WS2000 Wireless Switch - OPAL BV€¦ · TOC-4 WS2000 Wireless Switch CLI Reference Guide show ...

M

WS2000 Wireless Switch

CLI Reference Guide

© 2009 Motorola, Inc. All rights reserved.

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.

Contents

Chapter 1: Product Overview1.1 WS2000 Wireless Switch CLI Reference Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

1.2 System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

1.3 Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

1.4 Software Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

Chapter 2: Admin and Common Commands2.1 Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

2.2 Admin Menu Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Chapter 3: Network CLI Commands Reference3.1 network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

3.2 Network AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

ap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4copydefaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6forget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8remap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

3.3 Network AP Default Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18loadfromcf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

TOC-2 WS2000 Wireless Switch CLI Reference Guide

show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213.4 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

3.5 Network AP Selfheal commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

selfheal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25detect-neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

3.6 Network AP Denyap Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30

denyap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33

3.7 Network AP Smartscan Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

smartscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37

3.8 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39

3.9 Network AP Mesh Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40

mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44preferred-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45available-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47

3.10 Network DCHP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48

dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50

3.11 Network Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51

fw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54timeradd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55timerdel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56timerlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57timerset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58

3.12 Network Firewall Intrusion Prevention System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59

ips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62

TOC-3

3.13 Network Firewall Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64

policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-65

3.14 Network Firewall Policy Inbound Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66

inbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-68insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-69list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72

3.15 Network Firewall Policy Outbound Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73

outbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79

3.16 Network Firewall Submap Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80

submap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-85show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-86

3.17 Network LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87

lan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90updateDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-91updateAllDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-92

3.18 Network LAN DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93

dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-95list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-97show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-99renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-100

3.19 Network LAN Bridge commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101

bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-102set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-104

3.20 Network QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105

qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-106set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-107


show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1083.21 Network Router Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109

router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-110delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-111list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-113show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114

3.22 Network VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115

vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-116show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117

3.23 Network WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118

wan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-119set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-120show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122

3.24 Network WAN App Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123

app . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123addcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-124delcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-126list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128

3.25 Network WAN DynDNS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129

dyndns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-130show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132

3.26 Network WAN L2TPVPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133

l2tpvpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133show-connected-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134

3.27 Network WAN L2TPVPN LNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135

lns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-136show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138

3.28 Network WAN L2TPVPN Users Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139

users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139add-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-140delete-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141delete-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142show-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143show-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144

3.29 Network WAN TrunkIPFPolicy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145

trunkipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149

TOC-5

3.30 Network WAN NAT Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150

nat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-152list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-153set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155

3.31 Network WAN VPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156

vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-157delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158ikestate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-161set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-162stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167

3.32 Network WAN VPN Cmgr Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168

cmgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168delca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-169delprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-170delself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-171expcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-172export-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173genreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-174

3.33 Network WAN VPN Cmgr impcert Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175

impcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175listca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-176listprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-177listself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-178loadca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-179loadself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-180showreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-181

3.34 Network WLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182

wlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-183delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-184list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-185set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-186show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-191

3.35 Network WLAN Rogue AP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193

rogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-194show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195

3.36 Network WLAN Rogue AP Approvedlist Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196

approvedlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196ageoute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-197approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-198erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-199


show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2003.37 Network WLAN Rogue AP Roguelist Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201

roguelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201ageout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206deauth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207

3.38 Network WLAN Rogue AP Rogue List Locate Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208

locate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210

3.39 Network WLAN Rogue AP Rogue List MU Scan Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211

muscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-212start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213

3.40 Network WLAN Rogue AP Rule List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214

rulelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215authsymbolap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-217show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218

3.41 Network WLAN Enhanced Rogue AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219

enhancedrogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-220set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221

3.42 Network WLAN MU Probe Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222

muprobe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-223set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-224

3.43 Network WLAN Hotspot Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225

hotspot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-226show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-228import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229

3.44 Network WLAN Hotspot RADIUS commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230

radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-231set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-232

3.45 Network WLAN Hotstpot White-list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234

white-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-235clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-236show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237

3.46 Network WLAN WLAN IP Fiter Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238

wlanipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238

TOC-7

set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-239add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-240del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-241show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-242

3.47 Network Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243

port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-244show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-245

3.48 Network IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246

ipfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-247del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-248show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-249

3.49 Network WIPS Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250

wips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-251show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-252list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-253convert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-254revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-255update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-256

3.50 Network WIPS Default commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257

defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-258show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-259

3.51 Network WIDS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260

wids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-261set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-262show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-266

3.52 Network URL Filter Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267

urlfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-268show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-269

3.53 Network URL Filter Keyword Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270

keyword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-271delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-272removeall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-273show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-274

3.54 Network URL Filter White list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275

whitelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-276delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-277show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-278

3.55 Network URL Filter Black List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279

blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-280


delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-281show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282

3.56 Network URL Filter Trusted IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283

trustip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-284delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-285show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-286

Chapter 4: System CLI Commands Reference4.1 system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

lastpw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

4.2 System Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

4.3 System Authentication RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9

4.4 System Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10

config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14partial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19sensor-fw-update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20loadtocf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21

4.5 System Logs Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22

logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27

4.6 System NTP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28

ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30date-zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31zone-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32

4.7 System RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33

radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33generate-dh-param . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

TOC-9

show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-364.8 System RADIUS Client Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37

client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40

4.9 System RADIUS EAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41

eap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44

4.10 System RADIUS EAP PEAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45

peap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47

4.11 System RADIUS EAP TTLS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48

ttls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50

4.12 System RADIUS LDAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51

ldap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56

4.13 System RADIUS Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57

policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59

4.14 System RADIUS Proxy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60

proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65

4.15 System Redundancy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66

redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69

4.16 System SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70

snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-704.17 System SNMP Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71

access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76


show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-774.18 System SNMP Traps Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78

traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87

4.19 System SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89

ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91

4.20 System User Database Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92

userdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-924.21 System User Database Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93

group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102

4.22 System User Database User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103

user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108

4.23 System User Database User Guest commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109

guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-112

4.24 System WS2000 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113

WS2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-115restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121

4.25 System CF commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122

cf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123

4.26 System HTTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124

http . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-125

TOC-11

show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1264.27 System Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127

test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-129

Chapter 5: Statistics Commands5.1 stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

5.2 Stats Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25.3 Statistics RF Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

rf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7

Product Overview

1.1 WS2000 Wireless Switch CLI Reference Guide

This guide is intended to support administrators responsible for understanding, configuring and maintaining the Wireless Switch. This document provides information for the system administrator to use the command line interface during the initial setup and configuration of the system. It also serves as a reference guide for the administrator to use while updating or maintaining the system.

