3Com 3CRWX120695A manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of 3Com 3CRWX120695A, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of 3Com 3CRWX120695A one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of 3Com 3CRWX120695A. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of 3Com 3CRWX120695A should contain:
- informations concerning technical data of 3Com 3CRWX120695A
- name of the manufacturer and a year of construction of the 3Com 3CRWX120695A item
- rules of operation, control and maintenance of the 3Com 3CRWX120695A item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of 3Com 3CRWX120695A alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of 3Com 3CRWX120695A, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the 3Com service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of 3Com 3CRWX120695A.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the 3Com 3CRWX120695A item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    http://www.3com.com/ Part No. 730-9502-0072, Revis ion B Published April 200 5 Wir eless LAN Mobility System W ir eless LAN Switch and Contr oller Command Refer ence 3CRWX120695A, 3 CRWX440095A[...]

  • Page 2

    3Com Corporati on 350 Campus Drive Marlborough, MA USA 01752-3064 Copyright © 2 004, 3Com Corporatio n. All rights reserv ed . No part of this documen tation may be repr oduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without writt en permission fr om 3Com Cor poration. 3C[...]

  • Page 3

    C ONTENTS A BOUT T HIS G UIDE Conventions 17 Documentation 18 Documentation Comments 19 1 U SING THE C OMMAND -L INE I NTERFACE Overview 21 CLI Conventions 22 Command Prompt s 22 Syntax Notation 22 T ext Entry Conventions and Allowed Characters 23 MAC Addres s Notation 23 IP Addres s and Mask Notation 24 User Globs, MAC Address Globs, and VLAN Glob[...]

  • Page 4

    3 S YSTEM S ERVICE C OMMANDS Commands by Usage 37 clear banner motd 38 clear history 38 clear promp t 39 clear system 39 display banner mo td 40 display base-information 41 display license 41 display system 42 help 45 history 46 set banner motd 46 set confirm 47 set length 48 set license 49 set prompt 50 set system contact 51 set system countrycode[...]

  • Page 5

    reset port 73 set dap 73 set port 76 set port-group 77 set port name 78 set port negotiation 7 9 set port poe 79 set port preference 80 set port speed 81 set port trap 82 set port type ap 83 set port type wir ed-auth 86 5 VLAN C OMMANDS Commands by usage 89 clear fdb 9 0 clear vlan 91 display fdb 92 display fdb agingtime 94 display fdb count 95 dis[...]

  • Page 6

    clear ip telnet 112 clear ntp server 113 clear ntp update-interval 113 clear snmp trap receiver 114 clear summertime 115 clear system ip-address 115 clear timezone 116 display arp 117 display interface 118 display ip alias 119 display ip dns 120 display ip https 121 display ip ro ute 123 display ip telnet 125 display ntp 126 display snmp configurat[...]

  • Page 7

    set ntp server 148 set ntp update- interval 149 set snmp commun ity 150 set snmp trap 151 set snmp trap receiver 153 set summertime 154 set system ip-addr ess 155 set timedate 156 set timezone 157 telnet 158 traceroute 160 7 AAA C OMMANDS Commands by Usage 163 clear accounting 165 clear authentication admin 166 clear authentication console 167 clea[...]

  • Page 8

    set accounting {admin | console} 186 set accounting {dot1x | mac | web} 187 set authentication admin 189 set authentication cons ole 191 set authentication dot 1x 193 set authentication last-resort 197 set authentication mac 199 set authentication web 2 01 set location policy 203 set mac-user 207 set mac-user attr 208 set mac-usergr oup attr 214 se[...]

  • Page 9

    display {ap | dap} etherstats 243 display {ap | dap} gr oup 245 display {ap | dap} status 246 display auto-tune at tributes 249 display auto-tune neigh bors 251 display dap connection 253 display dap global 254 display dap unconfigur ed 256 display radio-pr ofile 257 display service-profile 261 res et {ap | dap} 264 set {ap | da p} bias 264 set {ap[...]

  • Page 10

    set radio-pr ofile mode 291 set radio-pr ofile pr eamble-leng th 294 set radio-pr ofile rts-thr eshold 295 set radio-pr ofile service-pr ofile 296 set radio-pr ofile short-r etry 299 set service-profile auth-dot1x 300 set service-profile auth-fallthru 301 set service-profile auth-psk 302 set service-profile beacon 303 set service-pr ofile cipher -c[...]

  • Page 11

    display spantree portfast 32 8 display spantree portvlancost 329 display spantree statistics 329 display spantree uplinkfast 335 set spantree 336 set spantr ee backbonefast 337 set spantr ee fwddel ay 338 set spantree hello 338 set spantree maxage 339 set spantr ee portcos t 340 set spantree portfast 341 set spantr ee portpr i 342 set spantree port[...]

  • Page 12

    12 S ECURITY ACL C OMMANDS Security ACL Commands by Usage 369 clear security acl 370 clear security acl map 371 commit security acl 373 display security acl 374 display security acl hits 375 display security acl info 376 display security acl map 377 display security acl res ource-usage 378 hit-sample-rate 382 rollback security acl 383 set security [...]

  • Page 13

    set radius server 415 set server gr oup 417 set server gr oup lo ad-balance 418 15 802.1X M ANAGEMENT C OMMANDS Commands by Usage 421 clear dot1x bonded-p eriod 422 clear dot1x max-req 423 clear dot1x port-cont rol 423 clear dot1x quiet-period 424 clear dot1x reauth-max 425 clear dot1x reauth-period 425 clear dot1x timeout auth -server 426 clear do[...]

  • Page 14

    17 RF D ETECTION C OMMANDS Commands by Usage 455 clear rfdetect countermeasu res mac 456 clear rfdetect ignore 457 display rfdetect countermeasures 458 display rfdetect data 459 display rfdetect ignor e 461 display rfdetect mobility-domain 461 display rfdetect visible 463 set rfdetect active-scan 465 set rf detect co untermeasures 46 5 set rfdetect[...]

  • Page 15

    19 T RACE C OMMANDS Commands by Usage 491 clear log trace 491 clear trace 492 display trace 493 save trace 494 set trace authentication 494 set trace authorization 495 set trace dot1x 496 set trace sm 497 20 S YSTEM L OG C OMMANDS Commands by Usage 499 clear log 4 99 display log buf fer 500 display log config 502 display log trace 503 set log 504 s[...]

  • Page 16

    version 524 A O BTAINING S UPPORT FOR YOUR P RODUCT Register Y our Product 527 Purchase V alue-Added Services 527 T roubleshoot Online 528 Access Software Downloads 528 T elephone T echnical S upport and Repair 528 Contact Us 529 I NDEX[...]

  • Page 17

    Conventions 17 A BOUT T HIS G UIDE This command refer ence explains Mobility System Softwar e (MSS™) command line interface (CLI) that you enter on a 3Com WX1200 W ireless Switch or WX4400 W ireless LAN Contro ller to configur e and manage the Mobility System™ wireless LAN (WLAN). Read this refer ence if you ar e a network administrator respons[...]

  • Page 18

    18 A BOUT T HIS G UIDE This manual uses the follo wi ng text and syntax conventions: Documentation The MSS documentation set includ es the following documents.  Wireless LAN Switch Manage r (3WXM) Release Notes These notes provide information about the system software release, including new features and bug fixes.  Wireless LAN Switch and Con[...]

  • Page 19

    Documentation Comments 19  Wireless LAN Switch Ma nager Refere nce Manual This manual shows you how to plan , configure, deploy , and manage a Mobility System wireless LAN (WL AN) using the 3Com Wireless LAN Switch Manage r (3WXM).  Wireless LAN Switch and Contro ller Installation and Basic Configuration Guide This guide provides instructions[...]

  • Page 20

    20 A BOUT T HIS G UIDE[...]

  • Page 21

    1 U SING THE C OMMAND -L INE I NTERFACE This chapter discusse s the 3Com W ireless Switch Manager (3WXM) command-line interface (CLI). Describe d are the CLI conventions (see “CLI Conventions” on page 22), editing on the command line (see “Command-Line Editing” on page 27), using the CLI help feature (see “Using CLI Help” on page 29), a[...]

  • Page 22

    22 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE CLI Conventions Be awar e of the following MSS CL I conventions for command entry:  “Command Prompts” on page 22  “Syntax Notation” on page 22  “T ext Entry Conventions and A llowed Characters” on page 23  “User Globs, MAC Address Gl obs, and VLAN Globs” on page 24 [...]

  • Page 23

    CLI Conventions 23  A vertical bar ( | ) separates mutually exclusive options within a list of possibilities. For example , you enter either enable or disable , not both, in the following command: set port { enable | disable } port-list T ext Entry Conventions and Allowed Characters Unless otherwise indicated, the MSS CLI accepts standard ASCII [...]

  • Page 24

    24 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE IP Addr ess and Mask Notation MSS displays IP addresses in dotte d d ecimal notation — for example, 192.168.1.111. MSS makes use of both s ubnet masks and wildcard masks. Subnet Masks Unless otherwise noted, use classless interdomain routing (CIDR) format to express subnet masks — for exampl [...]

  • Page 25

    CLI Conventions 25 T able 3 giv es examples of user gl obs. MAC Address Globs A media access control (MAC) address glob is a similar method for matching some authentication, aut horization, and accounting (AAA) and forwarding database (FDB) commands to one or more 6-byte MAC addresses. In a MAC addr ess glob, you can use a single asterisk (*) as a [...]

  • Page 26

    26 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE VLAN Globs A VLAN glob is a method for matching one of a set of local rules on an wireless LAN switch, known as th e location policy , t o one or more users. MSS compares the VLAN glob, which can optionally contain wildcard characters, against the VLAN-Name att ribute r eturned by AAA, to determi[...]

  • Page 27

    Command-Line Editing 27  A hyphen-separated ran ge of port numbers, with no spaces. For example: WX1200# reset port 1-3  Any combination of single numbers, lists, and ranges. Hyphens take prec edence over commas. For example: WX1200# display port status 1-3,6 Virtual LAN Identification The names of virtual L ANs (VLANs), which are used in Mob[...]

  • Page 28

    28 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE History Buffer Th e history buffer stores the last 63 commands you entered during a terminal session . Y ou can use the Up Arr ow and Do wn Arr ow keys to select a command that yo u want to repeat fr om the history buffer . Ta b s The MS S CLI uses the T ab key for command completion. Y ou can ty[...]

  • Page 29

    Using CLI Help 29 Using CLI Help The CLI provides online help. T o see t he full range of commands available at your access level, type the help command. For example: WX1200# help Commands: ------------------------------------ -------------------------------- ----- clear Clear, use 'clear help' for more inform ation commit Commit the cont[...]

  • Page 30

    30 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE T o see all the variations, type one of the commands followed by a question mark (?). For exampl e: WX1200# display ip ? alias display ip aliases dns display DNS status https display ip https route display ip route table telnet display ip telnet T o determine the port on which T elnet is running,[...]

  • Page 31

    Understanding Command Descriptions 31  One or more examples of the command in context, with the appropriate system prompt and r esponse.  One or more r elated commands.[...]

  • Page 32

    32 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE[...]

  • Page 33

    2 A CCESS C OMMANDS This chapter describes access comma nds used to control access to the Mobility Software System (MSS) command-line interface (CLI). Commands by Usage This chapter presents access services comma nds alphabetically . Use T able 5 to located commands in this chapter based on their use. disable Changes the CLI session fr om enab led [...]

  • Page 34

    34 C HAPTER 2: A CCESS C OMMAND S See Also  enable on page 34 enable Places the CLI session in enabled mo de, which pro vides access to all commands requir ed for configur ing and monitoring the system. Syntax — enable Access — All. History — Introduced in MSS V ersion 3.0. Usage — MSS displays a password pr om pt to challenge you with t[...]

  • Page 35

    set enablepass 35 set enablepass Sets the password that provides enabled access (for configuration and monitoring) to the WX switch. Syntax — set enablepass Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — After typing the set enablepa ss comman d, pr ess Enter . If you are entering the first enable pas[...]

  • Page 36

    36 C HAPTER 2: A CCESS C OMMAND S[...]

  • Page 37

    3 S YSTEM S ERVICE C OMMANDS Use system services commands to configur e and moni tor system information for a WX switch. Commands by Usage This chapter presents system services commands alph abetically . Use T able 6 to located commands in this chapter based on their use. Ta b l e 6 System Services Commands by Usage Type Command Display “clear ba[...]

  • Page 38

    38 C HAPTER 3: S YSTEM S ERVICE C OMMANDS clear banner motd Deletes the message-of-the-day (MOTD) banner t hat is displayed before the login prompt for each CLI se ssion on the wir eless LAN switch. Syntax — clear banner motd Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — T o clear a banner , type [...]

  • Page 39

    clear prompt 39 Examples — T o clear the hist ory buf fer , type the f ollowing command: WX4400# clear history success: command buffer was flushed. See Also  history on page 46 clear prompt Resets the system pr ompt to its previously configured value. If the pr ompt was not configured previously , this command resets the prompt to its default.[...]

  • Page 40

    40 C HAPTER 3: S YSTEM S ERVICE C OMMANDS  location — Resets the location o f the WX swi tch to nu ll.  name — Resets the name of the WX switch to the default system name, which is the model number . Defaults — None. Access — Enabled. History — —Introduced in MSS V ersion 3.0. Examples — T o clear the location of the WX switch, [...]

  • Page 41

    display base-information 41 See Also  clear banner motd on page 38  set banner motd on page 46 display base-information Provides an in-depth snapshot of th e status of the wireless LAN switch, which includes details about the bo ot image, the version, ports, and other configuration values. This command also displays the last 100 log messages.[...]

  • Page 42

    42 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Defaults — None. Access — All. Examples — T o view the WX switch license, type the following command: WX4400# display license Serial Number : M8XE4IBB8DB10 License Number : 245 License Key : WXL-076E-93E9-62D A-54D8 Activation key : WXA-3E04-4CC2-430 D-B508 Feature : 24 additional por ts Expires : Nev[...]

  • Page 43

    display system 43 ==================================== ================================ =========== Fan status: fan1 OK fan2 OK fan3 O K Temperature: temp1 ok temp2 ok te mp3 ok PSU Status: Lower Power Supply DC ok AC ok Upper Power Supply mis sing Memory: 97.04/744.03 (13%) Total Power Over Ethernet : 29.000 ==================================== ==[...]

  • Page 44

    44 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also  clear system on page 39  set system contact on page 51  set system countrycode on page 51  set system ip-address on page 53  set system location on page 54  set system name on page 55 Temperature Status of temperatur e sensors at three locations in the WX switch:  ok — Tempe[...]

  • Page 45

    help 45 help Displays a list of commands that ca n be used to conf igur e and monitor the WX switch. Syntax — help Defaults — None. Access — All. History — Introduced in MSS V ersion 3.0. Examples — Use this command to se e a list of available commands. If you have restricted access, you s ee fewer commands than if you have enabled access[...]

  • Page 46

    46 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also  “Using CLI Help” on page 29 history Displays the command history buf fer for the current CLI session. Syntax — history Defaults — None. Access — All. History — Introduced in MSS V ersion 3.0. Examples — T o show the history of your session, type the following command: WX4400> h[...]

  • Page 47

    set confirm 47 Usage — T ype a car et ( ^ ), then the message, then another caret. Do not use the following char acters wi th commands in which you set text to be displayed on the W X switch, such as message-o f-the-day (MOTD) banners:  Ampersan d (&)  Angle brackets (< >)  Double quotation marks (“”)  Number sign (#) ?[...]

  • Page 48

    48 C HAPTER 3: S YSTEM S ERVICE C OMMANDS MSS displays a message r equiring c onfirmation when you enter certain commands that can have a potentially large impact on the network. For example: WX4400# clear vlan red This may disrupt user connectivity. Do you wish to continue? (y/n) [n] Examples — T o turn off these co nfirmation messages, typ e th[...]

  • Page 49

    set license 49 set license Installs an upgrade license, for managing more MAPs. Syntax — set license license-key activat ion-key  license-key — License key , starting wi th WXL. Y ou can enter the key with or without the hyphens.  activation-key — Activation key , starti ng with WXA. Y ou can enter the key with or without the hyphens. D[...]

  • Page 50

    50 C HAPTER 3: S YSTEM S ERVICE C OMMANDS set prompt Changes the CLI prompt for the WX switch to a string you specify . Syntax — set prompt string  string — Alphanumeric string up to 32 characters long. T o include spaces in the prompt, you must enclose the string in double quotation marks ( “” ). Defaults — The factory default for the[...]

  • Page 51

    set system contact 51 set system contact Stores a contact name for the WX switch. Syntax — set system contact string  string — Alphanumeric string up to 256 characters long, with no blank spaces. Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. T o view the system contact string, type the display system comm[...]

  • Page 52

    52 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Belgium BE Brazil BR Canada CA China CN Czech Republic CZ Denmark DK Finland FI France FR Germany DE Greece GR Hong Kong HK Hungary HU Iceland IS India IN Ireland IE Israel IL Italy IT Japan JP Liechtenstein LI Luxembourg LU Malaysia MY Mexico MX Netherlands NL New Zealand NZ Norway NO Poland PL Portugal PT[...]

  • Page 53

    set system ip-address 53 Defaults — The factory default country code is None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — Y ou must set the system count y code to a valid value before using any set ap commands to configure a MAP . Examples — T o set the country code to Canada, type the following command: WX1200# se[...]

  • Page 54

    54 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following co mmand sets the IP addr ess of the WX switch to 192.168.253.1: WX4400# set system ip-address 192.16 8.253.1 success: change accepted. See Also  clear system on page 39  set interface on page[...]

  • Page 55

    set system name 55  set system contact on page 51  set system name on page 55 set system name Changes the name of the WX switch from the default system name and also provides content for the CLI prompt, if you do not specify a prompt. Syntax — set system name string  string — Alphanumeric string up to 256 characters long, with no blank[...]

  • Page 56

    56 C HAPTER 3: S YSTEM S ERVICE C OMMANDS[...]

  • Page 57

    4 P ORT C OMMANDS Use port commands to configure a nd manage individual ports and load-sharing port groups. Commands by Usage This chapter presents port command s alphabetically . Use T able 9 to locate commands in this chapter based on their use. Ta b l e 9 Port Commands by Usage Type Command Port T ype se t port typ e ap on page 83 set dap on pag[...]

  • Page 58

    58 C HAPTER 4: P ORT C OMMANDS clear dap Removes a Distributed MAP . CAUTION: When you clear a Distributed MAP , MSS ends user sessions that are using the MAP . Syntax — clear dap dap-num  dap-num — Number of the Distributed MAP(s) you want to remove. Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples[...]

  • Page 59

    clear port-group 59 Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following co mmand clears all port statistics counters and resets them to 0: WX4400# clear port counters success: cleared port counters See Also  display port counters on page 62  monitor port counters on page 68 clear port-group Removes a por[...]

  • Page 60

    60 C HAPTER 4: P ORT C OMMANDS Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following co mmand clears the names of ports 1 through 3: WX4400# clear port 1-3 name See Also  display port status on page 66  set port name on page 78 clear port prefer ence Resets a gigabit Ethernet port on a W[...]

  • Page 61

    clear port type 61 clear port type Removes all configuration settings from a port and resets the port as a network port. CAUTION: When you clear a port, MSS ends user sessions that are using the port. Syntax — clear port type port-list  port-list — List of physical ports. MSS r esets and removes the configuration from a ll the specified port[...]

  • Page 62

    62 C HAPTER 4: P ORT C OMMANDS Examples — The following co mmand clears port 5: WX1200# clear port type 5 This may disrupt currently authentic ated users. Are you sure? (y/n) [n] y success: change accepted. See Also  set port type ap on page 83  set port type wir ed-auth on page 86 display port counters Displays port statistics. Syntax — [...]

  • Page 63

    display port-group 63 Examples — The following co mmand shows octet statistics for port 3: WX1200> display port counters octets port 3 Port Status Rx Octets Tx Octets ==================================== ================================ ========= 3 Up 27965420 34886544 This command’ s output has the same fields as the monitor port counters c[...]

  • Page 64

    64 C HAPTER 4: P ORT C OMMANDS See Also  clear port-group on page 59  set port-group on page 77 display port poe Displays status inf ormation for ports on which Power over Ether net (PoE) is enabled. Syntax — display port poe [ port-list ]  port-list — List of physical ports. If you do not specify a port list, PoE information is displa[...]

  • Page 65

    display port preference 65 See Also  set port poe on page 79 display port prefer ence Displays the interface prefer ences set on WX4400 gigabit Ethernet ports. Syntax — display port preference [ port-list ]  port-list — List of physical ports. MSS displays the prefer ence for all the specified ports. Defaults — None. Access — All. His[...]

  • Page 66

    66 C HAPTER 4: P ORT C OMMANDS Port Preference ==================================== ======================= 1 GBIC 2 RJ45 3 GBIC 4 GBIC T ab le 13 describes the fields in this display . See Also  clear port prefer ence on page 6 0  set port prefer ence on page 8 0 display port status Displays configuration and status information for p orts. S[...]

  • Page 67

    display port st atus 67 WX1200# display port status Port Name Admin Oper Config Actual Type Media ==================================== ================================ =========== 1 1 up up auto 100/full network 10/100BaseTx 2 2 up up auto 100/full ap 10/100BaseTx 3 3 up up auto 100/full network 10/100BaseTx 4 4 up down auto network 10/100Bas eTx 5[...]

  • Page 68

    68 C HAPTER 4: P ORT C OMMANDS See Also  clear port type on page 61  set port on page 76  set port name on page 78  set port negotiation on page 79  set port speed on page 81  set port type ap on page 83  set port type wir ed-auth on page 86 monitor port counters Displays and continually updates port statistics. Syntax — moni[...]

