set fdb on page 121 display fdb agingtime Displays the aging timeout period for forwarding database entries. Syntax — display fdb agingtime [ vlan vlan-id]  vlan vlan-id — VLAN name or number . If you do not specify a VL[...]

  • Page 112

    112 C HAPTER 5: VLAN C OMMANDS VLAN 2 aging time = 600 sec VLAN 1 aging time = 300 sec Because the forwarding database aging timeout period can b e configured only on an individual VLAN basis, the command lists the aging timeout period for each VLAN separately . See Also  set fdb agingtime on page 122 display fdb count Lists the number of entrie[...]

  • Page 113

    display roaming station 113 display roaming station Shows a list of the stations roaming to the wir eless LAN switch through a VLAN tunnel. Syntax — display roaming station [ vlan vlan-id ] [ peer ip-addr ]  vlan vlan-id — Output is r estricted to stations usin g this VLAN.  peer ip-addr — Output is r estricted to stations tunnellin g t[...]

  • Page 114

    114 C HAPTER 5: VLAN C OMMANDS See Also  display roaming vlan on page 115 State State of the session:  Setup — Station is attempting to roam to this WX switch. This switch has asked the WX from which the station is roaming for the station’s session info rmation and is waiting for a reply.  Up — MSS has established a tunn el between t[...]

  • Page 115

    display roaming vlan 11 5 display roaming vlan Shows all VLANs in the mobility doma in, the WX switches servicing the VLANs, and their tunnel affinity values configured on each switch for the VLANs. Syntax — display roaming vlan Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand s[...]

  • Page 116

    116 C HAPTER 5: VLAN C OMMANDS display security 12-restrict Displays configuration information and statistics for Layer 2 forwarding restriction. Syntax — display security 12-restrict [v lan vlan-id | all] vlan-id — VLAN name or number . all — Displays information for all VLANs. Defaults — If you do not specify a VLAN name or all , informat[...]

  • Page 117

    display tunnel 117 See Also  clear security 12-restrict on page 105  clear security 12-re strict counters on page 106  set security l2-restrict on page 123 display tunnel Sh ows the tunnels from the wir eless LAN switch where you type the command. Syntax — display tunnel Defaults — None. Access — Enabled History —Introduced in MSS [...]

  • Page 118

    118 C HAPTER 5: VLAN C OMMANDS See Also  display vlan config on page 118 display vlan config Shows VLAN information. Syntax — display vlan config [ vlan-id ]  vlan-id — VLAN name or number . If you do not specify a VLAN, information for all VLANs is displayed. Defaults — None. Access — All. History —Introduced in MSS V e rsion 3.0. [...]

  • Page 119

    display vlan config 119 T able 25 describes the fields in this display . See Also  clear security 12-restrict on page 105  set security l2-restrict on page 123  set vlan port on page 125  set vlan tunnel-affinity on page 126 T able 25 Output for display vlan config Field Description VLAN VLAN number. Name VLAN name. Admin Status A dmini[...]

  • Page 120

    120 C HAPTER 5: VLAN C OMMANDS display vlan-pr ofile Displays the contents of the VLAN pr ofiles configur ed on the WX switch. A VLAN pr ofile lists the VLANs for wh ich traffi c is locally switched by MAPs wher e the VLAN profile is applied. Syntax — display vlan-profile [ profile-name ]  profile-name —VLAN pr ofile name Defaults — If a p[...]

  • Page 121

    set fdb 121 set fdb Adds a permanent or static en try to the fo rwarding database. Syntax — set fdb { perm | static } mac-addr port port-list vlan vlan-id [ tag tag-value ]  perm — Adds a permanent entry . A permanent entry does not age out and remains in the database even a fter a reboot, reset, or power cycle.  static — Adds a static [...]

  • Page 122

    122 C HAPTER 5: VLAN C OMMANDS See Also  clear fdb on page 104  display fdb on page 109 set fdb agingtime Changes th e aging timeout period for dynamic entries in the forwarding database. Syntax — set fdb agingtime vlan-id age seconds  vlan-id — VLAN name or number . The timeout period change applies only to entries that match the spec[...]

  • Page 123

    set security l2-restrict 123 set security l 2-restrict Restricts Layer 2 forwarding between clients in the same VLAN. When you restrict Layer 2 forwar ding in a VLAN, MSS allows Layer 2 forwarding only between a client and a set of MAC addresses, generally the VLAN’ s gateway routers. Clients within the VLAN are not permitted to communicate among[...]

  • Page 124

    124 C HAPTER 5: VLAN C OMMANDS set vlan name Creates a VLAN and assigns a number and name to it. Syntax — set vlan vlan-num name name  vlan-num — VLAN number . Y ou can specify a number from 2 through 4093.  name — String up to 16 alpha betic characters long. Defaults — VLAN 1 is named default by default. No other VLANs have default n[...]

  • Page 125

    set vlan port 125 set vlan port Assigns one or more network ports to a VLAN. Y ou also can add a virtual port to each network port by addi ng a tag value to the networ k port. Syntax — set vlan vlan-id port port-list [ tag ta g-value ]  vlan-id — VLAN name or number .  port port-list — List of physical ports.  tag tag-value — T ag [...]

  • Page 126

    126 C HAPTER 5: VLAN C OMMANDS set vlan tunnel-affinity Changes a wireless LAN switch’ s prefer ability within a m ob ility domain for tunneling user traffic for a VLAN. When a user r oams to a WX switch that is not a member of the user’ s VLAN, the WX can forward the user traf fic by tunneling to anot her WX switch that is a memb er of the VLA[...]

  • Page 127

    set vlan profile 127 set vlan profile Configur es entries in a VLAN profile that can be applied to an MAP for local switching. Syntax — set vlan-profile profile-name vlan vlan-name [ tag tag-value ]  profile-name — VLAN pr ofile name.  vlan-name — Name of a VLAN.  tag-value — Optional tag value a ssociated with the VLAN. When this [...]

  • Page 128

    128 C HAPTER 5: VLAN C OMMANDS[...]

  • Page 129

    6 Q UALITY OF S ERVICE C OMMANDS Use Quality of Service (QoS) commands to configure packet prioritization in MSS. Packet prioritization ensures that WX switches and MAP access points give prefer ential treatment to high-priority traffic such as voice and video. (T o override the prioritization for specific traffic, use access controls lists [ACLs] [...]

  • Page 130

    130 C HAPTER 6: Q UALITY OF S ERVICE C OMM ANDS  Classify inbound packets by mappin g their DSCP values to one of eight internal QoS values  Classify outbound packets by marking their DSCP values based o n the switch’ s internal QoS values Syntax — clear qos [cos-to-dscp-map [ from-qos ] | dscp-to-cos-map [ from-dscp ]]  cos-to-dscp-ma[...]

  • Page 131

    set qos cos-to-dscp-map 131 set qos cos-to-dscp-map Changes the value to which MSS maps an internal QoS value when marking outbound packets. Syntax — set qos cos-to-dscp-map level dscp dscp -value  level — Internal CoS value. Y ou can specify a number from 0 to 7.  dscp dscp-value — DSCP value. Y ou can specify the value as a decimal nu[...]

  • Page 132

    132 C HAPTER 6: Q UALITY OF S ERVICE C OMM ANDS set qos dscp-to-cos-map Changes the inter nal QoS value to which MSS maps a packe t’ s DSCP value when classifying inbound packets. Syntax — set qos dscp-to-cos-map dscp-range cos level  dscp-range — Y ou can specify the values as decimal numbers. V alid decimal values ar e 0 to 63. T o speci[...]

  • Page 133

    display qos 13 3 display qos Displays the switch’ s QoS settings. Syntax — display qos [default]  default — Displays the default mappings. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.1. Examples — The following co mmand disp lays the default QoS settings: WX1200# display qos default Ingress QoS Classifi[...]

  • Page 134

    134 C HAPTER 6: Q UALITY OF S ERVICE C OMM ANDS display qos dscp-table Displays a table that m aps Differ entiated Services Code Point (DSCP) values to their equivalen t combinations of IP prec edence values and IP T oS values. Syntax — display qos dscp-table Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 4.0 as the[...]

  • Page 135

    7 IP S ERVICES C OMMANDS Use IP services commands to conf igur e and manage IP interfaces, management services, the Domain Name Service (DNS), Network T ime Protocol ( NTP), aliases, and to ping a host or trace a r oute. Commands by Usage This chapter presents IP services commands alphabe tically . Use T able 28 to locate t he commands in th is cha[...]

  • Page 136

    136 C HAPTER 7: I P S ERVICES C OMMANDS HTTPS Management set ip https server on page 177 display ip https on page 155 DNS set ip dns on page 175 set ip dns domain on page 175 set ip dns serve r on page 176 display ip dns on page 154 clear ip dns domain on page 139 clear ip dns se rver on page 139 IP Alias set ip alias on page 174 display ip alias o[...]

  • Page 137

    clear interface 137 clear interface Removes an IP interface. Syntax — clear interface vlan-id ip  vlan-id — VLAN name or number Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — If the interf ace you want to r e move is configur ed as the system IP address, r emoving the address can in terfer e with[...]

  • Page 138

    138 C HAPTER 7: I P S ERVICES C OMMANDS  T opology reporting for dual-homed MAP access points  Default source IP addr ess used in unsolicited communications such as AAA accounting reports and SNMP traps Examples — The following co mmand removes the IP interface configured on VLAN mauve : WX1200# clear interface mauve ip success: cleared ip [...]

  • Page 139

    clear ip dns domain 13 9 clear ip dns domain Removes the default DNS domain name. Syntax — clear ip dns domain Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following co mmand remo ves the default DNS domain name from a WX switch: WX1200# clear ip dns domain Default DNS domain name cleared. Se[...]

  • Page 140

    140 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear ip dns domain on page 139  display ip dns on page 154  set ip dns on page 175  set ip dns domain on page 175  set ip dns server on page 176 clear ip r oute Removes a route fr om the IP route table. Syntax — clear ip route { default | ip-addr mask | ip-addr/mask-length } defaul[...]

  • Page 141

    clear ip telnet 141 clear ip telnet Resets the T elnet ser ver TCP port number to its default value. A WX listens for T elnet management traffic on the T elnet server port . Syntax — clear ip telnet Defaults — The default T elnet port number is 23. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following co mma[...]

  • Page 142

    142 C HAPTER 7: I P S ERVICES C OMMANDS Examples — The following co mmand removes NTP server 192.168.40.240 from a WX switch configuration: WX4400# clear ntp server 192.168.40. 240 success: change accepted. See Also  clear ntp update-interval on pag e 142  display ntp on page 159  set ntp on page 183  set ntp serve r on page 184  s[...]

  • Page 143

    clear snmp community 143 clear snmp community Clears an SNMP community string. Syntax — clear snmp community name comm-string  comm-string — Name of the SNMP community you want to clear . Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Examples — The following co mmand clears community string setswitch2 : [...]

  • Page 144

    144 C HAPTER 7: I P S ERVICES C OMMANDS See Also  set snmp notify profile on page 187  display snmp notify pr ofile on page 162 clear snmp notify target Clears an SNMP notifi cation target. Syntax — clear snmp notify target target-num  target-num — ID of the target. Defaults — None. Access — Enabled. History —Introduced in MSS V [...]

  • Page 145

    clear summertime 145 Examples — The following co mmand clears SNMPv3 user snmpmgr1 : WX1200# clear snmp usm snmpmgr1 success: change accepted. See Also  set snmp usm on page 199  display snmp usm on page 164 clear summertime Cl ears the summertime se tting from a WX. Syntax — clear summertime Defaults — None. Access — Enabled. History[...]

  • Page 146

    146 C HAPTER 7: I P S ERVICES C OMMANDS clear system ip-address Clears the system IP addr ess. CAUTION: Clearing the system IP ad dress disrupts the system tasks that use the address. Syntax — clear system ip-address Defaults — None. Access — Enabled. History — Introduced in MSS V ersio n 3.0. Usage — Clearing the system IP addre ss can i[...]

  • Page 147

    display arp 147 Examples — T o return the WX r eal-time cl ock to UTC, type the following command: WX4400# clear timezone success: change accepted. See Also  clear summertime on page 145  set summertime on page 202  set timedate on page 204  set timezone on pag e 205  display summertime on page 164  display timedate on page 165 [...]

  • Page 148

    148 C HAPTER 7: I P S ERVICES C OMMANDS T able 29 describes the fields in this display . See Also  set arp on page 168  set arp agingtime on page 169 display dhcp-client Displays DHCP client in formation for all VL ANs. Syntax — display dhcp-client Defaults — None. Access — All. History — Introduced in MSS V ersion 4.0. T able 29 Outp[...]

  • Page 149

    display dhcp-client 14 9 Examples — The following co mmand displa ys DHCP client information: WX1200# display dhcp-client Interface: corpvlan(4) Configuration Status: Enabled DHCP State: IF_UP Lease Allocation: 65535 seconds Lease Remaining: 65532 seconds IP Address: 10.3.1.110 Subnet Mask: 255.255.255.0 Default Gateway: 10.3.1.1 DHCP Server: 10.[...]

  • Page 150

    150 C HAPTER 7: I P S ERVICES C OMMANDS display dhcp-server Displays MSS DHCP server information. Syntax — display dhcp-server [interface vlan-i d ] [verbose]  interface vlan-id — Displays the IP addresses leased by the specified VLAN.  verbose — Displays configuration and status information for the MSS DHCP server . Defaults — None. [...]

  • Page 151

    display dhcp -server 151 Default Gateway: 10.10.20.1 DNS Servers: 10.10.20.4 10.10.20 .5 DNS Domain Name: mycorp.com T able 31 and T able 32 describe the fields in these displays. T able 31 Output for display dhcp-server Field Description VLAN VLAN number Name VLAN name Address IP address leased by the server. MAC Address MAC address of the device [...]

  • Page 152

    152 C HAPTER 7: I P S ERVICES C OMMANDS See Also  set interface dhcp-server on page 172 display interface Displays the IP interfaces configured on the WX. Syntax — display interface [ vlan-id ]  vlan-id — VLAN name or number . Defaults — If you do not specify a VLAN ID, interfaces for all VLANs are displayed. Usage — All. History —I[...]

  • Page 153

    display ip alias 15 3 See Also  clear interface on pag e 137  set interface on page 170  set interface dhcp-client on page 171 display ip alias Displays the IP aliases configured on the WX. Syntax — display ip alias [ name ]  name — Alias string. Defaults — If you do not specify an alia s name, all aliase s ar e displayed. Access [...]

  • Page 154

    154 C HAPTER 7: I P S ERVICES C OMMANDS T able 34 describes the fields in this display . See Also  clear ip alias on page 138  set ip alias on page 174 display ip dns Displays the DNS serv ers used by the WX. Syntax — display ip dns Defaults — None. Access — All. History —Introduced in MSS V e rsion 3.0. Examples — The following co [...]

  • Page 155

    display ip https 15 5 See Also  clear ip dns domain on page 139  clear ip dns server on page 139  set ip dns on page 175  set ip dns domain on page 175  set ip dns server on pa ge 176 display ip https Shows information about the HTTPS management port. Syntax — display ip https Defaults — None. Access — All. History —Introduce[...]

  • Page 156

    156 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear ip telnet on page 141  display ip telnet on page 158  set ip https server on page 177  set ip telnet on page 181  set ip telnet server on page 182 display ip route Displays the IP r oute table on the WX. Syntax — display ip route [ destination ]  destination — Route desti[...]

  • Page 157

    display ip ro ute 157 Usage — When you add an IP inte rface to a VLAN that is up, MSS a dds direct and local r outes for the interface to the route table. If the VLAN is down, MSS does not add the routes. If you add an inter face to a VLAN but the routes for that interface do not appear in the route table, use the display vlan config command to c[...]

  • Page 158

    158 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear ip route on page 140  display interface on page 152  display vlan config on page 118  set interface on page 170  set ip rou te on page 178 display ip telnet Shows information about the T elnet management port . Syntax — display ip telnet Defaults — None. Access — All. Hist[...]

  • Page 159

    display ntp 15 9 Examples — The following comman d shows the status and port number for the T elnet manage ment interface to the WX switch: WX4400> display ip telnet Server Status Port ---------------------------------- Enabled 23 T able 38 describes the fields in this display . See Also  clear ip telnet on page 141  display ip https on [...]

  • Page 160

    160 C HAPTER 7: I P S ERVICES C OMMANDS Examples — T o display NTP information for a WX switch, type the following command: WX4400> display ntp NTP client: enabled Current update-interval: 20(secs) Current time: Fri Feb 06 2004, 12:02 :57 Timezone is set to 'PST', offset fro m UTC is -8:0 hours. Summertime is enabled. Last NTP update[...]

  • Page 161

    display snmp community 161 See Also  clear ntp server on page 141  clear summertime on page 145  clear timezone on pa ge 146  display timezone on page 165  set ntp on page 183  set ntp serve r on page 184  set summertime on page 202  set timezone on pag e 205 display snmp community Displays the configured SNMP community stri[...]

  • Page 162

    162 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear snmp community on page 143  set snmp community on page 185 display snmp counters Displays SNMP statistics counters . Syntax — display snmp counters Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. display snmp notify profile Displays SNMP notification p[...]

  • Page 163

    display snmp status 163 See Also  clear snmp notify target on page 144  set snmp notify target on page 192 display snmp status Displays SNMP version and status infor mation. Syntax — display snmp status Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. See Also  set snmp community on page 185  set snmp [...]

  • Page 164

    164 C HAPTER 7: I P S ERVICES C OMMANDS display snmp usm Displays information about SNMPv3 users. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. See Also  clear snmp usm on page 144  display snmp usm on page 164 display summertime Displays a WX of fset time fr om its real-tim e clock time. Syntax — display[...]

  • Page 165

    display timedate 165  set timedate on page 204  set timezone on pag e 205 display timedate Shows the date and time of day currently set on a WX real-time clock. Syntax — display timedate Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Examples — T o display the time and date set on a WX real-time clock, type [...]

  • Page 166

    166 C HAPTER 7: I P S ERVICES C OMMANDS Examples — T o display the offset fr om UTC, type the following command: WX4400# display timezone Timezone set to 'pst', offset from U TC is -8 hours See Also  clear summertime on page 145  clear timezone on pa ge 146  display summertime on page 164  display timedate on page 165  se[...]

  • Page 167

    ping 167 Because the WX switch adds header in formation , the ICMP packet size is 8 bytes larger than the size you specify .  source-ip ip-addr — IP address, in dotted decimal notation, to use as the source IP addr ess in the ping packets.  source-ip vlan-name — VLAN name to use as the ping sour ce. MSS uses the IP address configured on t[...]

  • Page 168

    168 C HAPTER 7: I P S ERVICES C OMMANDS set arp Adds an ARP entry to the ARP table. Syntax — set arp { permanent | static | dyn amic } ip-addr mac-addr  permanent — Adds a permanent entry . A permanent entry does not age out and remains in the database even after a reboot, re set, or power cycle.  static — Adds a static entry . A static[...]

  • Page 169

    set arp agingtime 169 set arp agingtime Changes the ag ing timeout for dynamic AR P entries. Syntax — set arp agingtime seconds  seconds — Number of seconds an entry can r emain unused before MSS removes the entry . Y ou can specify from 0 through 1,000,000. T o disable aging, specify 0 . Defaults — None. Access — Enabled. History — In[...]

  • Page 170

    170 C HAPTER 7: I P S ERVICES C OMMANDS set interface Configures an IP interface on a VLAN. Syntax — set interface vlan-id ip { ip-addr mask | ip-addr/mask-length }  vlan-id — VLAN name or number .  ip-addr mask — IP addr ess and subnet mask in dotted decimal notation (for example, 10.10 .10.10 255.255.255.0).  ip-addr/mask-length ?[...]

  • Page 171

    set interface dhcp-client 171 See Also  clear interface on pag e 137  display interface on page 152  set interface dhcp-client on page 171 set interface dhcp-client Configures the DH CP client on a VLAN and allows the VLAN to obtain its IP interface from a DHCP server . Syntax — set interface vlan-id ip dhcp- client {enable | disable} ?[...]

  • Page 172

    172 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear interface on pag e 137  display dhcp-client on page 148  display interface on page 152 set interface dhcp-server Configures the MSS DHCP server . Use of the MSS DHCP ser ver to allocate client add resses is intended for temporary , demonstratio n deployments and not for production net[...]

  • Page 173

    set interface status 173 Access — Enabled. History —Introduced in MSS V ersion 4.0. Usage — By default, all addresses exce pt the host addr ess of the VLAN, the network broadcast addr ess, a nd the subnet broadcast addr ess are included in the range. If you specify th e range, the start address must be lower than the stop address, and a ll ad[...]

  • Page 174

    174 C HAPTER 7: I P S ERVICES C OMMANDS Examples — The following co mmand disabl es the IP in terface on VLA N mauve: WX4400# set interface mauve status down success: set interface mauve to down See Also  clear interface on pag e 137  display interface on page 152  set interface on page 170 set ip alias Configures an alias, which maps a [...]

  • Page 175

    set ip dns 175 set ip dns Enables or disables DNS on a wireless LAN switch. Syntax — set ip dns { enable | disable }  enable — Enables DNS.  disable — Disables DNS. Defaults — DNS is disabled by default. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following co mmand enables DNS on a WX switch: WX12[...]

  • Page 176

    176 C HAPTER 7: I P S ERVICES C OMMANDS Aliases take precedence over DNS. When you enter a hostname, MSS checks for an alias with that name first, befor e using DNS to resolve the name. Examples — The following co mmand configures the default domain name example.com : WX1200# set ip dns domain example.co m Domain name changed See Also  clear i[...]

  • Page 177

    set ip https server 177 success: change accepted. WX1200# set ip dns server 10.10.30.6 9/24 secondary success: change accepted. See Also  clear ip dns domain on page 139  clear ip dns server on page 139  display ip dns on page 1 54  set ip dns on page 175  set ip dns domain on page 175 set ip https server En ables the HTTPS server on[...]

  • Page 178

    178 C HAPTER 7: I P S ERVICES C OMMANDS set ip route Adds a static route to the IP route table. Syntax — set ip route { default | ip-addr mask | ip-addr/mask-length } gateway metric  default — Default r oute. A WX switch uses the default route if an explicit route is not ava ilable for the destination. Default is an alias for IP address 0.0.[...]

  • Page 179

    set ip route 17 9 When you add multiple routes to the same destination, MSS groups the routes and or ders them from lowest cost at the top of the gr oup to highest cost at the botto m of the group. If you add a new route that has the same destination and cost as a r oute alre ady in the table, MSS places the new route at the top of the group of rou[...]

  • Page 180

    180 C HAPTER 7: I P S ERVICES C OMMANDS set ip snmp server Enables or disables the SNMP service on the WX. Syntax — set ip snmp server { enable | disable } enable — Enables the SNMP service. disable — Disables the SNMP service. Defaults — The SNMP service is disabled by default. Access — Enabled. History — Introduced in MSS V ersio n 3.[...]

  • Page 181

    set ip ssh server 181 See Also  set ip ssh server on page 181 set ip ssh server Disables or reenables the SSH server on a WX. CAUTION: If you disable the SSH server , SSH access to the WX is also disabled. Syntax — set ip ssh server { enable | disable }  enable — Enables the SSH server .  disable — Disables the SSH server . Defaults [...]

  • Page 182

    182 C HAPTER 7: I P S ERVICES C OMMANDS Defaults — The default T elnet port number is 23. Access — Enabled. History —Introduced in MSS V e rsion 3.0. Examples — The following co mmand changes the T elnet port number on a WX to 5000: WX4400# set ip telnet 5000 success: change accepted. See Also  clear ip telnet on page 141  display ip [...]

  • Page 183

    set ntp 183 See Also  clear ip telnet on page 141  display ip https on page 155  display ip telnet on page 158  set ip https server on page 177  set ip telnet on page 181 set ntp Enables or disables the NTP client on a WX. Syntax — set ntp { enable | disable }  enable — Enables the NTP cli ent.  disable — Disables the NTP[...]

  • Page 184

    184 C HAPTER 7: I P S ERVICES C OMMANDS set ntp server Configures a WX to use an NTP server . Syntax — set ntp server ip-addr  ip-addr — IP addr ess of the NTP server , in dotted decimal not ation. Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 3.0. Usage — Y ou can co nfigure up to thr ee NTP servers. MSS qu[...]

  • Page 185

    set ntp update-interval 18 5 set ntp update-interval Changes how often a WX sends queries to th e NTP servers for updates. Syntax — set ntp update-interval seconds  seconds — Number of seconds between queries. Y ou can specify from 16 thr ough 1,024 seconds. Defaults — The default NTP update interval is 64 seconds. Access — Enabled. Hist[...]

  • Page 186

    186 C HAPTER 7: I P S ERVICES C OMMANDS  read-notify — Allows an SNMP management application using the string to get object values on the switch but not to set them. The switch can use the string to send notifications.  notify-only — Allows the WX to use the string to send notifications.  read-write — Allows an SNMP management applic[...]

  • Page 187

    set snmp notify profile 187 See Also  clear snmp community on page 143  set ip snmp server on page 180  set snmp notify target on page 192  set snmp notify profile on page 187  set snmp protocol on page 197  set snmp security on page 198  set snmp usm on page 199  display snmp community on page 161 set snmp notify profile Co[...]

  • Page 188

    188 C HAPTER 7: I P S ERVICES C OMMANDS  AP TimeoutT raps— Generated when a MAP access point fails to respond to the WX switch.  AuthenT r aps— Generated when the WX switch’ s SNM P engine receives a bad community string.  AutoT uneRadioChannelChangeT raps— Generated when the RF Auto- T unin g feature changes the channel on a radio[...]