1.1.1 About this DocumentThis document contains information on all command that configure the WS2000 Wireless Switch. To view the command syntax and a brief help on each command on your WS2000 Wireless Switch console, use the following syntax:

admin> <command> ?

We recommend viewing this Command Line Reference Guide with Adobe Acrobat 5.0 or higher.

1-2 WS2000 Wireless Switch CLI Reference Guide

1.1.2 Document Conventions

Notes and Warnings

CLI Conventions

NOTE: Indicates special tips or requirements

CAUTION: Indicates a condition that can cause equipment damage or data loss

WARNING! Indicates a condition or procedure that could result in personal injury or equip-ment damage

command / keyword The first word is always a command. Keywords are words that must be entered as is. Commands and keywords are mandatory.For example, the command,

admin(network.wan)> show ip 1

is documented asshow ip <idx>

where:• show – The command

• ip – The keyword

<variable> Variables are described with a short description enclosed within a ‘<‘ and a ‘>’ pair.For example, the command,

admin(network.wan)> show ip 1


where:• show – The command – Display information.

• ip – The keyword – The IP address

• <idx> – The variable – WAN Index value.

Product Overview 1-3

| The pipe symbol. This is used to separate the variables/keywords in a list.For example, the command

admin(network.wan.vpn)> set .....

is documented asset [ike|type|sub|remip|......]

where:• set – The command

• [ike|type|sub|remip|...] – Indicates the different commands that can be combined with the set command. However, only one of the above list can be used at a time.

set ike ...

set type ...

set sub ...set remip ...

[ ] Of the different keywords and variables listed inside a ‘[‘ & ‘]’ pair, only one can be used. Each choice in the list is separated with a ‘|’ (pipe) symbol.For example, the command

admin(network.wan)> show ...

is documented asshow [ip|pppoe]

where:• show – The command

• [ip|pppoe] – Indicates that two keywords are available for this command and only one can be used at a time

{ } Any command/keyword/variable or a combination of them inside a ‘{‘ & ‘}’ pair is optional. All optional commands follow the same conventions as listed above. However they are displayed italicized.For example, the command

admin(network.wan.vpn)> list ....

is documented aslist {<name>}

Here:• list – The command. This command can also be used as

list

• {<name>} – The optional variable <name>.. The command can also be extended aslist vpn_tunnel_01

Here the value vpn_tunnel_01 is an optional tunnel name.

values Values to be entered as shown in Blue. For example, the command

admin(network.wan)> show ip ....


This command’s parameter <idx> is described as under:“<idx> – <idx> (1-8) is the Wlan Index.”


1.2 System OverviewThe WS2000 Wireless Switch provides a low-cost, feature-rich option for sites with one to six Access Ports. The WS2000 Wireless Switch works at the center of a network’s infrastructure to seamlessly and securely combine wireless LANs (WLANs) and wired networks. The switch sits on the network. Wireless Access Ports connect to one of the six available ports on the switch and the external wired network (WAN) connects to a single 10/100 Mbit/sec. WAN port.

Mobile units (MUs) associate with the switch via an Access Port. When an MU contacts the switch, the switch cell controller services attempt to authenticate the device for access to the network.

The WS2000 Wireless Switch acts as a WAN/LAN gateway and a wired/wireless switch.

1.2.1 Management of Access PortsThis wireless switch provides six 10/100 Mbit/sec. LAN ports for internal wired or wireless traffic. Four of these ports provide IEEE 802.3af-compliant Power over Ethernet (PoE) support for devices that require power from the Ethernet connection (such as Access Ports). Administrators can configure the six ports to communicate with a private LAN or with an Access Port for a wireless LAN (WLAN). The switch provides up to four extended service set identifiers (ESSIDs) for each Access Port connected to the switch.

1.2.1.1 Firewall Security

The LAN and Access Ports are placed behind a user-configurable firewall that provides stateful packet inspection. The wireless switch performs network address translation (NAT) on packets passing to and from the WAN port. This combination provides enhanced security by monitoring communication with the wired network.

1.2.1.2 Wireless LAN (WLAN) Security

Administrators can configure security settings independently for each ESSID. Security settings and protocols available with this switch include:

• Kerberos

• WEP-64

• WEP-128

• 802.1x with RADIUS

• 802.1x with Shared Key

• KeyGuard

• WPA/WPA2-TKIP

• WPA2/CCMP (802.11i)

1.2.1.3 VPN Security

Virtual Private Networks (VPNs) are IP-based networks that use encryption and tunneling to give users remote access to a secure LAN. In essence, the trust relationship is extended from one LAN across the public network to another LAN, without sacrificing security. A VPN behaves similarly to a private network; however, because the data travels through the public network, it needs several layers of security. The WS2000 Wireless Switch acts as a robust VPN gateway.


1.3 Hardware OverviewThe WS2000 Wireless Switch provides a fully integrated solution for managing every aspect of connecting wireless LANs (WLANs) to a wired network. This wireless switch can connect directly to a cable or DSL modem, and can also connect to other wide area networks through a Layer 2/3 device (such as a switch or router). The switch includes the following features:

• One WAN (RJ-45) port for connection to a DSL modem, cable modem, or any other Layer 2/3 network device.

• Six 10/100 Mbit/sec. LAN (RJ-45) ports: four ports provide 802.3af “Power over Ethernet” (PoE) support; the other two do not provide power.

• Each port has two LEDs, one indicating the speed of the transmission (10 or 100 Mbit/sec.), the other indicating whether there is activity on the port. The four LAN ports with PoE have a third LED that indicates whether power is being delivered over the line to a power device (such as an Access Port). (See the WS 2000 Wireless Switch LED explanation for more information on the meaning of the different state of the LEDs.)

• A DB-9 serial port for direct access to the command-line interface from a PC. Use Symbol’s Null-Modem cable (Part No. 25-632878-0) for the best fitting connection.

• A CompactFlash slot that provides AirBEAM® support.

1.3.1 Technical Specifications

1.3.1.1 Physical Specifications

• Width: 203 mm

• Height: 38 mm

• Depth: 286 mm

• Weight: 0.64 kg

1.3.1.2 Power Specifications

• Maximum Power Consumption: 90-256 VAC, 47-63 Hz, 3A

• Operating Voltage: 48 VDC

• Operating Current: 1A

• Peak Current: 1.6A

1.3.1.3 Environmental Specifications

• Operating Temperature: 0ºC to 40ºC

• Storage Temperature: -40ºC to 70ºC

• Operating Humidity: 10% to 85% Non-condensing

• Storage Humidity: 10% to 85% Non-condensing

• Operating Altitude: 2.4 Km

• Storage Altitude: 4.6 km


1.3.2 WS 2000 Wireless Switch LED FunctionsThe switch has a large blue LED on the right front that indicates that the switch is powered on.