  • Page 69

    monitor port counters 69 Defaults — All types of statistics ar e displayed for all ports. MSS refr eshes the statistics every 5 seconds. This interval cannot be configured. Statistics types are displayed in the following or der by default:  Octets  Packets  Receive err ors  T ransmit er r ors  Collisions  Receive Ethernet statis[...]

  • Page 70

    70 C HAPTER 4: P ORT C OMMANDS Examples — The following command starts the port statistics monitor beginning with octet st at istics (the default): WX4400# monitor port counters As soon as you press Enter , MSS clears the window and displays statistics at the top of th e window . Port Status Rx Octets Tx Octets ===================================[...]

  • Page 71

    monitor port counters 71 packets Rx Unicast Number of unicast packets received. This number does not include packets that contain errors. Rx NonUnicast Number of broadcast and multicast packets received. This number does not include packets that contain errors. Tx Unicast Number of unicast packets transmitted. This number does not include packets t[...]

  • Page 72

    72 C HAPTER 4: P ORT C OMMANDS See Also  display port counters on page 62 collisions Single Co ll Total number of frames transmitted that experienced one collision before 64 bytes of the frame were transmitted on the network. Multiple Coll Total number of frames transmitted that experienced more than one collision before 64 bytes of the frame we[...]

  • Page 73

    reset port 73 reset port Resets a port by toggling its link state and Power over Ethe rnet (PoE) state. Syntax — reset port port-list  port-list — List of physical ports. MSS r esets all the specified ports. Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — The r eset command disables the port’ s [...]

  • Page 74

    74 C HAPTER 4: P ORT C OMMANDS  dap-num — Number for the Distributed MAP . The range of valid connection numbers depends on the WX switch model:  For a WX4400, you can specify a number from 1 to 256.  For a WX1200, you can specify a number from 1 to 30.  serial-id serial-ID — MAP access point serial ID. The serial ID is listed on th[...]

  • Page 75

    set dap 75  mp-372 — Contains one 802.11a radio and one 802.11b radio, and a connector for an exter nal antenna for the 802.11b/g radio. Also contains a connecto r for an optional exter nal 802.11a antenna. T o specify the antenna mo del, use the following command: set {ap | dap} radio antennatype .  radiotype 11a | 11b| 11g — Radio type:[...]

  • Page 76

    76 C HAPTER 4: P ORT C OMMANDS The following command removes Distributed MA P 1: WX4400# clear dap 1 This will clear specified DAP device s. Would you like to continue? (y/n) [n ] y See Also  clear dap on page 5 8  clear port type on page 61  set port type ap on page 83  set radio-profile 11g-only on page 280  set system countrycode [...]

  • Page 77

    set port-group 77 See Also  reset port on page 73 set port-group Configur es a load-sharing port group. All ports in the group function as a single logical link. Syntax — set port-group name group-name port-list mode { on | off }  name group-name — Alphanumeric string of up to 255 characters, with no spaces.  port-list — List of phys[...]

  • Page 78

    78 C HAPTER 4: P ORT C OMMANDS The following commands disable the link for port group ser ver1, change the list of ports in the group, and r eenable the link: WX1200# set port-group name server1 1-5 mode off success: change accepted. WX1200# set port-group name server1 1-4,7 mode on success: change accepted. See Also  clear port-group on page 59[...]

  • Page 79

    set port negotiation 79 set port negotiation Disables or reenables autonegotiati on on gigabit Ether net or 10/100 Ether net ports. Syntax — set port negotiation port-list { enable | disable }  port-list — List of physical ports. MSS disables or r eenables autonegotiation on all the specified ports.  enable — Enables autonegotiation on [...]

  • Page 80

    80 C HAPTER 4: P ORT C OMMANDS Defaults — PoE is disabled on network and wire d authentication po rts. The state on MAP access point ports depends on whether you enabled or disabled PoE when setting the port type. See set port type ap on page 83. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — This command does not apply[...]

  • Page 81

    set port speed 81 Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — This command applies only to the WX4400. If you set the prefer ence to RJ-45 (copper) on a port that already has an active fiber link, MSS immediately cha nges the link to the copper interface. Examples — The follo wing command sets the pr efer ence of por[...]

  • Page 82

    82 C HAPTER 4: P ORT C OMMANDS Examples — The follo wing command sets the port speed on ports 1 and 3 through 4 to 10 Mbps and sets the operating mode to fu ll-duplex: WX1200# set port speed 1,3-4 10 set port trap Enables or disab les Simple Netw ork Manage ment Pr otocol (S NMP) linkup and linkdown traps on an individu al port. Syntax — set po[...]

  • Page 83

    set port type ap 83 set port type ap Configures an WX switch port for an MAP access point. CAUTION: When you set the po rt type for MAP use, you must specify the PoE state (ena ble or disable) of the port. Use the WX switch’ s PoE to power 3Com MAP access points only . If you enab le PoE on a port connected to another device, physical damage to t[...]

  • Page 84

    84 C HAPTER 4: P ORT C OMMANDS  mp-122 — Contains one 80 2.11a radio and one 802.11b/g r adio.  mp-241 — Contains one radio that can be configur ed through software for 802.11a or 802.11b/g.  mp-252 — Contains one 80 2.11a radio and one 802.11b radio.  mp-262 — Contains one 802.11a ra dio and one 802.11b radio, and a connector f[...]

  • Page 85

    set port type ap 85 MAP model MP-262 requires an external antenna for the 802.11b/g radio. Y ou must specify the ante nna model. MAP models MP-341 and MP-352 have an intern al 802.1b/g an tenna as well as a connect or for an extern al antenna, so use of a n ex ternal antenna is optional on these models. T o specify the model, use the set { ap | dap[...]

  • Page 86

    86 C HAPTER 4: P ORT C OMMANDS The following command sets ports 1 through 3 and port 5 for MAP access point model AP7250 an d enables PoE on the ports: WX1200# set port type ap 1-3,5 model ap7250 poe enable This may affect the power applied on the configured ports. Would you like to continue? (y/n) [n ] y The following command sets ports 1 through [...]

  • Page 87

    set port type wired-auth 87 Syntax — set port type wired-auth port-list [ tag tag-list ] [ max-sessions num ]  port-list — List of physical ports.  tag-list — One or more numbers between 1 and 4094 that subdivide a wired authentication port into virtual ports.  num — Maximum number of simultaneous user sessions supported. Defaults [...]

  • Page 88

    88 C HAPTER 4: P ORT C OMMANDS The following command sets port 7 for a wired authentication user and subdivides the port into three virtual ports to support thr ee simultaneous user sessions: WX1200# set port type wired-auth 7 1 ,2,3 success: change accepted See Also  clear port type on page 61  set port type ap on page 83[...]

  • Page 89

    5 VLAN C OMMANDS Use virtual LAN (VLAN) c ommands to configure and manage parameters for individual por t VLANs on network ports, and to display information about clients roaming within a mobility domain. Commands by usage This chapte r pr esents V LAN comm ands alphabetically . Use T ab le 19 to locate commands in this chapter based on their use. [...]

  • Page 90

    90 C HAPTER 5: VLAN C OMMANDS clear fdb Deletes an entry fr om the forwarding database (FDB). Syntax — clear fdb { perm | static | dynamic | port port-list } [ vlan vlan-id ] [ tag tag-valu e ]  perm — Clears permanent entries. A permanent entry does not age out and remains in the database even after a r eboot, r eset, or power cycle. Y ou m[...]

  • Page 91

    clear vlan 91 The following command clears all dynamic forwarding database entries that match all VLANs: WX4400# clear fdb dynamic success: change accepted. The following command clears all dynamic forwarding database entries that match ports 3 and 5: WX4400# clear fdb port 3,5 success: change accepted. See Also  display fdb on page 92  set f[...]

  • Page 92

    92 C HAPTER 5: VLAN C OMMANDS Usage — If you do not spec ify a port-list , the entir e VLAN is r emoved from the configuration. Y ou cannot delete the default VLAN but you can remove ports from it. T o remove ports from the default VLAN, use the port port-list option. Examples — The following co mmand r emoves port 1 fr om VLAN green : WX4400# [...]

  • Page 93

    display fdb 93  perm — Displays permanent entries. A permanent entry does not age out and remains in the database even after a reboot, r eset, or power cycle.  static — Displays static entries. A static en try does not age out, but is removed from the database afte r a reboot, reset, or power cycle.  dynamic — Displays dynamic entrie[...]

  • Page 94

    94 C HAPTER 5: VLAN C OMMANDS The following command displays all entries that begin with th e MAC address glob 00: WX4400# display fdb 00:* * = Static Entry. + = Permanent Entr y. # = System Entry. VLAN TAG Dest MAC/Route Des [CoS] Destination Ports [Protocol Type] ---- ---- ------------------ ----- -------------------------------- --------- 1 00:0[...]

  • Page 95

    display fdb cou nt 95 Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand displa ys the aging timeout period for all VLANs: WX1200# display fdb agingtime VLAN 2 aging time = 600 sec VLAN 1 aging time = 300 sec Because the forwarding database aging timeout period can b e configured only o[...]

  • Page 96

    96 C HAPTER 5: VLAN C OMMANDS The following command lists the numb er of dynamic entries that the forwarding database contains: WX1200# display fdb count dynamic Total Matching Entries = 2 See Also  display fdb on page 92 display roaming station Shows a list of the stations roaming to the wireless LAN switch thr ough a VLAN tunnel. Syntax — di[...]

  • Page 97

    display roaming station 97 T ab le 21 describes the fields in the display . See Also  display roaming vlan on pa ge 98 T able 21 Output for display roaming station Field Description User Name N ame of the user. This is the na me used for authentication. The name resides in a RADIUS server database or the local user database on a wireless LAN swi[...]

  • Page 98

    98 C HAPTER 5: VLAN C OMMANDS display roaming vlan Shows all VLANs in the mobility doma in, the WX switches servicing the VLANs, and their tunnel affinity values configured on each switch for the VLANs. Syntax — display roaming vlan Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mma[...]

  • Page 99

    display tunnel 99 display tunnel Sh ows the tunnels fr om the wir eless LAN switch where you type the command. Syntax — display tunnel Defaults — None. Access — Enabled History —Introduced in MSS V ersion 3.0. Examples — T o display all tunnels from a WX switch to other WX switches in the Mobility Doma in, type the following command. WX44[...]

  • Page 100

    100 C HAPTER 5: VLAN C OMMANDS display vlan config Shows VLAN information. Syntax — display vlan config [ vlan-id ]  vlan-id — VLAN name or number . If you do not specify a VLAN, information for all VLANs is displayed. Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand disp lays [...]

  • Page 101

    set fdb 101 See Also  clear vlan on pa ge 91  set vlan name on page 103  set vlan port on page 104  set vlan tunnel-affinity on page 105 set fdb Adds a permanent or static en t ry to the forwar ding database. Syntax — set fdb { perm | static } mac-addr port port-list vlan vlan-id [ tag tag-value ]  perm — Adds a permanent entry .[...]

  • Page 102

    102 C HAPTER 5: VLAN C OMMANDS  mac-addr — Destination MAC address of the entry . Use colons to separate the octets (for example, 00 :1 1:22:aa:bb:cc).  port port-list — List of physical destin ation ports for which to add the entry . A separ ate entry is added for each port you specify .  vlan vlan-id — Name or number of a VLAN of w[...]

  • Page 103

    set vlan name 103 Syntax — set fdb agingtime vlan-id age seconds  vlan-id — VLAN name or number . The timeout period change applies only to entries that match the spe cified VLAN.  age seconds — V alue for the timeo ut period, in seco nds. Y ou can specify a value from 0 through 1,000 ,000. If you change the timeout period to 0, aging i[...]

  • Page 104

    104 C HAPTER 5: VLAN C OMMANDS 3Com recommends that you do not use the name default . This name is already used for VLAN 1. 3Com also r ecommends that you do not rename the default VLAN. Y ou cannot use a number as the first character in a VLAN name. 3Com recommends that you do not use the same name with dif ferent capitalizations for VLANs. For ex[...]

  • Page 105

    set vlan tunnel-affinity 105 Usage — Y ou can comb ine this command with the set port name command to assign the name and add the ports at the same time. If you do not specify a tag value, the WX switch se nds untagged frames for the VLAN. If you do specify a tag value, the WX s ends tagged frames only for the VLAN. If you do specify a tag value,[...]

  • Page 106

    106 C HAPTER 5: VLAN C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Increasing a WX switch’ s affinity value increases the WX’ s preferability for forwar ding user traffic for the VLAN. If more than one WX switch has the highest affinity value, MSS randomly selects one of the WX switches for the tunnel. Examp[...]

  • Page 107

    6 IP S ERVICES C OMMANDS Use IP services commands to conf igur e and manage IP interfaces, management services, the Domain Name Service (DNS), Network Time Protocol (NTP), and aliases, and to ping a host or trace a route. Commands by Usage This chapter presents IP services commands alphabe tically . Use T able 25 to locate commands in this chapter [...]

  • Page 108

    108 C HAPTER 6: I P S ERVICES C OMMANDS HTTPS Management set ip https server on page 140 display ip https on page 121 DNS set ip dns on page 137 set ip dns domain on page 138 set ip dns serve r on page 139 display ip dns on page 120 clear ip dns domain on page 110 clear ip dns se rver on page 111 IP Alias set ip alias on page 137 display ip alias o[...]

  • Page 109

    clear interface 109 clear interface Removes an IP interface. Syntax — clear interface vlan-id ip  vlan-id — VLAN name or number Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — If the interf ace you want to r e move is configur ed as the system IP address, r emoving the address can interfere with s[...]

  • Page 110

    110 C HAPTER 6: I P S ERVICES C OMMANDS clear ip alias Removes an alias, which is a string that repr esents an IP addr ess. Syntax — clear ip alias name name — Alias name Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following co mmand r emoves the alias server1: WX1200# clear ip alias serve[...]

  • Page 111

    clear ip dns server 111  set ip dns domain on page 138  set ip dns server on pa ge 139 clear ip dns server Removes a DNS server from a WX switch conf iguration. Syntax — clear ip dns server ip-addr  ip-addr — IP addr ess of a DNS server . Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — Th[...]

  • Page 112

    112 C HAPTER 6: I P S ERVICES C OMMANDS  ip-addr/mask-length — IP addr ess and subnet mask length in CIDR format (for example, 10.10.10.10/24).  gateway — IP addr ess, DNS hostname, or alias of the next-hop r outer . Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following co mmand r em[...]

  • Page 113

    clear ntp server 113  set ip telnet on page 146  set ip telnet server on page 147 clear ntp server Removes an NTP server from a WX switch conf iguration. Syntax — clear ntp server { ip-addr | all }  ip-addr — IP addr ess of the server to r emove, in dotted decimal notation.  all — Removes all NT P servers from the configuration. D[...]

  • Page 114

    114 C HAPTER 6: I P S ERVICES C OMMANDS Examples — T o reset the NTP interval to the default value, type the following command: WX4400# clear ntp update-interval success: change accepted. See Also  clear ntp server on page 113  display ntp on page 126  set ntp on page 148  set ntp serve r on page 148  set ntp update-interval on pag[...]

  • Page 115

    clear summertime 115 clear summertime Cl ears the summe rtime setting fr om a wir eless LAN switch. Syntax — clear summertime Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — T o clear the summertime setting from a WX switch, type the following command: WX1200# clear summertime success: change accept[...]

  • Page 116

    116 C HAPTER 6: I P S ERVICES C OMMANDS Usage — Clearing the system IP addr e ss can interfer e with system tasks that use the system IP address, including the following:  Mobility Domain operations  T opology reporting for dual-homed MAP access points  Default source IP addr ess used in unsolicited communications such as AAA accounting [...]

  • Page 117

    display arp 117  display summertime on page 130  display timedate on page 130  display timezone on page 131 display arp Shows the ARP table. Syntax — display arp [ ip-addr ]  ip-addr — IP address. Defaults — If you do not specify an IP address, the whole ARP table is displayed. Usage — All. History —Introduced in MSS V ersion [...]

  • Page 118

    118 C HAPTER 6: I P S ERVICES C OMMANDS See Also  set arp on page 133  set arp agingtime on page 134 display interface Shows the IP interfaces configur ed on the wir eless LAN switch. Syntax — display interface [ vlan-id ]  vlan-id — VLAN name or number . Defaults — If you do not specify a VLAN ID, interfaces for all VLANs are displa[...]

  • Page 119

    display ip alias 119 WX4400# display interface VLAN Name Address Mask Enabled State ---- --------------- --------------- --------------- ------- ----- 1 default 10.10.10.10 255.255.255.0 YES Up 2 mauve 10.10.20.10 255.255.255.0 NO Down 4094 web-aaa 10.10.10.1 255.255.255.0 YES Up T ab le 27 describes the fields in this display . See Also  set in[...]

  • Page 120

    120 C HAPTER 6: I P S ERVICES C OMMANDS Examples — The following co mmand displa ys all the aliases configur ed on a WX switch: WX4400# display ip alias Name IP Address -------------------- ------------ -------- HR1 192.168.1.2 payroll 192.168.1.3 radius1 192.168.7.2 T ab le 28 describes the fields in this display . See Also  clear ip alias on[...]

  • Page 121

    display ip https 121 T ab le 29 describes the fields in this display . See Also  clear ip dns domain on page 110  clear ip dns server on page 111  set ip dns on page 137  set ip dns domain on page 138  set ip dns server on pa ge 139 display ip https Shows information about the HTTPS management port. Syntax — display ip https Defaul[...]

  • Page 122

    122 C HAPTER 6: I P S ERVICES C OMMANDS Examples — The following comman d shows the status and port number for the HTTP S management interface to the WX switch: WX4400# display ip https HTTPS is enabled HTTPS is set to use port 443 Last 10 Connections: IP Address Last Connected Time Ago (s) ------------ ----------------------- ------------ 10.10.[...]

  • Page 123

    display ip ro ute 123 display ip r oute Shows the IP route table. Syntax — display ip route [ destination ]  destination — Route destination IP addr ess, in dotted decimal notation. Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Usage — When you add an IP inte rface to a VLAN that is up, MSS adds direct and l[...]

  • Page 124

    124 C HAPTER 6: I P S ERVICES C OMMANDS See Also  clear ip route on page 111  display interface on page 118  display vlan config on page 100  set interface on page 135  set ip rou te on page 140 T able 31 Output of display ip route Field Description Destination/Mask IP address and subnet mask of the route destination. The 244.0.0.0 r[...]

  • Page 125

    display ip teln et 125 display ip telnet Shows information about the T elnet management port. Syntax — display ip telnet Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Examples — The following comman d shows the status and port number for the T elnet management interface to the WX switch: WX4400> display ip tel[...]

  • Page 126

    126 C HAPTER 6: I P S ERVICES C OMMANDS display ntp Shows NTP client inf ormation. Syntax — display ntp Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Examples — T o display NTP information for a WX switch, type the following command: WX4400> display ntp NTP client: enabled Current update-interval: 20(secs) Cur[...]

  • Page 127

    display ntp 127 See Also  clear ntp server on page 113  clear summertime on page 115  clear timezone on pa ge 116  display timezone on page 131  set ntp on page 148  set ntp serve r on page 148  set summertime on page 154  set timezone on pag e 157 Summertime Summertim e period configured on the W X switch. MSS offsets the s[...]

  • Page 128

    128 C HAPTER 6: I P S ERVICES C OMMANDS display snmp configuration Shows SNMP settings on a wir eless LAN switch. Syntax — display snmp configuration Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Examples — T o display SNMP settings on a WX switch , type the following command: WX1200# display snmp configuration S[...]

  • Page 129

    display snmp configuration 129 CounterMeasureStopTraps YES ClientDot1xFailureTraps YES Community Access Community N ame ---------------- ----------- --- read-only public read-write private T ab le 34 describes the fields in this display . See Also  set ip snmp server on page 142  set port trap on page 82  set snmp community on page 150 [...]

  • Page 130

    130 C HAPTER 6: I P S ERVICES C OMMANDS display summertime Shows a wireless LAN switch’ s offs et fr om its r eal-time c lock. Syntax — display summertime Defaults — There is no summertime offset by default. Access — All. History —Introduced in MSS V ersion 3.0. Examples — T o display the summertime setting on a WX switch, type the foll[...]

  • Page 131

    display timezone 131 Examples — T o display the time and date set on a WX switch’ s real-time clock, type the following command: WX1200# display timedate Sun Feb 29 2004, 23:59:02 PST See Also  clear summertime on page 115  clear timezone on pa ge 116  display summertime on page 130  display timezone on page 131  set summertime o[...]

  • Page 132

    132 C HAPTER 6: I P S ERVICES C OMMANDS  set timedate on page 156  set timezone on page 157 ping T est s IP connectivity between a wire less LAN switch and another device. MSS sends an Inter net Control Message Pr otocol (ICMP) echo packet to the specified WX switch and lis tens for a reply packet. Syntax — ping host [ count num-packets ] [[...]

  • Page 133

    set arp 133  size — 56. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — T o stop a ping command that is in progr ess, press Ctrl+C. Examples — The following co mmand pings a WX switch that has IP address 10.1.1.1: WX1200# ping 10.1.1.1 PING 10.1.1.1 (10.1.1.1) from 10.9.4 .34 : 56(84) bytes of data. 64 bytes from 10[...]

  • Page 134

    134 C HAPTER 6: I P S ERVICES C OMMANDS Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following command adds a static ARP entry that maps IP address 10.10.10.1 to MAC address 00:bb:cc:dd:ee:f f: WX1200# set arp static 10.10.10.1 00 :bb:cc:dd:ee:ff success: added arp 10.10.10.1 at 00: bb:cc:dd:ee:ff on VLAN 1 See A[...]