  • Page 189

    set snmp notify profile 189  DAPConnectW arningT raps —Generated when a Distribut ed MAP whose fingerprint has not been configured in MSS establishes a management session with the switch.  DeviceFailT raps— Generated when an event with an Alert severity occurs.  DeviceOkayT raps— Generated when a device returns to its normal stat e. [...]

  • Page 190

    190 C HAPTER 7: I P S ERVICES C OMMANDS  RFDetectDoSPortT raps —Generated when MSS detects an associate request flood, r eassociate request flood, or disassociate request flood.  RFDetectDoST raps —Genera ted when MSS detects a DoS atta ck other than an associat e request flo od, reassociate r equest flood, or disassociate request flood. [...]

  • Page 191

    set snmp notify profile 191 WX1200# set snmp notify profile snmp prof_rfdetect send RFDetectAdhocUserTraps success: change accepted. WX1200# set snmp notify profile snmp prof_rfdetect send RFDetectAdhocUserDisappearTraps success: change accepted. WX1200# set snmp notify profile snmp prof_rfdetect send RFDetectBlacklistedUserTraps success: change ac[...]

  • Page 192

    192 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear snmp notify profile on page 143  set ip snmp server on page 180  set snmp community on page 185  set snmp notify target on page 192  set snmp protocol on page 197  set snmp security on page 198  set snmp usm on page 199  set snmp notify profile on page 187 set snmp noti[...]

  • Page 193

    set snmp notify target 193  username — USM username. This option is applicable only when the SNMP version is usm . If the user will send informs rather than traps, you also must specify the snmp-engine-id of the target.  snmp-engine-id — SNMP engine ID of the target. Specify ip if the {ip | hex hex-string } target SNMP engine ID is based [...]

  • Page 194

    194 C HAPTER 7: I P S ERVICES C OMMANDS  username — USM username. This option is applicable only when the SNMP version is usm .  profile p rofile-name — Notification profile this SNMP user will use to specify the notification types to send or drop.  security — Specifies the security le vel, and is applicable only {unsecured | when th[...]

  • Page 195

    set snmp notify target 195 SNMPv2c with T raps T o configure a notification target for traps from SNMPv2c, use the following command: Syntax — set snmp notify ta rget target -num ip-addr [ :udp-port-numb er ] v2c community-string trap [profile profile-name ]  target-num — ID for the target. This ID is local to the WX switch and does not need[...]

  • Page 196

    196 C HAPTER 7: I P S ERVICES C OMMANDS Usage — The inform or trap option specifies whether the MSS SNMP engine expects the target to acknowle dge notifications sent to the target by the WX switch. Use inform if you want acknowledgements. Use trap if you do not want acknowledgements. The inform optio n is applicable to SNMP version v2c or usm onl[...]

  • Page 197

    set snmp pr otocol 197 set snmp protocol Enables an SNMP pr otocol. MSS supports SNMPv1, SNMPv2c, and SNMPv3. Syntax — set snmp protocol {v1 | v2c | usm | all} {enable | disable}  v1 — SNMPv1  V2c — SNMPv2c  usm — SNMPv3 (with the user security model)  all — Enables all supported versions of SNMP .  enable — Enables the s[...]

  • Page 198

    198 C HAPTER 7: I P S ERVICES C OMMANDS set snmp security Sets the minimum level of securi ty MSS requir es for SNMP message exchanges. Syntax — set snmp security {unsecured | authenticate d | encrypted | auth-req-unsec-notify}  unsecured — SNMP message exchanges are not secure. This is the only value supported for SNMPv1 and SNMPv2c.  au[...]

  • Page 199

    set snmp usm 19 9  set snmp usm on page 199  display snmp status on page 163 set snmp usm Creates a USM user for SNMPv3. This command d oes not appl y to SN MPv1 or SNMPv2c. For these SNMP versions, use the set snmp community command to configure community strings. Syntax — set snmp usm usm-username snmp-engine-id {ip ip-addr | local | hex [...]

  • Page 200

    200 C HAPTER 7: I P S ERVICES C OMMANDS  notify-only —The switch can use the string to send n otifications.  read-write —An SNMP management app licatio n using the string can get and set object values on the switch.  notify-read-write — An SNMP management application using the string can get and set object values on the switch. The s[...]

  • Page 201

    set snmp usm 20 1 Defaults — No SNMPv3 users are configur ed by default. When you configure an SNMPv3 user , the default access is read-only , and the default authentication and encryption types are both none . Access — Enabled. History — Introduced in MSS V ersion 4.0. Examples — The following co mmand creates USM user snmpmgr1 , associate[...]

  • Page 202

    202 C HAPTER 7: I P S ERVICES C OMMANDS set summertime Offsets the real-time clock of a WX by +1 hour and returns it to standard time for daylight savings time or a similar summertime period. Syntax — set summertime summer-name [ start week weekday month hour min end week weekday mont h hour min ]  summer-name — Name of up to 32 alphanumeric[...]

  • Page 203

    set system ip-address 203 Examples — T o enable summertime and set the summertime time zone to PDT (Pacific Daylight Time ), type the following command: WX1200# set summertime PDT success: change accepted See Also  clear summertime on page 145  clear timezone on pa ge 146  display summertime on page 164  display timedate on page 165 ?[...]

  • Page 204

    204 C HAPTER 7: I P S ERVICES C OMMANDS Examples — The following co mmands configure an IP interface on VLAN taupe and configure the interface to be the system IP address: WX4400# set interface taupe ip 10.10 .20.20/24 success: set ip address 10.10.20.20 netmask 255.255.255.0 on vlan taupe WX4400# set system ip-address 10.10. 20.20 success: chang[...]

  • Page 205

    set timezone 205 Examples — The following co mmand sets the date to March 13, 2003 and time to 11:11:12: WX4400# set timedate date feb 29 200 4 time 23:58:00 Time now is: Sun Feb 29 2004, 23:58:02 PST See Also  clear summertime on page 145  clear timezone on pa ge 146  display summertime on page 164  display timedate on page 165  d[...]

  • Page 206

    206 C HAPTER 7: I P S ERVICES C OMMANDS Examples — T o set the time zone for Paci fic Standard Time (PST ), type the following command: WX1200# set timezone PST -8 Timezone is set to 'PST', offset fro m UTC is -8:0 hours. See Also  clear summertime on page 145  clear timezone on pa ge 146  display summertime on page 164  dis[...]

  • Page 207

    traceroute 207 Examples — In the following example, an administrator establishes a T elnet session with another device and enters a command on th e remote device: WX4400# telnet 10.10.10.90 Session 0 pty tty2.d Trying 10.10.10 .90... Connected to 10.10.10.90 Disconnect character is '^t' Copyright (c) 2004 3Com Corporation. All rights re[...]

  • Page 208

    208 C HAPTER 7: I P S ERVICES C OMMANDS  dnf — Sets the Do Not Fragme nt bit in the ping packet to prevent the packet from being fragmented.  no-dns — Pr events MSS from performing a DNS lookup for each hop to the destination host.  port port-num — TCP port number listening for the traceroute probes.  queries num — Number of pro[...]

  • Page 209

    traceroute 209 The first row of the display indicates the target host, the maximum number of hops, and the packet size. Each numbered r ow displays information about one hop. The rows are displayed in the or der in which the hops occur , beg inning with the hop closest to the WX switch. The row for a hop lists the total time in milliseconds f or ea[...]

  • Page 210

    210 C HAPTER 7: I P S ERVICES C OMMANDS[...]

  • Page 211

    8 AAA C OMMANDS Use authentication, authorization, and accounting (AAA) commands to provide a secur e network connection and a recor d of user activity . Location policy commands override an y virtual LAN (VLAN) or security ACL assignment by AAA or the local WX database to help you control access locally . (Security ACLs are packet filters. For com[...]

  • Page 212

    212 C HAPTER 8: AAA C OMMANDS Local Authorization for Password Users set user on page 271 clear user on page 224 set user attr on page 273 clear user attr on page 225 set usergroup on page 275 clear usergr oup on page 227 set user group on page 27 5 clear user group on pa ge 226 clear usergr oup attr on page 228 Local Authorization for MAC Users se[...]

  • Page 213

    clear accounting 213 clear accounting Removes accountin g services for specified wireless users with administrat ive acce ss or net work access. Syntax — clear accounting { admin | dot1x } { user- glob }  admin — Users with administrative access to the WX through a console connection or through a T elnet or Web View connection.  dot1x —[...]

  • Page 214

    214 C HAPTER 8: AAA C OMMANDS Examples — The following co mmand remo ves accounting services for authorized network user Nin: WX4400# clear accounting dot1x Nin success: change accepted. See Also  set accounting {admin | console} on page 235  display accounting statistics on page 232 clear authentication admin Removes an authentication rule[...]

  • Page 215

    clear authentication console 215  clear authentication mac on page 217  clear authentication mac on page 217  clear authentication proxy on page 218  display aaa on page 229  set authentication admin on page 239 clear authentication console Removes an authentication rule fo r administ rative access through the Console. Syntax — cle[...]

  • Page 216

    216 C HAPTER 8: AAA C OMMANDS  clear authentication mac on page 217  clear authentication proxy on page 218  set authentication console on page 241 clear authentication dot1x Removes an 802.1X authenti cation rule. Syntax — clear authentication dot1x { ssid ssid-name | wired } user-glob  ssid ssid-name — SSID name to which th is aut[...]

  • Page 217

    clear authentication mac 217  clear authentication proxy on page 218  display aaa on page 229  set authentication dot1x on page 243 clear authentication mac Removes a MAC authentication rule. Syntax — clear authentication mac { ssid ssid-name | wired } mac-addr-glob  ssid ssid-name — SSID name to apply the authentication.  wired [...]

  • Page 218

    218 C HAPTER 8: AAA C OMMANDS clear authentication proxy Removes a proxy rule for thir d-party AP users. Syntax — clear authentication proxy ssid ssid-na me user-glob  ssid ssid-name — SSID name to which th is authentication rule applies.  user-glob — User -glob associated with the rule you are removing. Defaults — None. Access — En[...]

  • Page 219

    clear location policy 219 Examples — The following co mmand re moves WebAAA for SSID research and usergl ob temp*@thiscorp.com : WX4400# clear authentication web ssi d research temp*@thiscorp.com See Also  clear authentication admin on page 214  clear authentication console on pag e 215  clear authentication dot1x on page 216  clear a[...]

  • Page 220

    220 C HAPTER 8: AAA C OMMANDS See Also  display location policy on page 234  set location policy on page 256 clear mac-user Removes a user profile from the loca l database on the WX fo r a user authenticated by a MAC address. (T o remove a user pr ofile in RADIUS, see the documentation for your RADIUS server .) Syntax — clear mac-user mac-a[...]

  • Page 221

    clear mac-user attr 221 clear mac-user attr Removes an authorization attribute from the user profile in the local database on the WX switch, for a user who is authenticated by a MAC address. (T o remove an authorization attribute in RADIUS, see the documentation for your RADIUS server .) Syntax — clear mac-user mac-addr attr attribute- name  m[...]

  • Page 222

    222 C HAPTER 8: AAA C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Removing a MAC user fr om a MAC user group removes the group name fr om the user’ s profile, but does not delete the user group from the local WX database. T o remove the gr oup, use clear mac-usergroup . Examples — The following co mmand dele[...]

  • Page 223

    clear mac-usergroup attr 223 See Also  clear mac-usergroup attr on page 223  display aaa on page 229  set mac-usergroup attr on page 267 clear mac-usergroup attr Removes an authorization attribute fr om a MAC user group in the local database on the WX, for a g roup of users who are authenticated by a MAC address. (T o unconfigure an author[...]

  • Page 224

    224 C HAPTER 8: AAA C OMMANDS clear mobility-profile Removes a Mobility Profile entirely . Syntax — clear mobility-profile name  name — Name of an existing Mobility Profile. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following command re mo ves the Mobility Profile for user Nin: WX1200#[...]

  • Page 225

    clear user attr 225 Examples — The following co mmand delete s the user profile for user Nin: WX4400# clear user Nin success: change accepted. See Also  display aaa on page 229  set user on page 271 clear user attr Removes an authorization attribute fr om the user profile in the local database on the WX for a user with a password. (T o remo[...]

  • Page 226

    226 C HAPTER 8: AAA C OMMANDS clear user gr oup Removes a user with a p assword fr om membership in a user group in the local database on the WX. (T o remove a user fr om a user group in RADIUS, see the documentation for your RADIUS server .) Syntax — clear user username group  username — Username of a user with a password. Defaults — None[...]

  • Page 227

    clear usergroup 227 History — Introduced in MSS 6.0. Usage — If a user’ s password has expir ed, or the user is unable to log in within the configur ed limit for login attemp ts, then the user is locked out of the system, and cannot gain ac cess without the intervention of an adminstrator . Use this command to restor e access to the user . Ex[...]

  • Page 228

    228 C HAPTER 8: AAA C OMMANDS See Also  clear usergroup attr on page 228  display aaa on page 229  set usergroup on page 275 clear usergroup attr Removes an authorization attribute from a user group in the local database on the WX. (T o remove an authorization attribut e in RADIUS, see the documentation for your RADIUS server .) Syntax —[...]

  • Page 229

    display aaa 229 display aaa Displays all curr ent AAA settings. Syntax — display aaa Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Web Portal section added, to indicate the state of the WebAAA featur e in MSS V ersion 4.0. Examples — T o display all current AAA settings, type the following command: WX4400# di[...]

  • Page 230

    230 C HAPTER 8: AAA C OMMANDS user last-resort-guestssid Vlan-Name = k2 user last-resort-any Vlan-Name = foo mac-user 01:02:03:04:05:06 usergroup eastcoasters session-timeout = 99 T able 42 describes the fields that can appear in display aaa output . T able 42 display aaa Output Field Descri ption Default Values RADIUS default values for all parame[...]

  • Page 231

    display aaa 231 See Also  set accounting {admin | console} on page 235  set authentication admin on page 239  set authentication console on page 241  set authentication dot1x on page 243  set authentication mac on page 247  set authentication mac on page 247  set authentication web on page 254 T/o Setting of timeouts on each RA[...]

  • Page 232

    232 C HAPTER 8: AAA C OMMANDS display accounting statistics Displays the AAA accounting recor ds for wireless users. The r ecords ar e stored in the local database on the WX. (T o display RADIUS accounting record s, see the documentation for your RADIUS server .) Syntax — display accounting statistics Defaults — None. Access — Enabled. Histor[...]

  • Page 233

    display accounting s tatistics 233 AAA_ACCT_SVC_ATTR=2 AAA_VLAN_NAME_ATTR=default Calling-Station-Id=00-06-25-12-06-38 Nas-Port-Id=3/1 Called-Station-Id=00-0B-0E-00-CC-01 AAA_SSID_ATTR=vineet-dot1x T able 43 describes the fields that can appear in display accounting statistics output. T able 43 display accounting statistics Output Field Description[...]

  • Page 234

    234 C HAPTER 8: AAA C OMMANDS See Also  clear accounting on page 213  display aaa on page 229  set accounting {admin | console} on page 235 display location policy Displays the list of location policy ru les that make up the location policy on an WX switch. Syntax — display location policy Defaults — None. Access — Enabled. History ?[...]

  • Page 235

    display mobility-profile 235 display mobility-profile Displays the named Mobility Pr ofile. If you do not specify a Mobility Profile name, this command shows a ll Mobility Profile nam es and port lists on the WX. Syntax — display mobility-profile [ name ]  name — Name of an existing Mobility Profile. Defaults — None. Access — Enabled. Hi[...]

  • Page 236

    236 C HAPTER 8: AAA C OMMANDS  Specify a username, use the doub le-asterisk wildcard character ( ** ) to specify all user names, or use the single-ast erisk wildcard character ( * ) to specify a set of usernames up to or following the first delimiter character—either an at sign (@) or a period (.). (For details, see “User Globs” on page 30[...]

  • Page 237

    set accounting {dot1x | mac | web | last-resort} 237 See Also  clear accounting on page 213  display accounting statistics on page 232 set accounting {dot1x | mac | web | last-resort} Sets up accounting services for spec ified wireless users with network access, and defines the accounting recor ds and where they ar e sent. Syntax — set acco[...]

  • Page 238

    238 C HAPTER 8: AAA C OMMANDS  start-stop — Sends accounting recor ds at the start and end of a network session.  stop-only — Sends accounting recor ds only at the end of a network session.  method1, method2, method3, method4 — At least one of up to four methods that MSS uses to process accounting r ecords. Specify one or more of the[...]

  • Page 239

    set authentication admin 239 set authentication admin Configures authentication and defines where it is performed for specified users with administrat ive access through T elnet or Web Manager . Syntax — set authentication admin user-glob method1 [ method2 ] [ method3 ] [ metho d4 ]  user-glob — Single user or set of user s with administrati[...]

  • Page 240

    240 C HAPTER 8: AAA C OMMANDS History —Introduced in MSS V ersion 3.0. The syntax descriptions for the set authentication commands are separated for clarity . However , the options and behavior for the set authentication admin command are th e same as in previous releases. Usage — Y ou can co nfigure dif ferent authentication methods for differ[...]

  • Page 241

    set authentication console 241  set authentication mac on page 247  set authentication web on page 254 set authentication console Configures authentication and defines where it is performed for specified users with administrative acce ss through a console connection. Syntax — set authentication console user-glob method1 [ method2 ] [ method[...]

  • Page 242

    242 C HAPTER 8: AAA C OMMANDS Defaults — By default, authentication is deactivated for all console users, and the default authenticat ion method in a console aut hentication rule is none . MSS requir es no user name or password, by default. These users can press Enter at the prompts for administrative access. It is recommended that you change the[...]

  • Page 243

    set authenticatio n dot1x 243  set authentication admin on page 239  set authentication dot1x on page 243  set authentication mac on page 247  set authentication mac on page 247  set authentication web on page 254 set authentication dot1x Configures authentication and defines how it is performed for specified wireless or wir ed authe[...]

  • Page 244

    244 C HAPTER 8: AAA C OMMANDS Provides mutual authentication, integrity-protected negotiation, and key exchange Requires X.509 public key certificates on both sides o f the connection Provides encryption and integrity checking for the connection Cannot be used with RADIUS serv er authentication (requires user information to be in the WX local datab[...]

  • Page 245

    set authenticatio n dot1x 245 Defaults — By default, authen tication is unconfigured for all clients with network access through MAP ports or wired authentication ports on the WX switch. Connection, au thorization, and accounting are also disabled for these use rs. Bonded authentication is disabled by default. Access — Enabled. History —Intro[...]

  • Page 246

    246 C HAPTER 8: AAA C OMMANDS If the username does not match an authenticat ion rule for the SSID the user is attempting to access, MSS uses the fallthru authentication type configured for the SSID, which can be last-resort , web-portal (for We bAAA), or none . Examples — The following command configures EAP-TLS authentication in the local WX dat[...]

  • Page 247

    set authentication mac 247 set authentication mac Configures authentication and defines where it is performed for specified non-802. 1X users with network access thr ough a media acc ess contro l (MAC) addr ess. Syntax — set authentication mac { ssid ssid-name | wired } mac-addr-gl ob method1 [ method2 ] [ method3 ] [ method4 ]  ssid ssid-name[...]

  • Page 248

    248 C HAPTER 8: AAA C OMMANDS If you specify multiple au thentication methods in th e set authentication mac command, MSS applies th em in the order in which they appear in the command, with these r esults: If the first method responds with pa ss or fail, the evaluation is final. If the first method does not r espond, M SS tries the second method, [...]

  • Page 249

    set authentication max-attempts 249 set authentication max-attempts Specifies the maximum number of logi n attempts users can make before being locked out of the system. Syntax — set authentication max-attempts number Defaults — For T elnet or SSH sessions, a maximum of 4 failed login attempts are allowed by default. For console or network sess[...]

  • Page 250

    250 C HAPTER 8: AAA C OMMANDS set authentication max-attempts Specifies the maximum number of logi n attempts users can make before being locked out of the system. Syntax — set authentication max-attempts number  number — Number of allowable login attempts for a user . Y ou can specify a number between 0 – 2147483647. Specifying 0 causes t[...]

  • Page 251

    set authentication mini mum-p asswor d-leng th 251 set authentication minimum-password -length Specifies the minimum allowabl e length for user passwor ds. Syntax — set authentication minimum-password-length length  length — Minimum nu mber of character s that can be in a user password. Y ou can specify a minimum passwor d length between 0 ?[...]

  • Page 252

    252 C HAPTER 8: AAA C OMMANDS set authentication password-r estrict Activates password r estrictions for network and administrative users. Syntax — set authenticat ion password-restrict { enabl e | disable }  enable — Enables passwor d restri ctions on the WX.  disable — Disables password r estrictions on the WX. Defaults — By default[...]

  • Page 253

    set authentication proxy 253 See Also  clear user lockout on page 226  set authentication minimum-password-length on page 251  set authentication max-attempts on page 250 set authentication proxy Configures a proxy authentication ru le for a third-party AP’ s wireless users. Syntax — set authentication proxy ssid ssid-name user-glob ra[...]

  • Page 254

    254 C HAPTER 8: AAA C OMMANDS See Also  clear authentication proxy on page 218  set radius proxy client on page 585  set radius proxy po rt on page 586 set authentication web Configures an authentication rule to allow a user to log in to the network using a web page served by the WX. Th e rule can be activated if the user is not otherwise [...]

  • Page 255

    set authentication web 255 Defaults — By def ault, authentication is unconfigured for all clients with network access through MAP ports or wired authentication ports on the WX switch. Connection, au thorization, and accounting are also disabled for these use rs. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou can co [...]

  • Page 256

    256 C HAPTER 8: AAA C OMMANDS Examples — The following co mmand config ures a W ebAAA rule in the local WX database for SSID ourcorp and userglob rnd* : WX4400# set authentication web ssid ourcorp rnd* local success: change accepted. See Also  clear authentication proxy on page 218  display aaa on page 229  set authentication admin on pa[...]

  • Page 257

    set location policy 257  inacl inacl-name — Name of an existing security ACL to apply to packets sent to the WX with attri butes matching the location policy rule. Optionally , you can add the suff ix .in to the name .  outacl outacl-name — Name of an existing security ACL to apply to packets sent from the WX with attr ibutes matching the[...]

  • Page 258

    258 C HAPTER 8: AAA C OMMANDS For user -glob , specify a user name, use the double-asterisk wildcard character ( ** ) to specify all user names, or use the single-asterisk wildcard character ( * ) to specify a set of usernames up to or follo wing the first delimiter character , either an at sign (@) or a period (.). (For details, see “User Globs?[...]

  • Page 259

    set location policy 259 When applying security ACLs: Use inacl inac l-name to filter traffic that enters the WX from users via a MAP access port or wir ed authentication port , or from the network via a network port. Use outacl o utacl-name to filter traf fic sent from the switch to users via a MAP access port or wir ed authentication port , or fro[...]

  • Page 260

    260 C HAPTER 8: AAA C OMMANDS The following command places all users who are authorized for SSID tempvendor_a into VLAN kiosk_1 : WX1200# set location policy permit vlan kiosk_1 iff ssid eq tempvendor_a success: change accepted See Also  clear location policy on page 219  display location policy on page 234 set mac-user Configures a user prof[...]

  • Page 261

    set mac-user attr 261 See Also  clear mac-user on page 220  display aaa on page 229 set mac-user attr Assigns an authorization attribute in the local database on the WX to a user authenticating with a MAC address. (T o assign authorization attributes through RADIUS, see the documentation for your RADIUS server .) Syntax — set mac-user mac-a[...]

  • Page 262

    262 C HAPTER 8: AAA C OMMANDS T able 44 Authentication Attributes for Local Users Attribute Description Valid Value(s) encryption-type Type of encryption required for access by the client. Clients who attempt to use an unauthorized encrypti on method are rejected. One of the following numbers that identifies an encryption algorithm:  1 —AES_CC[...]

  • Page 263

    set mac-user attr 263 filter-id Inbound or outb ound ACL to apply to the user. If configured in the WX local database, this attribute can be an access control list (ACL) to filter outbound or inbound traffic. Use the following format: filter -id inboundacl .in or filter -id outboundacl .out If you are configuring the attribute on a RADIUS server, t[...]

  • Page 264

    264 C HAPTER 8: AAA C OMMANDS service-type Type of access requested by the user. One of the following numbers: 2 —Framed; for network user access 6 —Administrative; for administrative access to the WX, with authorization to access the enabled (configuration) mode. The user must enter the enable command to access the enabled mode. 7 —NAS-Promp[...]

  • Page 265

    set mac-user attr 265 time-of-day (network access mode only) Day(s) and time(s) during which the user is permitted to log into the network. After authorization, the user session can last until either the Time-Of-Day range or the Session-Timeout duration (if set) expires, whichever is shorter. One of the following:  never —Access is always deni[...]

  • Page 266

    266 C HAPTER 8: AAA C OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — T o change the val ue of an attribute, enter set mac-user attr with the new valu e. T o delete an attr ibute, use clear mac-user attr . url (network access mode only) URL to recirect the user after successful WebAAA. Web URL, in[...]

  • Page 267

    set mac-usergroup attr 26 7 Y ou can as sign attributes to individual MAC users and to MAC user groups. If attributes are configur ed for a MAC user and also for the group the MAC user is in, the attributes assigned to the individual MAC user take precedence for that user . For example, if the start-date attribute configured for a MAC user is soone[...]