Each port on the WS 2000 Wireless Switch has either two or three LEDs that indicate the status of the port. Ports 1-4, which supply 802.3af Power over Ethernet (PoE), have three LEDs. The remaining two non-powered LAN ports and the WAN port have two LEDs.

Location Function

Upper left LED This LED is present on all ports and indicates the speed of the transmissions through the port. The LED is on when the transmission rate is 100 Mbit per second (100BaseT). The light is off when the transmission rate is 10 Mbit per second.

Upper right LED This LED indicates activity on the port. This light is solid yellow when a link to a device is made. The light flashes when traffic is being transferred over the line.

Lower LED This LED is only present on Ports 1-4. These ports provide 802.3af Power over Ethernet (PoE) support to devices (such as Access Ports). The LED has several states:OFF—A non-power device (or no device) is connected; no power is being delivered.GREEN—The switch is delivering 48 volts to the power device connected to that port.RED—There was a valid PoE connection; however, the switch has detected that the power device is faulty. The red light will remain until a non-faulty connection is made to the port.


1.4 Software OverviewThe WS2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components:

1.4.1 Operating System (OS) ServicesOperating System (OS) Services determine how the WS2000 Wireless Switch communicates with existing network and operating system-centric software services, including:

• Dynamic Host Configuration Protocol (DHCP)

• Telnet and File Transfer Protocol (FTP/TFTP) servers

• The Simple Network Time Protocol (SNTP) client, used to keep switch time synchronized for Kerberos authentication

• A mechanism for setting up a redundant (secondary) switch that takes over if the primary switch fails

1.4.2 Cell Controller ServicesThe Cell Controller provides the ongoing communication between mobile units (MUs) on the Wireless LAN (WLAN) and the wired network. Cell Controller services perform the following:

• Initialize the Access Ports

• Maintain contact with Access Ports by sending a synchronized electronic “heartbeat” at regular intervals

• Track MUs when they roam from one location to another

• Manage security schemes based on system configuration

• Maintain system statistics

• Store policies and Access Port information

• Detect and manage rogue Access Ports

• Management of communications QoS

1.4.3 Gateway ServicesGateway services provide interconnectivity between the Cell Controller and the wired network, and include the following:

• System management through a Web-based Graphical User Interface (GUI) and SNMP

• 802.1x RADIUS client

• Security, including Secure Sockets Layer (SSL) and Firewall

• Network Address Translation (NAT), DHCP services, and Layer 3 Routing

• Virtual Private Network (VPN)

Admin and Common Commands

The term Common Commands is used to indicate that these commands are available through the WS2000 Wireless Switch’s CLI. These commands provide easy access to help, navigation, and to save configuration changes.

This chapter also lists of commands available at the admin menu.

• Common Commands

• Admin Menu Commands

2-2 WS2000 Wireless Switch System Reference Guide

2.1 Common CommandsAdmin and Common Commands

The following commands are available through the WS2000 CLI.

Command Description Ref.

? Displays the list of commands in the current menu. page 2-3

help Displays general user interface help. page 2-4

save Saves the configuration to the system flash. page 2-6

quit Quits the CLI. page 2-5

.. Goes to the parent menu. page 2-7

/ Goes to the root menu. page 2-8

Admin and Common Commands 2-3

2.1.1 ? Command

?Common Commands

Displays the commands available under the admin menu.

Syntax?

ParametersNone

Example

admin> ?admin>?

help : display general user interface help passwd : change password summary : show system summary network : go to network sub menu stats : go to stats sub menu system : go to system sub menu save : save cfg to system flash quit : quit cli .. : go to parent menu / : go to root menu


2.1.2 help Command

helpCommon Commands

Displays general CLI user interface help.

Syntaxhelp

ParametersNone

Example

admin>help

? : display command help - Eg. ?, show ?, s?

<ctrl-q> : go backwards in command history

<ctrl-p> : go forwards in command history * Note : commands can be incomplete - Eg. sh = sho = show


2.1.3 quit Command

quitCommon Commands

Quits the command line interface. Requires you to logon again.

This command appears in all the submenus under admin menu. In each case, it has the same function, to exit out of the CLI.

Syntaxquit

ParametersNone

Example

admin>quit


2.1.4 save Command

saveCommon Commands

Saves the configuration to system flash.

This command appears in all of the submenus under admin. In each case, it has the same function, to save the configuration. The save command must be issued before leaving the CLI for the settings to be retained.

Syntaxsave

Parametersnone

Example

admin> saveadmin>


2.1.5 .. Command

..Common Commands

Displays the parent menu of the current menu.

This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure.

Syntax..

ParametersNone

Example

admin(network.ap) ..admin(network)admin(network) ..admin>


2.1.6 / Command

/Common Commands

Displays the root menu, that is, the top-level CLI menu.

This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure.

Syntax/

ParametersNone

Example

admin(network.wan.nat)> /admin>


2.2 Admin Menu CommandsAdmin and Common Commands

The following commands are only available at the admin menu.


passwd Changes the admin password. page 2-10

summary Displays a system summary. page 2-11

network Goes to the network menu. page 3-1

system Goes to the system menu. page 4-1

stats Goes to the statistics menu. page 5-1


2.2.1 passwd Command

passwdAdmin Menu Commands

Changes the password for the administrative logins - admin, guest-admin, and manager.

Syntaxpasswd [admin|manager|guest-admin]

Parameters

Example:admin>passwd admin

Old Admin Password:****** New Admin Password:******

Verify Admin Password:******

passwd [admin|manager|guest-admin]

Passwords for the Administrator, Guest-admin, and Manager accounts can be changed.To change password, type the old password once and the new password twice at their respective prompts. Passwords can be up to 11 characters.


2.2.2 summary Command

summaryAdmin Menu Commands

Displays system summary for the WS2000 Wireless Switch. The information displayed includes high-level characteristics and settings for WAN, subnet, and WLAN.