  • Page 135

    set interface 135 See Also  set arp on page 133  telnet on page 158 set interface Configures an IP interface on a VLAN. Syntax — set interface vlan-id ip { ip-addr mask | ip-addr/mask-length }  vlan-id — VLAN name or number .  ip-addr mask — IP addr ess and subnet mask in dotted decimal notation (for example, 10.10 .10.10 255.255.[...]

  • Page 136

    136 C HAPTER 6: I P S ERVICES C OMMANDS The following command configures IP interface 10.10.20.10 255.255.255.0 o n VLAN mauve: WX1200# set interface mauve ip 10.10 .20.10 255.255.255.0 success: set ip address 10.10.20.10 netmask 255.255.255.0 on vlan ma uve See Also  clear interface on pag e 109  display interface on page 118  set interfa[...]

  • Page 137

    set ip alias 137 set ip alias Configures an alias, which maps a na me to an IP add ress. Y ou can use aliases as shortcuts in CLI commands. Syntax — set ip alias name ip-addr  name — String of up to 32 alphanumeric characters, with no spaces.  ip-addr — IP addr ess in dotted decimal notation. Defaults — None. Access — Enabled. Histo[...]

  • Page 138

    138 C HAPTER 6: I P S ERVICES C OMMANDS See Also  clear ip dns domain on page 110  clear ip dns server on page 111  display ip dns on page 120  set ip dns domain on page 138  set ip dns server on page 139 set ip dns domain Configures a default domain name for DNS queries. The wireless LAN switch appends the default domain name to dom[...]

  • Page 139

    set ip dns server 139  set ip dns server on pa ge 139 set ip dns server Specifies a DNS server to use for re solving hostnames you enter in CLI commands. Syntax — set ip dns server ip-addr { primary | se condary }  ip-addr — IP addr ess of a DNS server , in dotted decimal or CIDR notation.  primary — Makes the se rver the primary ser[...]

  • Page 140

    140 C HAPTER 6: I P S ERVICES C OMMANDS set ip https server En ables the HTTPS server on a wireless LAN switch. The HTTPS server is requir ed for We b Manager access to the switch. CAUTION: If you disable the HTTPS ser ver , Web Manager access to the WX switch is also disabled. Syntax — set ip https server { enable | disable }  enable — Enab[...]

  • Page 141

    set ip route 141  ip-addr mask — IP address and subnet mask for the r oute destination, in dotted decimal not ation (for example, 10 .10.10.10 255.255.255.0 ).  ip-addr/mask-length — IP address and subnet mask length in CIDR format (for example, 10.10.10.10/24 ).  gateway — IP addr ess, DNS hostname, or alias of the next-hop r outer [...]

  • Page 142

    142 C HAPTER 6: I P S ERVICES C OMMANDS Examples — The following co mmand adds a default r oute that uses gateway 10.5.4.1 and gives the route a cost of 1: WX4400# set ip route default 10.5.4. 1 1 success: change accepted. The following commands add two default routes, and configure MSS to always use the route through 10.2.4. 69 when the interfac[...]

  • Page 143

    set ip ssh 143 History — Introduced in MSS V ersion 3.0. Examples — The follo wing command enables the SNMP server on a WX switch: WX4400# set ip snmp server enable success: change accepted. See Also —  clear snmp trap re ceiver on page 1 14  display snmp configuration on page 128  set port trap on page 82  set snmp community on p[...]

  • Page 144

    144 C HAPTER 6: I P S ERVICES C OMMANDS  set ip ssh idle-timeout on page 145  set ip ssh server on page 145 set ip ssh absolute-timeout Changes the number of minutes an SSH session can remain open. The absolute-timeout value applies regardle ss of whether the session is active or idle. Syntax — set ip ssh absolute-timeout minutes  minute[...]

  • Page 145

    set ip ssh id le-timeou t 145 set ip ssh idle-timeout Changes the number of minutes an SSH session can remain idle. Syntax — set ip ssh idle-timeout minutes  minutes — Number of minutes an SSH session can r emain idle. Y ou can set the idle timeout to a value from 0 (disabled) to 2,147,483,64 7 minutes. Defaults — The default idle timeout [...]

  • Page 146

    146 C HAPTER 6: I P S ERVICES C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou must gen erate an SSH authentication key to use SSH. The maximum number of SSH sessions supported on a WX switch is eight. If T e lnet is also enabled, the WX switch can have up to eight T elnet or SSH sessions, in any combin ation,[...]

  • Page 147

    set ip telnet server 147  display ip https on page 121  display ip telnet on page 125  set ip https server on page 140  set ip telnet server on page 147 set ip telnet server En ables the T e lnet server on a wireless LAN switch. CAUTION: If you disable the T elnet ser ver , T elnet access to the WX switch is also disabled. Syntax — se[...]

  • Page 148

    148 C HAPTER 6: I P S ERVICES C OMMANDS set ntp Enables or disables the NTP client on a wireless LAN switch. Syntax — set ntp { enable | disable }  enable — Enables the NTP cli ent.  disable — Disables the NTP client. Defaults — The NTP client is disabled by default. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage[...]

  • Page 149

    set ntp update-interval 149 History —Introduced in MSS V ersion 3.0. Usage — Y ou can configure up to thr ee N TP servers. MSS queries all the servers and selects the best response based on the method described in RFC 1305, Network T ime Protocol (V ersion 3) Specification, Implementation and Analysis. T o use NTP , you also must enable the NTP[...]

  • Page 150

    150 C HAPTER 6: I P S ERVICES C OMMANDS See Also  clear ntp server on page 113  clear ntp update-interval on pag e 113  display ntp on page 126  set ntp on page 148  set ntp serve r on page 148 set snmp community Names the SNMP read and read-write communities, which allow r emote wireless LAN switches to access ma nagement informatio[...]

  • Page 151

    set snmp trap 151  set ip snmp server on page 142  set snmp trap on page 15 1  set snmp trap receiver on page 153 set snmp trap Enables or disables the SNMP tr ap capability . T raps are event notifications. When a trap condition occurs, th e wir eless LAN switch sends an SNMP trap message to any network management system specified as a tr[...]

  • Page 152

    152 C HAPTER 6: I P S ERVICES C OMMANDS Defaults — All traps are disabled by default. Access — Enabled. ClientRoamingTraps Generated when a client roams. CounterMeasureStartTraps Generated when MSS be gins countermeasures agai nst a rogue access point. CounterMeasureStopTraps Generated when MSS stops countermeasures agai nst a rogue access poin[...]

  • Page 153

    set snmp trap receiver 153 History —Introduced in MSS V ersion 3.0. Usage — Y ou can enab le or disable the linkup and linkdown traps on an individual port basis with the set port trap command. The individual port setting overrides the global setting. Examples — The follow ing comma nd disables all traps: WX4400# set snmp trap disable all suc[...]

  • Page 154

    154 C HAPTER 6: I P S ERVICES C OMMANDS  display snmp configuration on page 128  set ip snmp server on page 142  set snmp community on page 150  set snmp trap on page 151 set summertime Offsets the real-time clock of a wir eless LAN switch by +1 hour and re turns it to standar d time for da ylight savings time or a similar summertime pe[...]

  • Page 155

    set system ip-address 155 Usage — Y ou must first set the time zone with the set timezone command for the offset to work p r operly without the start and end values. Configure summertime before you se t the time and date. Otherwise, summertime’ s adjustment of the time w ill make the time incorr ect, if the date is within the summertime period.[...]

  • Page 156

    156 C HAPTER 6: I P S ERVICES C OMMANDS History —Introduced in MSS V ersion 3.0. Usage — Y ou must use an add r ess that is configured on one of the WX switch’ s VLANs. T o display the system IP addr ess, use the display system command. Examples — The following co mmands configur e an IP interface on VLAN taupe and configure the interface t[...]

  • Page 157

    set timezone 157 Configure summertime before you se t the time and date. Otherwise, summertime’ s adjustment of the time w ill make the time incorr ect, if the date is within the summertime period. Examples — The following co mmand sets the date to Mar ch 13, 2003 and time to 11:11:12: WX4400# set timedate date feb 29 200 4 time 23:58:00 Time n[...]

  • Page 158

    158 C HAPTER 6: I P S ERVICES C OMMANDS History —Introduced in MSS V ersion 3.0. Examples — T o set the time zone for Paci fic Standard Time (PST ), type the following command: WX1200# set timezone PST -8 Timezone is set to 'PST', offset fro m UTC is -8:0 hours. See Also  clear summertime on page 115  clear timezone on pa ge 116[...]

  • Page 159

    telnet 159 If the configuration of the WX switch from which you enter the telnet command has an ACL that denies T e lnet client traf fic, the ACL also denies access by the telnet command. Examples — In the following example, an administrator establishes a T elnet session with another device and enters a command on th e r emote device: WX4400# tel[...]

  • Page 160

    160 C HAPTER 6: I P S ERVICES C OMMANDS traceroute T r aces the r oute to an IP host. Syntax — traceroute host [ dnf ] [ no-dns ] [ port port-num ] [ queries num ] [ size size ] [ ttl hops ] [ wait ms ]  host — IP address, hostname, or alias of the destination h ost. Specify the IP addr e ss in dotted decimal not ation.  dnf — Sets the [...]

  • Page 161

    traceroute 161 Examples — The followin g example traces the route to host server1: WX4400# traceroute server1 traceroute to server1.example.com (1 92.168.22.7), 30 hops max, 38 by te packets 1 engineering-1.example.com (192.168 .192.206) 2 ms 1 ms 1 ms 2 engineering-2.example.com (192.168 .196.204) 2 ms 3 ms 2 ms 3 gateway_a.example.com (192.168.[...]

  • Page 162

    162 C HAPTER 6: I P S ERVICES C OMMANDS See Also  ping on page 132 !F Fragmentation needed but Do Not Fragment (DNF) bit was set. !S Source route failed. !A Communication administratively prohibited. ? Unknown error occurred. T able 36 Error messages for tracer oute (continued) Field Description[...]

  • Page 163

    7 AAA C OMMANDS Use authentication, authorization, and accounting (AAA) commands to provide a secur e network connection and a r ecord of user activity . Location policy commands override an y virtual LAN (VLAN) or security ACL assignment by AAA or the local WX database to help you control access locally . (Security ACLs are packet filters. For com[...]

  • Page 164

    164 C HAPTER 7: AAA C OMMANDS Local Authorization for Password Users set user on page 218 clear user on page 176 set user attr on page 219 clear user attr on page 177 set usergroup on page 220 clear usergr oup on page 178 set user group on page 22 0 clear user gr oup on page 178 clear usergr oup attr on page 179 Local Authorization for MAC Users se[...]

  • Page 165

    clear accounting 165 clear accounting Removes accountin g services for specified wir eless users with administrat ive acce ss or network access. Syntax — clear accounting { admin | dot1x } { user- glob }  admin — Users with administrative access to the WX switch through a console connection or through a T elnet or Web Manager connection. [...]

  • Page 166

    166 C HAPTER 7: AAA C OMMANDS clear authentication admin Removes an authentication rule for administrative access through T elnet or Web Manager . Syntax — clear authentication admin user-glob  user-glob — A single user or set of users. Specify a username, use the doub le-asterisk wildcar d character ( ** ) to specify all user names, or use [...]

  • Page 167

    clear authentication console 167 clear authentication console Removes an authentication rule fo r administ rative access thr ough the Console. Syntax — clear authentication console user-glob  user-glob — A single user or set of users. Specify a username, use the doub le-asterisk wildcar d character ( ** ) to specify all user names, or use th[...]

  • Page 168

    168 C HAPTER 7: AAA C OMMANDS clear authentication dot1x Removes an 802.1X authenti cation rule. Syntax — clear authentication dot1x { ssid ssid-name | wired } user-glob  ssid ssid-name — SSID name to which th is authentication rule applies.  wired — Clears a rule used for access over an WX switch’ s wired-authentication port.  use[...]

  • Page 169

    clear authentication last-resort 169 clear authentication last-resort Removes a last-resort authentication rule. Syntax — clear authentication last-resor t { ssid ssid-name | wired }  ssid ssid-name —SSID name to which this authentication rule applies.  wired — Clears a rule used for access over an WX switch’ s wired-authentication po[...]

  • Page 170

    170 C HAPTER 7: AAA C OMMANDS  mac-addr-glob — A single user or set of users with access via a MAC address. Specify a MAC address, or use the wildcard ( * ) character to specify a set of MAC addr esses. (For details, see “MAC Address Globs” on page 25.) Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examp[...]

  • Page 171

    clear location policy 171 Specify a username, use the doub le-asterisk wildcar d character ( ** ) to specify all user names, or use the single-asterisk wildcard character ( * ) to specify a set of usernames up to or following the first delimiter character—either an at sign (@) or a period (.). (For details, see “User Globs” on page 24.) Defau[...]

  • Page 172

    172 C HAPTER 7: AAA C OMMANDS Usage — T o determine the in dex numbers of locatio n policy rule s, use the display location policy command. Removing all the ACEs from the location po licy disables this functio n on the WX switch. Examples — The following co mmand r e moves location policy rule 4 from an WX switch’ s location policy: WX4400# c[...]

  • Page 173

    clear mac-user attr 173  set mac-user attr on page 208 clear mac-user attr Removes an authorization attribute fr om the user pr ofile in the local database on the WX switch, for a us er who is authenticated by a MAC address. (T o remove an authorization attribute in RADIUS, see the documentation for your RADIUS server .) Syntax — clear mac-use[...]

  • Page 174

    174 C HAPTER 7: AAA C OMMANDS Syntax — clear mac-user mac-addr group  mac-addr — MAC addr ess of the user , in hexadecimal numb ers separated by colons ( : ). Y ou can omit leading zeros. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Removing a MAC user fr om a MAC user group r emoves the group n[...]

  • Page 175

    clear mac-usergroup attr 175 Usage — T o remove a user fr om a MAC user gr oup, use the clear mac-user group command. Examples — The following co mmand de letes the MAC user gr oup eastcoasters from the local database: WX4400# clear mac-usergroup eastcoas ters success: change accepted. See Also  clear mac-usergroup attr on page 175  displ[...]

  • Page 176

    176 C HAPTER 7: AAA C OMMANDS See Also  clear mac-usergroup on page 174  display aaa on page 180  set mac-usergroup attr on page 214 clear mobility-profile Removes a Mobility Profile entirely . Syntax — clear mobility-profile name  name — Name of an existing Mobility Profile. Defaults — None. Access — Enabled. History —Introdu[...]

  • Page 177

    clear user attr 177 History —Introduced in MSS V ersion 3.0. Usage — Deleting the user’ s pr ofile fr om the database deletes the assignment of any attributes in the profile to the user . Examples — The following co mmand delete s the user pr ofile for user Nin: WX4400# clear user Nin success: change accepted. See Also  display aaa on pa[...]

  • Page 178

    178 C HAPTER 7: AAA C OMMANDS  set user attr on page 219 clear user gr oup Removes a user with a p asswor d from membership in a user group in the local database on the WX switch. (T o remove a user from a user gr oup in RADIUS, see the documentation for your RADIUS server .) Syntax — clear user username group  username — Username of a us[...]

  • Page 179

    clear usergroup attr 179 Syntax — clear usergroup group-name  group-name — Name of an existing user gr oup. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Removing a user group fr om the local WX database does not remove the user pr ofiles of the gr oup’ s members from the database. Examples —[...]

  • Page 180

    180 C HAPTER 7: AAA C OMMANDS Examples — The following command r emoves the members of the use r group cardiology from a network access time r estriction by deleting the T ime-Of-Day attribute from the group: WX4400# clear usergroup cardiology a ttr time-of-day success: change accepted. See Also  clear usergroup on page 178  display aaa on [...]

  • Page 181

    display aaa 181 set authentication dot1x ssid mycorp * peap-mschapv2 sg1 sg2 sg3 set authentication dot1x ssid any ** peap-mschapv2 sg1 sg2 sg3 set accounting dot1x Nin ssid mycorp stop-only sg2 set accounting admin Natasha start-s top local set authentication last-resort ssid guestssid local user Nin Password = 082c6c64060b (encrypted) Filter-Id =[...]

  • Page 182

    182 C HAPTER 7: AAA C OMMANDS See Also  set accounting {admin | console} on page 186  set authentication admin on page 189  set authentication console on page 191  set authentication dot1x on page 193  set authentication last-resort on page 197  set authentication mac on page 199  set authentication web on page 201 author-pass [...]

  • Page 183

    display accounting s tatistics 183 display accounting statistics Displays the AAA accounting recor ds for wirele ss users. The recor ds ar e stored in the local database on the WX switch. (T o display RADIUS accoun ting r ecord s, see the documentation for your RADIUS server .) Syntax — display accounting statistics Defaults — None. Access — [...]

  • Page 184

    184 C HAPTER 7: AAA C OMMANDS See Also  clear accounting on page 165  display aaa on page 180  set accounting {admin | console} on page 186 Acct-Authentic Location where the user was authenticated (if authentication took pl ace) for the session:  1 — RADIUS server  2 — Local WX database User-Name Username of a user with a passwor[...]

  • Page 185

    display location poli cy 18 5 display location policy Displays the list of location policy ru les that make up the location policy on an WX switch. Syntax — display location policy Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand displays the list of location policy rules in the[...]

  • Page 186

    186 C HAPTER 7: AAA C OMMANDS Mobility Profiles Name Ports ========================= magnolia AP 2 See Also  clear mobility-profile on page 176  set mobility-profile on page 215 set accounting {admin | console} Sets up accounting services for specified wireless users with administrative access, and defines the accounting r ecor ds and where t[...]

  • Page 187

    set accounting {dot1x | mac | web} 18 7 A method can be one o f the following:  local — Stores accounting r ecords in the local database on the WX switch. When the local account ing storage space is full, MS S overwrites older recor ds with new ones.  server-group-name — Stores accounting re cords on one or more Remote Authentication Dial[...]

  • Page 188

    188 C HAPTER 7: AAA C OMMANDS  web — Users with network access through the WX switch who ar e authenticated by WebAAA  ssid ssid-name — SSID name to which this accounting rule applies. T o apply the rule to all SSIDs, type any .  wired — Applies this accounting rule specifically to users who ar e authenticated on a wired authenticati[...]

  • Page 189

    set authentication admin 189 Defaults — Accounting is disabled for all users by default. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — For network users with start-sto p accounting whose recor ds are sent to a RADIUS server , MSS sen ds interim updates to the RADIUS server when the user r oams. Examples — The followin[...]

  • Page 190

    190 C HAPTER 7: AAA C OMMANDS  server-group-name — Uses the defined group of RADIUS servers for authentication. Y ou can enter up to four names of existing RADIUS server groups as methods.  none — For users with administrative access only , MSS performs no authentication, but prompts for a username and pass wor d and accepts any combinati[...]

  • Page 191

    set authentication console 191 If a AAA rule specifies local as a se condary AAA method, to be used if the RADIUS serv ers are unavailable, and MSS authenticates a client w ith the local method, MSS starts again at the beginning of the met hod list when attempting to authorize the client. Th is can cause unexpected delays during client processing a[...]

  • Page 192

    192 C HAPTER 7: AAA C OMMANDS A method can be one o f the following:  local — Uses the local database of usernames and user groups on the WX switch for authentication.  server-group-name — Uses the defined gr oup of RADIUS servers for authentication. Y ou can enter up to four names of existing RADIUS server groups as methods.  none —[...]

  • Page 193

    set authenticatio n dot1x 193 However , if local appears first, followed by a RADIUS server group, MSS ignores any fail ed searches in th e local WX database and sends an authentication request to the RADIUS server group. Examples — T o set the console port so that it does not enforce username-passwo r d authentication for administrators, type th[...]

  • Page 194

    194 C HAPTER 7: AAA C OMMANDS  bonded — Enables Bonded Auth™ (bonded authentication). When this feature is enabled, MSS authenti cates the user only if the machine the user is on has already been authenticated.  protocol — Pr otocol used for authentication. Specify one of the following:  eap-md5 — Extensible Authentication Protocol[...]

  • Page 195

    set authenticatio n dot1x 195 A method can be one o f the following:  local — Uses the local database of usernames and user gr oups on the WX switch for authentication.  server-group-name — Uses the defined gro up of RA DIUS servers for authentication. Y ou can enter up to four names of exist ing RADIUS server groups as methods. RADIUS se[...]

  • Page 196

    196 C HAPTER 7: AAA C OMMANDS However , if local appears first, followed by a RADIUS server group, MSS overrides any failed searches in the local WX d atabase and sends an authentication request to the server group. If the user does not support 802.1X, MSS attempt s to perform MAC authentication for the user . In this case, if the switch’ s confi[...]

  • Page 197

    set authentication last-resort 197 set authentication last-resort Configures an authentication rule to grant network access to a user who is not otherwise granted or denied access by 802.1X, or gr anted access by MAC authentication. Syntax — set authentication last-resort { ssid ssid-name | wired } method1 [ me thod2 ] [ method3 ] [ method4 ] [...]

  • Page 198

    198 C HAPTER 7: AAA C OMMANDS Y ou can configur e a rule either for wireless access to an SSID, or for wired access through a WX switch’ s wired auth entication port. If the rule is for wireless access to an SSID, spec ify the SSID name or specify any to mat ch on all SSID names. If the rule is for wired access, specify wir ed instead of an SSID [...]

  • Page 199

    set authentication mac 199 See Also  clear authentication last-resort on page 1 69  display aaa on page 180  set authentication admin on page 189  set authentication console on page 191  set authentication dot1x on page 193  set authentication mac on page 199  set authentication web on page 201 set authentication mac Configures[...]

  • Page 200

    200 C HAPTER 7: AAA C OMMANDS Defaults — By default, authentication is deactivate d for all MAC users, which means MAC address authenticati on fails by default. When using RADIUS for authentication, a MAC user’ s MAC address is also used as the authorization password for that user , and no global authorization password is set. Access — Enable[...]