  • Page 268

    268 C HAPTER 8: AAA C OMMANDS  attribute-name value — Name and value of an attribute used to authorize all MAC users in the group for a particular service or sess ion characteristic. (For a list of author ization attributes, see T able 44 on page 262.) Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — [...]

  • Page 269

    set mobility-profile 269 set mobility-profile Creates a Mobility Profile and specifies the MAP acce ss point and/or wired authentication ports on the WX switch through which any user assigned to the profile is allowed access. Syntax — set mobility-profile name name { port { none | all | port-list }} | { ap { none | all | ap-num }}  name — Na[...]

  • Page 270

    270 C HAPTER 8: AAA C OMMANDS CAUTION: When the Mo bility Profile feature is enabled, a user is den ied access if assigned a Mobility-Profile attribute in the local WX database or RADIUS server when no Mobility Prof ile of that name exists on the WX. T o change the ports in a profile, use set mobility-profile again w ith the updated port list. Exam[...]

  • Page 271

    set mobility-profile mode 271 set mobility-profile mode Enables or disables the Mobility Profile featur e on the WX switch. CAUTION: When the Mo bility Profile feature is enable d, a user is denied access if assigned a Mobility-Profile attri bute in the local WX database or RADIUS server when no Mobility Prof ile of that name exists on the WX. Synt[...]

  • Page 272

    272 C HAPTER 8: AAA C OMMANDS  encrypted — Indicates that the password string you entered is already in its encrypted form. If you use this option, MSS does not encrypt the disp layed form of t he password string, and instead displays the string exactly as you entere d it. If you omit this option , MSS does encryp t the displayed form of the s[...]

  • Page 273

    set user attr 273 set user attr Configures an authorization attribut e in the local database on the WX switch for a user with a passwor d. (T o assign authorization attr ibutes in RADIUS, see the documentation for your RADIUS server .) Syntax — set user username attr attribute-name v alue  username — Username of a user with a password.  a[...]

  • Page 274

    274 C HAPTER 8: AAA C OMMANDS The following command limits the days and time s when user Student1 can access the network, t o 5 p.m. to 2 a.m. every weekday , and all day Saturday and Sunday: WX4400# set user Student1 attr time- of-day Wk1700-0200,Sa,Su success: change accepted. See Also  clear user attr on p age 225  display aaa on page 229 [...]

  • Page 275

    set user group 275 set user group Adds a user to a user group. The user must have a password and a profile that exists in the local database on the WX. (T o configure a user in RADIUS, se e the documentation for your RADIUS server .) Syntax — set user username group group-n ame  username — Username of a user with a password.  group-name ?[...]

  • Page 276

    276 C HAPTER 8: AAA C OMMANDS  attribute-name value — Name and value of an attribute you are using to authorize all users in the group for a particular service or session characterist ic. For a list of authorization attributes an d values that you can assign to users, see T able 44 on page 262. Defaults — None. Access — Enabled. History ?[...]

  • Page 277

    set usergroup expire-password-in 277 set usergroup expire-passwor d-in Specifies how long the passwords for the users in user group ar e valid before they must be r eset. Syntax set usergroup group- name expire-passwor d-in time  group-name — Name of a group for password users.  time — How long the passwor ds for the users in the specifie[...]

  • Page 278

    278 C HAPTER 8: AAA C OMMANDS set web-portal Globally enables or disables WebAAA on a WX switch. Syntax — set web-portal { enable | disable }  enable — Enables W ebAAA on the switch.  disable — Disables W ebAAA on the switch. Defaults — Enabled. Access — Enabled. History —Introduced in MSS V ersion 3.0. Command name changed from s[...]

  • Page 279

    9 M OBILITY D OMAIN C OMMANDS Use Mobility Domain commands to configure and manage Mobility Domain groups. A Mobility Domain is a system of WX switches and MAP access points working together to support a roaming user (client). One WX acts as a seed switch, which maintains and distri butes a list of IP addresses of the domain members. 3Com recommend[...]

  • Page 280

    280 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS clear mobility-domain Clears all Mobility Domain configur ation and information fr om a WX , regar dless of whether the WX is a seed or a member of a Mobility Domain. Syntax — clear mobility-domain Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 3.0. Usage — This command[...]

  • Page 281

    display mobility-domain 28 1 Usage — This command has no effect if the WX member is not configured as part of a Mobility Domain or the current WX is not the seed. Examples — The following command clea rs a Mobility Domain member with the IP address 192.168.0.1: WX1200# clear mobility-domain member 192.168.0.1 See Also  set mobility-domain me[...]

  • Page 282

    282 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS See Also  clear mobility-domain on page 280  set mobility-domain member on page 284  set mobility-domain mode member seed-ip on page 286 display mobility-domain config Displays the configuration of the Mobility Domain. Syntax — display mobility-domain config Defaults — None. Access — Enabl[...]

  • Page 283

    display mobility -domain status 28 3 display mobility-domain status On the seed WX, displays the Mob ility Domain status and members. Syntax — display mobility-domain status Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T o display Mobility Domain status, type the following command: WX4400# display[...]

  • Page 284

    284 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS set mobility-domain member On the seed WX, adds a member to the list of Mobility Domain members. If the current WX is not configur ed as a seed, this command is rejected. Syntax — set mobility-domain member ip-addr Key hex-byte s  ip-addr — IP addr ess of the Mobility Domain member in dotted decim[...]

  • Page 285

    set mobility-domain mode member secondary seed-ip 285 set mobility-domain mode member secondary seed-ip Sets the IP address of the secondary seed WX on a no nseed WX. Syntax — set mobility-domain mode member secondary seed-ip secondary-seed-ip-addr key hex-bytes  secondary-seed-ip-addr — IP addr ess of the secondary seed, in dotted decim al [...]

  • Page 286

    286 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS set mobility-domain mode member seed-ip On a nonseed WX, sets the IP address of the seed WX. This command is used on a member WX to configure it as a member . If the WX is currently part of another Mobility Domain or using another seed, this command overwrites that configuration . Syntax — set mobility[...]

  • Page 287

    set mobility-domain mode se condary-seed domain-name 287 set mobility-domain mode secondary-seed domain-name Sets the current WX as a secondary-seed device for the Mobility Domain. Syntax — set mobility-domain mode secondary-seed domain-name mob-domain-name seed-ip primary-seed -ip-addr  mob-domain-name — Name of the Mobility Domain. Specify[...]

  • Page 288

    288 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS Examples — The following comma nd configures this WX a s the secondary seed in a Mobility Domain named Pleasanton: WX# set mobility-domain mode seconda ry-seed domain-name Pleasanton mode is: secondary-seed domain name is: Pleasanton See Also  clear mobility-domain member on page 280  display mob[...]

  • Page 289

    set domain security 289 See Also  clear mobility-domain member on page 280  display mobility-domain status on page 283 set domain security Sets mobility domain security to r equi red (enabled) or no ne (disabled) on the wireless LAN switch. The command needs to be entered on each wireless LAN switch that will partic ipate as a m ember of the [...]

  • Page 290

    290 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS[...]

  • Page 291

    10 N ETWORK D OMAIN C OMMANDS Use Network Domain commands to c onfigure and manage Net work Domain groups. A Network Domain is a group of geographically dispersed Mobility Domains that share information over a W AN link. This shared information allows a user configured on a WX in one Mobility Do main to establish connectivity on a WX in another Mob[...]

  • Page 292

    292 C HAPTER 10: N ETWORK D OMAIN C OMMANDS clear network-domain Clears all Network Domain configuration and information from a WX , reg a rdl e ss of w he t he r th e WX is a seed or a member of a Network Domain. Syntax — clear network-domain Defaults — None. Access — Enabled. History —Introduced in MSS 4.1. Examples — This command has n[...]

  • Page 293

    clear network-domain mode 293 clear network-domain mode Removes the Network Domain seed or member configuration from the WX. Syntax — clear network-domain mode {seed | member}  seed — Clears the Network Domain seed configuration from the WX switch.  member — Clears the Network Domain member configuration from the WXswitch. Defaults — [...]

  • Page 294

    294 C HAPTER 10: N ETWORK D OMAIN C OMMANDS clear network-domain peer Removes the configuration of a Network Domain peer from a WX configured as a Network Domain seed. Syntax — clear network-domain peer { ip-addr | al l}  ip-addr — IP addr ess of the Network Domain peer in dotted decimal notation.  all — Clears the Network Domain pe er [...]

  • Page 295

    clear network-domain seed-ip 295 clear network-domain seed-ip Removes the specified Network Domain seed from the WX configuration. When you enter this command, the Network Domain TCP connections between the WX switch and the specified Network Domain seed are closed. Syntax — clear network-domain seed-ip ip-addr  ip-addr — IP address of the N[...]

  • Page 296

    296 C HAPTER 10: N ETWORK D OMAIN C OMMANDS display network-domain Displays the status of Networ k Doma in seeds and members. Syntax — display network-domain Defaults — None. Access — Enabled. History —Introduced in MSS 4.1. Examples — T o display Net work Domain status, type the following command. The output of the command differs based [...]

  • Page 297

    display network-domain 297 T able 49 describes the fields in the display . See Also  clear network-domain on page 292  set network-domain m ode member seed- ip on page 298  set network-domain m ode seed domain-name on page 300  set network-domain peer on page 299 T able 49 Radio-Specific Parameters Parameter Descripti on Output if WX is[...]

  • Page 298

    298 C HAPTER 10: N ETWORK D OMAIN C OMMANDS set network-domain mode member seed-ip Sets the IP a ddress of a Network Doma in seed. This command is used for configuring a WX as a memb er of a Network Domain. Y ou can specify multiple Network Domain seeds and configure one as the primary seed. Syntax — set network-domain mode member seed-ip ip-addr[...]

  • Page 299

    set network-domain peer 299 See Also  clear network-domain on page 292  display network-domain on page 296 set network-domain peer On a Network Domain seed, configures one or mor e WX as redundant Network Domain seeds. The seeds in a Netwo rk Domain share information about the VLANs configured on the member devices, so that all the Network Do[...]

  • Page 300

    300 C HAPTER 10: N ETWORK D OMAIN C OMMANDS set network-domain mode seed domain-name Creates a Network Domain by setting the current WX as a seed device and naming the Network Domain. Syntax — set network-domain mode seed do main-name net-domain-name  net-domain-name — Name of the Network D omain. Specify between 1 and 16 characters with no [...]

  • Page 301

    11 M ANAGED A CCESS P OINT C OMMANDS Use MAP access point commands to configur e and manage MAP acce ss points. Be sure to do the follo wing before using the commands:  Define the country-speci fic IEEE 802.1 1 regulations on the WX switch. (See set system countrycode on page 61.)  Install the MAP access point and co nnect it to a port on the[...]

  • Page 302

    302 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap radio auto-tun e max- retransmissions on page 385 set ap radio link-calibration on page 388 set ap radio mode on page 391 set ap radio radio-profile on page 392 set ap auto radiotype on page 365 set ap upgrade-firmware on page 396 External Antennas set ap radio antennatype on page 383 set a[...]

  • Page 303

    MAP Access Point Commands by Usage 30 3 set radio-profile max-tx-lifetime on page 415 set radio-profile preamble-l ength on page 419 set radio-profile rts-threshold on page 423 Authentication and Encryption set service-profile attr on pa ge 431 set service-pr ofile auth-dot1x on page 433 set service-pr ofile auth-fallthru on page 434 set service-pr[...]

  • Page 304

    304 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS QoS and V oIP set radio-profil e qos-mode on page 420 set radio-profile wmm-powersave on page 430 set service-pr ofile cac-mode on page 438 set service -profile ca c-session on page 439 set service-pr ofile static-cos on page 467 set service-profile cos on page 444 set service-profile use- client-[...]

  • Page 305

    MAP Access Point Commands by Usage 30 5 set radio-profile auto -tune channel-lockdown on page 405 set radio-profile auto-t une power -config on page 406 set radio-profile auto-tune power -interval on page 407 set radio-profile auto-t une power -lockdown on page 408 set ap radio auto-tune max-power on page 384 display auto-t une neighbors on page 34[...]

  • Page 306

    306 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display ap unconfig ured on page 347 display ap qos-stats on page 326 display ap etherstats on page 327 MAP Local Switching set ap local-switchin g mode on page 379 set ap local-switchin g vlan-pr ofile on page 380 clear ap local-switching vl an-profile on page 307 display ap arp on page 314 displ[...]

  • Page 307

    clear ap local-switching vlan-profile 30 7 clear ap local-switching vlan-profile Clears the VLAN profile that had been applied t o an MAP to use with local switching. Syntax — clear { ap ap-number local-switchi ng vlan-profile  ap-number — Index value that identifies the MAP on the WX switch. Defaults — None. Access — Enabled. History ?[...]

  • Page 308

    308 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS clear ap radio Disables a MAP radio and resets it to its factory default settings. Syntax — clear ap ap-num } radio { 1 | 2 | all }  ap ap- number — Index value that identifies the MAP on the WX.  radio 1 — Radio 1 of the MAP .  radio 2 — Radio 2 of the MAP . (This option does not[...]

  • Page 309

    clear ap radio 30 9 Access — Enabled History —Introduced in MSS V ersion 3.0. V ersion 6.0 removed the dap option for distributed MAPs. Usage — When you clear a radio, MSS performs the following actions:  Clears the transmit power , channel, and exter nal ante nna setting from the radio.  Removes the radio from its radio pr ofile and pl[...]

  • Page 310

    310 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS clear ap boot-configuration Removes the static IP address configuration for a Distributed MAP . Syntax — clear ap boot-configuration apnum  ap ap-number — Index value that identifies the MAP on the WX. Defaults — None. Access — Enabled. History —Introduced in MSS 4.2. V ersion 6.0 rem[...]

  • Page 311

    clear ap radio load-bal ancing group 311 clear ap radio load-balancing group Removes a MAP radio from its load-balancing group. Syntax clear ap ap-number radio {1 | 2} load-balancing g roup  ap ap-number — Index value that identifies the MAP on the WX.  radio 1 — Radio 1 of the MAP .  radio 2 — Radio 2 of the MAP . (This opt ion does[...]

  • Page 312

    312 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS clear radio-profile Removes a radio profile or resets one of the profile’ s parameters to its default value. Syntax — clear radio-profile name [ parameter ]  name — Radio profile name.  parameter — Radio pr ofile parameter:  beacon-interval  countermeasures  dtim-interval ?[...]

  • Page 313

    clear service-profile 313 The following commands disable the rad ios using radio profile rptest and remove the pr ofile: WX4400# set radio-profile rptest mod e disable WX4400# clear radio-profile rptest success: change accepted. See Also  display radio-profile on page 350  set ap radio radio-profile on page 392  set radio-profile mode on p[...]

  • Page 314

    314 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History — Introduced in MSS V ersion 3.0. Options added to clear SODA parameters in V ersion 4.2. Usage — If the service profile is mapped to a radio pr ofile, you must remove it fr om the radio profile first. (After disabling all radios t hat use the radio profile, use the[...]

  • Page 315

    display ap arp 315 Examples — The following command displa ys ARP entries for AP 7: WX# display ap arp 7 AP 7: Host HW Address VLAN State Type ---------------------- ------------- ---- ----- -------- ------- 10.5.4.51 00:0b:0e:00:04:0c 1 EXPIRED DYNAMIC 10.5.4.53 00:0b:0e:02:76:f7 1 RESOLVED LOCAL T able 52 describes the fields in this display . [...]

  • Page 316

    316 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display ap config Displays global and radio-specific settings for a MAP access point. Syntax — display ap config [ port-list [ radio { 1 | 2 }]]  ap-number — Index value that identifies the MAP o n the WX.  radio 1 — Shows configuration information for radio 1.  radio 2 — Shows co[...]

  • Page 317

    display ap config 317 T able 53 Output for display ap config Field Description Port WX port number to which th e MAP is connected, if specified for the MAP. AP Index number that identifies the MAP to the WX. Serial-Id Serial ID of the MAP access point. AP model MAP access point mo del number. bias Bias of the WX connection to the MAP:  High  [...]

  • Page 318

    318 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  display ap connection on page 34 3  display ap global on page 345  display ap unconfigured on pag e 347  display radio-profile on page 350  set ap on page 87  set port type ap on page 97  set ap bias on page 367  set ap group on page 379  set ap name on page 38[...]

  • Page 319

    display ap co unters 319  set ap radio mode on page 391  set ap radio antennatype on page 383  set ap radio channel on page 387  set ap radio radio-profile on page 392  set ap radio tx-power on page 393 display ap counters Displays MAP access point an d radio statistics co unters. Syntax — display ap counters [ ap-number [ ra dio {[...]

  • Page 320

    320 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand shows statistics counters for Distributed MAP 7: WX1200# display ap counters 7 AP: 7 radio: 1 ================================= LastPktXferRate 2 Pkt TxCount 91594255 NumCntInPwrSave 4294966683Mul tiPktDrop 0 LastPktRxSigStrength -54 Mul tiBytDrop 0 LastPktSigNo[...]

  • Page 321

    display ap co unters 321 T able 54 describes the fields in this display . T able 54 Output for display ap counters Field Description AP Distributed MAP number. Port WX port number (if the MAP is directly connected to the WX and the WX port is configured as a MAP access point). radio Radio number. LastPktXferRate Data transmit rate, in Mbps, of the [...]

  • Page 322

    322 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS CCMP Pkt Transfer Ct Total number of CCMP packets sent and received by the radio. Radio Recv Phy Err Ct Number of times radar caused packet errors. If this counter increments rapidly, there is a problem in the RF environment. This counter increments only when radar is detected. Rate-specific Phy e[...]

  • Page 323

    display ap co unters 323 User Sessions Number of clients currently associated with the radio. Generally, this counter is equa l to th e number of sess ions listed for the radio in display se ssions output. Howev er, the counter can differ from the counter in disp lay sessions output if a client is associated with the radio but has not yet completed[...]

  • Page 324

    324 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Noise Floor Received si gnal strength at which the MAP can no longer distinguish 802.11 packets from ambient RF noise. A value around -90 or higher is goo d for an 802.11b/g radio. A value around -80 or higher is good for an 802.11a radio. Values near 0 can indicate RF interference. 802.3 Packet R[...]

  • Page 325

    display ap fdb 325 See Also  display sessions network on page 620 display ap fdb Displays the entries in a specified MPís forwarding database. Syntax — display ap fdb ap-number  ap-number — Index value that identifies the MAP on the WX. Defaults — None. Access — All. History — Introduced in MSS V ersion 6.0. Examples — The follow[...]

  • Page 326

    326 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  set ap local-switching mode on page 379  set vlan profile on page 127 display ap qos-stats Displays stat istics for MAP forwarding queues. Syntax — display ap qos-stats [ ap-number ][ clear ]  ap-number — Index value that identifies the MAP on the WX.  clear — Clears th[...]

  • Page 327

    display ap etherstats 327 T able 56 describes the fields in this display . display ap etherstats Displays Ethern et statistics for an Ethernet po rt on a MAP . Syntax — display ap etherstats ap-number  ap-number — Index value that identifies the MAP on the WX. Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0.[...]

  • Page 328

    328 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand displays Ether net statistics for the Ether net ports on Distributed MAP 1: WX4400# display ap etherstats 1 AP: 1 ether: 1 ================================= RxUnicast: 75432 TxGoodFr ames: 55210 RxMulticast: 18789 TxSingle Coll: 32 RxBroadcast: 8 TxLateCo ll: 0 [...]

  • Page 329

    display ap group 329 display ap gr oup Depr ecated in MSS V ersion 6.0. T o display information about RF load balancing, see “display load -balancing group” on page 348. display ap mesh-links Displays information about the links an MAP has to Mesh APs and Mesh Portal APs. Syntax — display ap mesh-links ap-number [ path ]  ap-number — Ind[...]

  • Page 330

    330 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command mesh link information for AP 7: WX# display ap mesh-links 7 AP: 7 IP-addr: 1.1.1.3 Operational Mode: Mesh-Portal Downlink Mesh-APs ------------------------------------ ------------- BSSID: 00:0b:0e:17:bb:3f (54 Mbps) packets bytes TX: 307 44279 RX: 315 215046 The[...]

  • Page 331

    display ap status 331 See Also  set ap boot-configuration mesh ssid on page 373  set service-profile mesh on page 450 display ap status Displays MAP access point an d radio status info rmation. Syntax — display ap status [terse] [ ap-num ber | all [ radio { 1 | 2 }]]  terse — Displays a brief line of essent ial status information for e[...]

  • Page 332

    332 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command displays th e status of a MAP access point: WX4400# display ap status 7 Dap: 1, IP-addr: 10.2.34.56 (vlan 'v lan-corp'), MAP model: AP2750, manufacturer: 3Com, name: DA P01 fingerprint: b4 : f9:2a:52:37:58:f4:d0:10 :75:43:2f:45:c9:52:c3 ================[...]

  • Page 333

    display ap status 333 The following command uses the terse option to display brief information for MAPs: WX# display ap status terse Total number of entries: 120 Operational: 1, Image Downloading: 0 , Unknown: 119, Other: 0 Flags: o = operational, b = booting, d = image downloading c = configuring, f = configuration fa iled a = auto AP, m = mesh AP[...]

  • Page 334

    334 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS State State of the MAP:  init — The MAP has been recognized by the WX but has not yet begun booting.  booting — The MAP has asked the WX for a boot image.  image down loading — The MAP is receiving a boot image from the WX.  image do wnloaded — The MAP has received a boot image[...]

  • Page 335

    display ap status 335 Radio 1 type Radio 2 type 802.11 type and configur ation state of the radio.  The configure succeed state indicates that the MAP has received configuration parameters for the radio and t he radio is ready to accept client connections.  802.11b protect indic ates that the 802.11b/g radio is sending messages to 802.11b dev[...]

  • Page 336

    336 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Radio 1 type Radio 2 type (cont.)  The following information appe ars for external antenna s: External antenna dete cted, configured as antenna-model —Indicates that an external antenna has been detected, and lists the antenna model confi gured on the radio. (MSS does not detect the specific [...]

  • Page 337

    display ap vlan 337 display ap vlan Displays information about the VLANs that are either locally switched by the specified MAP or tunneled fr om the MAP to an WX switch. Syntax — display ap vlan ap-number  ap-number — Index value that identifies the MAP on the WX. Defaults — None. Access — All. History — Introduced in MSS V ersion 6.0.[...]

  • Page 338

    338 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T able 61 describes the fields in the display ap vlan ou tput. See Also  set ap local-switching mode on pag e 379  set vlan profile on page 127 display auto-tune attributes Displays the current values of the RF attrib utes RF Auto-T uning uses to decide whether to change channel or po wer se[...]

  • Page 339

    display auto-tune attributes 339 Examples — The following co mmand displa ys RF attribute inform ation for radio 1 on the directly conne cted MAP access point on port 2: WX1200# display auto-tune attributes ap 2 radio 1 Auto-tune attributes for port 2 radi o 1: Noise: -92 Packet Retransmission Count: 0 Utilization: 0 Phy Er rors Count: 0 CRC Erro[...]

  • Page 340

    340 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display auto-tune neighbors Displays the other 3Com radios and third-party 802.11 radios that a 3Com radio can hear . Syntax — display auto-tune neighbors [ ap map-num [ radio { 1 | 2 | all }]] Syntax — display auto-tune neighbors [ ap ap-number [ radio { 1 | 2 | all }]]  ap-number — Inde[...]

  • Page 341

    display auto-tune neighbors 341 Examples — The following co mmand displa ys neighbor information for radio 1 on the directly connected MAP access point on port 2: WX1200# display auto-tune neighbors ap 2 radio 1 Total number of entries for port 2 r adio 1: 5 Channel Neighbor BSS/MAC RSSI ------- ----------------- ---- 1 00:0b:85:06:e3:60 -46 1 00[...]

  • Page 342

    342 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display ap boot-configuration Displays information a bout the static IP address configuration (if any) on a Distributed MAP . Syntax — display ap boot-configuration ap-number  ap-number — Index value that identifies the MAP on the WX. Defaults — None. Access — Enabled. History —Introd[...]

  • Page 343

    display ap connection 343 display ap connection Displays the system IP address of the WX switch that booted a Distributed MAP . Syntax — display ap connection [ ap-number | serial-id serial-ID ]  ap-number — Index value that identifies the MAP on the WX.  serial-id serial-ID — MAP access point serial ID. Defaults — None. Access — En[...]

  • Page 344

    344 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS History —Introduced in MSS V ersion 3.0. V ers ion 6.0 removed the dap option. Usage — The serial-id parameter displays the active conn ection for the specified Distributed MAP even if that MAP is not configured on this WX switch. If you instead use the command with the dap-num parameter or wi[...]

  • Page 345

    display ap global 345 See Also  display ap config on page 316  display ap global on page 345  display ap unconfigured on pag e 347 display ap global Displays connection information for Distributed MAPs configured on a WX. Syntax — display ap global [ ap-number | serial-id serial-ID ]  ap-number — Index value that identifies the MAP [...]

  • Page 346

    346 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The follo wing command displays configurat ion information for all the Distributed MAPs configured on a WX switch: WX4400# display ap global Total number of entries: 8 AP Serial Id WX IP Address Bias --- ----------- --------------- ---- 1 M9DE48B012F00 10.3.8.111 HIGH - M9DE48B012F00 [...]

  • Page 347

    display ap unco nfigured 347 display ap unconfigured Displays Distributed MAPs that are physically connected to the network but that are not configured on any WX switches. Syntax — display ap unconfigured Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. V ersion 6.0 removed the dap option. Usage — This command a[...]