Syntaxsummary

ParametersNone

Example

admin> summary

System Information

WS2000 firmware version : 2.4.0.0-005Xcountry code : us

WLAN 1 Information

ess identifier : Bharatwlan mode : enablevlan_id : 1enc type : noneauth type : none

WLAN 2 Information

ess identifier : 102wlan mode : disablevlan_id : 2enc type : noneauth type : none

WLAN 3 Information


WLAN 4 Information



WLAN 5 Information


WLAN 6 Information


WLAN 7 Information


WLAN 8 Information


Subnet 1 Information

subnet interface : enableip address : 192.168.0.50network mask : 255.255.255.0dhcp mode : serverdefault gateway : 192.168.0.50ports : port1 port2 port3 port4 port5 port6wlan : wlan1


subnet interface : disableip address : 192.168.1.1network mask : 255.255.255.0dhcp mode : serverdefault gateway : 192.168.1.1ports :wlan : wlan2







subnet interface : disableip address : 192.168.4.1network mask : 255.255.255.0dhcp mode : serverdefault gateway : 192.168.4.1ports :wlan :


subnet interface : disableip address : 192.168.5.1network mask : 255.255.255.0dhcp mode : serverdefault gateway : 192.168.5.1ports :

Network CLI Commands Reference

Network commands are used to configure the different network parameters of the WS2000 Wireless Switch.

3.1 networkAdmin Menu Commands

Use the network command to go the Network menu.

admin> networkadmin(network)>

The following commands are available under the Network menu:


ap Goes to the Access Port Submenu. page 3-3

dhcp Goes to the DHCP Submenu page 3-48

fw Goes to the Firewall Submenu page 3-51

ipfilter Goes to the IP Filter Submenu page 3-234

lan Goes to the LAN Submenu page 3-87

port Goes to the Port Submenu page 3-231

qos Goes to the QOS Submenu page 3-105

router Goes to the Router Submenu page 3-109

urlfilter Goes to the URL Filter Submenu page 3-255

vlan Goes to the VLAN Submenu page 3-115

wan Goes to the WAN Submenu page 3-118

wids Goes to the WIDS Submenu page 3-248

wips Goes to the WIPS Submenu page 3-238

wlan Goes to the WLAN Submenu page 3-170

save Saves the configuration to system flash page 2-6

quit Quits the CLI page 2-5

.. Goes to the parent menu page 2-7

/ Goes to the root menu page 2-8

Network CLI Commands Reference 3-3

3.2 Network AP Commands

apnetwork

Displays the Access Port submenu. The functionality provided by this menu is supplied by various screen under the Wireless menu item of the Web interface.

Syntaxadmin(network)> apadmin(network.ap)>

The items available under this command are shown below.

Command Description Ref

add Adds entries to the Access Port adoption list. page 3-4

copydefaults Copies default AP settings to a connected AP. page 3-5

default Goes to the default submenu. page 3-17

delete Deletes entries from the Access Port adoption lists. page 3-6

denyap Goes to the Deny AP submenu page 3-30

forget Forgets AP parameters page 3-7

list Lists entries in the Access Port adoption list. page 3-8

mesh Goes to the Mesh submenu page 3-40

remap Remaps channels for the AP in auto mode. page 3-9

reset Resets an Access Port. page 3-10

revert Reverts AP to Access Point (AP4131 or AP4121) page 3-11

selfheal Goes to the Self-heal submenu page 3-24

set Sets Access Port parameters. page 3-12

show Shows Access Port parameters. page 3-15

smartscan Goes to the Smart scan submenu page 3-34

test Goes to the test submenu. page 3-38






3.2.1 Network AP add Command

addNetwork AP Commands

Adds entries to the Access Port adoption list. This allows the Access Ports with the MAC addresses specified in the command to associate with the specified WLAN.

Performs functionality available in the Access Port Adoption List area of the Wireless screen.

Syntaxadd <idx> <mac1> <mac2>

Parameters

Exampleadmin(network.ap)> add 1 00A0F8BFE9B0 00A0F8BFE9B0admin(network.ap)list 1admin(network.ap)>list 1-------------------------------------------------------------------index start mac end mac-------------------------------------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B02 001570165200 0015701652003 00A0F8B54D68 00A0F8B54D684 00A0F8BFEE3C 00A0F8BFEE3C

admin(network.ap)>

Related Commands

<idx> The WLAN ID (1-8)<mac1> The starting mac address for the range<mac2> The last mac address in the range

delete Removes the MAC address range from the adoption list for the specified WLAN.

list Displays entries in the Access Port adoption list.


3.2.2 Network AP copydefaults Command

copydefaults Network AP Commands

Copies default Access Port settings to a connected Access Port.

In the Web interface, the defaults are set on the Wireless, default AP screens (one for each radio type).

Syntaxcopydefault <idx>

Parameters

Exampleadmin(network.ap)>copydefaults 1 admin(network.ap)>

Related Commands

<idx> The id of the AP to copy the defaults to

network.ap.default)>show default

Lists the current default settings for a selected Access Port type.

show status Lists the index numbers for all currently connected Access Ports.show ap Gets information about a particular Access Port.


3.2.3 Network AP delete Command

deleteNetwork AP Commands

Deletes entries from the Access Port adoption list. In the Web interface, this functionality is found on the Wireless screen in the Access Port Adoption list area.

Syntaxdelete <idx> [<entry>|all]

Parameters

Example

The following example first lists out the adoption list entries for WLAN 1, deletes the second entry for WLAN 1, and finally displays the list for WLAN 1 showing that the entry has been deleted.

admin(network.ap)>list 1-------------------------------------------------------------------------index start mac end mac -------------------------------------------------------------------------1 000000000000 00306542B965 2 004000000000 005000000000

admin(network.ap)>delete 1 2 admin(network.ap)>list 1 -------------------------------------------------------------------------index start mac end mac -------------------------------------------------------------------------1 000000000000 00306542B965

Related Commands

<idx> [<entry>|all] Deletes an entry in the Access Port adoption list as specified by <entry>, which is the number listed in the adopted list (use the list command) for WLAN <idx> (1-8).all indicates deleting all the adoption list entries.

add Adds entries to the adoption list.list Lists entries in the Access Port adoption list.


3.2.4 Network AP forget Command

forgetNetwork AP Commands

Forgets the AP parameters at a particular index specified by the <idx> value.

Syntaxforget [<idx>|all]

Parameters

Example

The following syntax shows the forget command.

admin(network.ap)>forget 1admin(network.ap)>save

<idx>|all <idx> – The index to remove the AP parameters. all – Removes all AP parameters from all the indices in the AP adoption list.


3.2.5 Network AP list Command

listNetwork AP Commands

Displays entries in the Access Port adoption list for a specified wireless LAN.