  • Page 201

    set authentication web 201 See Also  clear authentication mac on page 169  display aaa on page 180  set authentication admin on page 189  set authentication console on page 191  set authentication dot1x on page 193  set authentication last-resort on page 197  set authentication web on page 201 set authentication web Configures [...]

  • Page 202

    202 C HAPTER 7: AAA C OMMANDS  server-group-name — Uses the defined group of RADIUS servers for authentication. Y ou can enter up to four names of existing RADIUS server groups as methods. RADIUS servers cannot be used with the EAP-TLS pr otocol. For more information, see “Usage.” Defaults — By default , authentication is unconfigured fo[...]

  • Page 203

    set location policy 203 The fallthru method is web . (For a wireless authentication rule, the fallthru method is specified by the set service-profile auth-fallthru command. For a wired authenticati on rule, the fallthru method is specified by the auth-fall-thru option of the set port type wired-auth command.) Examples — The following co mmand con[...]

  • Page 204

    204 C HAPTER 7: AAA C OMMANDS  permit — Allows access to the network or to a specified VLAN, and/or assigns a particular se curity ACL to users with characteristics that match the location policy rule.  Action options — For a permit rule, MSS changes the attributes assigned to the user to the values specified by the following options: [...]

  • Page 205

    set location policy 205  eq — Applies the location policy ru le to all usernames matching user -glob.  neq — Applies the location polic y rule to all usernames not matching user -glob. For user -glob , specify a user name, use the double-asterisk wildcar d character ( ** ) to specify all user names, or use the single-asterisk wildcard cha[...]

  • Page 206

    206 C HAPTER 7: AAA C OMMANDS The order of rules in the location policy is important to ensure users are properly granted or denied access. T o position rules within the location policy , use before rule-number and modify rule-number in the set location policy command, and the clear location policy rule-number command. When applying security ACLs: [...]

  • Page 207

    set mac-user 207 The following command authorizes users entering the network on WX ports 1 and 2 to use the floor2 VLAN, overriding any settings from AAA: WX4400# set location policy permit v lan floor2 if port 1-2 The following command places all users who ar e authorized for SSID tempvendor_a into V LAN kiosk_1 : WX1200# set location policy permi[...]

  • Page 208

    208 C HAPTER 7: AAA C OMMANDS Examples — The following command creates a user profile for a user at MAC address 01:02:03:04:05:06 and assigns the user to the eastcoasters user group: WX4400# set mac-user 01:02:03:04:05: 06 group eastcoasters success: change accepted. See Also  clear mac-user on page 172  display aaa on page 180 set mac-user[...]

  • Page 209

    set mac-user attr 209 T able 40 Authentication Attributes for Local Users Attribute Description Valid Value(s) encryption-type Type of encryption required for access by the client. Clients who attempt to use an unauthorized encrypti on method are rejected. One of the following numbers that identifies an encryption algorithm:  1 —AES_CCM (Advan[...]

  • Page 210

    210 C HAPTER 7: AAA C OMMANDS filter-id Inbound or outb ound ACL to apply to the user. If configured in the WX switch’s local database, this attribute can be an access control list (ACL) to filter outbound or inbound traffic. Use the following format: filter -id inboundacl .in or filter -id outboundacl .out If you are configuring the attribute on[...]

  • Page 211

    set mac-user attr 211 service-type Type of access the user is requesting. One of the following numbers: 2 —Framed; for network user access 6 —Administrative; for administrative access to the WX switch, with authorization to access the enabled (configuration) mode. The u ser must enter the enable command to access the enabled mode. 7 —NAS-Prom[...]

  • Page 212

    212 C HAPTER 7: AAA C OMMANDS time-of-day (network access mode only) Day(s) and time(s) during which the user is permitted to log into the network. After authorization, the user’s session can last until either the Time-Of-Day range or the Session-Timeout duration (if set) expires, whichever is shorter. One of the following:  never —Access is[...]

  • Page 213

    set mac-user attr 213 Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — T o change the value of an attribute, enter set mac-user attr with the new valu e. T o delete an attribute, use clear mac-user attr . Y ou cann ot set the Filter -ID attribute in the local database. Examples — The following co mmand a[...]

  • Page 214

    214 C HAPTER 7: AAA C OMMANDS The following command restri cts a user at MAC address 06:05:04:03:02:01 to n etwork access betwee n 7 p.m. on Mond ays and We dnesdays an d 7 a.m. on T uesdays and Thu rsdays: WX4400# set mac-user 06:05:04:03:02: 01 attr time-of-day mo1900-1159,tu0000-0700,we1900-1159, th0000-0700 success: change accepted. See Also ?[...]

  • Page 215

    set mobility-profile 215 Examples — The following co mmand cr eates the MAC user group eastcoasters and assigns the gr oup members to VLAN orange : WX4400# set mac-usergroup eastcoaste rs attr vlan-name orange success: change accepted. See Also  clear mac-usergroup attr on page 175  display aaa on page 180 set mobility-profile Creates a Mob[...]

  • Page 216

    216 C HAPTER 7: AAA C OMMANDS Usage — T o assign a Mobility Profile to a user or gr oup, specify it as an authorization attribute in one of the following commands: set user attr mobility-profile name set usergroup attr mobility-profile name set mac-user attr mobility-profile n ame set mac-usergroup attr mobility-prof ile name T o en able the use [...]

  • Page 217

    set mobility-profile mode 217  set user attr on page 219  set usergroup on page 220 set mobility-profile mode Enables or disables the Mobility Profil e feature on the WX switch. CAUTION: When the Mo bility Profile feature is enabled, a user is denied access if assigned a Mobility-Profile attribute in the local WX switch database or RADIUS ser[...]

  • Page 218

    218 C HAPTER 7: AAA C OMMANDS set user Configures a user profile in the local database on the WX switch for a user with a password. (T o configure a user profile in RADIUS, see the documentation for your RADIUS server .) Syntax — set user username password string  username — Username of a user with a password.  password string — Passwor[...]

  • Page 219

    set user attr 219 set user attr Configures an authorization attribut e in the local database on the WX switch for a user with a passwor d. (T o assign authorization attributes in RADIUS, see the documentation for your RADIUS server .) Syntax — set user username attr attribute-name v alue  username — Username of a user with a password.  at[...]

  • Page 220

    220 C HAPTER 7: AAA C OMMANDS set user group Adds a user to a user group. The user must have a passwor d and a profile that exists in the local database on the WX switch. (T o configure a user in RADIUS, see the documentation for your RADIUS server .) Syntax — set user username group group-n ame  username — Username of a user with a password[...]

  • Page 221

    set web-aaa 221  attribute-name value — Name and value of an attribute you are using to authorize all users in the group for a particular service or session charac teristic. For a list of authorization att ributes and values that you can assign to users, see T ab le 40 on page 209. Defaults — None. Access — Enabled. History —Introduced i[...]

  • Page 222

    222 C HAPTER 7: AAA C OMMANDS Usage — This command disables or reenables support for W ebAAA. However , WebAAA has additional configuration requirements. For information, see the “Configuring AAA for Network Users” chapter in the Wireless LAN Switch and Controller Configuration Guid e . Examples — T o disable WebAAA, type the following comm[...]

  • Page 223

    8 M OBILITY D OMAIN C OMMANDS Use Mobility Domain commands to configure and manage Mobility Domain groups. A Mobility Domain is a system of WX switches and MAP access points working together to support a roaming user (client). One WX swit ch acts as a seed switch, which maintains and distributes a list of IP addresses of the domain members. 3Com re[...]

  • Page 224

    224 C HAPTER 8: M OBIL ITY D OMAIN C OMMANDS clear mobility-domain Clears all Mobility Domain configur ation and information fr om a WX switch, regar dless of whether t he WX switch is a seed or a member of a Mobility Domain. Syntax — clear mobility-domain Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage —[...]

  • Page 225

    display mobility -domain config 225 Usage — This command has no effect if the WX switch member is not configured as part of a Mobility Domain or the current WX switch is not the seed. Examples — The following command clea rs a Mobility Domain member with the IP address 192.168.0.1: WX1200# clear mobility-domain member 192.168.0.1 See Also  s[...]

  • Page 226

    226 C HAPTER 8: M OBIL ITY D OMAIN C OMMANDS History —Introduced in MSS V ersion 3.0. Examples — T o display Mobility Domain status, type the following command: WX4400# display mobility-domain stat us Mobility Domain name: Pleasanton Member State Status --------------- ------------- -------------- 192.168.253.11 STATE_UP MEMBER 192.168.253.12 S[...]

  • Page 227

    set mobility-domain member 227 set mobility-domain member On the seed WX switch, adds a memb er to the list of Mobi lity Domain members. If the current WX switch is not configur ed as a seed, this command is re jected. Syntax — set mobility-domain member ip-addr  ip-addr — IP addr ess of the Mobility Domain member in dotted decimal notation.[...]

  • Page 228

    228 C HAPTER 8: M OBIL ITY D OMAIN C OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The followin g command sets the current WX switch as a nonseed member of the Mobility Doma in whose seed has the IP addr ess 192.168.1.8: WX4400# set mobility-domain mode mem ber seed-ip 192.168.1.8 mode is: me[...]

  • Page 229

    set mobility-domain mode seed domain-name 229 Examples — The following command crea tes a Mobility Domain named Pleasanton with the curr en t WX switch as the seed: WX4400# set mobility-domain mode see d domain-name Pleasanton mode is: seed domain name is: Pleasanton See Also  clear mobility-domain member on page 224  display mobility-domai[...]

  • Page 230

    230 C HAPTER 8: M OBIL ITY D OMAIN C OMMANDS[...]

  • Page 231

    9 M ANAGED A CCESS P OINT C OMMANDS Use MAP access point commands to configu r e and manage MAP access points. Be sure to do the follo wing before using the commands:  Define the country-speci fic IEEE 802.1 1 r egulations on the WX switch. (See set system countrycode on page 51.)  Install the MAP access point and co nnect it to a port on the[...]

  • Page 232

    232 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS set service-pr ofile ss id-type on page 312 set service-pr ofile beacon on page 303 Radio Properties set radio-profile 11g-o nly on page 280 set radio-profile beaco n-interval on page 287 set radio-profile rts-threshol d on page 295 set radio-profil e frag-threshold on page 288 set radio-profile sho[...]

  • Page 233

    MAP Access Point Commands by Usage 23 3 RF Auto-T uning set radio-profile auto -tune channel-config on page 28 1 set radio-profile auto-t une channel-holddo wn on page 282 set radio-profile auto -tune channel-interval on page 283 set radio-profile auto-t une power - backoff- timer on page 284 set radio-profile auto-t une power - config on page 285 [...]

  • Page 234

    234 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS clear {ap | dap} radio Disables a MAP radio and resets it to it s factory default settings. Syntax — clear { ap port-list | dap dap-num } radio { 1 | 2 | all }  ap port-list — List of ports connect ed to the MAP access point(s) on which to reset a radio.  dap dap-num — Number of a Distri[...]

  • Page 235

    clear radio-profile 235 Usage — When you clear a radio, MSS performs the following actions:  Clears the transmit power , channel, and exter nal ante nna setting fr om the radio.  Removes the radio from its radio pr ofile and places the radio in the default radio pr ofile. This command does not affect the PoE setting. Examples — The follow[...]

  • Page 236

    236 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Defaults — If you reset an individual parameter , the parameter is returned to the default value listed in T able 57 on pag e 292. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — If you specify a parameter , the setting for the parameter is reset to its default value. The [...]

  • Page 237

    display {ap | dap} config 237 Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — If the service profile is mapped to a radio pr ofile, you must remove it fr om the radio pr ofile first. (After disabl ing all radios that use the radio profile, use the clear radio-profile name service-pr ofile name command.) Examples — The fol[...]

  • Page 238

    238 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Usage — MSS lists information separa tely for each MAP access point. Examples — The following example shows configuration inf ormation for an MAP access point on WX port 2: WX1200# display ap config 2 Port 1: AP model: AP2750, POE: ena ble, bias: high, name: MAP01 boot-download-enable: YES load [...]

  • Page 239

    display {ap | dap} config 239 bias Bias of the WX conn ection to the MAP:  High  Low name MAP access point name. boot-download- enable State of the firmware upgrade option:  YES (automatic upgrades are enabled)  NO (automatic upgrades are disabled) load balancing group Names of the MAP load-balancing groups to which the MAP access point[...]

  • Page 240

    240 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS See Also  display dap connection on page 253  display dap global on page 254  display dap unconfigur ed on page 2 56  display radio-profile on page 257  set dap on page 73  set port type ap on page 83  set {ap | dap} bias on page 264  set {ap | dap} gr oup on page 267  set[...]

  • Page 241

    display {ap | dap} counters 241 display {ap | dap} counters Displays MAP access point an d radio statistics counters. Syntax — display ap counters [ port-list [ r adio { 1 | 2 }]] Syntax — display dap counters [ dap-num [ ra dio { 1 | 2 }]]  port-list — List of ports connected to the MAP access point(s) for which to display statistics coun[...]

  • Page 242

    242 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS 11.0: 8016 0 2590353 0 85479 3897587 0 0 1195 TOTL: 543705 52742 40087331 4445625 684050 17552381 0 0 46441 T ab le 46 describes the fields in this display . T able 46 Output for display ap counters Field Description Port WX port number. radio Radio number. LastPktXferRate Data transmit rate, in Mbp[...]

  • Page 243

    display {ap | dap} etherstats 24 3 See Also  display sessions network on page 446 display {ap | dap} etherstats Displays Ethernet statistics for a MAP’ s Ethernet ports. Syntax — display { ap | dap } etherstats [ port-list | dap-num ]  port-list — List of WX switch ports directly connected to t he MAPs for which to d isplay counters. ?[...]

  • Page 244

    244 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS RxAlignErrs: 0 TxMultiC oll: 47 RxShortFrames: 0 TxUnderr uns: 0 RxCrcErrors: 0 TxCarrie rLoss: 0 RxOverruns: 0 TxDeferr ed: 150 RxDiscards: 0 T ab le 47 describes the fields in this display . T able 47 Output of display ap etherstats Field Descri ption RxUnicast Number of unicast frames rece ived. [...]

  • Page 245

    display {ap | dap} group 245 display {ap | dap} group Displays configuration in formation and load-balancing status for MAP access point groups. Syntax — display { ap | dap } group [ name ]  name — Name of an MAP gr oup or Distributed MAP group. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — Th[...]

  • Page 246

    246 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS See Also  “set {ap | dap} group” on page 267 display {ap | dap} status Displays MAP access point and radio status information. Syntax — display ap status [ port-list | all [ radio { 1 | 2 }]] Syntax — display dap status [ dap-num [ radio { 1 | 2 }]]  port-list — List of ports connect[...]

  • Page 247

    display {ap | dap} status 247 Examples — The follow ing command displays the status of a Distributed MAP: WX4400# display dap status 1 Dap: 1, IP-addr: 10.2.34.56 (vlan 'd efault'), MAP model: AP2750, manufacturer: 3Com, name: DA P1 ==================================== ================ State: operational CPU info: IBM:PPC speed=26666666[...]

  • Page 248

    248 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS T ab le 49 describes the fields in this display . T able 49 Output for display ap status Field Description DAP Connection ID for the Distributed MAP. Note: This field is applicab le only if the MAP is configured on the WX switch as a Distributed MAP. Port WX port number. Note: This field is applicab[...]

  • Page 249

    display auto-tune attributes 249 display auto-tune attributes Displays the current values of the RF attributes RF Auto-T uning uses to decide whether to change channel or po wer settings. Syntax — display auto-tune attributes [ ap map-num [ radio { 1 | 2 | all }]] Syntax — display auto-tune attributes [ dap dap-num [ radio { 1 | 2 | all }]] [...]

  • Page 250

    250 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS  radio 1 — Shows RF attribute information for radio 1.  radio 2 — Shows RF attribute informatio n for radio 2. (This option does not apply to single-radio models.)  radio all — Shows RF attribute information for both radios. Defaults — None. Access — Enabled. History —Introduced[...]

  • Page 251

    display auto-tune neighbors 251  display radio-profile on page 257  set {ap | dap} radio auto-tune max-power on page 270  set {ap | dap} radio auto-tune max- r etransmissions on page 271  set radio-profile auto -tune channel-config on page 281  set radio-profile auto-tune channel-holddown on page 282  set radio-profile auto-tune c[...]

  • Page 252

    252 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Usage — For simplicity , this command disp lays a single entry for each 3Com radio, even if the radio is supporting multiple BSS IDs. However , BSSIDs for third-party 802.11 radios are listed separately , even if a radio is supporting more than one BSSID. Informatio n is displayed for a ra dio if [...]

  • Page 253

    display dap connection 253  set radio-profile auto-tune channel-interval on page 283  set radio-profile auto-tune power -backof f- timer on page 284  set radio-profile auto-tune power -config on page 285  set radio-profile auto-tune power -interval on page 286 display dap connection Displays the system IP addr ess of the WX switch that [...]

  • Page 254

    254 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS 4 M9DE48B123400 10.10.3.34 10.3.8.111 The following command displays connec tion information specifically for a Distributed MAP with serial ID M9DE48B6EAD00 : WX1200# display dap connection seria l-id M9DE48B6EAD00 Total number of entries: 1 DAP Serial Id DAP IP Address WX IP Address --- -----------[...]

  • Page 255

    display dap glob al 255 History —Introduced in MSS V ersion 3.0. Usage — T o show info rmation only for Distributed MAPs that have active connections, use the display dap connection command. Examples — The following comman d displays configuration informatio n for all Distributed MAPs configured on WX switches in the Mobility Domain: WX4400# [...]

  • Page 256

    256 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS See Also  display {ap | dap} config on page 2 37  display dap connection on page 253  display dap unconfigur ed on page 2 56  set dap on page 73  set {ap | dap} bias on page 264 display dap unconfigured Displays Distributed MAPs that are physically connected to the network but that ar[...]

  • Page 257

    display radio-profile 25 7 T ab le 54 describes the fields in this display . See Also  display dap connection on page 253  display dap global on page 254 display radio-profile Displays radio pr ofile information. Syntax — display radio-profile { name | ? }  name — Displays information ab out the named rad io pr ofile.  ? — Display[...]

  • Page 258

    258 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS WX4400# display radio-profile defaul t Beacon Interval: 100 DT IM Interval: 1 Max Tx Lifetime: 2000 Ma x Rx Lifetime: 2 000 RTS Threshold: 2346 Fr ag Threshold: 2 346 Short Retry Limit: 5 Lo ng Retry Limit: 5 Long Preamble: NO Al low 802.11g clients only: NO Tune Channel: no Tu ne Power: no Tune Cha[...]

  • Page 259

    display radio-profile 25 9 Long Preamble Indicates whether an 802.11b radio that uses th is radio profile advertises support for frames with long preambles only:  YES — Advertises support for long pre ambles only.  NO — Advertises support for long and short preambles. Allow 802.11g clients only Indicates whether the 802.11b/g radios in th[...]

  • Page 260

    260 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS See Also  set radio-profile 11g-only on page 280  set radio-profile auto -tune channel-config on page 281  set radio-profile auto -tune channel-holddown on page 282  set radio-profile auto-tune ch annel-interval on page 283  set radio-profile auto-tune power -backof f- timer on page 2[...]

  • Page 261

    display service-profile 261 display service-profile Displays service profi le information. Syntax — display service-profile { name | ? }  name — Displays information about the named service profile.  ? — Displays a list of service profil es. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T[...]

  • Page 262

    262 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS auth-fallthru Secondary (fallthru) encryption type when a user tries to authenticate but the WX swit ch managing the radio does not have an authentication rule with a userglob that matches the username.  last-resort — Automatically authenticates the user and allows access to the SSID requested [...]

  • Page 263

    display service-profile 263 See Also  set service-profile auth-dot1x on page 300  set service-profile auth-fallthru on page 301  set service-profile auth-psk on page 302  set service-profile beacon on page 303  set service-profile cipher -ccmp on page 304  set service-profile cipher -tkip on page 305  set service-profile cipher[...]

  • Page 264

    264 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS  set service-profile wep active-multicast- index on page 315  set service-profile we p active-unicast- index on page 316  set service-profile wep key-index on page 317  set service-profile wpa-ie on page 318 reset {ap | dap} Restarts an MAP access point. Syntax — reset { ap port-list |[...]

  • Page 265

    set {ap | dap} bias 265  dap dap-num — Number of a Distributed MAP for which to change the bias.  high — High bias.  low — Low bias. Defaults — The default bias is high. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — High bias is preferr ed over low bias. Bias applies only to WX switches that are indir ect[...]

  • Page 266

    266 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS set {ap | dap} blink Enables or disables LED blink mode on a MAP access point to make it easy to identify . When blink mode is enabled on an AP2750, the 11a LED blinks on and off. When blink mode is enabled on an AP7250, the Radio LED flashes r ed and the Power LED flashes green/or ange. The Etherne[...]

  • Page 267

    set {ap | dap} group 267 Examples — The following co mmand enables LED blink mode on the MAP access points connected to por ts 3 and 4: WX1200# set ap 3-4 blink enable success: change accepted. set {ap | dap} group Configures a named group of MAP access poin ts. MSS automatically load balances sessions among the access points in a gr oup. T o bal[...]

  • Page 268

    268 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS The following command r emoves the MAP access point on port 4 from all MAP access point groups: WX1200# set ap 4 group none success: change accepted. See Also  “display {ap | dap} config” on page 237  display {ap | dap} gr oup on page 245 set {ap | dap} name Changes an MAP name. Syntax —[...]