  • Page 348

    348 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  display ap connection on page 34 3  display ap global on page 345 display load-balancing group Displays an RF load balancing gr oupí s memb er radios and current load for each radio. Syntax — display load-bal aning group { group-name | all }| [ap ap-number radio { 1 | 2 }]}  [...]

  • Page 349

    display load-balanci ng group 349 Examples — The following command displays information about the MAP radios that are in the same group as radio 1 on MAP 3: Radios in the same load-balancing gr oup as: ap3/radio1 ------------------------------------ -------------- IP address AP Radio Overlap ------------------ ---- ----- ------- 10.2.28.200 3 1 1[...]

  • Page 350

    350 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display radio-profile Displays radio pr ofile information. Syntax — display radio-profile { name | ? }  name — Displays information about the named radio profile.  ? — Displays a list of radio pr ofiles. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. [...]

  • Page 351

    display radio-profile 351 T able 69 describes the fields in this display . T able 69 Output for display radio-profile Field Description Beacon Interval Rate (in milliseconds) at which each MAP radio in the profile advertises the beaconed SSID. DTIM Interval Number of times after every b eacon that each MAP radio in the radio profile sends a deliver[...]

  • Page 352

    352 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  set radio-profile active-scan on pag e 400  set radio-profile auto -tune channel-config on page 402  set radio-profile auto -tune channel-holddown on page 403  set radio-profile auto-tune ch annel-interval on page 404  set radio-profile auto-tune power -config on page 406 [...]

  • Page 353

    display service-profile 353  set radio-profile max-tx-lifetime on pag e 415  set radio-profile mode on page 416  set radio-profile pr eamble-length on page 419  set radio-profile qo s-mode on page 420  set radio-profile rts-thr eshold on page 423 display service-profile Displays service profi le information. Syntax — display servic[...]

  • Page 354

    354 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  CAC mode  CAC sessions  User idle timeout  Idle client probing  Web Portal Session Timeout  T ransmit rates fo r 11a / 11b / 11g:  beacon rate  multicast rate  mandatory rate  standard rates  disabled rates V ersion 6.0 r emoved the dap option, and added these new[...]

  • Page 355

    display service-profile 355 Examples — The following co mmand disp lays information for service profile spl : WX1200# display service-profile sp1 ssid-name: corp2 ssid-type: crypto Beacon: y es Proxy ARP: no DHCP restrict: no No broadcast: no Short retry limit: 5 Long retry limit: 5 Auth fallthru: no ne Sygate On-Demand (SODA): no Enforce SODA ch[...]

  • Page 356

    356 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T able 70 Output for display service-profile Field Description ssid-name Service set identifier (SSID) ma naged by this service profile. ssid-type SSID type:  crypto — Wireless traffic for the SSID is encrypted.  clear — Wireless traffic for the SSID is unencrypted. beacon Indicates whet[...]

  • Page 357

    display service-profile 357 Sygate On-Demand (SODA) Whether SODA functionality is enabled for the service profile. When SODA functional ity is enabled, connecting clients download SODA agent files , which perform security checks on the client. Enforce SODA checks Whether a client is allowed access to the network after it has downloaded and run the [...]

  • Page 358

    358 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS CAC mode Call Admission Control mode:  none—CAC is disabled.  session—CAC is based on the number of active user sessions. If a MAP radio reaches the maximum number of active user sessions specifie d in the CAC session field, the MAP radio rejects new connection attempts. CAC sessions Max[...]

  • Page 359

    display service-profile 359 WEP Key 3 value State of static WEP key number 3:  none — The key is not configured.  preset — The key is configured. WEP Key 4 value State of static WEP key number 4:  none — The key is not configured.  preset — The key is configured. WEP Unicast Index Index of the static WEP key used to encrypt unic[...]

  • Page 360

    360 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  set service-profile auth-dot1x on pag e 433  set service-profile auth-fallthru on pag e 434  set service-profile auth-psk on page 435  set service-profile auth-psk on page 435  set service-profile beacon on page 436  set service-profile cac- mode on page 438  set ser[...]

  • Page 361

    display service-profile 361  set service-profile no-br oadcast on page 451  set service-profile pr oxy-arp on page 452  set service-profile psk-phrase on page 453  set service-profile psk-raw on page 454  set service-profile rsn-ie on page 455  set service-pr ofile shar ed-key-auth on page 456  set service-profile short-r etry-[...]

  • Page 362

    362 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS res e t a p Restarts a MAP access point. Syntax — reset ap ap-number  ap ap-number — Index value that identifies the MAP on the WX.  dap dap-num — Number of a Distributed MAP to reset. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. V ers ion 6.0 remov[...]

  • Page 363

    set ap auto 363 The profile uses the default radio profile by default. Y ou can chan ge the profile using the set ap auto radio radio-pr ofile command. Y ou can use set ap auto commands to change setting s for the parameters listed in T able 71. (The commands are listed in the “See Also” section.) Examples — The following command creates a pr[...]

  • Page 364

    364 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  set ap blink on page 368  set ap group on page 379  set ap radio auto-tune max-power on page 384  set ap radio auto-tune max- re transmissions on page 385  set ap radio link-calibration on page 38 8  set ap radio mode on page 391  set ap radio radio-profile on page 392  se[...]

  • Page 365

    set ap auto radiotype 365 set ap auto radiotype Sets the radio type for single-MAP ra dios t hat use the MAP configuration profile. Syntax — set ap auto [radiotype {11a | 11b| 11g}]  radiotype {11a | 11b| 11g} — Radio type. (The 11a option applies only to single-radio models . The 802.11a radio in two-radio models is always 802.11a.):  11[...]

  • Page 366

    366 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap auto mode Enables a WX profile for automatic Distributed MAP configuration. Syntax — set ap auto mode {enable | disa ble}  enable — Enables the MAP configuration profile.  disable — Disables the MAP configuration profile. Defaults — The MAP configuration profile is disabled by[...]

  • Page 367

    set ap bias 36 7 set ap bias Changes the bias for a MAP . Bias is t he priority of one WX over ot her WX switches for booting and configuring th e MAP . Syntax — set ap ap-number auto bias { high | low }  ap ap-number — Index value that identifies the MAP on the WX.  ap auto — Configures bias for the MAP configuration profile. (See set [...]

  • Page 368

    368 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command changes the bias for a Distributed MAP to low: WX4400# set dap 1 bias low success: change accepted. See Also  display ap config on page 316 set ap blink Enable s or disables LED blink mode on a MAP to make it ea sy to identify . When blink mode is enabled on ([...]

  • Page 369

    set ap boot- configuration ip 369 set ap boot- configuration ip Specifies static IP address in formation for a Distributed MAP . Syntax — set ap ap-number boot-configra tion ip ip-addr netmask mask-addr gateway gateway-addr [ mode { enable | disable }] Syntax — set dap dap-num boot-ip mode { enable | disable }  ap ap-number — Index value t[...]

  • Page 370

    370 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  clear ap boot-configuration on page 310  display ap boot-configuration on page 342  set ap boot-configuration vlan on page 375 set ap boot- configuration mesh mode Enables WLAN mesh services on the MAP . Syntax — set ap ap-number boot-configration me sh mode [ mode { enable | [...]

  • Page 371

    set ap boot-configuration mesh psk-phrase 371 set ap boot-configuration mesh psk-phrase Specifies a preshared key (PSK) phrase that a Mesh AP uses for authentication to its Mesh Portal AP . Syntax — set ap ap-number boot-configuration mesh psk-phrase passphrase  ap ap-number — Index value that identifies the MAP on the WX.  passphrase —[...]

  • Page 372

    372 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap boot-configuration mesh psk-raw Configures a raw hexadecimal pr eshared key (PSK) to use for authenticating a Mesh AP to a Mesh Portal AP . Radios use the PSK as a pairwise master key (PMK) to derive unique pairwise session keys for individual WP A clients. Syntax — set ap ap-number boot-[...]

  • Page 373

    set ap boot-configuration mesh ssid 373 set ap boot-configuration mesh ssid Specifies the name of the SSID a Me sh AP attempts to associate with when it is booted. Syntax — set ap ap-number boot-configura tion mesh ssid mesh-ssid  ap ap-number — Index value that identifies the MAP on the WX.  mesh-ssid — Name of the mesh SSID (up to 32 [...]

  • Page 374

    374 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap boot- configuration switch Specifies the WX a Distributed MAP contacts an d attempts to use as its boot device. Syntax — set ap ap-number boot-configura tion switch [ switch-ip ip-addr ] [ name name dns ip-addr] [ mode { enable | disable }]  ap ap-number — Index value that indentifie[...]

  • Page 375

    set ap boot-con figuration vlan 375 WX1200# set ap 1 boot- configuration switch switch-ip 172.16.0.21 mode enable success: change accepted. The following command configures Distributed MAP 1 to use the WX with the name wxr2 as its boot devi ce . The DNS server at 172.16.0.1 is used to resolve the name of the WX switch. WX4400# set ap 1 boot-configu[...]

  • Page 376

    376 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Usage — When this command is config ur ed, all Ethernet frames emitted from the Distributed MAP ar e formatted with an 802.1Q tag with a specified VLAN number . Frames sent to the Distributed MAP that are not tagged with this value ar e ignored. Examples — The following co mmand conf igures Di[...]

  • Page 377

    set ap fingerprint 377  fingerprint — The 16-digit hexa decimal number of the fi ngerprint. Use a colon between each digit. Ma ke sure the fing erprint you enter matches the fingerprint used by the MAP . Defaults — None. Access — Enabled. History —Introduced in MSS 4.0. V ersio n 6.0 removed the dap option. Usage — MAPs are configured [...]

  • Page 378

    378 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap for ce-image- download Configures a MAP to download a softw are im age from the WX instead of loading the image locally stor ed on the MAP . Syntax — set ap auto force-image-downloa d {enable | disable}  ap auto —Configures for ced image download for the MAP configuration profile. ?[...]

  • Page 379

    set ap group 379 set ap group Deprecated in MSS V ersion 6.0. T o co nfigure RF load balancing, see “set load-balancing mode” on page 398. set ap location Specifies information about th e physical location of a MAP . Syntax — set ap port-list location string Examples — The following command specifies the location of MAP 7 as the conference [...]

  • Page 380

    380 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS If local switching is enabled on an MAP , but no VLAN pr ofile is configured, then a default VLAN profile is used. The default VLAN profile includes a single VLAN named default that is not tagged. Examples — The following command enables local switching for MAP 7: WX# set ap 7 local-switching mo[...]

  • Page 381

    set ap name 381 Examples — The following command specifies that MAP 7 use VLAN profile locals : WX# set ap 7 local-switching vlan-pr ofile locals success: change accepted. See Also  clear ap local-switching vlan-pr ofile on page 307  set ap local-switching mode on page 379  set vlan profile on page 127 set ap name Chan ges a MAP name. Sy[...]

  • Page 382

    382 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set ap radio antenna-location Specifies the location (indoors or ou t doors) of an exter nal antenna. Use this command to ensure that the proper set of channels is available on the radio. In some case s, the set of valid cha nnels for a radio differs depending on the location of the antenna, indoo[...]

  • Page 383

    set ap radio antennatype 383 set ap radio antennatype Sets the model number for an external antenna. Syntax — set ap ap-number radio { 1|2} antennatype {ANT1060 | ANT1120 | ANT1180 | ANT5060 | ANT5120 | ANT5180 | ANT-1360-OUT | ANT-5360-OUT |ANT-512 0-OUT | internal }  ap ap-number — Index value that identifies the MAP on the WX.  radio 1[...]

  • Page 384

    384 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Defaults — All radios use the internal antenna by default, if the MAP model has an internal antenna. The MP-62 0 802.11b/g radio uses model ANT -1360-OUT by def ault. The MP-620 802.11a radio uses model ANT -5360-OUT by def ault. The AP 3150 802.11b/g radio uses mo del ANT1060 by default.) Acces[...]

  • Page 385

    set ap radio auto-tune max- retransmissions 385 Defaults — The default maximu m power setting t hat RF Auto-T uning can set on a radio is the highest setting allowed for the country of operation or highest settin g supporte d on the hardware, whichever is lower . Access — Enabled. History —Introduced in MSS V ersion 3.0. Option auto added for[...]

  • Page 386

    386 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Defaults — The default is 10 percent. Access — Enabled. History —Introduced in MSS V ersion 3.0. Option auto added for configuration of the MAP configuration profile. V er sion 6.0 re moved the dap option. Usage — A retransmission is a packet sent from a client to a MAP radio that the radi[...]

  • Page 387

    set ap radio channel 387 A radio also can increase power , in 1 dBm increments, if a client falls below the minimum allowed data rate. After a radio increases power , all clients must be at the minimum data rate or higher and the maximum retransmissions must be within the al lowed percentile, before the radio begins reducing power again. Examples ?[...]

  • Page 388

    388 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Usage — Y ou can co nfigure the transmit power of a radio on the same command line. Use the tx-power option. This command is not valid if dynami c ch annel tuning (RF Auto-T uning) is enabled. Examples — The following co mmand configures the channel on the 802.11a radio on the MAP access point[...]

  • Page 389

    set ap radio load balancing 389 Usage — A Mesh Portal MAP can be configur ed to emit link calibration packets to assist with positioning the Mesh AP . A link calibration packet is an unencrypted 802.11 managemen t packet of type Action . When enabled on an MAP , link calibration packets ar e sent at a rate of 5 per secon d. The MP-620 is equipped[...]

  • Page 390

    390 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  disable — Disables link calibration packets for the MAP radio. Defaults — Disabled. Access — Enabled. History — Introduced in MSS V ersion 6.0. Usage — By default, RF load balancing is enabled on al l MAP radios. Use this command to disable or re -enable RF load balancing for the spe[...]

  • Page 391

    set ap radio mode 391  rebalance — Configures the MAP radio to disassociate its client sessions and rebalance th em whenever a new MAP radio is ad ded to the load balancing group. Defaults — By default, MAP radios are not part of an RF load balancing gr oup. Access — Enabled. History — Introduced in MSS V ersion 6.0. Usage — Assigning [...]

  • Page 392

    392 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  mode disable — Disables a radio. Defaults — MAP access point radios are disabled by default. Access — Enabled. History —Introduced in MSS V ersion 3.0. Option auto added for configuration of the MAP configuration profile. V er sion 6.0 re moved the dap option. Usage — T o enable or d[...]

  • Page 393

    set ap radio tx-power 393  radio-profile name — Radio profile name of up to 16 alphan umeric characters, with no spaces.  mode enable — Enables radios on the sp ecified ports with th e parameter settings in t he specified radio profile.  mode disable — Disables radios on the specified ports. Defaults — None. Access — Enabled. His[...]

  • Page 394

    394 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  tx-power power-level — Number of decibels in r elation to 1 milliwatt (dBm). The valid valu es depend on the country of operation. The maximum transmit power you can config ure on any 3Com radio is the maximum allowed for the country in wh ich you plan to operate the radio or one of the foll[...]

  • Page 395

    set ap security 395 set ap security Sets security requir ements for mana gement sess ions between a WX and its Distributed MAPs. This feature applies to Distributed MA Ps only , not to directly connected MAPs configured on MAP access ports. The maximum transmission unit (MTU ) for encrypted MAP management traffic is 1498 bytes, whereas the MTU for [...]

  • Page 396

    396 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand configures a WX to r equire Distributed MAPs to have encryption keys: WX4400# set ap security require See Also  display ap config on page 316  display ap status on page 331  set ap fingerprint on page 376 set ap upgrade-firmware Disables or reenables au[...]

  • Page 397

    set band-preference 397 set band-prefer ence Configures MSS to steer clients that support both the 802.11a and 802.11b/g radio bands to a specific radio on an MAP for the purpose of RF load balancing. Syntax — set band-preference { none | 11bg | 11a }  none — When a client supports bo th 802.11a and 802.11b/g radio bands, does not steer the [...]

  • Page 398

    398 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set load-balancing mode Disables or reena bles RF load balancing glob baly on the WXMAP. Syntax — set load-balancing mode {enable | disable }  enable — Enable s RF load balancing globa lly on the WX.  disable — Disables RF load balanc ing globally on the WX. Defaults — RF load balanc[...]

  • Page 399

    set load-balancing strictness 399 set load-balancing strictness Controls the degr ee to which MSS ba lances the client load among MAPs when performing RF load balancing. Syntax — set load-balancing strictness {low | med | high | max }  low — No clients are denied service. New clients can be steered to other MAPs, but only to the extent that [...]

  • Page 400

    400 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS At the other end of the spectrum, when max strictness is specified, if an MAP radio has r eached its maximum clie nt load, MSS make s it invisible to new clients, causing them to at tempt to connect t o other MAP radios. In the event that all the MAP radios in the group have r eached their maximum[...]

  • Page 401

    set radio-profile auto-tune 11a-channel-range 401  disable — Configures radios to scan only passively for r ogues by listening for beacons and probe r esponses. Defaults — Active scanning is enabled by default. Access — Enabled. History —Introduced in MSS V ersion 4.0. Usage — Y ou can enter this command on any WX in the Mobility Domai[...]

  • Page 402

    402 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand en ables the 80 2.11a radio to select any available channel in the 802.11a range: WX1200# set radio-profile test auto- tune 11a-channel-range all-bands success: change accepted. set radio-profile auto-tune channel-config Disables or reenables dynamic cha nnel tu[...]

  • Page 403

    set radio-profile auto-tune channel-holddown 403 Examples — The following co mmand disa bles dynamic channel tuning for radios in the rp2 radio profile: WX4400# set radio-profile rp2 auto-t une channel-config disable success: change accepted. See Also  display radio-profile on page 350  set ap radio channel on page 387  set radio-profile[...]

  • Page 404

    404 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand changes the channel holdd own for radios in radio profile rp2 to 600 seconds: WX4400# set radio-profile rp2 auto-t une channel-holddown 600 success: change accepted. See Also  display radio-profile on page 350  set radio-profile auto -tune channel-config o[...]

  • Page 405

    set radio-profile auto -tu ne channel-lo ckdown 405 Examples — The following command sets the channel interval for radios in radio pr ofile rp2 to 2700 seconds (45 minutes): WX4400# set radio-profile rp2 auto-tune channel-interval 2700 success: change accepted. See Also  display radio-profile on page 350  set radio-profile auto -tune channe[...]

  • Page 406

    406 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command lock s down the channel settings for radios in radio profile rp2 : WX# set radio-profile rp2 auto-tune channel-lockdown success: change accepted See Also  display radio-profile on page 350  set radio-profile auto -tune channel-config on page 402  set rad[...]

  • Page 407

    set radio-profile auto-tune power-interval 407 Examples — The following command enab les dynamic power tuning for radios in the rp2 radio profile: WX4400# set radio-profile rp2 auto-t une power-config enable success: change accepted. See Also  display radio-profile on page 350  set ap radio auto-tune max-power on page 384  set ap radio a[...]

  • Page 408

    408 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  display service-profile on page 353  set ap radio auto-tune max- re transmissions on page 385  set radio-profile auto-tune power -config on page 406 set radio-profile auto-tune power -lockdown Locks down the current power settings on all radios in a radio pr ofile. The power set[...]

  • Page 409

    set radio-profile auto-tune power-ramp-interval 409 set radio-profile auto-tune power -ramp-interv al Changes the interval at which power is increased or decreased, in 1 dBm increments, on radios in a radio pr ofile until the optimum power level calculated by RF Auto-T uning is reached. Syntax — set radio-profile name auto-tune power-ramp-interva[...]

  • Page 410

    410 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou must disable all rad ios that are using a radio pr ofile before you can change pa rameters in t he profile. Use the set radio-profile mode command . Examples — The following co mmand chan ges the beacon interval for ra[...]

  • Page 411

    set radio-profile countermeasures 41 1  configured — Configur es radios to attack only devices in the attack list on the WX switch (on-demand countermeasures). When this option is specified, devices found to be rogues by other means, such as policy violations or by determining that the device is providing connectivity to the wired network, are[...]

  • Page 412

    412 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile dtim-interval Changes the number of times after ever y beacon that each MAP radio in a radio profile sends a delivery tra f fic indication map (DTIM). A MAP sends the multicast and broadcast frames stored in its buf fers to clients who request them in r esponse to the DTIM. The D[...]

  • Page 413

    set radio-profile frag-threshold 413 set radio-profile frag-threshold Changes the fragmentation threshold for the MAP radios in a radio profile. The fragmentation threshold is the threshold at which the long-retry-count is applicable insted of the short-retry-count. The long-retry-count specifies the number of times a radio can send a unicast frame[...]

  • Page 414

    414 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  display radio-profile on page 350  set radio-profile mode on page 416  set radio-profile rts-thr eshold on page 423  set service-profile long-r etry-count on pag e 449  set service-profile short-r etry-count on page 456 set radio-profile long-retry Deprecated in MSS V ersi[...]

  • Page 415

    set radio-profile max-tx-lifetime 415 See Also  display radio-profile on page 350  set radio-profile mode on page 416  set radio-profile max-tx-lifetime on pag e 415 set radio-profile max-tx-lifetime Changes the maximum transmit threshold for the MAP radios in a radio profile. The maximum transmit threshold specifies the number of millisec[...]

  • Page 416

    416 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile mode Creates a new radio profile, and disables or reenables all MAP radios that are using a specific pr ofile. Syntax — set radio-profile name [ mode { enable | disable }]  radio-profile name — Radio pr ofile name of up to 16 alp hanumeric characters, with no spaces. Use t[...]

  • Page 417

    set radio-profile mode 417 Access — Enabled. History —Introduced in MSS V ersion 3.0. V ersion 4.2 made the following changes:  Removed the following parame ters that no longer apply:  11g-only  long-retry  short-retry  The wmm parameter name changed to qos-mode . Usage — Use the command without any optional parameters to cr ea[...]

  • Page 418

    418 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T o change a parameter in a radio pr ofile, you must first disable all the radios in the profile. After you complete the change, you can reenable the radios. T o enable or disable specific radios without disabling all of them, use the set ap radio command. Examples — The following command config[...]

  • Page 419

    set radio-profile preamble-length 419 set radio-profile preamble-length Changes the preamble length for which an 802.11b/g MAP radio advertises support. This co mma nd does not apply to 802.11a. Syntax — set radio-profile name preamble-length { long | short }  name — Radio profile name.  long — Advertises support for lon g preambles. ?[...]

  • Page 420

    420 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile qos-mode Sets the prioritization mode for forwarding queues on MAP radios managed by the radio profile. Syntax — set radio-profile name qos-mode { svp | wmm }  svp — Optimizes fo rwarding prioriti zation of MAP radios for SpectraLink V oice Priority (SVP).  wmm — Clas[...]

  • Page 421

    set radio-profile rfid-mode 421 set radio-profile rfid-mode Enables MAP radios manage d by a radio profile to function as location recei vers in an AeroScout Visi bility Sy stem. An Aer oScout Visibility System allows system administ rators to tr ack mobile assets using RFID tags. When you enable RFID mode on a radio profile, radios in the profile [...]

  • Page 422

    422 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Defaults — Data rate enforcement is disabled by default. Access — Enabled. History — Introduced in MSS V ersion 6.0. Usage — Each type of radio (802.11a, 802.11b, and 802.11g) providin g service to an SSID has a set of radio rates allowed for use when sending beacons, multicast fra mes, an[...]

  • Page 423

    set radio-profile rts-threshold 423 See Also  display ap counters on page 319  set service-profile transmit-rates on page 468 set radio-profile rts-threshold Changes the RTS threshold for the MAP radios in a radio profile. The RTS threshold specifies the maximum length a frame can be bef ore the radio uses the RTS/CTS method to send the frame[...]

  • Page 424

    424 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile service-profile Maps a service profile to a radio profile. All radios that use the radio profile also use the parameter settin gs, including SSID and encryption settings, in the service profile. Syntax — set radio-profile name service-profile name  radio-profile name — Rad[...]

  • Page 425

    set radio-profile service-profile 425 cipher-ccmp disable Does not use Counter with Cipher Block Chaining Message Authentication Code Protocol (CCMP) to encrypt traffi c sent to WPA clients. cipher-tkip enable When the WPA IE is enabled, uses Temporal Key Integrity Protocol (TKIP) to encrypt traffic sent to WPA clients. cipher-wep104 disable Does n[...]

  • Page 426

    426 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS shared-key-auth disable Does not use shared- key authentication. This parameter does not enable PSK authentication for WP A. To enable PSK encryption for WPA, use the set radio-profile auth-psk command. short-retry-count 5 Sends a short unicast frame up to five times without acknowledgment. soda d[...]

  • Page 427

    set radio-profile service-profile 427 transmit-rates 802.11a: mandatory: 6.0 ,12.0,24.0 beacon-rate: 6.0 multicast-rate: auto disabled: none 802.11b: mandatory: 1.0,2.0 beacon-rate: 2.0 multicast-rate: auto disabled: none 802.11g: mandatory: 1.0,2.0,5.5,11. 0 beacon-rate: 2.0 multicast-rate: auto disabled: none Accepts associations on ly fro m clie[...]

  • Page 428

    428 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou must configure the service profile before you can map it to a radio profile. Y ou can map the same service pr ofile to more than one radio profile. Y ou must disable all radios t hat use a radio profile before you can ch[...]

  • Page 429

    set radio-profile service-profile 429  set service-profile cac-mode on page 438  set service-profile cac-se ssion on page 439  set service-profile cipher -ccmp on pag e 440  set service-profile cipher -tkip on pag e 441  set service-profile cipher -wep104 on p age 442  set service-profile cipher -wep40 on page 443  set service-[...]