Syntaxlist <idx>

Parameters

Example

The following example shows the access port adoption list for WLAN 1.

admin(network.ap)>list 1 ----------------------------------------------------------------------index start mac end mac ----------------------------------------------------------------------1 1 00A0F8BFE9B0 00A0F8BFE9B02 001570165200 0015701652003 00A0F8B54D68 00A0F8B54D684 00A0F8BFEE3C 00A0F8BFEE3C

Related Commands

<idx> Lists the Access Port adoption entries for WLAN <idx> (1-8).

add Adds entries to the adoption list.delete Deletes entries from the adoption list.


3.2.6 Network AP remap Command

remapNetwork AP Commands

Remaps the channels for a radio at index specified by <idx>.

Syntaxremap [<idx>|all]

Parameters

Exampleadmin(network.ap)>list 1--------------------------------------------index start mac end mac--------------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B02 001570165200 0015701652003 00A0F8B54D68 00A0F8B54D684 00A0F8BFEE3C 00A0F8BFEE3C

admin(network.ap)>remap 3

<idx>|all <idx> – Remaps all channels for a radio specified by the index <idx> all – Remaps all channels for all the radios in auto channel selection mode.


3.2.7 Network AP reset Command

resetNetwork AP Commands

Resets an Access Port.

Syntaxreset ap <idx>

Parameters

Example ---------------------------------------index start mac end mac---------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B02 001570165200 0015701652003 00A0F8B54D68 00A0F8B54D684 00A0F8BFEE3C 00A0F8BFEE3C

admin(network.ap)>reset ap 2admin(network.ap)>

ap <idx> <idx> – Resets the Access Port with index <idx> in the Access Port Adoption list.


3.2.8 Network AP revert Command

revertNetwork AP Commands

Reverts an Access Port to an Access Point (Only on AP4131 or AP4121).

Syntaxrevert ap <idx>

Parameters

Example admin(network.ap)>revert ap 1admin(network.ap)>

ap <idx> <idx> – Reverts the Access Port with index <idx> to an Access Point. Only on AP4131 and AP 4121.


3.2.9 Network AP set Commands

set Network AP Commands

Sets Access Port parameters.

Syntaxset [beacon|ch_mode|div|dtim|loc|name|primary|rate|

reg|rts|short-pre|802.1x|ap_scan|mac|radio_type|ap_type|sip_cac_mode|allowed_sip_session]

Parameters

beacon intvl <idx> <interval>

Sets the beacon interval for Access Port <idx> (1–12) to <interval> in K-us (50–200).

ch_mode <idx> [fixed|random|auto]

Sets the channel mode for Access Port <idx> (1–12) to fixed, random or auto.

div <idx> <mode> Sets the default antenna diversity to <mode> (one of full, primary, or secondary).

dtim <idx> [<period>|<bss_idx <period>]]

Sets the DTIM period for Access Port <idx> to <period> (number of beacons from 1–50).<bss_idx> is the index of the BSSID. If not specified for the AP300, the default value of 1 is assumed for this parameter. For other APs, the <period> value is used for all the BSSIDs.

loc <idx> <loc> Sets Access Port <idx> location description to <loc> (1–13 characters).name <idx> <name> Sets Access Port <idx> name to <name> (1–13 characters).primary <idx> <widx> Sets the primary WLAN <widx> (the WLAN index from 1 to 8) for 802.11a radio

associated with Access Port <idx> (1-12). The ESS ID configured for this WLAN will be used in the 802.11a beacon as the primary ESS.Note: This parameter is used only for AP200 APs with 802.11a radios

rate <idx> <basic> <supported>

Sets Access Port <idx> (1-12) basic and supported rates. <basic> and <supported> must be comma-separated lists of rates, such as 6,9,11,15 with no spaces. Basic rates are a subset of supported rates. The different types of radio support the following rates. A - 6|9|12|18|24|36|48|54 B - 1|2|5.5|11 G - 1|2|5.5|6|9|11|12|18|24|36|48|54 Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy B stations.

reg <idx> <indoor> <ch> <pwr>

Sets Access Port <idx> (1-12)regulatory parameters, which <indoor> is one of in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20). Select the value of <ch> from the appropriate list. 802.11b ch -- 1 to 14 802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161 Note: Regulatory parameter values depend on country of operation and radio type. Refer to documentation for regulatory information.

rts <idx> <bytes> Sets the RTS threshold for Access Port <idx> (1-12) to <bytes> (e.g., 2341).


Example:admin(network.ap)>set short-pre enable admin(network.ap)>set shor 1 enable admin(network.ap)>set name 1 BigOffice admin(network.ap)>set dtim 1 25 admin(network.ap)>set loc 1 BigBldg admin(network.ap)>show ap 1

ap name : BigOffice ap location : BigBldg ap mac address : 00A0F8565656 ap serial number : 00A0F8565656 ap radio type : 802.11 B adopted by : WLAN1

ap indoor use : indoor/outdoor ap channel : 1 ap radio power : 4 dB antenna gain : 0 dBi rf power : 3 mW antenna type : external ap diversity : full

basic rates : 1 2 supported rates : 1 2 5.5 11

rts threshold : 2341

short-pre <idx> [enable|disable]

Enables or disables the short preamble mode for Access Port <idx> (1-12)

802.1x <username> <password>

Sets the 802.1x username and password on AP 300 Access Ports. Both parameters can be up to 64 characters long.

mac <idx> <mac> Sets the MAC address of AP <idx> (1-12) to <mac> (MAC address format is XX:XX:XX:XX:XX:XX)

ap_scan <idx> <mode> Sets the scan mode for Rogue AP detection where <idx> (1-12) is the access port index and <mode> is one of none, detector, on-chan, full-detector.

radio_type <idx> <radio_type>

Sets the Radio Type of an access port where <idx> (1-12) is the access port index and <radio_type> is one of 802.11a, 802.11b, 802.11b/g.

ap_type <idx> <radio_type>

Sets the AP type of an Access Port <idx> (1-12) to AP type. AP type <radio_type> is one of AP100, AP200, AP300

sip_cac_mode [enable|disable]

Enables or disables SIP Call Admission Control.

allowed_sip_session <idx> <sip_session>

Sets the allowed number of SIP sessions for this portal. The value for <sip_session> lies between 1 and 100. <idx> (1-12) is the access port index.

legacy_mode [enable|disable]

Enables or disables legacy mode support for AP300s.

mu-power-adjustment <ap-index> <adjvalue>

Sets Symbol MUs operating power in dBm. <ap-index> is the index of the Symbol AP and <adjvalue> is the MU power adjustment value in dBm (valid 0-20)

asset-name <idx> <asset-name>

Sets asset name for the Access Port with <idx> (1-12) with <asset-name> (1-50 characters)


beacon interval : 100 dtim period : 25 short preamble : enable security beacon (hide ess) : disable primary wlan index : wlan1

admin(network.ap)>


3.2.10 Network AP show Command

showNetwork AP Commands

Shows Access Port parameters.