  • Page 269

    set {ap | dap} radio antennatype 269 set {ap | dap} radio antennatype Sets the external antenna model for a MAP that supports exter nal antennas. Syntax — set { ap port-list | dap dap-num } radio { 1 antennatype ANT1060 | ANT1120 | A NT1180 | internal} { 2 antennatype ANT5060 | ANT5120 | A NT5180 | internal}  ap port-list — List of ports con[...]

  • Page 270

    270 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Usage — This command applies only to MAP models MP-372, MP-341, MP-352, and MP-262. Exter nal 802. 11a antennas are supported only on model MP-372. Examples — The following command conf igur es the 802.11b/g radio on Distributed MAP 1 to use antenna model ANT1060: WX4400# set dap 1 radio 1 anten[...]

  • Page 271

    set {ap | dap} radio auto-tune max- retransmissions 271 Examples — The following command se ts the maximum power tha t RF Auto-T uning can set on radio 1 on the MAP access point on port 6 to 12 dBm. WX1200# set ap 6 radio 1 auto-tune m ax-power 12 success: change accepted. See Also  set {ap | dap} radio auto-tune max- r etransmissions on page [...]

  • Page 272

    272 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Usage — A retransmission is a packet sent from a client to a MAP radio that the radio receives mor e than once. This can occur when the client does not receive an 802.11 acknowle dgement for a packet sent to the radio. If the radio r eceives only a single c opy of a packet that is transmitted mult[...]

  • Page 273

    set {ap | dap} radio channel 273 Examples — The following co mmand changes the max-r etransmissions value to 20: WX1200# set ap 6 radio 1 auto-tune m ax-retransmissions 20 success: change accepted. See Also  set {ap | dap} radio auto-tune max-power on page 270  set radio-profile auto-tune power -backof f- timer on page 284  set radio-pro[...]

  • Page 274

    274 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS This command is not valid if dynami c channel tuning (RF Auto-T uning) is enabled. Examples — The following co mmand configur es the channel on the 802.11a radio on the MAP access point connected to port 5: WX1200# set ap 5 radio 1 channel 36 success: change accepted. The following command configu[...]

  • Page 275

    set {ap | dap} radio min-client-rate 275 Defaults — The default minimum data tr ansmit rate depends on the radio type:  The default minimum data rate fo r 802.11b/g and 802.11b radios is 5.5 Mbps.  The default minimum data rate for 802.11a radios is 24 Mbps. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — If the dat[...]

  • Page 276

    276 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS set {ap | dap} radio mode Enables or disables a radio on an MAP access point. Syntax — set { ap port-list | dap dap-num } radio { 1 | 2 } mode { enable | disable }  ap port-list — List of ports connect ed to the MAP access point(s) on which to turn a radio on or of f.  dap dap-num — Numb[...]

  • Page 277

    set {ap | dap} radio radio-profile 277  set radio-profile mode on page 291 set {ap | dap} radio radio-profile Assigns a radio profile to an MAP radi o and enables or disables the radio. Syntax — set { ap port-list | dap dap-num } radio { 1 | 2 } radio-profile name mode { enable | di sable }  ap port-list — List of ports.  dap dap-num ?[...]

  • Page 278

    278 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS  set radio-profile mode on page 291 set {ap | dap} radio tx-power Sets an MAP radio’ s transmit power . Syntax — set { ap port-list | dap dap-num } radio { 1 | 2 } tx-power power-level  ap port-list — List of ports connected to the MAP access points on which to set th e transmit power . [...]

  • Page 279

    set {ap | dap} upgrade-firmware 279 Examples — The following command configures the transmit power on the 802.11a radio on the MAP access point connected to port 5: WX1200# set ap 5 radio 1 tx-power 10 success: change accepted. The following command configures the channel and tran smit power on the 802.11b/g radio on the MAP access point connecte[...]

  • Page 280

    280 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Examples — The following co mmand di sables automatic firmware upgrades on the MAP access point connected to port 6 : WX1200# set ap 6 upgrade-firmware di sable See Also  display {ap | dap} config on page 2 37 set radio-profile 11g-only Configures each 802.11b/g radio in a radio profile to allo[...]

  • Page 281

    set radio-profile auto-tune channel-config 281 Examples — The following command configures the 802.11b/g radios in radio profile rp1 to allow associations from 802.11g clients only: WX4400# set radio-profile rp1 11g-on ly enable success: change accepted. See Also  display {ap | dap} config on page 2 37  display radio-profile on page 257 [...]

  • Page 282

    282 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS success: change accepted. See Also  set radio-profile auto -tune channel-holddown on page 282  set radio-profile auto-tune ch annel-interval on page 283  set radio-profile auto-tune power -config on page 285 set radio-profile auto-tune channel-holddown Sets the minimum number of seconds a r[...]

  • Page 283

    set radio-profile auto-tune channel-interval 283 set radio-profile auto-tune channel-interval Sets the interval at which RF Auto-T un ing decides whether to change the channels on radios in a radio profil e. At the end of each interval, MSS processes the r esults of the RF sc ans performed during the previous interval, and changes radi o channels i[...]

  • Page 284

    284 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS set radio-profile auto-tune power -backoff- timer Sets the interval at which rad ios in a radio profile r educe power after temporarily increasing the power to ma intain the minimum data rate for an associated client. At the end of ea ch power -backoff interval, radios that temporarily increased the[...]

  • Page 285

    set radio-profile auto-tune power-config 28 5 set radio-profile auto-tune power -config Enables or disables dynamic p ower tuning (RF Auto-T uning) for the MAP radios in a radio profile. Syntax — set radio-profile name auto-tune power-co nfig { enable | disable }  name — Radio profile name.  enable — Configur es radios to dynamically se[...]

  • Page 286

    286 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS set radio-profile auto-tune power -interval Sets the interval at which RF Auto-T uning decides whether to change the power level on radios in a radio profil e. At the end of each interval, MSS processes the r esults of the RF sc ans performed during the previous interval, and changes radio power lev[...]

  • Page 287

    set radio-profile beacon-interval 287 set radio-profile beacon-interval Changes the rate at which each MAP radio in a radio profile advertises its service set identifier (SS ID). Syntax — set radio-profile name beacon-interva l interval  name — Radio profile name.  interval — Number of milliseconds (ms) between beacons. Y ou can specify[...]

  • Page 288

    288 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Defaults — By default, MAP access point s send the DTIM once after each beac on. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou must disable all rad ios that ar e using a radio profile befor e you can change pa rameters in t he pr ofile. Use the set radio-profile mod[...]

  • Page 289

    set radio-profile long-retry 289 Usage — Y ou must disable all rad ios that ar e using a radio profile befor e you can change pa rameters in t he pr ofile. Use the set radio-profile mode command . Examples — The following co mmand changes the fragmentation threshold for radio pr ofile rp1 to 1500 bytes: WX4400# set radio-profile rp1 frag-t hres[...]

  • Page 290

    290 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS See Also  display radio-profile on page 257  set radio-profile mode on page 291  set radio-profile short-r etry on page 299 set radio-profile max-rx-lifetime Changes the maximu m r eceive threshold for the MAP radios in a r adio profile. The maximum r eceive thre shold specifies the number [...]

  • Page 291

    set radio-profile max-tx-lifetime 291 set radio-profile max-tx-lifetime Changes the maximum transmit threshold for the MAP radios in a radio profile. The maximum transmit threshold specifies the number of milliseconds that a frame scheduled to be transmitted by a radio can remain in buf fer memory . Syntax — set radio-profile name max-tx-lifetime[...]

  • Page 292

    292 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Use this command without the mode enable or mode disable option to create a new pr ofile.  mode enable — Enables the radios that use this pr ofile.  mode disable — Disables the radios that use this profile. Defaults — Each radio profile that you create has a set of properties with factor[...]

  • Page 293

    set radio-profile mode 293 Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Use the command without any optional parameters to cr eate new profile. If the radio profile does not alr eady exist, MSS creates a new radio profile. Use the enable or disable option to enable or disable all the radios using a profile. T o assign th[...]

  • Page 294

    294 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS The following command enables the WP A IE on MAP radios in radio profile rp2 : WX4400# set radio-profile rp2 wpa-ie enable success: change accepted. See Also  display {ap | dap} config on page 2 37  display radio-profile on page 257  set {ap | dap} radio mode on page 276  set {ap | dap} [...]

  • Page 295

    set radio-profile rts-threshold 295 Y ou must disable all radios that use a radio profile before you can change parameters in the profile. Use the set radio-profile mode command . Examples — The following co mmand conf igures 802.11b/g radios that use the radio profile rp_long to advertise support for long preambles instead of shor t pre ambles: [...]

  • Page 296

    296 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS See Also  set radio-profile mode on page 291  display radio-profile on page 257 set radio-profile service-profile Maps a service profile to a radio profile. All radios that use the radio profile also use the parameter settin gs, including SSID and encryption settings, in the service pr ofile. [...]

  • Page 297

    set radio-profile service-profile 29 7 cipher-tkip enable When the WPA IE is enabled, uses Temporal Key Integrity Protocol (TKIP) to encrypt traffic sent to WPA clients. cipher-wep104 disable Does no t use Wired Equivalent Privacy (WEP) with 104-bit key s to encrypt traffic sent to WPA clients. cipher-wep40 disable Does not use WEP with 40-bit keys[...]

  • Page 298

    298 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou must configure the service profile befor e you can map it to a radio profile. Y ou can map the same service pr ofile to more than one radio profile. Y ou must disable all radios that use a radio profile before you can chan[...]

  • Page 299

    set radio-profile short-retry 299  set service-profile ssid-type on page 312  set service-profile tkip-mc-time on page 313  set service-profile web-aaa-form on page 314  set service-profile wep active-multicast- index on page 315  set service-profile we p active-unicast- index on page 316  set service-profile wep key-index on page[...]

  • Page 300

    300 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS set service-profile auth-dot1x Disables or reena bles 802.1X authen tication of W i-Fi Pr otected Access (WP A) clients by MAP radios, when th e WP A information eleme nt (IE) is enabled in the service profile that is mapped to the rad io pr ofile that the radios are using. Syntax — set service-pr[...]

  • Page 301

    set service-profile auth-fallthru 301  set service-profile psk-phrase on page 308  set service-profile wpa-ie on page 318 set service-profile auth-fallthru Specifies the authentication type for users who do not match an 802.1X or MAC authentication rule for an SSID managed by the service profile. When a user tries to associate with an SSID, M[...]

  • Page 302

    302 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS History —Introduced in MSS V ersion 3.0. Usage — The last-resort fallthru authentication type allows any user to access any SSID managed by the service profile. This method does not requir e the user to pr ovide a username or password. Use the last-r esort method only if n one of the SSIDs manag[...]

  • Page 303

    set service-profile beacon 303 Usage — This command affects authentication of WP A clients only . T o use PSK authentication, you also must configure a passphr ase or key . In addition, you must enable the WP A IE. The WebAAA fallthru authentication type is not supported in conjunction with WP A encryption using preshar ed keys (PSK) for the sa m[...]

  • Page 304

    304 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Defaults — Beaconing is e nabled by default. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand disa bles beaconing of the SSID managed by service profile sp2 : WX4400# set service-profile sp2 beacon disable success: change accepted. See Also  dis[...]

  • Page 305

    set service-profile cipher-tkip 305 See Also  set service-profile cipher -tkip on page 305  set service-profile cipher -wep104 on page 306  set service-profile cipher -wep40 on page 307  set service-profile wpa-ie on page 318 set service-profile cipher -tkip Disables or reenables T emporal Key Integr ity Pr otocol (TKIP) encryption in a[...]

  • Page 306

    306 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS set service-profile cipher -wep104 Enables dynamic W ir ed Equivalent Privacy (WEP) with 104-bit keys, in a service profile. Syntax — set service-profile name cipher-w ep104 { enable | disable }  name — Service pr ofile name.  enable — Enables 104-bit WEP encryption for WP A clients. [...]

  • Page 307

    set service-profile cipher-wep40 30 7  set service-profile cipher -tkip on page 305  set service-profile cipher -wep40 on page 307  set service-profile wep key-index on page 317  set service-profile wpa-ie on page 318 set service-profile cipher -wep40 Enables dynamic W i red Equivalent Priva cy (WEP) with 40-bit ke ys, in a service prof[...]

  • Page 308

    308 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Examples — The following co mmand c onfigures service profile sp2 to use 40-bit WEP encr yption: WX4400# set service-profile sp2 cipher-wep40 enable success: change accepted. See Also  set service-profile cipher -ccmp on page 304  set service-profile cipher -tkip on pag e 305  set service[...]

  • Page 309

    set service-profile psk-raw 309 Examples — The following co mmand c onfigures service profile sp3 to use passphrase “123456789 0123<>?=+&% The quick brown fox jumps over the lazy sl”: WX4400# set service-profile sp3 psk-phrase "1234567890123<> ?=+&% The quick brown fox jumps over the lazy sl" success: change acce[...]

  • Page 310

    310 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS Examples — The following co mmand c onfigures service profile sp3 to use a raw PSK with P SK clients: WX4400# set service-profile sp3 psk-raw c25d3fe4483e867 d1df96eaacdf8b02451fa0836162e758100f 5f6b87965e59d success: change accepted. See Also  set mac-user attr on page 208  set service-prof[...]

  • Page 311

    set service-profile shared-key-auth 31 1 set service-profile shar ed-key-auth Enables shared-key authentication, in a service profile. Use this command only if advised to do so by 3Com. This command does not enable preshared key (PSK) auth entication for W i-F i Protected Access (WP A). T o enable PS K encryption for WP A, use the set servic e-pro [...]

  • Page 312

    312 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS History —Introduced in MSS V ersion 3.0. Examples — The following co mmand applies the name guest to the SSID managed by service profile clear_wlan : WX4400# set service-profile clear_wlan ssid-name guest success: change accepted. See Also  set service-profile ssid-type on page 312 set servic[...]

  • Page 313

    set service-profile tkip-mc-time 313 set service-profile tkip-mc-time Changes the length of time that MA P radios use countermeasures if two message integrity code (MIC) failure s occur within 60 seconds. When countermeasures ar e in effect, MAP radios dissociate all TKIP and WP A WEP clients and refuse all association and reassociation requests un[...]

  • Page 314

    314 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS set service-profile web-aaa-form Specifies a custom login page to serve to WebAAA users who r equest the SSID managed by the service profile. Syntax — set service-profile name web-aaa-fo rm url  name — Service pr ofile name.  url — WX subdirectory name and HT ML page name of the login pa[...]

  • Page 315

    set service-profile wep active-multicast- index 315 Total: 1839 bytes used, 20657 7 Kbytes free WX4400# set service-profile corpa-se rvice web-aaa-form corpa-ssid/ corpa-login.html success: change accepted. See Also  copy on page 472  dir on page 475  display service-profile on page 261  mkdir on page 483  set port type wired-auth on[...]

  • Page 316

    316 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS See Also  set service-profile we p active-unicast- index on page 316  set service-profile wep key-index on page 317 set service-profile wep active-unicast- index Specifies the static W ired-Equivalent Privacy (WEP) key (one of four) to use for encrypting unicast frames. Syntax — set service-[...]

  • Page 317

    set service-profile wep key-index 31 7 set service-profile wep key-index Sets the value of one of four static Wired-Equivalent Privacy (WEP) keys for static WEP encryption. Syntax — set service-profile name wep key-ind ex num key value  name — Service pr ofile name.  key-index num — WEP key index. Y ou can enter a value from 1 through 4[...]

  • Page 318

    318 C HAPTER 9: M ANAGED A CCESS P OINT C OMMANDS set service-profile wpa-ie Enables the WP A information element (IE) in wireless frames. The WP A IE advertises the WP A authent ication meth ods and cipher suites support ed by radios in the radio profil e mapped to the service profile. Syntax — set service-profile name wpa-ie { en able | disable[...]

  • Page 319

    10 STP C OMMANDS Use Spanning T r ee Protocol (STP) commands to configure and manage spanning trees on the virtual LANs (VLANs) configured on a wir eless LAN switch or controller , to maintain a loop-free network. STP Commands by Usage This chapter pr esents STP command s alphabetically . Use the following table to locate commands in this chapter b[...]

  • Page 320

    320 C HAPTER 10: STP C OMMANDS clear spantree portcost Resets to the default value t he cost of a network port or ports on paths to the STP root bridge in all VLANs on a WX switch. Syntax — clear spantree portcost port-list  port-list — List of ports. The port cost is r eset on the specified port s. Defaults — None. Access — Enabled. His[...]

  • Page 321

    clear spantree portpri 32 1 clear spantree portpri Resets to the default value the priority of a network port or ports for selection as part of the path to th e STP root bridge in all VLANs on a wireless LAN switch or contr oller . Syntax — clear spantree portpri port-list  port-list — List of ports. The p ort priority is re set to 32 (the d[...]

  • Page 322

    322 C HAPTER 10: STP C OMMANDS  vlan vlan-id — VLAN name or number . MSS resets the cost for only the specified VLAN. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — MSS does not change a port’ s cost for VLANs other than the one(s) you specify . Examples — The following co mmand r esets the STP [...]

  • Page 323

    clear spantree statistics 323 History —Introduced in MSS V ersion 3.0. Usage — MSS does not change a port’ s priorit y for VLANs other than the one(s) you specify . Examples — The following command r esets the STP priority for port 2 in VLAN avocado: WX4400# clear spantree portvlanpri 2 vlan avocado success: change accepted. See Also  cl[...]

  • Page 324

    324 C HAPTER 10: STP C OMMANDS display spantree Displays STP configurat ion and port-state information. Syntax — display spantree [ port-list | vlan vlan-id ] [ active ]  port-list — List of ports. If you do not specify any ports, MSS displays STP information for all ports.  vlan vlan-id — VLAN name or number . If you do not specify a V[...]

  • Page 325

    display spantree 325 7 1 Disable d 19 128 Disabled 8 1 Disable d 19 128 Disabled T ab le 60 describes the fields in this display . T able 60 Output for display spantree Field Description VLAN VLAN number. Spanning tree mode In the current software version, the mode is always PVST+, which means Per VLAN Spanning T ree+. Spanning tree type In the cur[...]

  • Page 326

    326 C HAPTER 10: STP C OMMANDS See Also  display spantree blockedports on page 327 display spantree backbonefast Indicates whether the STP backbone fa st convergence featur e is enabled or disabled. Syntax — display spantree backbonefast Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Port-State STP state of the p[...]

  • Page 327

    display spantree blockedports 327 Examples — The following example shows the command out put on a WX switch with backbone fast convergence enabled: WX4400# display spantree backbonefas t Backbonefast is enabled See Also  set spantree backbonefast on page 337 display spantree blockedports Lists information abou t wi r eless LAN switch ports tha[...]

  • Page 328

    328 C HAPTER 10: STP C OMMANDS display spantree portfast Displays STP uplink fast convergence information for all network p orts or for one or more network ports . Syntax — display spantree portfast [ port-list ]  port-list — List of ports. If you do not specify any ports, MSS displays uplink fast converge nce information for all por ts. Def[...]

  • Page 329

    display spantree portvlancost 32 9 display spantree portvlancost Shows the cost o f a port on a path to the STP root bridge, for each of the port’ s VLANs. Syntax — display spantree portvlancost port-list  port-list — List of ports. Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Examples — The following co [...]

  • Page 330

    330 C HAPTER 10: STP C OMMANDS Usage — The command displays statistics separately for each port. Examples — The following co mmand shows STP statistics for port 1: WX4400# display spantree statistics 1 BPDU related parameters Port 1 VLAN 1 spanning tree enabled for VLAN = 1 port spanning tree enabled state Forwarding port_id 0x8015 port_number [...]

  • Page 331

    display spantree statistics 331 topology change timer value 0 hold timer INACTIVE hold timer value 0 delay root port timer INACTIVE delay root port timer value 0 delay root port timer restarted is FALSE VLAN based information & statistics spanning tree type ieee spanning tree multicast address 01-00-0c-cc-cc-cd bridge priority 32768 bridge MAC [...]

  • Page 332

    332 C HAPTER 10: STP C OMMANDS T able 62 Output for display spantree statistics Field Descri ption Port Port number. VLAN VLAN ID. Spanning Tree enabled for vlan State of the STP feature on the VLAN. port spanning tree State of the STP feature on the port. state STP state of the port:  Blocking — The port is not forwarding Layer 2 traffic but [...]

  • Page 333

    display spantree statistics 333 config_pending I ndicates whether a configured BPDU is to be transmitted on expiration of the hold timer for the port. port_inconsistency Indicates whether the port is in an inconsistent state. config BPDU’s xmitted Number of BPDUs transmitted from the port. A number in parentheses indicates the number of configure[...]

  • Page 334

    334 C HAPTER 10: STP C OMMANDS hold timer Status of the hold timer. This timer ensures that configured BPDUs are not transmitted too frequently through any bridge port. hold timer value Current value of the hold timer, in seconds. delay root port timer Status of the delay root po rt timer, which enables fast convergence when uplink fast convergence[...]

  • Page 335

    display spantree uplinkfast 335 See Also  clear spantree stati stics on page 323 display spantree uplinkfast Shows uplink fast convergence infor m ation for one VLAN or all VLANs. Syntax — display spantree uplinkfast [ vlan vlan- id ]  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, MSS displays STP statistics for all V[...]

  • Page 336

    336 C HAPTER 10: STP C OMMANDS Examples — The following co mmand shows uplink fast convergence information for all VLANs: WX4400# display spantree uplinkfast VLAN port list ------------------------------------ -------------------------------- ---- 1 1(fwd),2,3 T ab le 63 describes the fields in this display . See Also  set spantree uplinkfast [...]

  • Page 337

    set spantree backbonefast 337 Examples — The following co mmand enables STP on all VLANs configured on a WX switch: WX4400# set spantree enable success: change accepted. The following command disables STP on VLAN burgundy: WX4400# set spantree disable vlan bu rgundy success: change accepted. See Also  display spantree on page 324 set spantree [...]