  • Page 430

    430 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile short-r etry Deprecated in MSS V ersion 4.2. In 4.2, this parameter is associated with service pr ofiles instead of rad io profiles. See set ser vice-profile short-re try-count on page 456. set radio-profile wmm Deprecated in MSS V ersion 4.2. T o enable or disable WMM, see set r[...]

  • Page 431

    set service-profile attr 431 Usage — U-APSD is supported only for QoS mode WMM. If WMM is not enabled on the radio profile, use the set radio-pr ofile qos-mode command to enable it. Examples — The following co mmand enab les U-APSD on radio pr ofile rp1: WX2200# set radio-profile rp1 wmm-po wersave enable success: change accepted. See Also  [...]

  • Page 432

    432 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS The SSID default attributes ar e applied in addition to any attributes su pplied for the user by the RADIUS server or the local database. When the same attribute is specified both as an SSID default attribute and thr ough AAA, then the attribute supplie d by the RADIUS ser ver or the local databa [...]

  • Page 433

    set service-profile auth-dot1x 433 See Also  display service-profile on page 353  display sessions network on page 620 set service-profile auth-dot1x Disables or reenables 802.1X authentication of Wi-Fi Protected Access (WP A) clients by MAP radios, when th e WP A information element (IE) is enabled in the service profile that is mapped to th[...]

  • Page 434

    434 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  display service-profile on page 353  set service-profile auth-psk on page 435  set service-profile psk-phrase on page 453  set service-profile wpa-ie on page 481 set service-profile auth-fallthru Specifies the au thentication type f or users who do no t match an 802.1X or MAC[...]

  • Page 435

    set service-profile auth-psk 435 Access — Enabled. History —Introduced in MSS V ersion 3.0. Option for WebAAA fallthru authentication type changed from web-auth to web-portal in MSS V ersion 4.1. Usage — The last-resort fallthru authentication type allows any user to access any SSID managed by the service profile. This method does not requir [...]

  • Page 436

    436 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — This command affects authentication of WP A client s only . T o use PSK authentication, you also must configure a passphrase or key . In addition, you must enable the WP A IE. The WebAAA fallthru authentication type is not su[...]

  • Page 437

    set service-profile brid ging 437  enable — Enables beaconing of the SSID managed by the service profile.  disable — Disables beaconing of the SSID managed by the service profile. Defaults — Beaconing is e nabled by defa ult. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand disa bles bea[...]

  • Page 438

    438 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Usage — WLAN mesh services can be used in a wire less bridge configuration, implementing MAPs as bridge end points in a transp arent Layer 2 bridge. A typical application of wireless bridging is to provide network connectivity between two bu ildings using a wireless link. A Mesh Portal AP servin[...]

  • Page 439

    set service-profile cac-session 439 Examples — The following co mmand enables session-based CAC on service profile sp1 : WX4400# set service-profile sp1 cac-mode session success: change accepted. See Also  display service-profile on page 353  set service-profile cac-se ssion on page 439 set service-profile cac-session Specifies the maximum [...]

  • Page 440

    440 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile cipher -ccmp Enables Counter with Cipher Block Chaining Message Aut hentication Code Pr otocol (CCMP) encr yption with WP A clients, for a service pr ofile. Syntax — set service-profile name cipher-ccmp { enable | disable }  name — Service pr ofile name.  enable — E[...]

  • Page 441

    set service-profile cipher-tkip 441 set service-profile cipher -tkip Disables or reenables T emporal Key Integr ity Protocol (TKIP) encryption in a service profile. Syntax — set service-profile name cipher-tkip { enable | disable }  name — Service pr ofile name.  enable — Enables TKIP encryption for WP A clients.  disable — Disable[...]

  • Page 442

    442 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile cipher -wep104 Enables dynamic W ired Equivalent Privacy (WEP) with 104-bit keys, in a service profile. Syntax — set service-profile name cipher-w ep104 { enable | disable }  name — Service pr ofile name.  enable — Enables 104-bit WEP encryption for WP A clients. ?[...]

  • Page 443

    set service-profile cipher-wep40 44 3 See Also  display service-profile on page 353  set service-profile cipher -ccmp on pag e 440  set service-profile cipher -tkip on pag e 441  set service-profile cipher -wep40 on page 443  set service-profile wep key-index on page 4 80  set service-profile wpa-ie on page 481 set service-profile[...]

  • Page 444

    444 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T o support non-WP A clients that use static WEP , you must configure static WEP keys. Use the set service-profile wep key-index command. Examples — The following co mmand c onfigures service pr ofile sp2 to use 40-bit WEP encr yption: WX4400# set service-profile sp2 cipher-wep40 enable success:[...]

  • Page 445

    set service-profile dhcp-restrict 445 WX4400# set service-profile sp1 cos 7 success: change accepted. See Also  display service-profile on page 353  set service-profile static-cos on page 467 set service-profile dhcp-restrict Enables or disabl es DHCP Restrict on a service pr ofile. DHCP Restrict filters the traffic from a newly associated cl[...]

  • Page 446

    446 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile idle-client-probing Disables or reenables periodic keepalives from MAP radios to clien ts on a service profile’ s SSID. Wh en idle-client probing is enabled, the MAP radio sends a unicast null-data frame to each client every 10 seconds. Normally , a client that is still activ[...]

  • Page 447

    set service-profile keep-initial-vlan 447 set service-profile keep-initial-vlan Configures MAP radios managed by the radio pr ofile to leave a roamed user on the VLAN assigned by the switch wher e the user logged on. When this option is disabled, a user’ s VLAN is r eassigned by each WX switch to which a user roam s. Syntax — set service-profil[...]

  • Page 448

    448 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile load-balancing- exempt Exempts a service profile from performin g RF load balancing. Syntax — set service-profile name load-balancing -exempt {enable | disable}  name — Service profile name.  enable — Exempts the specified service pr ofile from RF load balancing. ?[...]

  • Page 449

    set service-profile long-retry-count 449 set service-profile long-retry-count Changes the long retry threshold fo r a service profile . Th e long retry threshold specifies the nu mber of times a radio can send a long unicast frame without receiving an acknowle dgment. A long unicast frame is a frame that is equal to or longer than the frag-threshol[...]

  • Page 450

    450 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile mesh Creates a service pr ofile for use with WLAN mesh services. Syntax — set service-profile name mesh mode {enable | disable}  name — Service profile name.  enable — Enables mesh services for the service profil e.  disable — Disables mesh services for the ser[...]

  • Page 451

    set service-profile no-broadcast 451 set service-profile no-broadcast Disables or reena bles the no-broad cast mode. The no-broadcast mode helps reduce traffic overhead on an SS ID by having more SSID bandwidth available for unicast traffic. The no -broadcast mode also helps V oIP handsets conserve power by reducing the amount of broadcast traf fic[...]

  • Page 452

    452 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand enables the no-broadcast mode on service profile sp1 : WX4400# set service-profile sp1 no-broadcast enable success: change accepted. See Also  display service-profile on page 353  set service-profile dhcp-r estrict on page 445  set service-profile proxy[...]

  • Page 453

    set service-profile psk-phrase 453 Examples — The following command en ables proxy ARP on service profile sp1 : WX4400# set service-profile sp1 prox y-arp enable success: change accepted. See Also  display service-profile on page 353  set service-profile dhcp-r estrict on page 445  set service-profile no-br oadcast on page 451 set servic[...]

  • Page 454

    454 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand c onfigures service pr ofile sp3 to use passphrase “123456789 0123<>?=+&% The quick brown fox jumps over the lazy sl”: WX4400# set service-profile sp3 psk-phrase "1234567890123<> ?=+&% The quick brown fox jumps over the lazy sl"[...]

  • Page 455

    set service-profile rsn-ie 455 Examples — The following co mmand c onfigures service pr ofile sp3 to use a raw PSK with PSK clients: WX4400# set service-profile sp3 psk-raw c25d3fe4483e867 d1df96eaacdf8b02451fa0836162e758100f 5f6b87965e59d success: change accepted. See Also  display service-profile on page 353  set mac-user attr on page 261[...]

  • Page 456

    456 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile shar ed-key-auth Enables shared-key authentication, in a service profile. Use this command only if advised to do so by 3Com. This command does not enable preshare d key (PSK) authentication f or Wi-Fi Pro tected Access (WP A). T o enable PSK encryption for WP A, use the set ser[...]

  • Page 457

    set service-profile soda agent-directory 457  threshold — Number of times a radio can send the same short unicast frame. Y ou can enter a value from 1 thr ough 15. Defaults — The default short unicast retry thr eshold is 5 attempts. Examples — Enabled. History —Introduced in MSS V ersion 4.2. Examples — The following co mmand changes t[...]

  • Page 458

    458 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand specifies soda-agent as the location for SODA agent files for service profile sp 1: WX4400# set service-profile sp1 soda agent-directory soda-agent success: change accepted. See Also  display service-profile on page 353  install soda agent on page 673  [...]

  • Page 459

    set service-profile soda failure-p age 459 When the enforce checks option is enabled, upon successful completion of the SODA agent checks, the client performs an HTTP Get operation to load the success page. Upon loading the success page, the client is granted access to the network. In order for the client to load the success page, you must make sur[...]

  • Page 460

    460 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Usage — Use this command to specify a custom page to be loaded by the client when the SO DA agent checks fail. After this page is loaded, the specified remediation ACL takes ef fect, or if there is no r emediation ACL configured, then the client is disconnected from the network. This functionali[...]

  • Page 461

    set service-profile sod a logout-page 46 1 History —Introduced in MSS V ersion 4.2. Usage — When a client closes the SODA virtual desktop, the client is automatically disconnected from the network. Y ou can use this command to specify a page that loads when the client closes the SODA virtual desktop. The client can request this page at any time[...]

  • Page 462

    462 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile soda mode Enables or disables Sygate On-Deman d (SODA) functionality for a service profile. Syntax — set service-profile name soda mode { ena ble | disable }  name — Service pr ofile name.  enable — Enables SODA func tionalit y for the service pr ofile.  disable [...]

  • Page 463

    set service-profile soda remediation-acl 46 3 set service-profile soda remediation-acl Specifies an ACL to be applied to a client if it fails th e checks performed by the SODA agent. Syntax — set service-profile name soda remediati on-acl acl-name  name — Service pr ofile name.  acl-name — Name of an existing security ACL to u se as a r[...]

  • Page 464

    464 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile soda success-page Specifies a page on the WX that load s w hen a client passes the security checks performed b y the SODA agent. Syntax — set service-profile name soda success-p age page  name — Service pr ofile name.  page — Page that is loaded if the client passes[...]

  • Page 465

    set service-profile ssid-name 465 See Also  display service-profile on page 353  set service-profile soda enforce-checks on page 458  set service-profile soda mode on page 462 set service-profile ssid-name Configures the SSID name in a service pr ofile. Syntax — set service-profile name ssid-name ssid-name  name — Service pr ofile n[...]

  • Page 466

    466 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile ssid-type Specifies whether the SSID managed by a service profile is encrypted or unencrypted. Syntax — set service-profile name ssid-type [ clear | crypto ]  name — Service pr ofile name.  clear — Wireless traffic for the service profile’ s SSID is not encrypted.[...]

  • Page 467

    set service-profile static-cos 46 7 History —Introduced in MSS V ersion 3.0. Usage — Countermeasures apply only to TKIP and WEP clients. This includes WP A WEP clients and no n-WP A WEP clients. CCMP clients are not affected. The TKIP cipher suite must be enabled. The WP A IE also must be enabled. Examples — The following co mmand changes the[...]

  • Page 468

    468 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Defaults — Static CoS is disabled by default. Access — Enabled. History —Introduced in MSS V ersion 4.2. Usage — The CoS level is specified by the set service-pr ofile cos command. Examples — The followin g command enables stat ic CoS on service profile sp1 : WX4400# set service-profile [...]

  • Page 469

    set service-profile transmit-rates 469 The valid rates depend on the radio type:  11a —6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0  11b —1.0, 2.0, 5.5, 11.0  11g —1.0, 2.0, 5.5, 6.0, 9.0, 11.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0 Use a comma to separate mult iple rates; for example: 6.0,9.0,12.0  disabled rate-list — Data transm[...]

  • Page 470

    470 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  beacon-rate :  11a— 6.0  11b— 2.0  11g— 2.0  multicast-rate — auto for all radio types. Access — Enabled. History —Introd uced in MSS Version 4.2. Usage — If you disable a rate, you can not use the rate as a mandatory rate or the beacon or multicast rate. All rates th[...]

  • Page 471

    set service-profile user-idle-timeout 471 History — If this command is enabled in the service pr ofile, the 802.11 QoS level is ignored, and MSS classifies QoS level of IP packets based on their DSCP value. Examples — The following command enables mapping the QoS level of IP packets based on their DSCP value for service profile sp1 : WX# set se[...]

  • Page 472

    472 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS WX4400# set service-profile sp1 user-idle-timeout 360 success: change accepted. See Also  display service-profile on page 353  set service-profile idle-client-pr obing on page 446  set service-profile web- portal-session-timeout on page 477 set service-profile web-portal-acl Changes the A[...]

  • Page 473

    set service-profile web-portal-form 473 The Web-Portal ACL applies only to users who log on using Web Portal, and applies only during authentication. After a Web Portal user is authenticated, the Web Portal ACL no longer applies. ACLs and other user attributes assigned to the username a re applied instead. Examples — The following co mmand change[...]

  • Page 474

    474 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T o use WebAAA, the fallthru authentica tion ty pe in the service profile that manages the SSID must be set to web . T o use WebAAA for a wired authentication port, edit the port configuration with the set port type wired-auth command. Examples — The following commands create a subdirectory name[...]

  • Page 475

    set service-profile web-portal-logout lo gout-url 475 set service-profile web-portal-logout logout-url Specifies the URL that is requested when the user clicks the button to terminate his or her session in the Mobility Domain. Syntax — set service-profile profile-n ame web-portal-logout logout-url url  name — Service pr ofile name.  url ?[...]

  • Page 476

    476 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command configures the W eb Portal logout URL as: wifizone.3Com.com/logout.h tml for service profile sp1 . WX# set service-profile sp1 web-port al-logout logout-url https://wifizone.3Com.com/logout.htm l success: change accepted. See Also  display service-profile on p[...]

  • Page 477

    set service-profile web-portal-session-timeout 47 7 Examples — The following command enables the W eb Portal logout functionality for service profile sp1 . WX# set service-profile sp1 web-port al-logout mode enable success: change accepted. See Also  display service-profile on page 353  set service-profile we b-portal-logout logout-u rl on [...]

  • Page 478

    478 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Note that the Web Portal WebAAA se ssion timeout period applies only to Web Portal WebAAA sessions alr eady authenticated with a user name and password. For all other W eb Portal WebAAA sessions, the default Web Portal WebAAA session timeout period of 5 second s is used. Examples — The following[...]

  • Page 479

    set service-profile wep active-unicast- index 479 See Also  display service-profile on page 353  set service-profile we p active-unicast- index on page 479  set service-profile wep key-index on page 4 80 set service-profile wep active-unicast- index Specifies the static W ired-Equivalent Privacy (WEP) ke y (one of four) to use for encrypti[...]

  • Page 480

    480 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile wep key-index Sets the value of one of four static Wired-Equivalent Privacy (WEP) keys for static WEP encryption. Syntax — set service-profile name wep key-in dex num key value  name — Service pr ofile name.  key-index num — WEP key index. Y ou can enter a value fro[...]

  • Page 481

    set service-profile wpa-ie 481 set service-profile wpa-ie Enables the WP A infor mation element (IE) in wireless frames. The WP A IE advertises the WP A authentication meth ods and cipher suites supp orted by radios in the radio profil e mapped to the service profile. Syntax — set service-profile name wpa-ie { ena ble | disable }  name — Ser[...]

  • Page 482

    482 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS[...]

  • Page 483

    12 STP C OMMANDS Use Spanning T ree Pr otocol (STP) command s to configure and manage spanning trees on the virtual LANs (VLANs) configured on a wir eless LAN switch or controller , to maintain a loop-free network. STP Commands by Usage This chapter presents STP command s alphabetically . Use the following table to locate commands in this chapter b[...]

  • Page 484

    484 C HAPTER 12: STP C OMMANDS clear spantree portcost Resets to the default value t he cost of a network p ort or ports on paths to the STP root bridge in all VLANs on a WX. Syntax — clear spantree portcost port-list  port-list — List of ports. The port cost is r eset on the specified ports. Defaults — None. Access — Enabled. History ?[...]

  • Page 485

    clear spantree portpri 48 5 clear spantree portpri Resets to the default value the priority of a network port or ports for selection as part of the path to th e STP root bridge in all VLANs on a wireless LAN switch or contr oller . Syntax — clear spantree portpri port-list  port-list — List of ports. The p ort priority is reset to 32 (the de[...]

  • Page 486

    486 C HAPTER 12: STP C OMMANDS  vlan vlan-id — VLAN name or number . MSS resets the cost for only the specified VLAN. Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 3.0. Usage — MSS does not change a port’ s cost for VLANs other than the one(s) you specify . Examples — The following co mmand resets the STP [...]

  • Page 487

    clear spantree statistics 487 History —Introduced in MSS V ersion 3.0. Usage — MSS does not change a port’ s prior ity for VLANs other than the one(s) you specify . Examples — The following command resets the STP priority for port 2 in VLAN avocado: WX4400# clear spantree portvlanpri 2 vlan avocado success: change accepted. See Also  cle[...]

  • Page 488

    488 C HAPTER 12: STP C OMMANDS display spantree Displays STP configuration and port- state information. Syntax — display spantree [ port-list | vlan vlan- id ][ active ]  port-list — List of ports. If you do not specify any ports, MSS displays STP information for all ports.  vlan vlan-id — VLAN name or number . If you do not specify a V[...]

  • Page 489

    display spantree 489 7 1 Forwarding 19 128 Disabled 8 1 Disabled 19 128 Disabled 9 1 Disabled 19 128 Disabled 17 1 STP Off 19 128 Disabled 18 1 STP Off 19 128 Disabled T able 75 describes the fields in this display . T able 75 Output for display spantree Field Description VLAN VLAN number. Spanning tree mode In the current software version, the mod[...]

  • Page 490

    490 C HAPTER 12: STP C OMMANDS Port Port numb er. Only network ports are listed. STP does not apply to 3Com Wireless LAN Managed Access Point AP2750 ports or wired authentication ports. Vlan VLAN ID. STP-State or Port-State STP state of the port:  Blocking—The port is no t forwarding Layer 2 traffic but is listening to and forwarding STP contr[...]

  • Page 491

    display spantree backbonefast 49 1 See Also  display spantree blockedp orts on page 492 display spantree backbonefast Indicates whether the STP backbone fa st convergence featur e is enabled or disabled. Syntax — display spantree backbonefast Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Port-state STP state of [...]

  • Page 492

    492 C HAPTER 12: STP C OMMANDS Examples — The following example shows the command out put on a WX switch with backbone fast convergence enabled: WX4400# display spantree backbonefas t Backbonefast is enabled See Also  set spantree backbonefast on page 502 display spantree blockedports Lists information abou t wi reless LAN switch ports that ST[...]

  • Page 493

    display spantree portfast 493 display spantree portfast Displays STP uplink fast convergence information for all network ports or for one or more network ports . Syntax — display spantree portfast [ port-list ]  port-list — List of ports. If you do not specify any ports, MSS displays uplink fast convergence information for all por ts. Defaul[...]

  • Page 494

    494 C HAPTER 12: STP C OMMANDS display spantree portvlancost Shows the cost o f a port on a path t o the STP root bridge, for each of the port’ s VLANs. Syntax — display spantree portvlancost port-list  port-list — List of ports. Defaults — None. Access — All. History —Introduced in MSS V e rsion 3.0. Examples — The following co mm[...]

  • Page 495

    display spantree statistics 495 Usage — The command displays statisti cs separately for each port. Examples — The following co mmand shows STP statistics for port 1: WX4400# display spantree statistics 1 BPDU related parameters Port 1 VLAN 1 spanning tree enabled for VLAN = 1 port spanning tree enabled state Forwarding port_id 0x8015 port_numbe[...]

  • Page 496

    496 C HAPTER 12: STP C OMMANDS topology change timer value 0 hold timer INACTIVE hold timer value 0 delay root port timer INACTIVE delay root port timer value 0 delay root port timer restarted is FALSE VLAN based information & statistics spanning tree type ieee spanning tree multicast address 01-00-0c-cc-cc-cd bridge priority 32768 bridge MAC a[...]

  • Page 497

    display spantree statistics 497 T able 77 Output for display spantree statistics Field Descri ption Port Port number. VLAN VLAN ID. Spanning Tree enabled for vlan State of the STP feature on the VLAN. port spanning tree State of the STP feature on the port. state STP state of the port:  Blocking — The port is not forwarding Layer 2 traffic but[...]

  • Page 498

    498 C HAPTER 12: STP C OMMANDS config_pending I ndicates whether a configured BPDU is to be transmitted on expiration of the hold timer for the port. port_inconsistency Indicates whether the port is in an inconsistent state. config BPDU’s xmitted Number of BPDUs transmitted from the port. A number in parentheses indicates the number of configured[...]

  • Page 499

    display spantree statistics 499 hold timer Status of the hold timer. This timer ensures that configured BPDUs are not trans mitted too frequently through any bridge port. hold timer value Current value of the hold timer, in seconds. delay root port timer Status of the delay root po rt timer, which enables fast convergence when uplink fast convergen[...]

  • Page 500

    500 C HAPTER 12: STP C OMMANDS See Also  clear spantree stati stics on page 487 display spantree uplinkfast Shows uplink fast convergence infor m ation for one VLAN or all VLANs. Syntax — display spantree uplinkfast [ vlan vlan- id ]  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, MSS displays STP statisti cs for all V[...]

  • Page 501

    set spantree 501 See Also  set spantree uplinkfast on page 510 set spantree Enables or disables STP on one VLAN or all VLANs configured on a WX switch. Syntax — set spantree { enable | disable } [{ all | vlan vlan-id | port port- list vlan-id }]  enable — Enables STP .  disable — Disables STP .  all — Enables or disables STP on [...]

  • Page 502

    502 C HAPTER 12: STP C OMMANDS See Also  display spantree on page 488 set spantree backbonefast Enables or disables STP ba ckbone fa st convergence on a wireless LAN switch. This feature accelerates a port’ s recovery following the failure of an indirect link. CAUTION: The backbone fast converg ence feature is not compatible with switches that[...]

  • Page 503

    set spantree fwddelay 503 set spantree fwddelay Changes the period of time after a t opology change that a WX switch which is not the root bridge waits to begin forwar ding Layer 2 traffic on one or all of its configured VLANs. (The r oot bridge always forwards traffic.) Syntax — set spantree fwddelay delay { all | vlan vlan-id }  delay — De[...]

  • Page 504

    504 C HAPTER 12: STP C OMMANDS Access — Enabled. History —Introduced in MSS V e rsion 3.0. Examples — The following co mmand change s the hello interval for all VLANs to 4 seconds: WX4400# set spantree hello 4 all success: change accepted. See Also  display spantree on page 488 set spantree maxage Changes the maximum age for an STP root br[...]

  • Page 505

    set spantree portcost 505 set spantree portcost Changes the cost that transmission through a network port or ports in the default VLAN on a wireless LAN switch adds to the total cost of a path to the STP root bridge. Syntax — set spantree portcost port-list cost co st  port-list — List of ports. MSS applies the cost change to all the specifi[...]

  • Page 506

    506 C HAPTER 12: STP C OMMANDS See Also  clear spantree portcost on page 484  clear spantree portvlancost on page 485  display spantree on page 488  display spantree portvlancost on page 494  set spantree portvlancost on page 508 set spantree portfast Enables or disables STP por t fast c onvergence on one or more ports on a wireless [...]

  • Page 507

    set spantree portpri 50 7 set spantree portpri Changes the STP priority of a network port or ports for select ion as part of the path to the STP root bridge in the default VLAN on a wireless LAN switch. Syntax — set spantree portpri port-list priority value  port-list — List of ports. MSS changes the priority on the specified ports.  prio[...]

  • Page 508

    508 C HAPTER 12: STP C OMMANDS set spantree portvlancost Changes the cost of a network por t or ports on paths to the STP root bridge for a specific VLAN on a wireless LAN switch. Syntax — set spantree portvlancost port-lis t cost cost { all | vlan vlan-id }  port-list — List of ports. MSS applies the cost change to all the specified ports. [...]

  • Page 509

    set spantree portvlanpri 50 9 set spantree portvlanpri Changes the priority of a network port or ports for selectio n as part of the path to the STP root bridge, on one VLAN or all VLANs. Syntax — set spantree portvlanpri port-list priority value { all | vlan vlan-id }  port-list — List of ports. MSS changes the priority on the specified por[...]

  • Page 510

    510 C HAPTER 12: STP C OMMANDS set spantree priority Changes the STP root bridge priority of a wir eless LAN switch on one or all of its VLANs. Syntax — set spantree priority value { all | vlan vlan-id}  priority value — Priority value. Y ou can specify a value from 0 through 65,535. The bridge with the lo west priority value is elected to b[...]

  • Page 511

    set spantree uplinkfast 511 History —Introduced in MSS V ersion 3.0. Usage — The uplink fast convergence feature is applicable to bridges that are acting as access switch es to the network core (distribution layer) but are not in the core themselves. Do not enable the feature on WX switches that are in the network cor e. Examples — The follow[...]