Syntaxshow [ap|status|sip|legacy-mode]

Parameters

Example admin(network.ap)>show ap 1

ap name : BigOffice ap location : BigBldg ap mac address : 00A0F8565656 ap serial number : 00A0F8565656 ap radio type : 802.11 B adopted by : WLAN1

ap indoor use : indoor/outdoor ap channel : 1 ap radio power : 4 dB antenna gain : 0 dBi rf power : 3 mW

antenna type : external ap diversity : full

basic rates : 1 2 supported rates : 1 2 5.5 11

rts threshold : 2341 beacon interval : 100 dtim period : 25 short preamble : enable security beacon (hide ess) : disable primary wlan index : wlan1 detector ap : disable

admin(network.ap)>show status

ap index : 1 ap status : connected

ap index : 2 ap status : not connected

ap index : 3

ap <idx> Shows Access Port <idx> (1-12) radio parameters.status Shows a list of Access Ports and their status.sip <idx> Shows SIP statistics for the portal <idx> (1-12).legacy-mode Shows the legacy mode configuration for the switch


ap status : not connected


ap status : not connected








admin(network.ap)>show legacy-modeLegacy mode is enabled.

Related Commands

set Sets Access Port parameters.


3.3 Network AP Default Commands

defaultNetwork AP Commands

Displays the default Access Port (AP) submenu. Use these commands to set the default values for all APs.

Syntaxadmin(network.ap)> default


The items in this menu are available in the Web interface under the three default Access Port screens (one for each radio type) within the Wireless menu area.


set Sets default Access Port parameters. page 3-18loadfromcf Loads the configured images from the CF card immediately page 3-20show Shows default Access Port parameters. page 3-21quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.3.1 Network AP Default set Command

set Network AP Default Commands

Sets the default Access Port parameters.

Syntaxset [beacon|ch_mode|div|dtim|primary|reg|rate|rts|short-pre|sensor-img|

ap4131-img|ap4121-img]

Parameters

beacon intvl <type> <interval>

Sets the default beacon interval for specified radio type <type> (one of 802.11a, 802.11b, or 802.11b/g) to <interval> in K-us (50–200).

ch-mode <type> [fixed|random|auto]

Sets the default channel mode for radios of <type> (one of 802.11a, 802.11b, or 802.11b/g) to fixed, random, or auto.

div <type> <mode> Sets the default antenna diversity for radios of <type> (one of 802.11a, 802.11b, or 802.11b/g) to <mode> (one of full, primary, or secondary).

dtim <type> [<bss_idx>|<period>]

Sets the default DTIM period for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g) to <period> number of beacons (1–50).<bss_idx> is the index of the BSSID. If not specified for the AP300, the default value of 1 is assumed for this parameter. For other APs, the <period> value is used for all the BSSIDs.

primary <type> <wdix> Sets the default primary WLAN <widx> (1 to 8) for 802.11a radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). The ESS ID configured for this WLAN will be used in the 802.11a beacon as the primary ESS.Note: This parameter is used only for AP200 APs with 802.11a radios.

rate <type> <basic> <supported>

Sets the default basic and supported rates for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). <basic> and <supported> must be a comma separated list of rates, such as 6,9,11,15 with no spaces. Basic rates are a subset of supported rates. The different types of radio support the following rates. A - 6|9|12|18|24|36|48|54 B - 1|2|5.5|11 G - 1|2|5.5|6|9|11|12|18|24|36|48|54 Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy B stations.

reg <type> <indoor> <ch> <pwr>

Sets the default regulatory parameters for radios of specified type (one of 802.11a, 802.11b, or 802.11b/g), where <indoor> is one of in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20). Select the value of <ch> from the appropriate list. 802.11b ch -- 1 to 14 802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161 Note: Note: Regulatory parameter values depend on the country of operation and radio type. Refer to the documentation for specific regulatory information.

rts <type> <bytes> Sets the default RTS threshold for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g) to <bytes> (e.g., 2341).


Exampleadmin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a

ap indoor use : indoor onlyap channel : 36ap channel mode : randomap radio power : 17 dBm : 50 mW

ap diversity : full

basic rates : 6 12 24supported rates : 6 9 12 18 24 36 48 54

rts threshold : 2341beacon interval : 100-------------------------------------------------------------------------BSSID | DTIM period------------------------------------------------------------------------- 1 | 10 2 | 10 3 | 10 4 | 10

short preamble : disableprimary wlan index : wlan1

admin(network.ap.default)>

Related Commands

short-pre <type> [enable|disable]

By default, enables or disables the short preamble mode for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g).

sensor-img <loc> Sets the default location of the sensor image. Location is specified in the <loc> parameter.

ap4131-img <loc> Sets the default location <loc> of the AP 4131 image. Select from cf or def.ap4121-img <loc> Sets the default location <loc> of the AP 4121 image. Select from cf or def.

show default Displays the default AP settings for a particular radio type.


3.3.2 Network AP Default loadfromcf Command

loadfromcfNetwork AP Default Commands

Immediately loads configured images from the CF card.

Syntaxloadfromcf

ParametersNone

Exampleadmin(network.ap.default)>loadfromcf


3.3.3 Network AP Default show Command

showNetwork AP Default Commands

Shows the default Access Port parameters for a particular radio type.

Syntaxshow [default|img-location]

Parameters

Exampleadmin(network.ap.default)>set ch_mode 802.11a fixedadmin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a

ap indoor use : indoor onlyap channel : 36ap channel mode : randomap radio power : 17 dBm : 50 mW

ap diversity : full

basic rates : 6 12 24supported rates : 6 9 12 18 24 36 48 54

rts threshold : 2341beacon interval : 100----------------------------------------------------------------------BSSID | DTIM period---------------------------------------------------------------------- 1 | 10 2 | 10 3 | 10 4 | 10short preamble : disableprimary wlan index : wlan1

Related Commands

default <type> Shows the default Access Port parameters for radio type <type> (802.11a, 802.11b, 802.11bg).

img-location Shows the Sensor/Access Port image locations.

set Sets the default parameters for the specified radio type.


3.4 Network AP Test Commands

testNetwork AP Commands

Displays the test submenu.

Syntaxadmin(network.ap)> testadmin(network.ap.test)>

The items available under this command are shown below


new Switches the Access Port to a new channel. page 3-23quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.4.1 Network AP Test new Command

newNetwork AP Test Commands

Switches the specified Access Port to a new channel.