  • Page 338

    338 C HAPTER 10: STP C OMMANDS See Also  display spantree backbonefast on page 326 set spantree fwddelay Changes the period of time after a topology change that a WX switch which is not the root bridge waits to begin forwar ding Layer 2 traffic on one or all of its configured VLANs. (The r oot bridge always forwards traffic.) Syntax — set span[...]

  • Page 339

    set spantree maxage 339  vlan vlan-id — VLAN name or number . MS S changes the interval on only the specified VLAN. Defaults — The default hello timer interval is 2 seconds. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand change s the hello interval for all VLANs to 4 seconds: WX4400# set sp[...]

  • Page 340

    340 C HAPTER 10: STP C OMMANDS Examples — The following command changes the maximum acceptable age for root bridge hello packets on all VLANs to 15 seconds: WX4400# set spantree maxage 15 all success: change accepted. See Also  display spantree on page 324 set spantree portcost Changes the cost that transmission through a network port or ports[...]

  • Page 341

    set spantree portfast 341 Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — This command applies only to the defa ult VLAN (V LAN 1). T o change the cost of a port in ano ther VLAN, use the set spantr ee portvlancost command. Examples — The following command changes the cost on ports 3 and 4 to 20: WX1200# set spantree port[...]

  • Page 342

    342 C HAPTER 10: STP C OMMANDS Examples — The following co mmand enab les port fast convergence on ports 2, 5, and 7: WX1200# set spantree portfast port 2 ,4,7 enable success: change accepted. See Also  display spantree portfast on page 328 set spantree portpri Changes the STP priority of a network port or ports for select ion as part of the p[...]

  • Page 343

    set spantree portvlancost 343 set spantree portvlancost Changes the cost of a network por t or ports on paths to the STP root bridge for a specific VLAN on a wireless LAN switch. Syntax — set spantree portvlancost port-lis t cost cost { all | vlan vlan-id }  port-list — List of ports. MSS applies the cost change to all the specified ports. ?[...]

  • Page 344

    344 C HAPTER 10: STP C OMMANDS set spantree portvlanpri Changes the priority of a network port or ports for selectio n as part of the path to the STP root bridge, on one VLAN or all VLANs. Syntax — set spantree portvlanpri port-list priority value { all | vlan vlan-id }  port-list — List of ports. MSS changes the priority on the specified po[...]

  • Page 345

    set spantree uplinkfast 345  all — Changes the bridge priority on all VLANs.  vlan vlan-id — VLAN name or number . MSS changes the bridge priority on only the specified VLAN. Defaults — The default root bridge priority for the switch on all VLANs is 32,768. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The [...]

  • Page 346

    346 C HAPTER 10: STP C OMMANDS Examples — The following co mmand enab les uplink fast convergence: WX4400# set spantree uplinkfast enab le success: change accepted. See Also  display spantree uplinkfast on page 335[...]

  • Page 347

    11 IGMP S NOOPING C OMMANDS Use Internet Group Management Pr otocol (IGMP) snooping commands to configure and manage multicast traff ic reduction on a WX. Commands by usage This chapter presents IGMP snooping commands alphabetically . Use the T ab le 65 to locate commands in this chapter based on their use. T able 65 IGMP Commands by Usage Type Com[...]

  • Page 348

    348 C HAPTER 11: IGMP S NOOPING C OMMANDS clear igmp statistics Clears IGMP statistics count ers on one VLAN or all VLANs on a wir eless LAN switch and r esets them to 0. Syntax — clear igmp statistics [ vlan vlan-id ]  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, IGMP statistics ar e clear ed for all VLANs. Defaults ?[...]

  • Page 349

    display igmp 349 router information: Port Mrouter-IPaddr Mrouter-MAC Type TTL ---- --------------- --------------- -- ----- ----- 1 192.28.7.5 00:01:02:03:04:05 dvmrp 17 Group Port Receiver-IP Receiver-MAC TTL --------------- ---- --------------- ----------------- ----- 224.0.0.2 none none none undef 237.255.255.255 5 10.10.10.11 00:02:04:06:08:0b [...]

  • Page 350

    350 C HAPTER 11: IGMP S NOOPING C OMMANDS T able 66 Output for display igmp Field Descri ption VLAN VLAN name. MSS displays info rmation separately for each VLAN. IGMP is enabled (disabled) IGMP state. Proxy reporting Proxy reporting state. Mrouter solicitation Multicast router solicitation state. Querier functionality Pseudo-querier state. Configu[...]

  • Page 351

    display igmp 351 TTL Number of seconds befo re this entry ages out if not refreshed. For static multicast route r entries, the time-to-live (TTL) value is undef . Static multicast router entries do not age out. Group IP address of a multicast group. The display igmp receiver -table command shows the sa me information as these receiver fields. Port [...]

  • Page 352

    352 C HAPTER 11: IGMP S NOOPING C OMMANDS See Also  display igmp mrouter on page 352  display igmp querier on page 353  display igmp receiver -table on pag e 355  display igmp statistic s on page 356 display igmp mrouter Displays the multicast routers in a WX’ s subnet, on one VLAN or all VLANs. Routers are listed separately fo r each[...]

  • Page 353

    display igmp querier 35 3 See Also  display igmp mrouter on page 352  set igmp mr outer on page 360 display igmp querier Shows information about the active multicast querier , on one VLAN or all VLANs. Queriers are listed separately for each VLAN. Each VLAN can have only one querier . Syntax — display igmp querier [ vlan vlan-id ]  vlan [...]

  • Page 354

    354 C HAPTER 11: IGMP S NOOPING C OMMANDS History — Introduced in MSS V ersio n 3.0. Examples — The followin g command displa ys querier information for VLAN orange : WX1200# display igmp querier vlan or ange Querier for vlan orange Port Querier-IP Querier-MAC TTL ---- --------------- --------------- -- ----- 1 193.122.135.178 00:0b:cc:d2:e9:b4[...]

  • Page 355

    display igmp receiver-table 355 See Also  set igmp querier on page 366 display igmp receiver -table Displays the receivers to which a WX forwar ds multicast traffic. Y ou can display receivers for all VLANs, a si ngle VLAN, or a group or gr oups identified by group address and network mask. Syntax — display igmp receiver-table [ vlan vlan-id ][...]

  • Page 356

    356 C HAPTER 11: IGMP S NOOPING C OMMANDS The following command lists all r eceivers for multicast groups 237.255.255.1 t hr ough 237.255.255.2 55, in all VLANs: WX1200# display igmp receiver-table group 237.255.255.0/24 VLAN: red Session Port Receiver-IP Receiver-MAC TTL --------------- ---- --------------- ----------------- ----- 237.255.255.2 2 [...]

  • Page 357

    display igmp stati stics 357 Defaults — None. Access — All. History — Introduced in MSS V ersion 3.0. Examples — The followin g command displays IGMP statistics for VLAN orange : WX1200# display igmp statistics vlan orange IGMP statistics for vlan orange: IGMP message type Received Transmitt ed Dropped ----------------- -------- --------- -[...]

  • Page 358

    358 C HAPTER 11: IGMP S NOOPING C OMMANDS T able 70 Output of display igmp statistics Field Description IGMP statistics for vlan VLAN name. Statistics are lis ted separately for each VLAN. IGMP message type Type of IGMP message:  General-Queries — General group membership queries sent by the multicast querier (multicast router or pseudo -queri[...]

  • Page 359

    set igmp 359 See Also  clear igmp statistics on page 348 set igmp Disables or reenables IGMP snooping on one VLAN or all VLANs on a wireless LAN switch. Syntax — set igmp { enable | disable } [ vlan vlan-id ]  enable — Enables IGMP snooping.  disable — Disables IGMP snooping.  vlan vlan-id — VLAN name or number . If you do not s[...]

  • Page 360

    360 C HAPTER 11: IGMP S NOOPING C OMMANDS set igmp lmqi Changes the IGMP last member query interval timer on one VLAN or all VLANs on a wirel ess LAN switch. Syntax — set igmp lmqi tenth-seconds [ vlan vlan- id ]  lmqi tenth-seconds — Amount of time (in tenths of a second) that the WX waits for a r esponse to a gr oup-specific query after re[...]

  • Page 361

    set igmp mrsol 361  enable — Adds the port to the list of static multicast router ports.  disable — Removes the port from the list of static multicast router ports. Defaults — By default, no ports are static multicast router ports. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — Y ou cannot add MAP access ports[...]

  • Page 362

    362 C HAPTER 11: IGMP S NOOPING C OMMANDS History — Introduced in MSS V ersio n 3.0. Examples — The followin g command enables multicast router solicitation on VLAN orange : WX1200# set igmp mrsol enable vlan o range success: change accepted See Also  set igmp mrsol mrsi on page 362 set igmp mrsol mrsi Changes th e interval between multicast[...]

  • Page 363

    set igmp oqi 363 set igmp oqi Changes the IGMP other -querier -present interval timer on one VLAN or all VLANs on a WX. Syntax — set igmp oqi seconds [ vlan vlan-id ]  oqi seconds — Number of seconds that th e WX waits for a general query to arrive before electing itself the querier . Y ou can specify a value from 1 through 65,535.  vlan [...]

  • Page 364

    364 C HAPTER 11: IGMP S NOOPING C OMMANDS set igmp proxy-r eport Disables or reenables proxy r eporting by a WX on one VLAN o r all VLANs. Syntax — set igmp proxy-report { enable | disable }  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, proxy r eporting is disabl ed or r eenabled on all VLANs.  enable — Enables p r[...]

  • Page 365

    set igmp qri 365 Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — The query interval is applicable on ly when the WX is querier for the subnet. For the WX switch to become the querier , the pseudo-querier feature must be enabled on the WX and the WX must have the lowest IP address among all the WX switches eligible to becom[...]

  • Page 366

    366 C HAPTER 11: IGMP S NOOPING C OMMANDS History — Introduced in MSS V ersion 3.0. Usage — The query r esponse interval is applicable only when the WX is querier for the subnet. For the WX to become the querier , the pseudo-querier feature must be en abled on the WX and the WX must have the lowest IP address among all the WX switches eligible [...]

  • Page 367

    set igmp receiver 367 Examples — The following example enables the pseu do-querier on the orange VLAN: WX1200# set igmp querier enable vlan orange success: change accepted. See Also  display igmp querier on page 353 set igmp receiver Adds or r emoves a network port in the list of port s on which a WX forwards traffic to multicast receivers. St[...]

  • Page 368

    368 C HAPTER 11: IGMP S NOOPING C OMMANDS See Also  display igmp receiver -table on pag e 355 set igmp rv Changes the robustness value for one VLAN or all VLANs on a WX. Robustness adjusts the IG MP timers to the amount of traf fic loss that occurs on the network. Syntax — set igmp rv num [ vlan vlan-id ]  num — Robustness value. Y ou can[...]

  • Page 369

    12 S ECURITY ACL C OMMANDS Use security ACL commands to configure and monitor security access control lists (ACLs). Security ACLs filt er packets to restrict or permit network usage by certain users or traffic types, and can assign to packets a class of service (CoS) to define th e pr iority of tre atment for packe t filtering. (Security ACLs are d[...]

  • Page 370

    370 C HAPTER 12: S ECURITY ACL C OMM ANDS clear security acl Clears a specified security ACL, an access c ontrol e ntry (ACE), or all security ACLs, from the edit buffe r . When used with the command commit securi ty acl , clears the ACE fr om the running configuration. Syntax — clear security acl { acl-name | all } [ editbuffer-index ]  acl-n[...]

  • Page 371

    clear security acl map 371 WX4400# display security acl info al l ACL information for all set security acl ip acl_133 (hits #1 0) ------------------------------------ --------------------- 1. deny IP source IP 192.168.1.6 0.0 .0.0 destination IP any set security acl ip acl_134 (hits #3 0) ------------------------------------ --------------------- 1[...]

  • Page 372

    372 C HAPTER 12: S ECURITY ACL C OMM ANDS Syntax — clear security acl map { acl-name | all } { vlan vlan-id | port port-list [ tag tag-value ] | dap dap-num } { in | out }  acl-name — Name of an existing security ACL to clear . ACL names start with a letter and ar e case-insensitive.  all — Removes security ACL mapping fr om all physica[...]

  • Page 373

    commit security acl 373 T o clear all physical port s, virtual ports , and VLANs on a WX switch of the ACLs mapped for incoming and outgoi ng traffic, type the following command: WX4400# clear security acl map all success: change accepted. See Also  clear security acl on page 370  display security acl map on page 377  set security acl map [...]

  • Page 374

    374 C HAPTER 12: S ECURITY ACL C OMM ANDS Examples — The following co mmands commit all the security ACLs in the edit buffer to the configuration, display a summary of the committed ACLs, and show that the edit buffer has been clear ed: WX4400# commit security acl all configuration accepted WX4400# display security acl ACL table ACL Type Class Ma[...]

  • Page 375

    display security acl hi ts 375 Examples — T o display a summary of the committed security ACLs on a WX switch, type the following command: WX4400# display security acl ACL table ACL Type Class Mapping ---------------------------- ---- -- ---- ------- acl_123 IP Static Port 2 In acl_133 IP Static Port 4 In acl_124 IP Static T o view a summary of t[...]

  • Page 376

    376 C HAPTER 12: S ECURITY ACL C OMM ANDS Examples — T o display the security ACL hits on a WX switch, type the following command: WX4400# display security acl hits ACL hit-counters Index Counter ACL-name ----- -------------------- -------- 1 0 acl_2 2 0 acl_175 3 916 acl_123 See Also  hit-sample-rate on page 382  set security acl on page 3[...]

  • Page 377

    display security acl map 377 Examples — T o display the conten ts of all security ACLs committed on a WX switch, type the following command: WX4400# display security acl info al l ACL information for all set security acl ip acl_123 (hits #5 462) ------------------------------------ --------------------- 1. permit IP source IP 192.168.1.11 0.0.0.2[...]

  • Page 378

    378 C HAPTER 12: S ECURITY ACL C OMM ANDS Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following command displays the port to which security ACL acl_111 is mapped : WX4400# display security acl map acl _111 ACL acl_111 is mapped to: Port 4 in See Also  clear security acl map on page 371  display security ac[...]

  • Page 379

    display security acl resource-usage 379 Examples — T o display security ACL res ource usage, type the following command: WX4400# display security acl resourc e-usage ACL resources Classifier tree counters ------------------------ Number of rules : 2 Number of leaf nodes : 1 Stored rule count : 2 Leaf chain count : 1 Longest leaf chain : 2 Number [...]

  • Page 380

    380 C HAPTER 12: S ECURITY ACL C OMM ANDS T able 72 Output of display security acl resour ce-usage Field Description Number of rules Number of security ACEs cu rrently mapped to ports or VLANs. Number of leaf nodes Number of se curity ACL data en tries stored in the rule tree. Stored rule count Number of security ACEs stored in the rule tree. Leaf [...]

  • Page 381

    display security acl resource-usage 381 LUdef in use Number of the lookup definition (LUdef) table currently in use for packet handling. Default action pointer Memory address used for packet handling, from which default action data is obtained when necessary. L4 global Security AC L mappin g on the WX switch:  Tr u e — Security ACLs are mapped[...]

  • Page 382

    382 C HAPTER 12: S ECURITY ACL C OMM ANDS hit-sample-rate Specifies the time interval, in second s, at which the packet counter for each security ACL is sampled for disp lay . Th e counter counts the number of packets filtered by the security ACL — or “hits.” Syntax — hit-sample-rate seconds  seconds — Number of seconds between samples[...]

  • Page 383

    rollback security acl 383 Examples — The first command sets MSS to sample ACL hits every 15 seconds. The second and third commands display the r esults. The results show that 916 packets matching security acl_153 were sent since the ACL was mapped. WX4400# hit-sample-rate 15 WX4400# display security acl info ac l_153 ACL information for acl_153 s[...]

  • Page 384

    384 C HAPTER 12: S ECURITY ACL C OMM ANDS Examples — The following co mmands show the edit buf fer befor e a rollbac k, clear any change s in the edit buffe r to security acl_122 , and show the ed it buf fer after the r ollback: WX4400# display security acl info al l editbuffer ACL edit-buffer information for all set security acl ip acl_122 (ACEs[...]

  • Page 385

    set security acl 385 By ICMP packets Syntax — set security acl ip acl-name { permi t [ cos cos ] | deny } icmp { sourc e-ip-addr mask destination-ip-addr mask [ type icmp-type ] [ code icmp-code ] [ precedence precedence ] [ tos tos ] [ before editbuffer-index | modi fy editbuffer-index ] [ hits ] By TCP packets Syntax — set security acl ip acl[...]

  • Page 386

    386 C HAPTER 12: S ECURITY ACL C OMM ANDS  0 or 3—Best effort. Packets are queued in MAP forwarding queue 3.  4 or 5—Video. Packets are que ued in MAP forwarding queue 2. Use CoS level 4 or 5 for voice over IP (V oIP) packets other than SpectraLink V oice Priority (SVP).  6 or 7—V oice. Packets ar e queu ed in MAP forwar ding queue 1[...]

  • Page 387

    set security acl 387 (For a complete list of TCP and UDP port numbers, see www .iana.or g/assign ments/port-numbers .)  destination-ip-addr mask — IP addr ess and wildcar d mask of the network or host to which the packet is being sent. Specify both address and mask in dotted decimal not ation. For mor e information, see “Wildcard Masks” on[...]

  • Page 388

    388 C HAPTER 12: S ECURITY ACL C OMM ANDS  before editbuffer-index — Inserts the new ACE in fr ont of another ACE in the security ACL. Specify the number of the existing ACE in the edit buffer . Index numbers start at 1. (T o display the edit buffer , use display security acl editbuf fer . )  modify editbuffer-index — Replaces an ACE in t[...]

  • Page 389

    set security acl map 389 The following command adds an ACE to acl_123 that denies packets from IP addr ess 192.168.2.11: WX4400# s et security acl ip acl_123 deny 192.168.2.11 0.0.0.0 The following command creates acl_125 by defining an ACE that denies TCP packets from sour ce IP addr ess 1 92.168.0.1 to destination IP address 192.168.0.2 for estab[...]

  • Page 390

    390 C HAPTER 12: S ECURITY ACL C OMM ANDS Syntax — set security acl map acl-name { v l an vlan-id | port port-list [ tag tag-list ] | dap dap-num } { in | out }  acl-name — Name of an existing security ACL to map. ACL names start with a letter and ar e case-insensitive.  vlan vlan-id — VLAN name or number . MSS assigns the security ACL [...]

  • Page 391

    set security acl map 391 See Also  clear security acl map on page 371  commit security acl on page 373  set mac-user attr on page 208  set mac-usergroup attr on page 214  set security acl on page 384  set user attr on page 219  set usergroup on page 220  display security acl map on page 377[...]

  • Page 392

    392 C HAPTER 12: S ECURITY ACL C OMM ANDS[...]

  • Page 393

    13 C RYPTOGRAPHY C OMMANDS Use cryptography commands to co nfigur e and manage certificates and public-private key pairs for system authentication . Depending on your network configurat ion, you must create keys and certificates to authenticate the WX switch to IEEE 802.1X wireless clients for which the WX switch performs authentication, and to 3Co[...]

  • Page 394

    394 C HAPTER 13: C RYPTOGRA PHY C OMMANDS crypto ca-certificate Installs a certificate authority’ s ow n PKCS #7 certificate into the WX certificate and ke y storage area. Syntax — crypto ca-certificate { admin | eap | webaaa } PEM-formatted certificate  admin — Stores the certificate authority’ s certificate that signed the administrati[...]

  • Page 395

    crypto certificate 39 5 T o use this command, you must already have obtained a copy of the certificate authority’ s certificate as a PKCS #7 object file. Then do the following: 1 Open the PKCS #7 object file with an ASCII text editor such as Notepad or vi. 2 Enter th e crypto ca-certificate command on the CLI command line. 3 When MSS prompts you [...]

  • Page 396

    396 C HAPTER 13: C RYPTOGRA PHY C OMMANDS  PEM-formatted certificate — ASCII text repr esentation of the PKCS #7 certificate, consist ing of up to 4096 characters, that you have obtained from th e certificate authority . Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — T o use th is command, you mu st[...]

  • Page 397

    crypto generate key 397 crypto generate key Generates an RSA public-private encrypti on key pair that is requir ed for a Certificate Signing Request ( CSR) or a self-signed certific ate. For SSH, the command generates an SSH authentication key . Syntax — crypto generate key { admin | eap | ssh | webaaa } { 512 | 1024 | 2048 }  admin — Genera[...]

  • Page 398

    398 C HAPTER 13: C RYPTOGRA PHY C OMMANDS crypto generate re quest Generates a Certificate Signing Reque st (CSR). Thi s command outputs a PEM-formatted PKCS #10 text string that you can cut and paste to another location for delivery to a certificate author ity . This command generates either an administrative CSR for use w ith 3WXM and Web Manager[...]

  • Page 399

    crypto generate request 399 Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — T o use th is command, you mu st alr eady have generated a public-private encryption key pair with the crypto generate key command. Enter crypto generate r equest admin , crypto generate request eap , or crypto generate request we[...]

  • Page 400

    400 C HAPTER 13: C RYPTOGRA PHY C OMMANDS See Also  crypto certificate on page 395  crypto generate key on page 397 crypto generate self-signed Generates a self-signed certificate for either an administrative certificate for use with 3WXM or an EAP certificate for use with 802.1X wireless users. Syntax — crypto generate self-signed { admi n[...]

  • Page 401

    crypto generate self-signed 40 1 Note: If you are generating a WebAAA (webaaa) certificate, use a common name that look s like a doma in name (t wo or mor e st rings connected by dots, with no spaces ). For example, use common.name instead of common name. The string is not r equir ed to be an actual domain name. It simply needs to be formatted like[...]