  • Page 512

    512 C HAPTER 12: STP C OMMANDS[...]

  • Page 513

    13 IGMP S NOOPING C OMMANDS Use Internet Group Management Pr otocol (IGMP) snooping commands to configure and manage multicast traff ic reduction on a WX. Commands by usage This chapter presents IGMP snooping commands alphabetically . Use the following table to locate commands in this chapter based on their use. T able 80 IGMP Commands by Usage Typ[...]

  • Page 514

    514 C HAPTER 13: IGMP S NOOPING C OMMANDS clear igmp statistics Clears IGMP statistics count ers on one VLAN or all VLANs on a wireless LAN switch and r esets them to 0. Syntax — clear igmp statistics [ vlan vlan-id ]  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, IGMP statistics ar e clear ed for all VLANs. Defaults —[...]

  • Page 515

    display igmp 51 5 Examples — The followin g command displays IGMP information for VLAN orange : WX1200# display igmp vlan orange VLAN: orange IGMP is enabled Proxy reporting is on Mrouter solicitation is on Querier functionality is off Configuration values: qi: 125 oqi: 3 00 qri: 100 lmqi: 10 rvalue: 2 Multicast router information: Port Mrouter-I[...]

  • Page 516

    516 C HAPTER 13: IGMP S NOOPING C OMMANDS T able 81 describes the fields in this display . T able 81 Output for display igmp Field Descri ption VLAN VLAN name. MSS displays info rmation separately for each VLAN. IGMP is enabled (disabled) IGMP state. Proxy reporting Proxy reporting state. Mrouter solicitation Multicast router solicitation state. Qu[...]

  • Page 517

    display igmp 51 7 TTL Number of seconds befo re this entry ages out if not refreshed. For static multicast route r entries, the time-to-live (TTL) value is undef . Static multicast router entries do not age out. Group IP address of a multicast group. The display igmp receiver -table com mand shows the sa me information as these receiver fields. Por[...]

  • Page 518

    518 C HAPTER 13: IGMP S NOOPING C OMMANDS See Also  display igmp mrouter on page 518  display igmp querier on page 519  display igmp receiver -table o n page 521  display igmp statistic s on page 523 display igmp mrouter Displays the multicast routers in a WX’ s subnet, on one VLAN or all VLANs. Routers are listed separately fo r each[...]

  • Page 519

    display igmp querier 519 See Also  display igmp mrouter on page 518  set igmp mr outer on page 527 display igmp querier Shows information about the active multicast querier , on one VLAN or all VLANs. Queriers are listed separately for each VLAN. Each VLAN can have only one querier . Syntax — display igmp querier [ vlan vlan-id ]  vlan v[...]

  • Page 520

    520 C HAPTER 13: IGMP S NOOPING C OMMANDS History — Introduced in MSS V ersion 3.0. Examples — The followin g command displa ys querier infor mation for VLAN orange : WX1200# display igmp querier vlan or ange Querier for vlan orange Port Querier-IP Querier-MAC TTL ---- --------------- --------------- -- ----- 1 193.122.135.178 00:0b:cc:d2:e9:b4[...]

  • Page 521

    display igmp receiver-table 521 See Also  set igmp querier on page 533 display igmp receiver -table Displays the receivers to which a WX forwar ds multicast traffic. Y ou can display receivers for all VLANs, a si ngle VLAN, or a group or groups identified by group address and network mask. Syntax — display igmp receiver-table [ vlan vlan-id ] [...]

  • Page 522

    522 C HAPTER 13: IGMP S NOOPING C OMMANDS The following command lists all r eceivers for multicast groups 237.255.255.1 t hrough 237.255.255.255, in all VLANs: WX1200# display igmp receiver-table group 237.255.255.0/24 VLAN: red Session Port Receiver-IP Receiver-MAC TTL --------------- ---- --------------- ----------------- ----- 237.255.255.2 2 10[...]

  • Page 523

    display igmp stati stics 52 3 display igmp statistics Shows IGMP statistics. Syntax — display igmp statistics [ vlan vlan-id ]  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, MSS displays IGMP statis tics for all VLANs. Defaults — None. Access — All. History — Introduced in MSS V ersio n 3.0. Examples — The follow[...]

  • Page 524

    524 C HAPTER 13: IGMP S NOOPING C OMMANDS T able 85 Output of display igmp statistics Field Description IGMP statistics for vlan VLAN name. Statistics are lis ted separately for each VLAN. IGMP message type Type of IGMP message:  General-Queries — General group membership queries sent by the multicast querier (multicast router or pseudo -queri[...]

  • Page 525

    set igmp 525 See Also  clear igmp statistics on page 514 set igmp Disables or reenables IGMP snooping on one VLAN or all VLANs on a wireless LAN switch. Syntax — set igmp { enable | disable } [ vlan vlan-id ]  enable — Enables IGMP snooping.  disable — Disables IGMP snooping.  vlan vlan-id — VLAN name or number . If you do not s[...]

  • Page 526

    526 C HAPTER 13: IGMP S NOOPING C OMMANDS set igmp lmqi Changes the IGMP last member query interval timer on one VLAN or all VLANs on a wirel ess LAN switch. Syntax — set igmp lmqi tenth-seconds [ vlan vlan- id ]  lmqi tenth-seconds — Amount of time (in tenths of a second) that the WX waits for a r esponse to a gr oup-specific query after r [...]

  • Page 527

    set igmp mrouter 527 set igmp mrouter Adds or removes a port in a WX’ s list of ports on which it forwards traffic to multicast routers. Static multicas t ports are immediately added to or removed fr om the list of router ports and do not age out. Syntax — set igmp mrouter port port-list { enable | disable }  port port-list — Port list. MS[...]

  • Page 528

    528 C HAPTER 13: IGMP S NOOPING C OMMANDS set igmp mrsol Enables or disables multicast router solicitation by a WX. Syntax — set igmp mrsol { enable | disable } [ vlan vlan-id ]  enable — Enables multicast r outer solicitation.  disable — Disables multicast router solicitation.  vlan vlan-id — VLAN name or number . If you do not sp[...]

  • Page 529

    set igmp oqi 529 Usage — Y ou canno t add MAP access ports or wired authentication ports as stat ic multicast port s. However , MSS can dynamic ally add these port types to the list of multicast ports based on multicast traffic. Examples — The following example changes the multicast router solicitation interval to 60 seconds: WX1200# set igmp m[...]

  • Page 530

    530 C HAPTER 13: IGMP S NOOPING C OMMANDS See Also  set igmp lmqi on page 526  set igmp qi on page 531  set igmp qri on page 532  set igmp querier on page 533  set igmp mr outer on page 527  set igmp rv on page 534 set igmp proxy-r eport Disables or reenables proxy r eporting by a WX on one VLAN or all VLANs. Syntax — set igmp p[...]

  • Page 531

    set igmp qi 531 set igmp qi Changes the IGMP query interval ti mer on one VLAN or all VLANs on a WX. Syntax — set igmp qi seconds [ vlan vlan-id ]  qi seconds — Number of seconds t hat elapse between general queries sent by the WX when the WX switch is the querier for the subnet. Y ou can specify a value from 1 thr ough 65,53 5.  vlan vla[...]

  • Page 532

    532 C HAPTER 13: IGMP S NOOPING C OMMANDS set igmp qri Changes the IGMP query r esponse in terval timer on one VLAN or all VLANs on a WX. Syntax — set igmp qri tenth-seconds [ vlan vlan-i d ]  qri tenth-seconds — Amount of time (in tenths of a second) that the WX waits for a r eceiver to respond to a group-specific query message before r emo[...]

  • Page 533

    set igmp querier 53 3 set igmp querier Enables or disables the IGMP pseudo-querier on a WX, on one VLAN or all VLANs. Syntax — set igmp querier { enable | disable } [ vl an vlan-id ]  enable — Enables the pseudo-querier .  disable — Disables t he pseudo-querier .  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, t[...]

  • Page 534

    534 C HAPTER 13: IGMP S NOOPING C OMMANDS Defaults — By default, n o ports are static multicast receiver ports. Access — Enabled. History — Introduced in MSS V ersio n 3.0. Usage — Y ou canno t add MAP access ports or wired authentication ports as static multicast ports. However , MSS can dynamically add the se port types to the list of mul[...]

  • Page 535

    set igmp rv 535 See Also  set igmp oqi on page 529  set igmp qi on page 531  set igmp qri on page 532[...]

  • Page 536

    536 C HAPTER 13: IGMP S NOOPING C OMMANDS[...]

  • Page 537

    14 S ECURITY ACL C OMMANDS Use security ACL commands to configure and monitor security access control lists (ACLs). Security ACLs filt er packets to restrict or permit network usage by certain users or traffic types, and can assign to packets a class of service (CoS) to define th e pr iority of tr eatment for packet filtering. (Security ACLs are di[...]

  • Page 538

    538 C HAPTER 14: S ECURITY ACL C OMM ANDS clear security acl Clears a specified security ACL, an access contr ol entry (ACE), or all security ACLs, from the edit buffe r . When used with the command commit securi ty acl , clears the ACE from the running configuration. Syntax — clear security acl { acl-name | all } [ editbuffer-index ]  acl-nam[...]

  • Page 539

    clear security acl map 53 9 WX4400# display security acl info al l ACL information for all set security acl ip acl_133 (hits #1 0) ------------------------------------ --------------------- 1. deny IP source IP 192.168.1.6 0.0 .0.0 destination IP any set security acl ip acl_134 (hits #3 0) ------------------------------------ --------------------- [...]

  • Page 540

    540 C HAPTER 14: S ECURITY ACL C OMM ANDS Syntax — clear security acl map { acl-name | all } { vlan vlan-id | port port-list [ tag tag-value ] | ap ap-num } { in | out }  acl-name — Name of an existing security ACL to clear . ACL names start with a letter and ar e case-insensitive.  all — Removes security ACL mapping from all physical p[...]

  • Page 541

    commit security acl 541 T o clear all physical ports, virtual ports , and VLANs on a WX switch of the ACLs mapped for incoming and outgoi ng traffic, type the following command: WX4400# clear security acl map all success: change accepted. See Also  clear security acl on page 538  display security acl map on page 546  set security acl map o[...]

  • Page 542

    542 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — The following co mmands commit all the security ACLs in the edit buffer to the configuration, display a summary of the committed ACLs, and show that the edit buffer has been clear ed: WX4400# commit security acl all configuration accepted WX4400# display security acl ACL table ACL Type Class Ma[...]

  • Page 543

    display security acl editbuffer 543 WX4400# display security acl ACL table ACL Type Class Mapping ---------------------------- ---- -- ---- ------- acl_123 IP Static Port 2 In acl_133 IP Static Port 4 In acl_124 IP Static See Also  clear security acl on page 538  display security acl info on page 545  display security acl editbuf fer on pa[...]

  • Page 544

    544 C HAPTER 14: S ECURITY ACL C OMM ANDS T o view details about these uncommitted ACLs, type the following command. WX4400# display security acl info al l editbuffer ACL edit-buffer information for all set security acl ip acl-111 (ACEs 3, add 3, del 0, modified 2) ------------------------------------ ---------------- 1. permit IP source IP 192.168[...]

  • Page 545

    display security acl in fo 545 Examples — T o display the security ACL hits on a WX switch, type the following command: WX4400# display security acl hits ACL hit-counters Index Counter ACL-name ----- -------------------- -------- 1 0 acl_2 2 0 acl_175 3 916 acl_123 See Also  set security acl hit-sample-rate on page 559  set security acl on [...]

  • Page 546

    546 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — T o display the con tents of all security ACLs committed on a WX switch, type the following command: WX4400# display security acl info ACL information for all set security acl ip acl_123 (hits #5 462) ------------------------------------ --------------------- 1. permit IP source IP 192.168.1.11[...]

  • Page 547

    display security acl resource-usage 547 Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following command displays the port to which security ACL acl_111 is mapped : WX4400# display security acl map acl _111 ACL acl_111 is mapped to: Port 4 in See Also  clear security acl map on page 539  display security acl [...]

  • Page 548

    548 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — T o display security ACL res ource usage, type the following command: WX4400# display security acl resourc e-usage ACL resources Classifier tree counters ------------------------ Number of rules : 2 Number of leaf nodes : 1 Stored rule count : 2 Leaf chain count : 1 Longest leaf chain : 2 Numbe[...]

  • Page 549

    display security acl resource-usage 549 T able 87 Output of display security acl resour ce-usage Field Description Number of rules Number of security ACEs cu rrently mapped to ports or VLANs. Number of leaf nodes Number of security ACL data en tries stored in the rule tree. Stored rule count Number of security ACEs stored in the rule tree. Leaf cha[...]

  • Page 550

    550 C HAPTER 14: S ECURITY ACL C OMM ANDS LUdef in use Number of the lo okup definition (LUdef) table currently in use for packet handling. Default action pointer Memory address used for packet handling, from which default action data is obtained when necessary. L4 global Security ACL mapp ing on the WX switch:  Tr u e — Security ACLs are mapp[...]

  • Page 551

    rollback security acl 551 rollback security acl Clears changes made to the secur ity ACL edit buffer since it was last saved. The ACL is rolled back to its state after the last commit security acl command was entered. All uncommit ted ACLs in the edit buf fer ar e cleared. Syntax — rollback security acl { acl-name | all }  acl-name — Name of[...]

  • Page 552

    552 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — The following co mmands show the edit buffer befor e a rollbac k, clear any changes in the edit buf fer to security acl_122 , and show the ed it buffer after the rollback: WX4400# display security acl info al l editbuffer ACL edit-buffer information for all set security acl ip acl_122 (ACEs 3, [...]

  • Page 553

    set security acl 553 By ICMP packets Syntax — set security acl ip acl-name { permi t [ cos cos ] | deny } icmp { source-ip-add r mask destination-ip-addr mask [ type icmp-type ] [ code icmp-code ] [ precedence precedence ] [ tos tos ] [ before editbuffer-index | modi fy editbuffer-index ] [ hits ] By TCP packets Syntax — set security acl ip acl[...]

  • Page 554

    554 C HAPTER 14: S ECURITY ACL C OMM ANDS  0 or 3—Best effort. Packets are queued in MAP forwarding queue 3.  4 or 5—Video. Packets are que ued in MAP forwarding queue 2. Use CoS level 4 or 5 for voice over IP (V oIP) packets other than SpectraLink V oice Priority (SVP).  6 or 7—V oice. Packets are queu ed in MAP forwarding queue 1. [...]

  • Page 555

    set security acl 555 (For a complete list of TCP and UDP port numbers, see www .iana.org/assign ments/port-numbers .)  destination-ip-addr mask — IP addr ess and wildcard mask of the network or host to which the packet is being sent. Specify both address and mask in dotted decimal not ation. For more information, see “Wildcard Masks” on pa[...]

  • Page 556

    556 C HAPTER 14: S ECURITY ACL C OMM ANDS  before editbuffer-index — Inserts the new ACE in front of another ACE in the security ACL. Specify the number of the existing ACE in the edit buffer . Index numbers start at 1. (T o display the edit buffer , use display security acl editbuf fer . )  modify editbuffer-index — Replaces an ACE in th[...]

  • Page 557

    set security acl map 557 The following command adds an ACE to acl_123 that denies packets from IP addr ess 192.168.2.1 1: WX4400# s et security acl ip acl_123 deny 192.168.2.11 0.0.0.0 The following command creates acl_125 by defining an ACE that denies TCP packets from sour ce IP address 1 92.168.0.1 to destination IP address 192.168.0.2 for estab[...]

  • Page 558

    558 C HAPTER 14: S ECURITY ACL C OMM ANDS Syntax — set security acl map acl-name { v l an vlan-id | port port-list [ tag tag-list ] | ap ap-num } { in | out }  acl-name — Name of an existing security ACL to map. ACL names start with a letter and ar e case-insensitive.  vlan vlan-id — VLAN name or number . MSS assigns the security ACL to[...]

  • Page 559

    set security acl hit-sample-rate 559 See Also  clear security acl map on page 539  commit security acl on page 541  set mac-user attr on page 261  set mac-usergroup attr on page 267  set security acl on page 552  set user attr on page 273  set usergroup on page 275  display security acl map on page 546 set security acl hit-s[...]

  • Page 560

    560 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — The first command sets MSS to sample ACL hits every 15 seconds. The second and third commands display the results. The results show that 916 packets matching security acl_153 wer e sent since the ACL was mapped. WX4400# set security acl hit-sample- rate 15 WX4400# display security acl info ac l[...]

  • Page 561

    15 C RYPTOGRAPHY C OMMANDS A digital certificate is a form of elec tr onic identification for co mputers. The WX requires digital certificates to authenticate its communications to 3WXM and Web Manager, to W ebA AA clients, and to Extensible Authentication Protocol (EAP) client s for which the WX performs all EAP processing. Certificates ca n be ge[...]

  • Page 562

    562 C HAPTER 15: C RYPTOGRA PHY C OMMANDS Commands by Usage This chapter presents cryptography comma nds alphabetically . Use T able 88 to locate commands in this chapter based on their use. crypto ca-certificate Installs a certificate authority’ s own PKCS #7 certificate into the WX certificate and ke y storage area. Syntax — crypto ca-certifi[...]

  • Page 563

    crypto ca-certificate 563  PEM-formatted certificate — ASCII text representation of the certificate authority PKCS #7 certificate, consisting of up to 5120 characters that you have obtaine d from the certificate authority . Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Webaaa option renamed to web in MSS V e[...]

  • Page 564

    564 C HAPTER 15: C RYPTOGRA PHY C OMMANDS crypto certificate Installs one of the WX switch’ s PKCS #7 certificates into the certificate and key storage area on the WX switch. The cert ificate, which is issued and signed by a certificate authority , authenticates the WX switch either to 3WXM or Web Manager, or to 802.1X supplicants (clients). Synt[...]

  • Page 565

    crypto generate key 565 Examples — The following co mmand installs a certificate: WX4400# crypto certificate admin Enter PEM-encoded certificate -----BEGIN CERTIFICATE----- MIIBdTCP3wIBADA2MQswCQYDVQQGEwJVUzEL MAkGA1UECBMCQOExGjAYBgNVBAMU EXR1Y2hwdWJzQHRycHouY29tMIGfMAOGCSqG SIb3DQEBAQAA4GNADCBiQKBgQC4 ..... 2L8Q9tk+G2As84QYLm8wmVY>xP56M;CUAm9[...]

  • Page 566

    566 C HAPTER 15: C RYPTOGRA PHY C OMMANDS History —Introduced in MSS V ersion 3.0. W ebaaa option renamed to web in MSS V ersion 4.1. Usage — Y ou can overwrite a key by ge nerating another key of the same type. SSH requir es an SSH authentication ke y , but you can allow MSS to generate it automatically . The first ti me an SSH client attempt [...]

  • Page 567

    crypto generate request 567  State Name string — (Optio nal) Specify the name of the state, in up to 64 alphanumeric characters. Space s are allowed.  Locality Name string — (Optional) Specify the name of the locality , in up to 80 alphanumeric characters with no spaces.  Organizational Name string — (Optional) Specify t he name of t[...]

  • Page 568

    568 C HAPTER 15: C RYPTOGRA PHY C OMMANDS Examples — T o request an administrative certificate from a certificate authority , type the following command: WX4400# crypto generate request admi n Country Name: US State Name: CA Locality Name: Pleasanton Organizational Name: MyCorp Organizational Unit: ENG Common Name: ENG Email Address: admin@exampl[...]

  • Page 569

    crypto generate self-signed 56 9 After you ty pe the command, you ar e pr ompted for the follo wing variables:  Country Name string — (Optional) Specify the abbreviation for the country in which the WX switch is operating, in 2 alphanumeric characters with no spaces.  State Name string — (Optional) Specify th e abbreviation for the name o[...]

  • Page 570

    570 C HAPTER 15: C RYPTOGRA PHY C OMMANDS T o generate a self-signed administrati ve certificate, type the follow ing command: WX4400# crypto generate self-signed admin Country Name: State Name: Locality Name: Organizational Name: Organizational Unit: Common Name: wx1@example.com Email Address: Unstructured Name: success: self-signed cert for admin[...]

  • Page 571

    crypto otp 57 1 Note: On an WX switch that handles communications to and from Microsoft Windows clients, use a one-time pass word of 31 charact ers or fewer . The following characters can not be used as part of th e one-time password of a PKCS #12 file:  Quotation marks (“ ”)  Question mark (?)  Ampersan d (&) Defaults — None. Ac[...]

  • Page 572

    572 C HAPTER 15: C RYPTOGRA PHY C OMMANDS crypto pkcs12 Unpack s a PKCS #12 object file into the certificate and key stora ge area on the WX switch. This object file contains a public-private key pair , an WX certificate signed by a certifica te authority , and the certificate authority’ s certificate. Syntax — crypto pkcs12 { admin | eap | web[...]

  • Page 573

    display crypto ca-certificate 573 Examples — The following co mmands copy a PKCS #12 object file for an EAP certificate an d key pair—and op tionally the certificate authority’ s own certificate—from a TF TP server to non volatile storage on th e WX switch, create the one-time password hap9iN#ss , and unpack the PKCS #12 file: WX4400# copy [...]

  • Page 574

    574 C HAPTER 15: C RYPTOGRA PHY C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. W ebaaa option renamed to web in MSS V ersion 4.1. Examples — T o display information about the certificat e of a certificate authority , type the following command: WX4400# display crypto ca-certificat e T able 89 describes the fields in the [...]

  • Page 575

    display crypto certificate 575 Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Webaaa option renamed to web in MSS V ersio n 4.1. Usage — Y ou mu st have generated a self -signed certificate or obtained a certificate from a certificate authority before displaying information about the certificate. Examples — T [...]

  • Page 576

    576 C HAPTER 15: C RYPTOGRA PHY C OMMANDS display crypto key domain Displays domain key information. Syntax — display crypto key domain Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T o display domain key information, type the following command: WX4400# display crypto key domain See Also crypto gen[...]

  • Page 577

    16 RADIUS AND S ERVER G RO U P C OMMANDS Use RADIUS commands to set up communication between a WX switch and groups of up to four RADIUS servers for re mote authenticatio n, authorization, and accounting (AAA) of administrat ors and network users. Commands by Usage This chapter presents RADIUS commands alp habetically . Use T able 91 to locate comm[...]

  • Page 578

    578 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS clear radius Resets parameters that were globall y configured for RADIUS servers to their default values. Syntax — clear radius { deadtime | key | re transmit | timeout }  deadtime — Number of minutes to wait after declaring an unresponsive RADIUS server unava ilable before r etrying the R[...]

  • Page 579

    clear radius client system-ip 579 WX4400# clear radius timeout success: change accepted. See Also  display aaa on page 229  set radius on page 582  set radius server on page 587 clear radius client system-ip Removes the WX switch’ s system IP address from use as the permanent source addr ess in RADIUS client reque sts fr om the switch to[...]

  • Page 580

    580 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS clear radius pr oxy client Removes RADIUS proxy client entries for third-party APs. Syntax — clear radius proxy client all Defaults — None. Access — Enabled. History —Introduced in MSS 4.0. Examples — The following command clear s all RADIUS pr oxy client entries from the switch: WX4400[...]

  • Page 581

    clear radius server 581 clear radius server Removes the named RADIUS server from the WX configuration. Syntax — clear radius server server-name  server-name — Name of a RADIUS server con figured t o perform re mote AAA services fo r the WX switch. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — [...]

  • Page 582

    582 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS Examples — T o remove the server gr oup sg-77 type the following command: WX4400# clear server group sg-77 success: change accepted. T o disable load balancing in a server group shorebirds , type the following command: WX4400# set server group shorebirds load-balance disable success: change acc[...]

  • Page 583

    set radius 583 MSS encrypts the display form of the string in display config and display aaa output.  retransmit number — Number of transmission attempts the WX switch makes before declaring an unr esponsive RADIUS server unavailable. Y ou can specify from 1 to 100 retries.  timeout seconds — Number of seconds the WX switch waits for the [...]

  • Page 584

    584 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS See Also  clear radius server on page 581  display aaa on page 229  set radius server on page 587 set radius client system-ip Causes all RADIUS requests to be sour ced from the IP address specified by the set system ip-addr es s command, providing a permanent sour ce IP address for RADIU[...]

  • Page 585

    set radius proxy cli ent 585 set radius proxy client Adds a RADIUS proxy entry for a third-party AP . The proxy entry specifies the IP address of the AP and the UDP ports on which the WX switch listens for RADIUS traffic fr om the AP . Syntax — set radius proxy client address ip-address [acct-port acct-udp-port-number ] [po rt udp-port-number ] k[...]

  • Page 586

    586 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS set radius proxy port Configures the WX port connected to a third-party AP as a RADIUS proxy for the SSID suppor ted by the AP . Syntax — set radius proxy port port-list [tag ta g-value ] ssid ssid-name  port port-list — WX port(s) connected to the thir d-party AP .  tag tag-value — 8[...]

  • Page 587

    set radius server 587 set radius server Configures RADIUS servers and thei r parameters. By default, the WX switch automatically sets all thes e values except the password (key). Syntax — set radius server server-name [ address ip-address ] [ auth-port port-number ] [ acct-port port-number ] [ timeout seconds ] [ retransmit nu mber ] [ deadtime m[...]

  • Page 588

    588 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS  author-password password — Passwor d used for authorization to a RADIUS server for MAC users. Specify a password of up to 64 alphanumeric characters with no spaces or tabs. Defaults — Default values are listed below:  auth-port — UDP port 1812  acct-port — UDP port 1813  time[...]

  • Page 589

    set server group 589 Examples — T o set a RADIUS server named RS42 with IP address 198.162.1.1 to use the default acco unt ing and authorization por ts with a timeout interval of 30 s econds, two transmit attempts, 5 minutes of dead time, and a key string o f keys4u , type the follo wing command: WX1200# set radius server RS42 address 198.162.1.1[...]