Syntaxnew <idx> <ch>

Parameters

Exampleadmin(network.ap.test)>new 2 15admin(network.ap.test)>

<idx> <ch> Switches the Access Port indexed with <idx> (1–12) to channel <ch> (which must be a valid channel for the specified Access Port.


3.5 Network AP Selfheal commands

selfhealNetwork AP Commands

Displays the selfheal submenu.

Syntaxadmin(network.ap)> selfheal

The items available under this menu are shown below.


set Sets self-heal parameters page 3-25detect-neighbor Detects neighbors and prepares the neighbors list automatically page 3-26add Adds entries to the self-heal table page 3-27del Removes entries from the self-heal table page 3-28show Shows entries in the self-heal table page 3-29quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.5.1 Network AP Selfheal set Command

setNetwork AP Selfheal commands

Sets the different self-heal parameters.

Syntaxset [interference-avoidance|neighbor-recovery]

Parameters

Example - Set interference-avoidance:admin(network.ap.selfheal)>set interference-avoidance mode enableadmin(network.ap.selfheal)>set interference-avoidance mode disableadmin(network.ap.selfheal)>set interference-avoidance max-retries 15admin(network.ap.selfheal)>set interference-avoidance max-retries defaultadmin(network.ap.selfheal)>set interference-avoidance hold-time 24000admin(network.ap.selfheal)>set interference-avoidance hold-time default

Example - set neighbor-recovery:admin(network.ap.selfheal)>set neighbor-recovery mode enableadmin(network.ap.selfheal)>set neighbor-recovery mode disableadmin(network.ap.selfheal)>set neighbor-recovery action none radio 1admin(network.ap.selfheal)>set neighbor-recovery action raise-power radio 1admin(network.ap.selfheal)>set neighbor-recovery action open-rates radio 1admin(network.ap.selfheal)>set neighbor-recovery action both radio 1

interference-avoidance [mode [enable|disable] | max-retries [<max-retries>|default] | hold-time [<hold-time>|default]]

• mode [enable|disable] – Sets the self-healing interference mode. Can be one of enable or disable.

• max-retries [<max-retires|default] – Sets the threshold limit on the maximum number of retires permitted. <max-retires> (0-15) is the number of allowed retries. default has a value of 14.

• hold-time [<hold-time>|default] – Sets the hold-time between running two consecutive interference avoidance algorithms. <hold-time> (0-65535) is the duration in seconds. default has a value of 3600.

neighbor-recovery [mode [enable|disable] | action <radio-idx> <action> | offset <radio-idx> [<offset>|default]]

• mode [enable|disable] – Enables or disables neighbor recovery.• action <radio-idx> <action> – Sets the neighbor recovery action for the

portal. <radio-idx> (1-12) is the id of the radio for which action specified in <action> must be taken. Select <action> from none, raise-power, open-rates, both.

Sets the radio offset value for the radio <radio-idx> (1-12) when the set action is raise-power. <offset> value is between 0-65535. default value is 0.


3.5.2 Network AP Selfheal detect-neighbor Command

detect-neighborNetwork AP Selfheal commands

Detects the neighbor devices.

Syntaxdetect-neighbor

ParametersNone

Exampleadmin(network.ap.selfheal)>detect-neighboradmin(network.ap.selfheal)>


3.5.3 Network AP Selfheal add Command

addNetwork AP Selfheal commands

Adds entries into the selfheal AP-AP neighbor table.

Syntaxadd <from-ap> <to-ap>

Parameters

Exampleadmin(network.ap.selfheal)>add 2 4admin(network.ap.selfheal)>show

Interference Avoidance Mode : disableRetry Count : 14Hold Time : 3600Neighbor Recovery Mode : enablePORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 open-rates 3 0 none 4 777 raise-power 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none

FROM-AP TO-AP 2 4 4 2

-------------HEALING STATE OF PORTALS------------PORTAL HEALING-MODE CONFIGURED-POWER(dBm) RAISED-POWER(dBm)1 Normal 20 02 Normal 17 03 Normal 20 04 Normal 17 0

<from-ap> <to-ap> Adds the specified APs into the neighbor-recovery table. <from-ap> and <to-ap> accepts values 1 to 12 and all. all indicates all the APs.


3.5.4 Network AP Selfheal del Command

delNetwork AP Selfheal commands

Deletes entries from the selfheal AP-AP neighbor table.

Syntaxdel <from-ap> <to-ap>

Parameters

Exampleadmin(network.ap.selfheal)> del 2 4admin(network.ap.selfheal)> show

Interference Avoidance Mode : disableRetry Count : 14Hold Time : 3600Neighbor Recovery Mode : enablePORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 open-rates 3 0 none 4 0 none 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none

FROM-AP TO-AP

-------------HEALING STATE OF PORTALS------------

PORTAL HEALING-MODE CONFIGURED-POWER(dBm) RAISED-POWER(dBm)1 Normal 20 02 Normal 17 03 Normal 20 04 Normal 17 0

<from-ap> <to-ap> Removes the specified APs from the neighbor-recovery table. <from-ap> and <to-ap> accepts values 1 to 12 and all. all indicates all the APs.


3.5.5 Network AP Selfheal show Command

show Network AP Selfheal commands

Shows the selfheal parameter details.

Syntaxshow

ParametersNone

Exampleadmin(network.ap.selfheal)>show

Interference Avoidance Mode : disableRetry Count : 14Hold Time : 3600Neighbor Recovery Mode : disablePORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 none 3 0 none 4 0 none 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none

FROM-AP TO-AP

1 2 2 1

-------------HEALING STATE OF PORTALS------------PORTAL HEALING-MODE CONFIGURED-POWER(dBm) RAISED-POWER(dBm)1 Normal 20 02 Normal 20 0


3.6 Network AP Denyap Commands

denyapNetwork AP Commands

Displays the denyap submenu. Use the denyap submenu to manage APs that have been denied access to the switch.

Syntaxadmin(network.ap)> denyapadmin(network.ap.denyap)>



add Adds access port deny list entries page 3-31delete Deletes access port deny list entries page 3-32show Shows access port deny list page 3-33quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.6.1 Network AP Denyap add Command

add Network AP Denyap Commands

Add entries to the Access Port Deny List.

Syntaxadd <mac>

Parameters

Exampleadmin(network.ap.denyap)>add 00b4c2114534admin(network.ap.denyap)>admin(network.ap.denyap)>show-------------------------------------------------------------------------Idx AP NIC MAC-------------------------------------------------------------------------1 00b4c21145352 00b4c2114534

admin(network.ap.denyap)>

<mac> Adds the MAC specified in the <mac> parameter to the Access Port Deny List. MAC entries are to be entered without the ‘:’. For example 00b4c2114534.