  • Page 402

    402 C HAPTER 13: C RYPTOGRA PHY C OMMANDS BAMCBkAwSAYJYIZIAYb4QgENBDsWOXRoaXMg Y2VydGlmaWNhdGUgaXMgY29tcGxl dGVseSB1bnRydXN0d29ydGh5LiBJcyB0aGF0 IE9LPzAPBgNVHRMBAf8EBTADAQH/ MA0GCSqGSIb3DQEBBAUAA4GBAHUOhMG/Zbgo jvxb+hopdNzWmjAL8Cr8lX4/g2W2 clyq55Y3SF+L6CmGxUmlLR5ZsM9KuEIZLPtK sCurIhiPft4g52fkCC/EdibxXlUb kw8IUADwGiE1T21OM8vmm4EIKM7tyyEF0b94 dqFxZQf[...]

  • Page 403

    crypto pkcs12 40 3  Question mark (?)  Ampersan d (&) Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — The password allows the public- private key pair and certificate to be installed together from the same PKCS #12 object file. MSS erases the one-time password after processing the crypto pkcs12 [...]

  • Page 404

    404 C HAPTER 13: C RYPTOGRA PHY C OMMANDS  webaaa — Unpacks a PKCS #12 object file for a WebAAA certificate and key pair — and optionally the certificate authority’ s own certificate — for authenticating the WX switch to W ebAAA clients.  file-location-url — Location of the PKCS #12 object file to be installed. Specify a location of[...]

  • Page 405

    display crypto ca-certificate 405 display crypto ca-certificate Displays information about the certificate authority’ s PEM-encod ed PKCS #7 certificate. Syntax — display crypto ca-certifica te { admin | eap | webaaa }  admin — Displays information about the certificate author ity’ s certificate that signed the administrative certificate[...]

  • Page 406

    406 C HAPTER 13: C RYPTOGRA PHY C OMMANDS See Also  crypto ca-certificate on page 394  display crypto certificate on page 406 display crypto certificate Displays information about one of the cryptographic certificates installed on the WX switch. Syntax — display crypto certificate { admin | eap | webaaa }  admin — Displays information [...]

  • Page 407

    display crypto key ssh 407 See Also  crypto generate self-signed on page 400  display crypto ca-certificate on page 405 display crypto key ssh Displays SSH authentication key info rmation. This comma nd displays the checksum (also called a fingerprint ) of the public SSH authentication key . When you connect to the WX switch with an SSH clien[...]

  • Page 408

    408 C HAPTER 13: C RYPTOGRA PHY C OMMANDS[...]

  • Page 409

    14 RADIUS AND S ERVER G RO U P C OMMANDS Use RADIUS comma nds to set up communicatio n between an WX switch and groups of up to four RADIUS servers for re mote authentication, authorization, and accounting (AAA) of administrat ors and network users. Commands by Usage This chapter presents RADIUS commands alp habetically . Use T able 76 to locate co[...]

  • Page 410

    410 C HAPTER 14: RADIUS AND S ERVER G ROUP C OM MANDS clear radius Resets parameters that were globall y configured for RADIUS servers to their default values. Syntax — clear radius { deadtime | key | re transmit | timeout }  deadtime — Number of minutes to wait after declaring an unresponsive RADIUS server unava ilable before r etrying the [...]

  • Page 411

    clear radius client system-ip 411 WX4400# clear radius timeout success: change accepted. See Also  set radius on page 413  set radius server on page 415  display aaa on page 180 clear radius client system-ip Removes the WX switch’ s system IP address from use as the permanent source addr ess in RADIUS client r eque sts from the switch to[...]

  • Page 412

    412 C HAPTER 14: RADIUS AND S ERVER G ROUP C OM MANDS clear radius server Removes the named RADIUS server from the WX configuration. Syntax — clear radius server server-name  server-name — Name of a RADIUS server con figur ed to perfo rm remote AAA services for the WX switch. Defaults — None. Access — Enabled. History —Introduced in MS[...]

  • Page 413

    set radius 413 Examples — T o remove the server gr oup sg-77 type the following command: WX4400# clear server group sg-77 success: change accepted. T o d isable load balancing in a server group shorebirds , type the following command: WX4400# set server group shorebirds load-balance disable success: change accepted. See Also  set server group [...]

  • Page 414

    414 C HAPTER 14: RADIUS AND S ERVER G ROUP C OM MANDS  retransmit — 3 (the total number of attempts, including the first attempt)  timeout — 5 seconds Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou can specify only one parameter per command line. Examples — The following co mmands sets the dead time to 5 m[...]

  • Page 415

    set radius server 415 Usage — The WX system IP addr ess must be set before you use this command. Examples — The followin g command sets the WX system IP address as the address of the RADIUS client: WX4400# set radius client system-ip success: change accepted. See Also  clear radius c lient system-ip on page 411  set system ip-address on p[...]

  • Page 416

    416 C HAPTER 14: RADIUS AND S ERVER G ROUP C OM MANDS (24 hours). A zero value causes the switch to identify unresponsive servers as avail able.  key string — Password (shared secr et key) the WX switch uses to authenticate to the RADIUS server . Y ou must provide the same passwor d that is defined on the RADIUS server . The password can be 1 [...]

  • Page 417

    set server group 417 Examples — T o set a RADIUS server named RS42 with IP address 198.162.1.1 to use the default acco unt ing and authorization ports with a timeout interval of 30 second s, two transmit attempts, 5 minutes of dead time, and a key string o f keys4u , type the following command: WX1200# set radius server RS42 address 198.162.1.1 t[...]

  • Page 418

    418 C HAPTER 14: RADIUS AND S ERVER G ROUP C OM MANDS Do not use the same name for a R ADIUS server and a RADIUS server group. Examples — T o set server group shorebirds with members her on , egret , and sandpiper , type the following command: WX1200# set server group shorebirds members heron egret sandpiper success: change accepted. See Also [...]

  • Page 419

    set server group load-balanc e 419 Examples — T o enable load balanc ing betwee n the memb ers of serv er group shorebirds , type the following command: WX1200# set server group shorebirds load-balance enable success: change accepted. T o disable load balancing between shorebirds server group members, type the following command: WX1200# set serve[...]

  • Page 420

    420 C HAPTER 14: RADIUS AND S ERVER G ROUP C OM MANDS[...]

  • Page 421

    15 802.1X M ANAGEMENT C OMMANDS Use 802. IEEE X management commands to modify the default settings for IEEE 802.1X sessions on an WX sw itch. For best r esults, change the settings only if you are awar e of a pr oblem with the WX switch’ s 802.1X performance. CAUTION: 802.1X paramete r settings are global for all SSIDs configured on the switch. C[...]

  • Page 422

    422 C HAPTER 15: 802.1X M ANAGEMENT C OMMANDS clear dot1x bonded-period Resets the Bonded Auth™ (bonded authentication) perio d to its default value. The bonded period is the number of seconds MSS retains session information for an authenticated machin e while waiting for an 802.1X client on the machine to start (re)authentication for the user . [...]

  • Page 423

    clear dot1x max-req 423 See Also  display dot1x on page 427  set dot1x bonded-period on page 431 clear dot1x max- req Resets to the default setting the nu mber of Extensible Authentication Protocol (EAP) r equests that the WX switch retransmits to a supplicant (client). Syntax — clear dot1x max-req Defaults — The default number is 20. Acc[...]

  • Page 424

    424 C HAPTER 15: 802.1X M ANAGEMENT C OMMANDS Usage — This command is overridden by the set dot1x authcontrol command. The clear dot1x port-control command r eturns port contr ol to the method configured. This command applies only to wired authentication ports. Examples — T ype the following command to reset the wired authentication port contro[...]

  • Page 425

    clear dot1x reauth-max 425 clear dot1x re auth-max Resets the maxi mum number of reaut horization attempts to the default setting. Syntax — clear dot1x reauth-max Defaults — The default is 2 attempts. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T ype the following command to reset the maximum number of reauthoriz[...]

  • Page 426

    426 C HAPTER 15: 802.1X M ANAGEMENT C OMMANDS clear dot1x timeout auth-server Resets to the default setting the nu mber of seconds that must elapse before the WX times out a request to a RADIUS server . Syntax — clear dot1x timeout auth-server Defaults — The default is 3 0 seconds. Access — Enabled. History —Introduced in MSS V ersion 3.0. [...]

  • Page 427

    clear dot1x tx-period 427  set dot1x timeout supplicant on page 437 clear dot1x tx-period Resets to the default setting the nu mber of seconds that mus t elapse before the WX switch r etransmits an EAP over LAN (EAPoL) packet. Syntax — clear dot1x tx-period Defaults — The default is 5 seconds. Access — Enabled. History —Introduced in MSS[...]

  • Page 428

    428 C HAPTER 15: 802.1X M ANAGEMENT C OMMANDS History —Introduced in MSS V ersion 3.0. Format of 80 2.1X authentication rule informat ion in display dot1x config output changed in MSS V e rsion 3. 2. The rules are still listed at the top of the display , but more information is shown for each rule. Examples — T ype the following command to disp[...]

  • Page 429

    display dot1x 429 802.1X parameter setting ---------------- ------- supplicant timeout 30 auth-server timeout 30 quiet period 5 transmit period 5 reauthentication period 3600 maximum requests 2 key transmission enabled reauthentication enabled authentication control enabled WEP rekey period 1800 WEP rekey enab led Bonded period 60 port 5, authcontr[...]

  • Page 430

    430 C HAPTER 15: 802.1X M ANAGEMENT C OMMANDS set dot1x authcontrol Provides a global override mechanism for 802.1X authentication configuration on wired authentication ports. Syntax — set dot1x authcontrol { enable | d isable }  enable — Allows all wir ed authentication ports running 802.1X to use the authentication specified per port by th[...]

  • Page 431

    set dot1x bonded-period 431 Defaults — By default, authenticati on control for individual wir ed authentication is enabled. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — This command applies only to wired authentication ports. Examples — T o enable per -port 802.1X authentication on wired authentication ports, type th[...]

  • Page 432

    432 C HAPTER 15: 802.1X M ANAGEMENT C OMMANDS Usage — Normally , the Bonded Auth period needs to be set only if the network has Bonded Auth clients that use dynamic WEP , or use WEP-40 or WEP-104 encryption with WP A or RS N. These clients can be affected by the 802.1X reauthentication parameter or the RADIUS Session-T imeout parameter . 3Com rec[...]

  • Page 433

    set dot1x max-req 433 success: dot1x key transmission enab led. See Also  display dot1x on page 427 set dot1x max-req Sets the maximum number of times th e WX retransmits an EAP r equest to a supplicant (client) before ending the authentication session. Syntax — set dot1x max-req number-of-retra nsmissions  number-of-retransmissions — Spe[...]

  • Page 434

    434 C HAPTER 15: 802.1X M ANAGEMENT C OMMANDS  forceunauth — Forces the specified wired authentication port(s) to unconditionally reject all 802.1X authentication att empts with an EAP failure message.  auto — Allows the specified wired authentication ports to pr ocess 802.1X authentication normally as deter mined for the user by the set [...]

  • Page 435

    set dot1x reauth 435 Examples — T ype the following command to set the quiet period to 90 seconds: WX4400# set dot1x quiet-period 90 success: dot1x quiet period set to 9 0. See Also  clear dot1x quiet-period on page 424  set dot1x wep-rekey-period on page 439 set dot1x reauth Determines whether the WX switch allows the reauthentication of s[...]

  • Page 436

    436 C HAPTER 15: 802.1X M ANAGEMENT C OMMANDS set dot1x re auth-max Sets the number of reauthentication attempts that the WX switch makes before the supplicant (client) becomes unauthorized. Syntax — set dot1x reauth-max number-of-at tempts  number-of-attempts — Specify a value between 1 and 10. Defaults — The default number of reauthentic[...]

  • Page 437

    set dot1x timeout auth-server 437 Examples — T ype the following command t o set the number of seconds to 100 before r eauthentication is attempted: WX4400# set dot1x reauth-period 100 success: dot1x auth-server timeout s et to 100. See Also  display dot1x on page 427  clear dot1x reauth-period on page 425 set dot1x timeout auth-server Sets[...]

  • Page 438

    438 C HAPTER 15: 802.1X M ANAGEMENT C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T ype the following command to set the number of seconds for authentication session timeout to 300: WX4400# set dot1x timeout supplicant 300 success: dot1x supplicant timeout se t to 300. See Also  display dot1x on page 427 ?[...]

  • Page 439

    set dot1x wep-rekey 439 set dot1x wep-rekey Enables or d isables Wired Equiva lency Privacy (WEP) rekeying for broadcast and multica st encryption keys. Syntax — set dot1X wep-rekey { enable | dis able }  enable — Causes the broadcast and multicast keys for WEP to be rotated at an interval set by the set dot1x wep-rekey- period for each radi[...]

  • Page 440

    440 C HAPTER 15: 802.1X M ANAGEMENT C OMMANDS History —Introduced in MSS V ersion 3.0. Examples — T ype the following command to set the WEP-rekey period to 300 seconds: WX4400# set dot1x wep-rekey-period 3 00 success: dot1x wep-rekey-period set to 300 See Also  display dot1x on page 427  set dot1x wep-rekey on page 439[...]

  • Page 441

    16 S ESSION M ANAGEMENT C OMMANDS Use session management commands to display and cl ear administrative and ne twork user sessions. Commands by Usage This chapter pr esents session manage ment commands al phabeti cally . Use T ab le 79 to locate commands in this chapter based on their use. clear sessions Clears all administrative sessions, or clea r[...]

  • Page 442

    442 C HAPTER 16: S ESSION M ANAGEMENT C OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T o clear all administrato r sessions type the following command: WX4400# clear sessions admin This will terminate manager sessions , do you wish to continue? (y|n) [n] y T o clear all administrative session[...]

  • Page 443

    clear sessions network 443 character—either an at sign (@) or a period (.). (For details, see “User Globs” on page 24.)  mac-addr mac-addr-glob — Clears all network sessions for a MAC address. Specify a MAC address in hexadecimal numbers separated by colons (:), or use the wildcar d character (*) to spec ify a set of MAC addresses. (For [...]

  • Page 444

    444 C HAPTER 16: S ESSION M ANAGEMENT C OMMANDS T o clear the sessions of users whose name begins with the characters Jo , type the following command: WX1200# clear sessions network user Jo* T o clear the sessions of all users on VLAN red , type the following command: WX1200# clear sessions network vlan red See Also  display sessions on page 444[...]

  • Page 445

    display sessions 445 Examples — T o view information abo ut sessions of administrative users, type the following command: WX4400> display sessions admin Tty Username Ti me (s) Type ------- -------------------- -- ------ ---- tty0 36 44 Console tty2 tech 6 Telnet tty3 sshadmin 38 1 SSH 3 admin sessions T o view information about console users?[...]

  • Page 446

    446 C HAPTER 16: S ESSION M ANAGEMENT C OMMANDS T able 81 describes the fields of the display sessions telnet client display . See Also  clear sessions on page 441 display sessions network Displays summary or verbo se inform ation about all network sessions, or network sessions for a specified user name or set of user names, MAC address or set o[...]

  • Page 447

    display sessions network 447 Syntax — display sessions network [ user user-glob | mac-addr mac-addr- glob | ssid ssid-name vlan vlan-glob | session-id session-id | wired ] [ verbose ]  user user-glob — Displays all network sessions for a single user or set of users. Specify a username, use the doub le-asterisk wildcar d character ( ** ) to s[...]

  • Page 448

    448 C HAPTER 16: S ESSION M ANAGEMENT C OMMANDS Usage — MSS displays information about network sessions in three types of displays. See the follo wing tables for field descriptions.  Summary display — See T a ble 82 on page 450.  V erbose display — See T able 83 on page 450.  display sessions network session-id display — See T able[...]

  • Page 449

    display sessions network 449 (T able 82 on page 450 describes the su mmary displays of display sessions network commands.) The following command displays detailed (verbose) session information about user nin@example.com: WX1200# display sessions network use r nin@example.com verbose User Sess IP or MAC VLAN Port/ Name ID Address Name Radio --------[...]

  • Page 450

    450 C HAPTER 16: S ESSION M ANAGEMENT C OMMANDS Tag: 1 Session Timeout: 1800 Authentication Method: PEAP, using s erver 10.10.70.20 Session statistics as updated from A P: Unicast packets in: 653 Unicast bytes in: 46211 Unicast packets out: 450 Unicast bytes out: 50478 Multicast packets in: 317 Multicast bytes in: 10144 Number of packets with encry[...]

  • Page 451

    display sessions network 451 State Status of the session:  AUTH, ASSOC REQ — Client is being associated by the 802.1X protocol.  AUTH AND ASSOC — Client is being associated by the 802.1X protocol, and the user is being authenticated.  AUTHORIZING — User has been authenticated (for exam ple, by the 802.1X protocol a nd an AAA method),[...]

  • Page 452

    452 C HAPTER 16: S ESSION M ANAGEMENT C OMMANDS T able 84 display sessions network session-id Output Field Description Global Id A u nique session identifier within the Mob ility Domain. State Status of the session:  AUTH, ASSOC REQ — Client is being ass ociated by the 802.1X protocol.  AUTH AND ASSOC — Client is being associated by the 8[...]

  • Page 453

    display sessions network 453 See Also  clear sessions network on page 442 Session Timeout Assigned session timeou t in seconds. Authentication Method Extensible Auth entication Protocol (EAP) type used to authenticate the session user, and the IP addr es s of the authentication server. Session statistics as updated from AP Time the session stati[...]

  • Page 454

    454 C HAPTER 16: S ESSION M ANAGEMENT C OMMANDS[...]

  • Page 455

    17 RF D ETECTION C OMMANDS MSS automatically performs RF detect ion scans on enabled and disabled radios to detect rogue access points. A rogue access point is a BSSID (MAC address associated with an SS ID) that does not belong to a 3Com switch and is not a member of the ignore list configured on the seed switch of the Mobility Domain. The ignor e [...]

  • Page 456

    456 C HAPTER 17: RF D ET ECTION C OMMANDS clear rfdetect countermeasures mac Removes a rogue BSSID fr om the list configured by the set rfdetect countermeasur es m ac command. Syntax — clear rfdetect countermeasu res mac { mac-addr | all }  mac-addr — Basic service set identifier (BSSID) of the r ogue. Enter the BSSID in MAC addr es s format[...]

  • Page 457

    clear rfdetect ignore 457 If the clear rfdetect countermeasures mac command r emoves the last rogue fr om the list created by set rfdetect countermeasur es mac commands, RF detection returns to the default handling of countermeasures. Consequently , the rogue you cleared can still be attacked if it is still in the r ogue list. T o stop counter meas[...]

  • Page 458

    458 C HAPTER 17: RF D ET ECTION C OMMANDS See Also  display rfdetect ignore on page 461  set rfdetect ignore on page 467 display rfdetect countermeasures Displays the current status of countermeasures against rogues in the Mobility Domain. Syntax — display rfdetect countermeasure s Defaults — None. Access — Enabled. History —Introduce[...]

  • Page 459

    display rfdetect data 459 See Also  clear rfdetect countermeasures mac on page 456  set rf detect countermeasures on page 465  set rfdetect countermeasures mac on page 466 display rfdetect data Displays all the BSSIDs detected by an individual WX switch during an RF detection scan. The data includes BSSIDs t ransmitted by other 3Com radios[...]

  • Page 460

    460 C HAPTER 17: RF D ET ECTION C OMMANDS Only one MAC addr ess is listed for each 3Com radio, e ven if th e radio is beaconing multiple SSIDs. Examples — The following command shows the devices detected by this WX switch during the most recent RF detection scan: WX1200# display rfdetect data Total number of entries: 7 BSSID Port/Rad Ch an RSSI A[...]

  • Page 461

    display rfdetect ignore 461 display rfdetect ignore Displays the BSSIDs of third-party devices that MSS ignor es during RF scans. MSS does not gene rate log messages or traps for the devices in the ignore list. Syntax — display rfdetect ignore Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The follo[...]

  • Page 462

    462 C HAPTER 17: RF D ET ECTION C OMMANDS Examples — The following example displays in formation about the BSSIDs detected in the Mobility Domain manage d by the seed switch: WX1200# display rfdetect mobility-do main Total number of entries: 3 BSSID WX-IPaddr Port/Radio RSSI SSID > Radio Mac /Channel ---------------------- ------------- -- ---[...]

  • Page 463

    display rfdetect visible 463 See Also  display rfdetect data on page 459  display rfdetect visible on page 463 display rfdetect visible Displays the BSSIDs discovered by a specific 3Com radio. The data includes BSSIDs transmitted by othe r 3Com radios as well as by third-party access points. Syntax — display rfdetect visible mac-addr Syntax[...]

  • Page 464

    464 C HAPTER 17: RF D ET ECTION C OMMANDS Examples — The following co mmand displa ys the devices detected by 3Com ra dio 00:0 b:0e:0 0:0a:6a: WX1200# display rfdetect visible 00: 0b:0e:00:0a:6a Total number of entries: 4 Transmit MAC Chan R SS ----------------- -------- --- ---- 00:0b:0e:00:02:01 56 -7 4 00:0b:0e:00:03:41 36 -4 4 00:0b:0e:00:0b:[...]

  • Page 465

    set rfdetect active-scan 465 set rfdetect active-scan Disables or reenables active RF dete ction scan ning on a WX switch . When active scanning is enabled, the MAP radios managed by the switch look for rogue devices by sending probe any r equests (probe requests with a null SSID name), to solicit probe responses fr om other access points. Syntax ?[...]