  • Page 590

    590 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS Do not use the same name for a R ADIUS server and a RADIUS server group. Examples — T o set server group shorebirds with members her on , egret , and sandpiper , type the following command: WX1200# set server group shorebirds members heron egret sandpiper success: change accepted. See Also  [...]

  • Page 591

    set server group load-balanc e 591 Examples — T o enable l oad balancing be tween the member s of server group shorebirds , type the following command: WX1200# set server group shorebirds load-balance enable success: change accepted. T o disable load balancing between shorebirds server group members, type the following command: WX1200# set server[...]

  • Page 592

    592 C HAPTER 16: RADIUS AND S ERVER G ROUP C OMMANDS[...]

  • Page 593

    17 802.1X M ANAGEMENT C OMMANDS Use 802. IEEE X management commands to modify the default settings for IEEE 802.1X sessions on an WX. Fo r best results, ch ange the settings only if you are awar e of a problem with 802.1X performance on the WX. CAUTION: 802.1X paramete r settings are global for all SSIDs config ured on the switch. Commands by Usage[...]

  • Page 594

    594 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS clear dot1x bonded-period Resets the Bonded Auth™ (bonded authentication) period to its d efault value. The bonded period is the number of seconds MSS retains session information for an authenticated machin e while waiting for an 802.1X client on the machine to start (re)authentication for the user . [...]

  • Page 595

    clear dot1x max-req 595 See Also  display dot1x on page 599  set dot1x bonded-period on page 603 clear dot1x max- req Resets to the default setting the nu mber of Extensible Authent ication Protocol (EAP) r equests that th e WX switch retransmits to a supplicant (client). Syntax — clear dot1x max-req Defaults — The default number is 20. A[...]

  • Page 596

    596 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS Usage — This command is overridden by the set dot1x authcontrol command. The clear dot1x port-control command r eturns port contr ol to the method configured. This command applies only to wired authentication ports. Examples — T ype the following command to reset the wired authentication port contro[...]

  • Page 597

    clear dot1x reauth-max 597 clear dot1x re auth-max Resets the maxi mum number of reaut horization attemp ts to the default setting. Syntax — clear dot1x reauth-max Defaults — The default is 2 attempts. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T ype the following command to reset the maximum number of reauthori[...]

  • Page 598

    598 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS clear dot1x timeout auth-server Resets to the default setting the nu mber of seconds that must elapse before the WX times out a request to a RADIUS server . Syntax — clear dot1x timeout auth-server Defaults — The default is 3 0 seconds. Access — Enabled. History —Introduced in MSS V e rsion 3.0.[...]

  • Page 599

    clear dot1x tx-period 599 clear dot1x tx-period Resets to the default setting the nu mber of seconds that mus t elapse before the WX switch r etransmits an EAP over LAN (EAPoL) packet. Syntax — clear dot1x tx-period Defaults — The default is 5 seconds. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T ype the followi[...]

  • Page 600

    600 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS History —Introduced in MSS V ersion 3.0. Format of 802.1X authentication rule informat ion in display dot1x config output changed in MSS V ersion 3. 2. The rules are still l isted at the top of the display , but more information is shown for each rule. Examples — T ype the following command to displ[...]

  • Page 601

    display dot1x 60 1 802.1X parameter setting ---------------- ------- supplicant timeout 30 auth-server timeout 30 quiet period 5 transmit period 5 reauthentication period 3600 maximum requests 2 key transmission enabled reauthentication enabled authentication control enabled WEP rekey period 1800 WEP rekey enab led Bonded period 60 port 5, authcont[...]

  • Page 602

    602 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS set dot1x authcontrol Provides a global override mechanism for 802.1X authentication configuration on wired authentication ports. Syntax — set dot1x authcontrol { enable | d isable }  enable — Allows all wir ed authentication ports running 802.1 X to use the authentication specified per port by t[...]

  • Page 603

    set dot1x bonded-period 60 3 Defaults — By default, authenticati on control for individual wir ed authentication is enabled. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — This command applies only to wired authentication ports. Examples — T o enable per -port 802.1X authentication on wired authentication ports, type t[...]

  • Page 604

    604 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS Usage — Normally , the Bonded Auth period needs to be set only if the network has Bonded Auth clients that use dynamic WEP , or use WEP-40 or WEP-104 encryption with WP A or RS N. These clients can be affected by the 802.1X reauthentication parameter or the RADIUS Session-T imeout parameter . 3Com rec[...]

  • Page 605

    set dot1x max-req 605 Examples — T ype the following comma nd to enable key transmission: WX4400# set dot1x key-tx enable success: dot1x key transmission enab led. See Also  display dot1x on page 599 set dot1x max-req Sets the maximum number of times th e WX retransmits an EAP r equest to a supplicant (client) before ending the authentication [...]

  • Page 606

    606 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS set dot1x port-control Determines the 802.1 X authenticati on behavior on individual wired authentication ports or groups of ports. Syntax — set dot1x port-control {forceauth | forceunauth | auto } port-list  forceauth — For ces the specified wired authentication port(s) to unconditionally author[...]

  • Page 607

    set dot1x quiet-period 607 set dot1x quiet-period Sets the number of seconds a W X remains quiet and does not respond to a supplicant after a failed authentication. Syntax — set dot1x quiet-period seconds  seconds — Specify a value between 0 and 65,535. Defaults — The default is 6 0 seconds. Access — Enabled. History —Introduced in MSS[...]

  • Page 608

    608 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS See Also  display dot1x on page 599  set dot1x reauth-max on page 608  set dot1x reauth-period on page 609 set dot1x re auth-max Sets the number of reauthentication attempts that the WX switch makes before the supplicant (client) becomes unauthorized. Syntax — set dot1x reauth-max number-of-a[...]

  • Page 609

    set dot1x reauth-period 609 set dot1x re auth-period Sets the number of seconds that must elapse before the WX switch attempts reauthentication. Syntax — set dot1x reauth-period seconds  seconds — Specify a value between 60 (1 minute) and 1,641,600 (19 days). Defaults — The default is 3 600 seconds (1 hour). Access — Enabled. History —[...]

  • Page 610

    610 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS See Also  display dot1x on page 599  clear dot1x timeout auth-server on page 598 set dot1x timeout supplicant Sets the number of seconds that must elapse before the WX switch times out an authentication s ession with a supplicant (client). Syntax — set dot1x timeout supplicant seco nds  secon[...]

  • Page 611

    set dot1x wep-rekey 611 Examples — T ype the following co mmand to set the number of seconds before the WX switch r etransmits an EAPoL packet to 300: WX4400# set dot1x tx-period 300 success: dot1x tx-period set to 300. See Also  display dot1x on page 599  clear dot1x tx-period on page 599 set dot1x wep-rekey Enables or d isables Wired Equi[...]

  • Page 612

    612 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS set dot1x wep-rekey-period Sets the interval for rotating th e WEP broadcast and multicast keys. Syntax — set dot1x wep-rekey-period second s  seconds — Specif y a value between 30 an d 1,641,600 (19 day s). Defaults — The default is 1 800 seconds (30 min utes). Access — Enabled. History —I[...]

  • Page 613

    18 S ESSION M ANAGEMENT C OMMANDS Use session management commands to display and cl ear administrative and ne twork user sessions. Commands by Usage This chapter presents session manage ment commands al phabetically . Use T able 94 to locate commands in this chapter based on their use. clear sessions Clears all administrative sessions, or clea rs a[...]

  • Page 614

    614 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS  telnet client [ session-id ] — Clears all T elnet client sessions from the CLI to remote devices, or clears an individual session identified by session ID.  mesh-ap [ session-id ] — Clears all Mesh AP sessions, or clears an individual Mesh AP session identified by session ID. Defaults — N[...]

  • Page 615

    clear sessions network 615 clear sessions network Clears all network sessions for a specif ied user name or set of usern ames, MAC addr ess or set of MAC addresse s, virtual LAN (VLAN) or set of VLANs, or session ID. Syntax — clear sessions network { user user -glob | mac-addr mac-addr-glob | vlan vlan-glob | session-id local-session-id }  use[...]

  • Page 616

    616 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS Examples — T o clear all sessions for MAC address 00:01:02:03:04:05, type the following command: WX4400# clear sessions network mac-a ddr 00:01:02:03:04:05 T o clear session 9, type the following command: WX1200# clear sessions network sessi on-id 9 SM Apr 11 19:53:38 DEBUG SM-STATE: l ocalid 9, mac[...]

  • Page 617

    display sessions 617  telnet — Displays sessions for all user s with administrative access to the WX switch through a T elnet connection.  telnet client — Displays T e lnet sessions from the CLI to r emote devices. Defaults — None. Access — All, except for dis play sessions telnet client , which has enabled access. History —Introduc[...]

  • Page 618

    618 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS T o view information about T elnet client sessions, type the following command: WX4400# display sessions telnet clie nt Session Server Address Server P ort Client Port ------- -------------- -------- ---- ----------- 0 192.168.1.81 23 48000 1 10.10.1.22 23 48001 T able 95 describes the fields of the d[...]

  • Page 619

    display sessions mesh-ap 619 display sessions mesh-ap Displays summary or verbose informat ion about Mesh AP sessions on the WX . Syntax — display sessions mesh-ap [ session-id sess ion-id | verbose ]  session-id local-session-id — Displays the specified Mesh AP session. T o determine the local sessi on ID for a Mesh AP session, use the disp[...]

  • Page 620

    620 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS See also “clear sessions” on page 613 display sessions network Displays summary or verbo se inform ation about all network sessions, or network sessions for a specified user name or set of user names, MAC address or set of MAC addresses, VLAN or set of VLANs, or session ID. Syntax — display sess[...]

  • Page 621

    display sessions network 621 Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Output ad ded to the disp lay network sessions verbose command to indicate the user’ s authorization attributes and whether they were supplied thr ough AAA or through configur ed SSID defaults in a service profile in MSS V ersio n 4.1. Usage[...]

  • Page 622

    622 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS The following command displays su mmary information about all the sessions of users whose names begin with E : WX1200# display sessions network use r E* User Sess IP or MAC VLAN Port/ Name ID Address Name Radio --------------------------- ---- --------------- ------------ ----- EXAMPLESingh 12* 10.10[...]

  • Page 623

    display sessions network 623 Start-Date=05/04/11-10:00 (AAA) 1 sessions total (T able 99 on page 624 describes th e addition al fields of the verbose output of display sessions network commands.) The following command displays information about network session 2 7: WX1200# display sessions network ses sion-id 27 Global Id: SESS-27-000430-835586-58d[...]

  • Page 624

    624 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS Sess ID Locally unique number th at identi fies this session. An asterisk (*) next to the session ID indicates fully active sessions. IP or MAC Address IP address of the session user, or the user’s MAC address if the user has not yet received an IP address. VLAN Name Name of the VLAN associated with[...]

  • Page 625

    display sessions network 625 State Status of the session:  AUTH, ASSOC REQ — Client is being associated by the 802.1X protocol.  AUTH AND ASSOC — Client is being associated by the 802.1X protocol, and the user is being authenticated.  AUTHORIZING — User has been authenticated (for exam ple, by the 802.1X protocol a nd an AAA method),[...]

  • Page 626

    626 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS T able 100 display sessions network session-id Output Field Description Global Id A u nique session identifier within the Mobility Domain. State Status of the session:  AUTH, ASSOC REQ — Client is being ass ociated by th e 802.1X protocol.  AUTH AND ASSOC — Client is being associated by the [...]

  • Page 627

    display sessions network 627 See Also  clear sessions network on page 615 Authentication Method Extensible Auth entication Protocol (EAP) type used to authenticate the session user, and the IP addr es s of the authentication server. Session statistics as updated from AP Time the session statistics were last updated from the MAP access point, in [...]

  • Page 628

    628 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS[...]

  • Page 629

    19 RF D ETECTION C OMMANDS MSS automatically performs RF detect ion scans on enabled and disabled radios to detect rogue access points. A rogue access point is a BSSID (MAC address associated with an SS ID) that does not belong to a 3Com switch and is not a member of the ignore list configured on the seed switch of the Mobility Domain. The ignor e [...]

  • Page 630

    630 C HAPTER 19: RF D ET ECTION C OMMANDS clear rfdetect attack-list Removes a MAC address fr om the attack list. Syntax — clear rfdetect attack-list mac-addr  mac-addr — MAC address you want to remove fr om the att ack list. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Examples — The following co mmand[...]

  • Page 631

    clear rfdetect black-list 631 See Also  clear rfdetect attack-list on p age 630  display rfdetect attack-list on page 635 clear rfdetect black-list Removes a MAC address fr om the client black list. Syntax — clear rfdetect black-list mac-addr  mac-addr — MAC address you want to remove fr om the black list. Defaults — None. Access —[...]

  • Page 632

    632 C HAPTER 19: RF D ET ECTION C OMMANDS Examples — The f ollowing command removes BSSID aa:bb:cc:11:22:33 from the ignor e list for RF scans: WX1200# clear rfdetect ignore aa:bb: cc:11:22:33 success: aa:bb:cc:11:22:33 is no lon ger ignored. See Also  display rfdetect ignore on page 644  set rfdetect ignore on page 656 clear rfdetect ssid-[...]

  • Page 633

    clear rfdetect vendor-list 633 clear rfdetect vendor -list Removes an entry from the permitted vendor list. Syntax — clear rfdetect vendor-list {client | ap} mac-addr | all  client | ap — Specifies whether the entry is for an AP brand or a client brand.  mac-addr | all — Organizati onally Unique Identifier (OUI) to rem o ve . Defaults ?[...]

  • Page 634

    634 C HAPTER 19: RF D ET ECTION C OMMANDS rfping Provides information about the RF link between the WX and the client based on sending test packets to the client.  Syntax — rfping {mac mac-addr | session-id se ssion-id }  mac-addr — T ests the R F link between the WX and the client with the specified MAC address.  session-id — T ests[...]

  • Page 635

    display rfdetect attack-list 635 See Also  display rfdetect data on page 642  display rfdetect visible on page 650 display rfdetect attack-list Displays information about the MA C addresses in the attack list. Syntax — display rfdetect attack-list Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Examples —[...]

  • Page 636

    636 C HAPTER 19: RF D ET ECTION C OMMANDS display rfdetect black-list Displays information abut the c lients in the client black list. Syntax — display rfdetect black-list Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 4.0. Examples — The following example shows the client black list on WX switch: WX1200# display [...]

  • Page 637

    display rf detect client s 63 7 display rfdetect clients Displays the wir eless clients detected by a WX switch. Syntax — display rfdetect clients [mac mac-addr ] mac mac-addr — Displays detailed informat ion for a specific client. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Examples — The following co mm[...]

  • Page 638

    638 C HAPTER 19: RF D ET ECTION C OMMANDS T able 103 display rfdetect clients Output Field Description Client MAC MAC address of the client. Client Vendor Company that manufactures or sells the client. AP MAC MAC address of the radio with which the rogue client is associated. AP Vendor Company that manufactures or sells the AP with which the rogue [...]

  • Page 639

    display rfdetect countermeasures 639 display rfdetect countermeasures Displays the current status of countermeasures against rogues in the Mobility Domain. Syntax — display rfdetect countermeasure s Defaults — None. Access — Enabled. History —Output no longer lists rogues for which co untermeasures have not been starte d in MSS V ers ion 4.[...]

  • Page 640

    640 C HAPTER 19: RF D ET ECTION C OMMANDS T able 105 describes the fields in this display . See Also  set radio-profile countermeasur es on page 410 display rfdetect counters Displays statisti cs for rogue and Intr usion Detection System (IDS) activity detected by the MAPs managed by a WX switch. Syntax — display rfdetect counters Defaults —[...]

  • Page 641

    display rfdete ct counters 641 Examples — The following command sho ws counters for rogue activity detected by a WX switch: WX4400# display rfdetect counters Type Current Total ------------------------------------ -------------- ------------ ------------ Rogue access points 0 0 Interfering access points 139 1116 Rogue 802.11 clients 0 0 Interferi[...]

  • Page 642

    642 C HAPTER 19: RF D ET ECTION C OMMANDS display rfdetect data Displays all the BSSIDs det ected by an individual WX switch d uring an RF detection scan. The data includes BSSIDs t ransmitted by other 3Com radios as well as by thir d-party access points . Syntax — display rfdetect data Defaults — None. Access — Enabled. History —Introduced[...]

  • Page 643

    display rfdetect data 643 See Also  display rfdetect mobility-domain on page 644  display rfdetect visible on page 650 T able 106 display rfdetect data Output Field Description BSSID BSSID detected by a MAP radio on this WX switch. Vendor Company that manufactures or se lls the rogue device. Type Classification of the rogue device:  rogue?[...]

  • Page 644

    644 C HAPTER 19: RF D ET ECTION C OMMANDS display rfdetect ignore Displays the BSSIDs of third-party devices that MSS ignor es during RF scans. MSS does not gene rate log messages or traps for the devices in the ignore list. Syntax — display rfdetect ignore Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 3.0. Example[...]

  • Page 645

    display rfdetect mobility-domain 645 Usage — This command is valid only on the seed switch of the Mobility Domain. T o display rogue inform ation for an individual switch, use the display rfdetect data command on that switch. Only rogues ar e listed. T o display all devices detected, including 3Com radios, use the display rfdetect data command. E[...]

  • Page 646

    646 C HAPTER 19: RF D ET ECTION C OMMANDS WX-IPaddress: 10.8.121.102 Port/Ra dio/Ch: 3/1/1 Mac: 00:0b:0e:00:0a:6a Device-type: interfering Adhoc: no Crypto-types: clear RSSI: -75 SSID: 3Com-webaaa WX-IPaddress: 10.3.8.103 Port/Radi o/Ch: ap 1/1/1 Mac: 00:0b:0e:76:56:82 Device-type: interfering Adhoc: no Crypto-types: clear RSSI: -76 SSID: 3Com-weba[...]

  • Page 647

    display rfdetect mobility-domain 647 T able 107 and T ab le 108 describe the fields in these displays. T able 107 display rfdetect mobility-domain Output Field Description BSSID MAC address of the SSID used by the detected device. Vendor Company that manufactures or sells the rogue device. Type Classification of th e rogue device:  rogue—Wirel[...]

  • Page 648

    648 C HAPTER 19: RF D ET ECTION C OMMANDS See Also  display rfdetect data on page 642  display rfdetect visible on page 650 Crypto-Types Encryption type: clear (no encryption) ccmp tkip wep104 (WPA 104-bit W EP) wep40 (WPA 40-bit WEP) wep (non-WPA WEP) WX-IPaddress System IP address of the WX sw itch that detected the rogue. Port/Radio/Channe[...]

  • Page 649

    display rfdetect ssid-list 649 display rfdetect ssid-list Displays the entries in the permitted SSID list. Syntax — display rfdetect ssid-list Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Examples — The following example shows the permitt ed SSID list on WX switch: WX4400# display rfdetect ssid-list Total nu[...]

  • Page 650

    650 C HAPTER 19: RF D ET ECTION C OMMANDS Examples — The following example shows the permitt ed vendor list on WX switch: WX1200# display rfdetect vendor-list Total number of entries: 1 OUI Type ----------------- ------ aa:bb:cc:00:00:00 client 11:22:33:00:00:00 ap See Also  clear rfdetect vendor -list on pa ge 633  set rfdetect vendor -lis[...]

  • Page 651

    display rfdetect visible 651 Usage — If a 3Com radio is supporti ng more than one SSID, each of the corresponding BSSIDs is listed separately . T o display rogue information for th e entir e Mobility Domain, use the display rfdetect mobility-domain command on the seed switch. Examples — The following co mmand displa ys the devices detected by 3[...]

  • Page 652

    652 C HAPTER 19: RF D ET ECTION C OMMANDS See Also  display rfdetect data on page 642  display rfdetect mobility-domain on page 644 set rfdetect active-scan Disables or reenables active RF dete ction scan ning on a WX switch. When active scanning is enabled, the MAP radios managed by the switch look for rogue devices by sending probe any requ[...]

  • Page 653

    set rfdetect attack-list 653 set rfdetect attack-list Adds an entry to the attack list. The attack list specifies the MAC addresses of devices that MSS should issue countermeasures against whenever the devices ar e detected on the network. The attack list can contain the MAC addresses of APs and clients. Syntax — set rfdetect attack-list mac-addr[...]

  • Page 654

    654 C HAPTER 19: RF D ET ECTION C OMMANDS set rfdetect black-list Adds an entry to the client black list. The client black list specifies clients that are not allowed on the network. MSS dr ops all packets from the clients on the black list. Syntax — set rfdetect black-list mac-addr  mac-addr — MAC address you want to p lace on the black lis[...]

  • Page 655

    set rfdetect countermeasures mac 65 5 Syntax — set rfdetect countermeasures { ena ble | disable }  enable — Enables countermea sures.  disable — Disables countermeasures. Defaults — Countermeasures are disabled by default. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — This command is valid only on the seed s[...]

  • Page 656

    656 C HAPTER 19: RF D ET ECTION C OMMANDS Y ou can start coun termeasures against mor e than one BSSID by typing additional set rfdetect countermeasures mac commands. After you type the first set rfdetect countermeasures mac command, MSS does not issue co untermeasures against any devices except the on es you specify using this command. T o resume [...]

  • Page 657

    set rfdetect log 657 Usage — Use this command to identify third-party APs and other devices you are alr eady aware of and do not want MSS to r eport following RF scans. If you try to initiate countermeasures against a device on the ignore list, the ignore list takes precedence and MSS does not issue the countermeasures. Countermeasur es apply onl[...]

  • Page 658

    658 C HAPTER 19: RF D ET ECTION C OMMANDS History —Introduced in MSS V ersion 3.0. Usage — This command is valid only on the seed switch of the Mobility Domain. The log messages for rogues are gene rated only on the seed and appear only in the seed’ s log message buffer . Use the display log buffer command to display the messages in the seed [...]

  • Page 659

    set rfdetect signature key 659 Examples — The following co mmand en ables MAP signatures on a WX switch: WX1200# set rfdetect signature enabl e success: signature is now enabled. set rfdetect signature key Creates an encrypted RF fingerprint key to use as a signatur e for a MAP . Syntax — set rfdetect signature key encrypted <key_value> ?[...]

  • Page 660

    660 C HAPTER 19: RF D ET ECTION C OMMANDS If you add a device that MSS has classified as a rogue to the permitted SSID list, but not to the ignore list, MSS can still classify the device as a rogue. Adding an entry to the permitte d SSID list merely indicates that the device is using an allowed SSID. However , to cause MSS to stop classifying the d[...]

  • Page 661

    test rflink 661 If you add a device that MSS has classified as a rogue to the permitted vendor list, but not to the ignore list, MSS can still classify the device as a rogue. Adding an entry to the permit ted vendo r list merely indicates that the device is from an allowed vendo r. H o w e v e r, t o c a u s e M S S t o s t o p classifying the devi[...]

  • Page 662

    662 C HAPTER 19: RF D ET ECTION C OMMANDS Examples — The following co mmand tests the RF link between the WX switch and the client with MAC address 00:0e:9b:bf:ad:13: WX4400# test rflink mac 00:0e:9b:bf: ad:13 RF-Link Test to 00:0e:9b:bf:ad:13 : Session-Id: 2 Packets Sent Packets Rcvd RSSI SNR RTT (micro-secs) ------------ ------------ ------- --[...]

  • Page 663

    20 F ILE M ANAGEMENT C OMMANDS Use file management commands to ma nage system files and to display software and boot information. Commands by Usage This chapter presents file management co mmands alphabetically . Use T able 111 to locate commands in this chapter based on their use. T able 111 File Management Commands by Usage Type Command Software [...]

  • Page 664

    664 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS backup Creates an ar chive of WX system file s and optionally , user file, in Unix tape archive ( tar ) format. Syntax — backup system [tftp:/ip-addr/]filename [all | critical] Defaults — All. Access — Enabled. History —. Usage — Y ou ca n create an archive loca ted on a TF TP server or in the [...]

  • Page 665

    backup 665 Arc hive files create d by the all option ar e larger than files cr eated by the critical option. The file size depends o n the files in the u ser area, and the file can be quite large if the us er ar ea contains image files. The backup command places the boo t configuration file into the archive. (The boot configuration file is the Conf[...]

  • Page 666

    666 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS clear boot backup-configuration Clears the filename specified as the backup configuration file. In the event that MSS cannot read the config uration file at boot time, a backup configuration file is not used. Syntax — clear boot backup-configuration Defaults — None. Access — Enabled. History —Int[...]

  • Page 667

    copy 667 WX4400# reset system force ...... rebooting ...... See Also  display config on page 675  reset system on page 683 copy Performs the following co py operations:  Copies a file f rom a TF TP se rver to nonvolatile stor age.  Copies a file from nonvolatile stor age or temporary storage to a TF TP server .  Copies a file fr om o[...]

  • Page 668

    668 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 3.0. Usage — The filename and file: filename URLs are equivalent. Y ou can use either URL to refer to a file in an WX switch’ s nonvolatile memory . The tftp:// ip-addr / filename URL refers to a file on a TF TP server . If[...]

  • Page 669

    delete 669 The following commands rename test-config to new-config by copying it from one name to the other in the same location, then deleting test-config : WX4400# copy test-config new-config WX4400# delete test-config success: file deleted. The following command copies file corpa-log in.html from a TF TP server into subdirectory corpa in a WX sw[...]