  • Page 466

    466 C HAPTER 17: RF D ET ECTION C OMMANDS Usage — This command is valid only on the seed switch of the Mobility Domain. Examples — The following co mmand enab les countermeasures for the Mobility Domain managed by this seed switch: WX1200# set rfdetect countermeasures enable success: countermeasures are now en abled. See Also  clear rfdetect[...]

  • Page 467

    set rfdetect ignore 467 This command is valid only on the se ed switch of the Mobility Domain. The countermeasures take ef fect only if countermeasures are enabled for the Mobility Domain, using the set rfdetect countermeasures enable command. This command does not become part of the configuration file when you save the configuration and therefore [...]

  • Page 468

    468 C HAPTER 17: RF D ET ECTION C OMMANDS Examples — The following command config ur es MSS to ignor e BSSID aa:bb:cc:11:22:33 during RF scans: WX1200# set rfdetect ignore aa:bb:cc:11:22:33 success: MAC aa:bb:cc:11:22:33 is n ow ignored. See Also  clear rfdetect ignore on page 457  display rfdetect ignore on page 461 set rfdetect log Disabl[...]

  • Page 469

    18 F ILE M ANAGEMENT C OMMANDS Use file management commands to ma nage system files and to display software and boot information. Commands by Usage This chapter presents file management co mmands alphabetically . Use T ab le 90 to locate commands in this chapter based on their use. T able 90 File Management Commands by Usage Type Command Software V[...]

  • Page 470

    470 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS backup Creates an ar chive of WX system file s and optionally , user file, in Unix tape archive ( tar ) format. Syntax backup system [tftp:/ip-addr/]filename [all | critical] Defaults — All. Access — Enabled. History —. Usage — Y ou ca n cr eate an archive loca ted on a TF TP server or in the swi[...]

  • Page 471

    clear boot config 471 Examples — The followin g command cr eates an archive of the system-critical files and copies the ar chive directly to a TF TP server . The filename in this example includes a TF TP server IP addr ess, so the ar chive is not stor ed locally on the switch. WX1200# backup system tftp:/10.10.20.9/sysa_bak critic al success: sen[...]

  • Page 472

    472 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS Examples — The following commands back up the configuration file on an WX switch, reset the switch to it s factory default configuration, and reboot the switch: WX4400# copy configuration tftp://10 .1.1.1/backupcfg success: sent 365 bytes in 0.401 sec onds [ 910 bytes/sec] WX4400# clear boot config suc[...]

  • Page 473

    copy 473 If you are copying a system image f ile into nonvolatile storage, the filename must include the boot partition name. Y ou can specify one of the following:  boot0: / filename  boot1: / filename Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — The filename and file: filename URLs ar e equival[...]

  • Page 474

    474 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS The following command copies system image WXA0 3001.Rel from a TF TP server to boo t partition 1 in nonvolatile storage: WX4400# copy tftp://10.1.1.107/WXA03 001.Rel boot1:WXA03001.Rel .................................... ........................ .................................... ............success: [...]

  • Page 475

    dir 475 Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou might wan t to copy the file to a TF TP server as a backup before deleting the file. Examples — The follow ing co mmands copy file testconfig to a TF TP server and delete the file from nonvolatile storage: WX4400# copy testconfig tftp://10.1. [...]

  • Page 476

    476 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS Examples — The following co mmand displays the files in the r oot directory: WX4400# dir ==================================== ================================ =========== file: Filename Size Creat ed file:configuration 17 KB May 21 20 04, 18:20:53 file:configuration.txt 379 bytes May 09 20 04, 18:55:17[...]

  • Page 477

    display boot 477 See Also  copy on page 472  delete on page 474 display boot Displays the system image and configur ation filenames used after the last reboot and configured for use after the next reboot. Syntax — display boot Defaults — None. Access — Access. History —Introduced in MSS V ersion 3.0. Examples — The following command[...]

  • Page 478

    478 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS T ab le 93 describes the fields in the display boot output. See Also  display version on pag e 480  reset system on page 485  set boot configuration-file on page 488 display config Displays the configuration ru nning on the WX switch. Syntax — display config [ area area ] [ all ]  area area[...]

  • Page 479

    display config 479  portconfig  portgroup  radio-profile  rfdevice  service-profile  sm  snmp  spantree  system  trace  vlan  vlan-fdb If you do not specify a configuration area, nondefault information for all areas is displayed.  all — Includes configuration items that are set to their default values. Defau[...]

  • Page 480

    480 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS  save config on page 487 display version Displays software and har dwar e version information for an WX switch and, optionally , for an y a ttached MAP access points. Syntax — display version [ details ]  details — Includes additional software build information and information about the MAP acc[...]

  • Page 481

    display version 481 Build Suffix: -d-O1-3com Model: WX1200 Hardware Mainboard: version 1 ; FPGA version 0 CPU Model: 405EP (Revision 9 .80) PoE board: version 0 ; FPGA version 0 Serial number M8WE48BB8C7A0 Flash: 3.0.1 - md0a Kernel: 3.0.1#130: Thu Se p 23 05:45:24 PDT 2004 BootLoader: 1.4 / 3.0.2 Port/DAP AP Model Serial # Ve rsions -------- -----[...]

  • Page 482

    482 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS See Also  display boot on page 477 load config Load s configuration commands fr om a file and replaces the WX switch’ s running configuration with the commands in the loaded file. CAUTION: This command completely remo ves the running config uration and replaces it with the configuration contained in[...]

  • Page 483

    mkdir 483 Usage — This command completely replaces the running configuration with the configuration in the file. Examples — The following comman d r eloads the configuration from the most recently loaded configuration file: WX4400# load config Reloading configuration may result i n lost of connectivity, do you wish to continue? (y/n) [n] y succ[...]

  • Page 484

    484 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS Filename Size Creat ed file:configuration 17 KB May 21 20 04, 18:20:53 file:configuration.txt 379 bytes May 09 20 04, 18:55:17 corp2/ 512 bytes May 21 2004, 19:22:09 corp_a/ 512 bytes May 21 2004, 19:15:48 file:dangcfg 13 KB May 16 20 04, 18:30:44 dangdir/ 512 bytes May 16 2004, 17:23:44 old/ 512 bytes S[...]

  • Page 485

    reset system 485 reset system Restar ts an WX switch and r eboots the software. Syntax — reset system [ force ]  force — Immediately restarts the system and reboots, without comparing the running co nfiguration to the configuration file. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — If you do not[...]

  • Page 486

    486 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS res to re Unzips a system archive created by the backup command and copies the files from the ar chive onto the switch. Syntax restore system [tftp:/ip-addr/]filename [al l | critical] Defaults — Critical. Access — Enabled. History — Usage — If a file in the archive has a counterpart on the switc[...]

  • Page 487

    rmdir 487 See Also  backup on page 470 rmdir Removes a subdirectory fr om nonvolatile storage. Syntax — rmdir [ subdirname ]  subdirname — Subdirectory name. Specify between 1 and 32 alphanumeric characters , with no spaces. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — MSS does not allow the [...]

  • Page 488

    488 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — If you do not specify a filename, MS S r eplaces the configuration file loaded during the most recent r eboot. T o display the filename of the configuration file MSS loaded during the most recent reboot, use the display boot command[...]

  • Page 489

    set boot partition 489 Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — The file must be located in the switch’ s nonvolatile storage. Examples — The following command sets th e boot configuration file to testconfig1 : WX4400# set boot configuration-file testconfig1 success: boot config set. set boot partition Specifies [...]

  • Page 490

    490 C HAPTER 18: F ILE M ANAGEMENT C OMMANDS[...]

  • Page 491

    19 T RACE C OMMANDS Use trace commands to perform diag nostic routines. While MSS allows you to run many types of traces, this chapter describes commands for those traces you are most likely to use. Fo r a complete listing of the types of traces MSS allows, type the set trace ? command. CAUTION: Using the set trace command can have adverse effects [...]

  • Page 492

    492 C HAPTER 19: T RACE C OMMANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T o delete the trace log, type the following command: WX4400# clear log trace See Also  display log buffer on page 500  set log on page 504 clear trace Deletes run ning trace commands and ends trace pr ocesses. Syntax — clear trace [...]

  • Page 493

    display trace 493 See Also  display trace on page 493  set trace authentication on page 494  set trace authorization on page 495  set trace dot1x on page 496  set trace sm on page 497 display trace Displays information about traces that ar e currently configured on the WX switch, or all possible tr ace options. Syntax — display tra[...]

  • Page 494

    494 C HAPTER 19: T RACE C OMMANDS save trace Saves the accumulated trace data for enabled traces to a file in the WX switch’ s no nvolatile storage. Syntax — save trace filename  filename — Name for the trace file. T o save the file in a subdirectory , specify the subdir ectory name, then a slash. For example : traces/trace1 Defaults — N[...]

  • Page 495

    set trace authorization 495 Examples — The following co mmand sta rts a trace for information about user jose’ s authent ication: WX4400# set trace authentication use r jose success: change accepted. See Also  clear trace on page 492  display trace on page 493 set trace authorization T races au thorization information. Syntax — set trac[...]

  • Page 496

    496 C HAPTER 19: T RACE C OMMANDS See Also  clear trace on page 492  display trace on page 493 set trace dot1x T r aces 802.1X sessions. Syntax — set trace dot1x [ mac-addr mac-addr ess ] [ port port-num ] [ user username ] [ level level ]  mac-addr mac-address — T races a MAC address. Spec ify a MAC address, using colons to separa te [...]

  • Page 497

    set trace sm 497 set trace sm T races session manager activity . Syntax — set trace sm [ mac-addr mac-address ] [ port port-n um ] [ user username ] [ level level ]  mac-addr mac-address — T races a MAC address. Spec ify a MAC address, using colons to separate the octets (for example, 00:11:22:aa:bb:cc).  port port-num — T races on a WX[...]

  • Page 498

    498 C HAPTER 19: T RACE C OMMANDS[...]

  • Page 499

    20 S YSTEM L OG C OMMANDS Use the system log commands to recor d information for monitoring and troubleshooting. MSS system logs are based on RFC 3164, which defines the log protocol. Commands by Usage This chapter pr esent system log commands alphabetically . Use T able 96 to locate commands in this chapter based on their use. clear log Clears the[...]

  • Page 500

    500 C HAPTER 20: S YSTEM L OG C OMMANDS Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — T o stop sending system logging messages to a server at 192.168.253.11, type the following command: WX4400# clear log server 192.168.253 .11 success: change accepted. T y pe the following command to clear all messages fr om the log b[...]

  • Page 501

    display log buffer 50 1  severity severity-level — Displays messages at a severity level greater than or equal to the leve l specified. Specify one of the following:  emergency — The WX switch is unusable.  alert — Action must be taken immediatel y .  critical — Y ou must resolve the critical conditions. If the conditions are no[...]

  • Page 502

    502 C HAPTER 20: S YSTEM L OG C OMMANDS See Also  clear log on page 499  display log config on page 502 display log config Displays log configur ation information. Syntax — display log config Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — T o display how logging is configured, type the follow[...]

  • Page 503

    display log trace 503 display log trace Displays system information sto r ed in the nonvolatile log buf fer or the trace buffer . Syntax — display log trace [{ + | - | / } number- of-messages ] [ facility facility-name ] [ matching s tring ] [ severity severity-level ]  trace — Displays the log messa ges in the trace buffer .  + | - | / n[...]

  • Page 504

    504 C HAPTER 20: S YSTEM L OG C OMMANDS Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — T ype the following command to see the facilities for which you can view event messag es ar chived in the buffer: WX4400# display log trace facility ? <facility name> Select o ne of: KERNEL, AAA, SYSLOGD, ACL[...]

  • Page 505

    set log 505  Logging state (enabled or disabled) T o override the session defaults for an individual session, type the set log command from within the session and use the current opt ion.  trace — Sets log parameters for trace files.  severity severity-level — Logs ev ents at a severity level greater than or equal to the level specifie[...]

  • Page 506

    506 C HAPTER 20: S YSTEM L OG C OMMANDS  disable — Disables messages to the specified target. Defaults — The following a re defaults for the set log commands.  Events at the error level and higher are logged to the WX console.  Events at the error level and higher are logged to the WX system buffer .  T race logg ing is enabled, and[...]

  • Page 507

    set log trace mbyte s 507 Examples — The following co mmand incr ea ses the trace buffer size to 4M B : WX4400# set log trace mbytes 4 success: change accepted. See Also  display log config on page 502[...]

  • Page 508

    508 C HAPTER 20: S YSTEM L OG C OMMANDS[...]

  • Page 509

    21 B OOT P RO M P T C OMMANDS Boot prompt commands enable you to perform basic tasks, including booting a system image file, from the boot prompt (boot>). A CLI session enters the bo ot pr ompt if MSS does no t boot successfully or you intentionally interrupt the boot process. T o interrupt the boot process, press q followed by Enter (r eturn). [...]

  • Page 510

    510 C HAPTER 21: B OOT P ROMPT C OMMANDS autoboot Displays or changes the state of the aut oboot option. The autoboot option controls whether a WX switch automat ically boots a system image after initializing the hardwar e, followi ng a system reset or power cycle. Syntax — autoboot [ON | on | OFF | off]  ON — Enables the autoboot option. ?[...]

  • Page 511

    boot 511 boot Loads and executes a system image file. Syntax — boot [ BT= type ] [ DEV= device ] [ FN= fi lename ] [ HA= ip-addr ] [ FL= num ] [ OPT= option ] [ OPT+= option ]  BT= type — Boot type:  c — Compact flash. Boots using nonvol atile storage or a flash card.  n — Network. Bo ots using a TFTP serv er .  DEV= device — [...]

  • Page 512

    512 C HAPTER 21: B OOT P ROMPT C OMMANDS Usage — If you use an optional para meter , t he para meter setting overrides the setting of the same pa rameter in the currently active boot profile. However , the boot profile itself is not changed. T o display the currently active boot profile, use the display command. T o change the currently active bo[...]

  • Page 513

    change 513 change Changes parameters in the currently active boot profile. (For information about boot profiles, see display on page 517.) Syntax — change Defaults — The default boot type is c (compa ct flash) . The de fault filename is default . The default flags setting is 0x0000 0000 (all flags disabled) and the default options li st is run=[...]

  • Page 514

    514 C HAPTER 21: B OOT P ROMPT C OMMANDS  delete on page 515  display on page 517  next on page 521 create Cr eates a new boot pr ofile. (For information about boot profiles, see display on page 517.) Syntax — create Defaults — The new boot pr ofile has the same settings as the curr ently active boot profile by default. Access — Boot[...]

  • Page 515

    delete 515  display on page 517  next on page 521 delete Removes the currently active boot pr ofile. (For information about boot profiles, see display on page 517.) Syntax — delete Defaults — None. Access — Boot prompt. History —Introduced in MSS V ersion 3.0. Usage — When yo u type th e delete command, the next-lower numbered boot [...]

  • Page 516

    516 C HAPTER 21: B OOT P ROMPT C OMMANDS diag Accesses the dia gnostic mode. Syntax — diag Defaults — The diagnostic mode is disabled by default. Access — Boot prompt. History —Introduced in MSS V ersion 3.0. Usage — Access to the diagnostic mode requir es a password, which is not user configurable. Use this mode only if advised to do so [...]

  • Page 517

    display 517 WXA30001.Rel 8863722 bytes Internal Compact Flash Directory ( Secondary): WXA30001.Rel 8862885 bytes See Also  fver on page 519  version on page 524 display Displays the curr ently active boot pr ofile. A boot profile is a set of parameters that a WX switch uses to control the boot process. Each boot profile contains the following[...]

  • Page 518

    518 C HAPTER 21: B OOT P ROMPT C OMMANDS BOOT TYPE: c DEVICE: boot1: FILENAME: default FLAGS: 00000000 OPTIONS: run=nos;boot=0 T ab le 98 describes the fields in the display . See Also  change on page 513  cr eate on page 514  delete on page 515  next on page 521 T able 98 Output of display command Field Description BOOT Index Boo t pro[...]

  • Page 519

    fver 519 fver Displays the version of a system image file installed in a specific location on a WX switch. Syntax — fver { c: | d: | e: | f: | boot0: | boot1: } [ filename ]  c: — Nonvolatile storage ar ea containing boot partition 0 (primary).  d: — Nonvolatile storage ar ea containing boot partition 1 (secondary).  e: — Primary p[...]

  • Page 520

    520 C HAPTER 21: B OOT P ROMPT C OMMANDS help Displays a list of all the boot prompt commands or detailed information for an individual command. Syntax — help [ command-name ]  command-name — Boot pr ompt command. Defaults — None. Access — Boot prompt. History —Introduced in MSS V ersion 3.0. Usage — If you specify a command name, de[...]

  • Page 521

    next 521 Usage — T o display help for an indivi dual command, type help followed by the command name (for example, help boot ). Examples — T o display a list of the commands available at the boot prompt, type the following command: boot> ls ls Display a list of all commands and descriptions. help Display help information for each command. au[...]

  • Page 522

    522 C HAPTER 21: B OOT P ROMPT C OMMANDS Examples — T o activate the boot profile in the next slot and display the profile, type the following command: boot> next BOOT Index: 0 BOOT TYPE: c DEVICE: boot1: FILENAME: testcfg FLAGS: 00000000 OPTIONS: run=nos;boot=0 See Also  change on page 513  cr eate on page 514  delete on page 515 [...]

  • Page 523

    test 523 3Com WX-4400 Bootstrap/Bootloade r Version 3.0.2 Re lease Compiled on Wed Sep 22 09:18:47 PDT 2004 by Bootstrap 0 version: 3.1 Active Bootloader 0 version: 3. 0.2 Active Bootstrap 1 version: 3.1 Bootloader 1 version: 3. 0.1 WX-4400 Board Revision: 2. WX-4400 Controller Revision: 5. WXA30001.Rel 8863722 bytes BOOT Index: 0 BOOT TYPE: c DEVI[...]

  • Page 524

    524 C HAPTER 21: B OOT P ROMPT C OMMANDS Examples — The following command displays the current setting of the poweron test flag: boot> test The diagnostic execution flag is not set. See Also  boot on page 511 version Displays version informatio n for a WX switch’ s hardwar e and boot code. Syntax — version Defaults — None. Access — [...]

  • Page 525

    version 525 See Also  dir on page 516  fver on page 519[...]

  • Page 526

    526 C HAPTER 21: B OOT P ROMPT C OMMANDS[...]

  • Page 527

    A O BTAINING S UPPORT FOR YOUR P R ODUCT Register Y our Product W arranty and other service benefits start from the date of purchase, so it is important to register your product quickly to ensure you get full use of the warranty and other service benefits available to you. W arranty and other service benefits are enabled thr ough product re gistrat[...]

  • Page 528

    528 A PPENDIX A: O BTAINING S UPPORT FOR YOUR P RODUCT T roubleshoot Online Y ou will find support tools posted on the 3Com web site at http://www.3com.com/ 3Com Knowledgebase helps you troubleshoot 3Com products. This query-based interactive tool is located at http://knowledgebase.3com.com and contains thousands of technical solutions written by 3[...]

  • Page 529

    Contact Us 529 T o sen d a pr oduct dire ctly to 3Com for repair , you must first obt ain a return authorization number (RMA). Pr oducts sent to 3Com, without authorization numbers clearly marked on the outside of the package, will be returned to the sender unopened, at the sender’ s expense. If your product is r egistered and under warranty , yo[...]

  • Page 530

    530 A PPENDIX A: O BTAINING S UPPORT FOR YOUR P RODUCT Austria Belgium Denmark Finland France Germany Hungary Ireland Israel Italy 01 7956 7124 070 700 770 7010 7289 01080 2783 0825 809 622 01805 404 747 06800 12813 1407 3387 1800 945 379 4 199 161346 Luxembourg Netherlands Norway Poland Portugal South Africa Spain Sweden Switzerland U.K. 342 08081[...]

  • Page 531

    I NDEX A autoboot 510 B boot 511 C change 513 clear {ap | dap} radio 234 clear accounting 165 clear authentication admin 166 clear authentication console 167 clear authentication dot1x 168 clear authentication last-re sort 169 clear authentication mac 169 clear authentication web 170 clear banner motd 38 clear boot config 471 clear dap 58 clear dot[...]

  • Page 532

    532 I NDEX clear usergroup 178 clear usergroup attr 179 clear vlan 91 commit security acl 37 3 copy 472 create 514 crypto certificate 395 crypto certificate admin 395 crypto certificate eap 395 crypto generate key 397 crypto generate request 398 crypto generate request admin 398 crypto generate request eap 398 crypto generate self-signed 400 crypto[...]

  • Page 533

    I NDEX 533 display timezone 131 display trace 493 display tunnel 99 display version 480 display vlan config 100 F fver 519 H help 45, 520 history 46 hit-sample-rate 382 L load config 482 ls 520 M mkdir 483 monitor port counters 68 N next 521 P ping 132 Q quit 34 R res et 522 res et {ap | dap} 264 reset port 73 reset system 485 rmdir 487 rollback se[...]

  • Page 534

    534 I NDEX set ip https server 140 set ip r oute 140 set ip snmp server 142 set ip s sh 143 set ip ssh absolute-timeout 144 set ip ssh id le-timeout 145 set ip ssh server 145 set ip telnet 146 set ip telnet server 147 set length 48 set license 49 set location policy 203 set log 504 set log buffer 504 set log console 504 set log current 504 set log [...]

  • Page 535

    I NDEX 535 set spantree maxage 339 set spantree portcost 340 set spantree portfast 341 set spantree portpri 342 set spantree portvlancost 343 set spantree portvlanpri 344 set spantree priority 344 set spantree uplinkfast 345 set summertime 154 set system contact 51 set system countrycode 51 set system ip-address 53, 155 set system location 54 set s[...]

  • Page 536

    536 I NDEX[...]