  • Page 670

    670 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Examples — The follow ing co mmands copy file testconfig to a TF TP server and delete the file from nonvolatile storage: WX4400# copy testconfig tftp://10.1. 1.1/testconfig success: sent 365 bytes in 0.401 sec onds [ 910 bytes/sec] WX4400# delete testconfig success: file deleted. The following commands[...]

  • Page 671

    dir 671 Examples — The following co mmand displays the files in the root directory: WX4400# dir ==================================== =========================================== file: Filename Size Created file:configuration 48 KB Jul 12 2005, 15:02:32 file:corp2:corp2cnfig 17 KB Mar 14 2005, 22:20:04 corp_a/ 512 bytes May 21 2004, 19:15:48 file:d[...]

  • Page 672

    672 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS The following command limit s the output to the contents of th e user files area: WX4400# dir file: ==================================== =========================================== file: Filename Size Created file:configuration 48 KB Jul 12 2005, 15:02:32 file:corp2:corp2cnfig 17 KB Mar 14 2005, 22:20:04[...]

  • Page 673

    install soda agent 673 See Also  copy on page 667  delete on page 669 install soda agent Installs Sygate On-Demand (SODA) ag ent files in a directory on the WX switch. Syntax — install soda agent agent-file agent dir ectory directory  agent-file — N a m e o f a . z i p f i l e o n t h e W X s w i t c h c o n t a i n i n g S O D A agent[...]

  • Page 674

    674 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Usage — The install soda agent command installs a .zip file containing SODA agent files into a directory on the WX switch. Prior to installing the SODA agent files, you must have already copied the .zip file to the WX switch. This command cr eates the spec ified dir ectory , unzips the file and places [...]

  • Page 675

    display config 675 T able 114 describes the fields in the display boot output . See Also  display version on pag e 677  reset system on page 683  set boot configuration-file on page 687 display config Displays the configuration running on the WX. Syntax — display config [ area area ] [ all ]  area area — Configuration area. Y ou can[...]

  • Page 676

    676 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS  ip-config  l2acl  log  mobility-domain  network-domain  ntp  portconfig  port-group  qos  radio-profile  rfdetect  service-profile  sm  snmp  snoop  spantree  system  trace  vlan  vlan-fdb  vlan-profile If you do not specify a configuration [...]

  • Page 677

    display version 677 Usage — If you do not use one of the optional par ameters, configuration commands that set nondefault values are displayed for all configuration ar eas. If you specify an ar ea, commands ar e displayed for that area only . If you use the all option, the display also includes commands for configuration items that are set to the[...]

  • Page 678

    678 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Examples — The following co mmand displays version information for a WX switch: WX1200# display version Mobility System Software, Ve rsion: 4.1.0 QA 67 Copyright (c) 2002, 2003, 20 04, 2005 3Com Corporation. All rights reserved. Build Information: (build#67) TOP 20 05-07-21 04:41:00 Model: WX Hardware [...]

  • Page 679

    load config 67 9 T able 115 describes the fields in the display version output. See Also  display boot on page 674 load config Loads configuration commands from a file and r eplaces the WX switch’ s running configuration with the commands in the loaded file. CAUTION: This command completely removes the ru nning configuration and replaces it wi[...]

  • Page 680

    680 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Defaults — The default file location is nonvolatile storage. The current version supports loading a conf iguration file only from the switch’ s nonvolatile storage. Y ou canno t load a configurat ion file di rectly from a TF TP ser ver . If you do not specify a filename, MSS uses the same configurati[...]

  • Page 681

    md5 681 md5 Calculates the MD5 checksum for a file in the switch’ s nonvolatile storage. Syntax — md5 [boot0: | boot1:] filename  boot0: | boot1: — Boot partition into which you copied the file.  filename — Name of the file. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Usage — Y ou mu st include [...]

  • Page 682

    682 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Examples — The following commands crea te a subdirectory called corp2 and display the root dir ectory to verify the result: WX4400# mkdir corp2 success: change accepted. WX4400# dir ==================================== =========================================== file: Filename Size Created file:configu[...]

  • Page 683

    reset system 683 reset system Restar ts an WX switch and reboots the softwar e. Syntax — reset system [ force ]  force — Immediately restarts the system and reboots, without comparing the running co nfiguration to the configuratio n file. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — If you do no[...]

  • Page 684

    684 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS res t o re Unzips a system archive created by the backup command and copies the files from the ar chive onto the switch . Syntax restore system [tftp:/ip-addr/]filename [al l | critical] Defaults — Critical. Access — Enabled. History —Introduced in MSS V ersion 3.2. Usage — If a file in the archi[...]

  • Page 685

    rmdir 685 See Also  backup on page 664 rmdir Removes a subdirectory fr om nonvolatile storage. Syntax — rmdir [ subdirname ]  subdirname — Subdirectory name. Specify between 1 and 32 alphanumeric characters , with no spaces. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — MSS does not allow the [...]

  • Page 686

    686 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Access — Enabled. History —Introduced in MSS V e rsion 3.0. Usage — If you do not specify a filename, MS S replaces the configuration file loaded during the most recent r eboot. T o display th e filename of the configuration file MSS loaded during the most recent reboot, use the display boot comman[...]

  • Page 687

    set boot configuration-file 68 7 History —Introduced in MSS V ersion 4.1. Examples — The following command specifies a file called backup.cfg as the backup configuration file on the WX swit ch: WX1200# set boot backup-configuratio n backup.cfg success: backup boot config filename set. See Also  clear boot backup-configuration on page 666 [...]

  • Page 688

    688 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS set boot partition Specifies the boot partition in which to look for the system image file following the next system reset, softwar e reload, or power cycle. Syntax — set boot partition { boot0 | boot1 }  boot0 — Boot partition 0.  boot1 — Boot partition 1. Defaults — By default, an WX swit[...]

  • Page 689

    uninstall soda agent 689 Usage — The uninstall soda command removes the SODA agent directory and all of its contents. All files in the specified directory ar e removed. The command removes the dir ectory and its contents, rega rdless of whether it contains SODA agent files. Examples — The following co mmand removes the directory sp1 and all of [...]

  • Page 690

    690 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS[...]

  • Page 691

    21 T RACE C OMMANDS Use trace commands to perform diag nostic routines. While MSS allows you to run many types of traces, this chapter describes commands for those traces you are most likely to use. Fo r a complete listing of the types of traces MSS allows, type the set trace ? command. CAUTION: Using the set trace command can have adverse effects [...]

  • Page 692

    692 C HAPTER 21: T RACE C OMMANDS clear log trace Deletes the log messages stor ed in the trace buf fer . Syntax — clear log trace Defaults — None. Access — Enabled. History —Introduced in MSS V e rsion 3.0. Examples — T o delete the trace log, type the following command: WX4400# clear log trace See Also  display log buffer on page 712[...]

  • Page 693

    display trace 693 T o clear the session manag er trace, ty pe the followi ng command: WX4400# clear trace sm success: clear trace sm See Also  display trace on page 693  set trace authentication on page 694  set trace authorization on page 695  set trace dot1x on page 696  set trace sm on page 697 display trace Displays information a[...]

  • Page 694

    694 C HAPTER 21: T RACE C OMMANDS save trace Saves the accumulated trace data for enabled traces to a file in the WX switch’ s nonvolatile storage. Syntax — save trace filename  filename — Name for the trace file. T o save the file in a subdir ectory , specify the subdir ectory name, then a slash. For example: traces/trace1 Defaults — No[...]

  • Page 695

    set trace authorization 695 Examples — The following co mmand sta rts a trace for information about user jose’ s authentication: WX4400# set trace authentication use r jose success: change accepted. See Also  clear trace on page 692  display trace on page 693 set trace authorization T r aces authorization informatio n. Syntax — set trac[...]

  • Page 696

    696 C HAPTER 21: T RACE C OMMANDS See Also  clear trace on page 692  display trace on page 693 set trace dot1x T races 802.1X sessions. Syntax — set trace dot1x [ mac-addr mac-addr ess ] [ port port-num ] [ user username ] [ level level ]  mac-addr mac-address — T races a MAC address. Spec ify a MAC address, using colons to separa te t[...]

  • Page 697

    set trace sm 697 set trace sm T races session manager activity . Syntax — set trace sm [ mac-addr mac-address ] [ port port-n um ] [ user username ] [ level level ]  mac-addr mac-address — T races a MAC address. Spec ify a MAC address, using colons to separate the octets (for example, 00:11:22:aa:bb:cc).  port port-num — T races on a WX[...]

  • Page 698

    698 C HAPTER 21: T RACE C OMMANDS[...]

  • Page 699

    22 S NOOP C OMMANDS Use snoop commands to monitor wire less traffic , by using a MAP as a sniffing devi ce. The MAP copies the sniffed 802.11 packets and sends the copies to an observer , which is typically a protocol analyzer such as Ethereal or T ethereal. (For more information, including setup instructions for the monitoring station, see the “[...]

  • Page 700

    700 C HAPTER 22: S NOOP C OMMANDS clear snoop Deletes a snoop filter . Syntax — clear snoop filter-name  filter-name — Name of the snoop filter . Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Examples — The follow ing comma nd deletes snoop filter sno op1 : WX1200# clear snoop snoop1 See Also  set sno[...]

  • Page 701

    set snoop 701 Examples — The following command removes snoop filter snoop2 from radio 2 on Distributed MAP 3: WX1200# clear snoop map snoop2 ap 3 radio 2 success: change accepted. The following command removes all snoop filter mappings from all radios: WX1200# clear snoop map all success: change accepted. See Also  display snoop on page 706 ?[...]

  • Page 702

    702 C HAPTER 22: S NOOP C OMMANDS T o match on packets to or from a specific MAC address, use the dest-mac or src-mac option. T o match on both sen d and receive traffic for a host add ress, use the host-mac opt ion. T o match on a traffic flow (sour ce and destination MAC addresses), use the mac-pair option. This option matches for either directio[...]

  • Page 703

    set snoop 703  The MAP that is running a snoop filter forwards snooped packets directly to the observer . This is a one-way communication, from the MAP to the observer . If the observer is not pres ent, the MAP still sends the snoop packets, which u se bandwidth. If the observer is present but is not listening t o TZSP traffi c, the observer con[...]

  • Page 704

    704 C HAPTER 22: S NOOP C OMMANDS set snoop map Maps a snoop filter to a radio on a MA P . A snoop filter does take effect until you map it to a radio and enable the filter . Syntax — set snoop map filter-name ap ap-num rad io {1 | 2}  filter-name — Name of the snoop filter .  ap ap-num — Number of a MAP to which to map the snoop filter[...]

  • Page 705

    set snoop mode 705 set snoop mode Enables a sno op filter . A snoop filter does not take effect until you map it to a MAP radio and ena ble the filter . Syntax — set snoop { filter-name | all} mode {enable [stop-after num-pkts ] | disable}  filter-name | all — Name of the snoop f ilter . Specify all to enable all snoop filters.  enable ?[...]

  • Page 706

    706 C HAPTER 22: S NOOP C OMMANDS display snoop Displays the MAP radio mapping f or all snoop filters. Syntax — display snoop Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Usage — T o display the mappings for a specific MAP radio, use the display snoop map command. Examples — The following co mmand shows th[...]

  • Page 707

    display snoop map 707 Examples — The following command shows the snoop filters con figured in the examples above: WX1200# display snoop info snoop1: observer 10.10.30.2 snap-len gth 100 all packets snoop2: observer 10.10.30.3 snap-len gth 100 frame-type eq data mac-pair (aa:bb:cc:dd:ee:ff, 11:22:33:44:55:66) See Also  clear snoop on page 700 ?[...]

  • Page 708

    708 C HAPTER 22: S NOOP C OMMANDS display snoop stats Displays stat istics for enabled sn oop filters. Syntax — display snoop stats [ filter-name [ ap-num [radio {1 | 2}]]]  filter-name — Name of the snoop filter .  dap-num — Number of a Distributed MAP to which the snoop filter is mapped  radio 1 — Radio 1 of th e MAP  radio 2 [...]

  • Page 709

    display snoop stats 709 T able 118 describes the fields in this display . T able 118 display snoop stats Output Field Description Filter Name of the snoop filter. Dap Distributed MAP containing the ra dio to which the filter is mapped. Radio Radio to which the filter is mapped. Rx Match Number of packets received by the radio that match the filter.[...]

  • Page 710

    710 C HAPTER 22: S NOOP C OMMANDS[...]

  • Page 711

    23 S YSTEM L OG C OMMANDS Use the system log commands to recor d information fo r monitoring and troubleshooting. MSS system logs are based on RFC 3164, which defines the log protocol. Commands by Usage This chapter present system log commands alphabetically . Use T able 119 to locate commands in this chapter based on their use. clear log Clears th[...]

  • Page 712

    712 C HAPTER 23: S YSTEM L OG C OMMANDS Access — Enabled. History — Introduced in MSS V ersio n 3.0. Examples — T o stop sending system logging messages to a server at 192.168.253.11, type the following command: WX4400# clear log server 192.168.253 .11 success: change accepted. T ype the following command to clear all messages from the log bu[...]

  • Page 713

    display log buffer 713  severity severity-level — Displays messages at a severity level greater than or equal to the leve l specified. Specify one of the following:  emergency — The WX switch is unusable.  alert — Action must be taken immediately .  critical — Y ou must resolve the critical conditions. If the conditions are not [...]

  • Page 714

    714 C HAPTER 23: S YSTEM L OG C OMMANDS See Also  clear log on page 711  display log config on page 714 display log config Displays log configur ation information. Syntax — display log config Defaults — None. Access — Enabled. History — Introduced in MSS V ersio n 3.0. Examples — T o display how logging is configured, type the follo[...]

  • Page 715

    display log trace 71 5 display log trace Displays system information sto red in the nonvolatile log buffer or the trace buffer . Syntax — display log trace [{ + | - | / } number- of-messages ] [ facility facility-name ] [ matching s tring ] [ severity severity-level ]  trace — Displays the log messa ges in the trace buffer .  + | - | / nu[...]

  • Page 716

    716 C HAPTER 23: S YSTEM L OG C OMMANDS Defaults — None. Access — Enabled. History — Introduced in MSS V ersio n 3.0. Examples — T ype the following command to see the facilities for which you can view event messag es archived in the buf fer: WX4400# display log trace facility ? <facility name> Select o ne of: KERNEL, AAA, SYSLOGD, AC[...]

  • Page 717

    set log 717  Logging state (enabled or disabled) T o override the session defaults for an individual session, type the set log command from within the session and use the current optio n.  trace — Sets log parameters for trace files.  Port port-nu mber — Sets the TCP port for sending messages to th e syslog server . Y ou can sp ecify a[...]

  • Page 718

    718 C HAPTER 23: S YSTEM L OG C OMMANDS If you do not specify a local facility , MSS sends the messages with their default MSS facilities. For example, AAA messages ar e sent with facility 4 and boot messages ar e se nt with facility 20 by default.  enable — Enables messages to the specified target.  disable — Disables messages to the spe[...]

  • Page 719

    set log mark 719 set log mark Configures MSS to generate mark messages at regular intervals. The mark messages indicate the current system time and date. 3Com can use the mark messages to dete rmine the approx imate time when a system restart or other event causing a syst em outage occurred. Syntax — set log mark [enable | disable] [severity leve[...]

  • Page 720

    720 C HAPTER 23: S YSTEM L OG C OMMANDS[...]

  • Page 721

    24 B OOT P RO M P T C OMMANDS Boot prompt commands enable you to perform basic tasks, including booting a system image file, from the boot prompt (boot>). A CLI session enters the bo ot prompt if MSS does not boot successfully or you intentionally interrupt the boot process. T o interrupt the boot process, press q followed by Enter (r etur n). C[...]

  • Page 722

    722 C HAPTER 24: B OOT P ROMPT C OMMANDS autoboot Displays or changes the state of the aut oboot option. The autoboot option controls whether a WX switch automat ically boots a system image after initializing the hardwar e, followi ng a system reset or power cycle. Syntax — autoboot [ON | on | OFF | off]  ON — Enables the autoboot option. ?[...]

  • Page 723

    boot 723 boot Loads and executes a system image file. Syntax — boot [ BT= type ] [ DEV= device ] [ FN= fi lename ] [ HA= ip-addr ] [ FL= num ] [ OPT= option ] [ OPT+= option ]  BT= type — Boot type:  c — Compact flash. Boots using nonvolatile storage or a flash card.  n — Network. Boots using a TF TP server .  DEV= device — Lo[...]

  • Page 724

    724 C HAPTER 24: B OOT P ROMPT C OMMANDS Usage — If you use an optional para meter , the para meter s etting overrides the setting of the same pa rameter in the currently active boot profile. However , the boot profile itself is not changed. T o display the currently active boot profile, use the display command. T o change the currently active bo[...]

  • Page 725

    change 725 change Changes parameters in the currently active boot profile. (For information about boot profiles, see display on page 730.) Syntax — change Defaults — The default boot type is c (compa ct flash). Th e default filename is default . The default flags setting is 0x0000 0000 (all flags disabled) and the default options li st is run=n[...]

  • Page 726

    726 C HAPTER 24: B OOT P ROMPT C OMMANDS The following command enters the configuration mode for the currently active boot profile and configur es the WX switch (in this example, an WXR100) to boot using a TF TP server: boot> change Changing the default configuration i s not recommended. Are you sure that you want to procee d? (y/n) y BOOT TYPE:[...]

  • Page 727

    delete 727 Usage — A WX switch can have up to four boot profiles. The boot profiles ar e stored in slots, number ed 0 through 3. When you create a new profile, the system uses the next available slot for the pr ofile. If all four slots already contain pr ofiles and you tr y to create a fifth profile, the switch displays a message advising you to [...]

  • Page 728

    728 C HAPTER 24: B OOT P ROMPT C OMMANDS Usage — When yo u type the delete command, the next-lower numbered boot profile becomes the ac tive profile. For example, if the currently ac tive profile is number 3, pr ofile number 2 be co mes active after you type delete to delete profile 3. Y ou cannot delete boot profile 0. Examples — T o remove th[...]

  • Page 729

    diag 729 Examples — The following command displays the current setting of the DHCP option: boot> dhcp DHCP is currently enabled. The following command disables the DHCP option: boot> dhcp DHCP is currently disabled. See Also  boot on page 723 diag Accesses the dia gnostic mode. Syntax — diag Defaults — The diagnostic mode is disabled[...]

  • Page 730

    730 C HAPTER 24: B OOT P ROMPT C OMMANDS Access — Boot prompt. History —Introduced in MSS V e rsion 3.0. Usage — T o display the system image software versions, use the fver command. This command does not list the boot code versions. T o display the boot code versions, use the version command. Examples — The following co mmand displays all [...]

  • Page 731

    display 731 A WX switch can have up to four boot profiles, number ed 0 through 3. Only one boot profile can be active at a time. Y ou can create, change, and delete boot profiles. Y ou also can activate another boot profile in place of the currently active one. Syntax — display Defaults — None. Access — Boot prompt. History —Introduced in M[...]

  • Page 732

    732 C HAPTER 24: B OOT P ROMPT C OMMANDS See Also  change on page 725  cr eate on page 726  delete on page 727  next on page 735 fver Displays the version of a system image file installed in a specific location on a WX switch. Syntax — fver { c: | d: | e: | f: | boot0: | boot1: } [ filename ]  c: — Nonvolatile storage ar ea conta[...]

  • Page 733

    help 733 Access — Boot prompt. History —Introduced in MSS V ersion 3.0. Usage — T o display the imag e filenames, use the dir command. This command does not list the boot code versions. T o disp lay the boot code versions, use the version command. Examples — The following command displa ys the system image version installed in boot partitio[...]

  • Page 734

    734 C HAPTER 24: B OOT P ROMPT C OMMANDS Examples — The following co mmand displa ys detailed information for the fver command: boot> help fver fver Display the version of the specified device:filename. USAGE: fver [c:file|d:file|e:file |f:file|boot0:file|boot1:file| boot2:file|boot3:file] Command to display the version o f the compressed imag[...]

  • Page 735

    next 735 Examples — T o display a list of the commands available at the boot prompt, type the following command: boot> ls ls Display a list of all commands and descriptions. help Display help information for each command. autoboot Display the state of, enable, or disable the autoboot option. boot Load and execute an image using the current boo[...]

  • Page 736

    736 C HAPTER 24: B OOT P ROMPT C OMMANDS Examples — T o activate the boot profile in the next slot and display the profile, type the following command: boot> next BOOT Index: 0 BOOT TYPE: c DEVICE: boot1: FILENAME: testcfg FLAGS: 00000000 OPTIONS: run=nos;boot=0 See Also  change on page 725  cr eate on page 726  delete on page 727 [...]

  • Page 737

    test 737 3Com WX-4400 Bootstrap/Bootloade r Version 3.0.2 Re lease Compiled on Wed Sep 22 09:18:47 PDT 2004 by Bootstrap 0 version: 3.1 Active Bootloader 0 version: 3. 0.2 Active Bootstrap 1 version: 3.1 Bootloader 1 version: 3. 0.1 WX-4400 Board Revision: 2. WX-4400 Controller Revision: 5. WXA30001.Rel 8863722 bytes BOOT Index: 0 BOOT TYPE: c DEVI[...]

  • Page 738

    738 C HAPTER 24: B OOT P ROMPT C OMMANDS Examples — The following command displays the current setting of the poweron test flag: boot> test The diagnostic execution flag is not set. See Also  boot on page 723 version Displays version informatio n for a WX switch’ s hardwar e and boot code. Syntax — version Defaults — None. Access — [...]

  • Page 739

    A O BTAINING S UPPORT FOR Y OUR 3C OM P R ODUCTS 3Com offers pr oduct registration, ca se management, and r epair services through eSupport.3com.com . Y ou must have a user name and password to access these services, which ar e described in this appendix. Register Y our Product to Gain Service Benefits T o take advantage of warranty and ot her serv[...]

  • Page 740

    740 A PPENDIX A: O BTAINING S UPPORT FOR Y OUR 3C OM P RODUCTS Purchase Extended W arranty and Professional Services T o enhanc e response times or extend y our warranty be nefits, you can purchase value-added services such as 24x7 telephone technical support, software upgrades, onsite assistance, or advanced hardware replacement. Experienced engin[...]

  • Page 741

    Contact Us 741 T elephone T echnical Support and Repair T o obtain telephone support as part of your warranty and other service benefits, you must first register your pr oduct at: http://eSupport.3com.com/ When you contact 3Com for assistance, please have the following information ready: ■ Product model name, part number , and serial number ■ A[...]

  • Page 742

    742 A PPENDIX A: O BTAINING S UPPORT FOR Y OUR 3C OM P RODUCTS Pakistan Call the U.S. direct by dialing 00 800 01001, th en dialing 800 763 6780 Sri Lanka Call the U.S. direct by dialing 02 430 430, then dialing 800 763 6780 Vietnam Call the U.S. direct by dialin g 1 201 0288, then di aling 800 763 6 780 You can also obtain non-urgent sup port in t[...]

  • Page 743

    Contact Us 743 US and Canada — T elephone T echnical Support and Repair All locations: Network Jacks; Wired or Wireless Ne twork Interface Cards: All other 3Com products: 1 847-262-0070 1 800 876 32 66 Country Telephone Number Country Teleph one Number[...]

  • Page 744

    744 A PPENDIX A: O BTAINING S UPPORT FOR Y OUR 3C OM P RODUCTS[...]

  • Page 745

    I NDEX A autoboot 722 B backup 664 boot 723 C change 725 clear accounting 213 clear ap 70 clear ap boot-configuration 310 clear ap local-s witching vlan-pr ofile 307 clear ap radio 308 clear authentication admin 214 clear authentication console 215 clear authentication dot1x 216 clear authentication mac 217 clear authentication proxy 218 clear bann[...]

  • Page 746

    746 I NDEX clear snmp notify profile 143 clear snmp notify target 144 clear snoop 700 clear snoop map 700 clear spantree portcost 484 clear spantree portpri 485 clear spantree portvlancost 485 clear spantree portvlanpri 486 clear spantree statistics 487 clear summertime 145 clear system 44 clear system countrycode 44 clear system ip-address 44, 146[...]

  • Page 747

    I NDEX 747 display network-domain 296 display ntp 159 display port counters 75 display port media-type 81 display port mirror 77 display port poe 78 display port status 79 display port-group 76 display qos 133 display qos dscp-table 134 display radio-profile 350 display rfdetect attack-list 635 display rfdetect black-list 636 display rfdetect clien[...]

  • Page 748

    748 I NDEX reset port 87 reset sy stem 683 rest ore 684 rfping 634 rmdir 685 rollback security acl 551 S save config 685 save trace 694 set acco unting {admin | console} 235 set accountin g {dot1x | mac | web | last-resort} 237 set ap 87 set ap auto 362 set ap auto mode 366 set ap auto persistent 364 set ap auto radiotype 365 set ap bias 367 set ap[...]

  • Page 749

    I NDEX 749 set license 58 set load-balancing strictness 399 set location policy 256 set log 716 set log buffer 716 set log console 716 set log current 716 set log mark 719 set log server 716 set log sessions 716 set log trace 716 set mac-user 260 set mac-user attr 261 set mac-usergroup attr 267 set mobility profile 269 set mobility-domain member 28[...]

  • Page 750

    750 I NDEX set service-profile cos 444 set service-profile dhcp-restrict 445 set service-profile idle-client-probing 446 set service-profile keep-initial-vlan 447 set service-profile load-balancing- 448 set service-profile long-retry-count 44 9 set service-profile no-broadcast 451 set service-profile proxy-arp 452 set service-profile psk-phrase 453[...]