3.6.2 Network AP Denyap delete Command

delete Network AP Denyap Commands

Deletes an entry in the Access Port Deny List.

Syntaxdelete [<mac>|all]

Parameters

Exampleadmin(network.ap.denyap)>show-------------------------------------------------------------------------Idx AP NIC MAC-------------------------------------------------------------------------1 00b4c21145352 00b4c2114534

admin(network.ap.denyap)>delete 00b4c2114535admin(network.ap.denyap)>show-------------------------------------------------------------------------Idx AP NIC MAC-------------------------------------------------------------------------1 00b4c2114534

<mac> Deletes the MAC specified in the <mac> parameter from the Access Port Deny List.all Deletes all the entries in the Access Port Deny List


3.6.3 Network AP Denyap show Command

showNetwork AP Denyap Commands

Displays the Access Port Deny List.

Syntaxshow

ParametersNone

Exampleadmin(network.ap.denyap)>show----------------------------------------------------------------------Idx AP NIC MAC----------------------------------------------------------------------1 00b4c21145352 00b4c2114534


3.7 Network AP Smartscan Commands

smartscanNetwork AP Commands

Displays the smartscan submenu.

Syntaxadmin(network.ap)> smartscanadmin(network.ap.smartscan)>



set Sets smartscan channels page 3-35delete Removes smartscan channels page 3-36show Shows all smartscan channels page 3-37quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.7.1 Network AP Smartscan set Command

setNetwork AP Smartscan Commands

Sets the smartscan channels. These channels are the ones that are scanned for presence of WLANs.

Syntaxset [11a <11a>|11bg <11bg>]

Parameters

Exampleadmin<network.ap.smartscan>> set 11bg 1-6,8,10-12admin(network.ap.smartscan)> show allsmart scan 11a channels :smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13

11a <11a> Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a comma separated list. For example, 36,40,44,48

11bg <11bg> Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a comma separated list. For example, 1-4,6,8Note: When using a range for selecting multiple channels, all the channels that are included in the range should be valid channel numbers for the current regulatory domain.


3.7.2 Network AP Smartscan delete Command

deleteNetwork AP Smartscan Commands

Deletes all the channels in the smartscan list for a specific radio.

Syntaxdelete [11a <11a>|11bg <11bg>]

Parameters

Exampleadmin(network.ap.smartscan)> show allsmart scan 11a channels :smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13admin(network.ap.smartscan)> delete 11bgadmin(network.ap.smartscan)> show allsmart scan 11a channels :smart scan 11bg channels :Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13admin(network.ap.smartscan)>

11a <11a> Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a comma separated list. For example, 36,40,44,48

11bg <11bg> Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a comma separated list. For example, 1-4,6,8Note: When using a range for selecting multiple channels, all the channels that are included in the range should be valid channel numbers for the current regulatory domain.


3.7.3 Network AP Smartscan show Command

showNetwork AP Smartscan Commands

Displays the list of channels used for smartscan for the different radios.

Syntaxshow [all]

Parameters

Exampleadmin(network.ap.smartscan)> show allsmart scan 11a channels :smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13

all Shows the list of channels in the smartscan list.


3.8 Network AP Test Commands

testNetwork AP Commands

Displays the test submenu. Use this submenu commands to test APs.

Syntaxadmin(network.ap)> testadmin(network.ap.test)>



new Switches the AP to a new channel page 3-39show Shows mesh configuration information page 3-47quit Quits the CLI. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.8.1 Network AP Test new Command

newNetwork AP Test Commands

Switches AP to a new channel.

Syntaxtest <idx> <ch>

Parameters

Exampleadmin(network.ap.test)> new 1 24admin(network.ap.test)>

<idx> The access port index for which the channel has to be changed<ch> The channel to change to. This must be a channel that is valid for the selected AP <idx>.


3.9 Network AP Mesh Commands

meshNetwork AP Commands

Displays the mesh submenu. Use this menu to configure the different Mesh Network parameters.

Syntaxadmin(network.ap)> meshadmin(network.ap.mesh)>



set Sets mesh parameters page 3-41add Adds a preferred base to the list page 3-43del Removes preferred bases from the list page 3-44preferred-list Shows a list of preferred bases page 3-45available-list Shows a list of available bases page 3-46show Shows mesh configuration information page 3-47quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.9.1 Network AP Mesh set Command

setNetwork AP Mesh Commands

Sets the mesh related parameters.

Syntaxset [client|vlan|auto|base|max-clients]

Parameters

Exampleadmin(network.ap.mesh)> set client 1 enableadmin(network.ap.mesh)> show 1-------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients"------------------------------------------------------------------------- Client Only WLAN1 Enabled N/Aadmin(network.ap.mesh)> set base 1 enableadmin(network.ap.mesh)> show 1-------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients"------------------------------------------------------------------------- Base and Client WLAN1 Enabled 6admin(network.ap.mesh)> set wlan 1 3admin(network.ap.mesh)> show 1-------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients"------------------------------------------------------------------------- Base and Client WLAN3 Enabled 6admin(network.ap.mesh)> set max-clients 1 4admin(network.ap.mesh)> show 1-------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients"------------------------------------------------------------------------- Base and Client WLAN3 Enabled 4

client <radio-idx> [enable|disable]

Enables or disables the mesh client for the radio with the index <radio-idx> (1-12).

wlan <radio-idx> <wlan-id> Selects the WLAN <wlan-id> (1-8) for the mesh client radio index <radio-idx> (1-12).

auto <radio-idx> [enable|disable]

Enables or disables automatic base selection for the radio with the index <radio-idx> (1-12).

base <radio-idx> [enable|disable]

Enables or disables the radio <radio-idx> (1-12) as the mesh base.

max-clients <radio-idx> <max-clients>

Sets the maximum number of client <max-clients> for the radio <radio-idx> (1-12).


admin(network.ap.mesh)> set auto 1 disableadmin(network.ap.mesh)> show 1-------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients"------------------------------------------------------------------------- Base and Client WLAN3 Disabled 4

admin(network.ap.mesh)>


3.9.2 Network AP Mesh add Command

addNetwork AP Mesh Commands

Adds a preferred base to the device’s Preferred Base Bridge List.

Syntaxadd <radio-idx> <mac>

Parameters

Exampleadmin(network.ap.mesh)> add 3 001570419F9Fadmin(network.ap.mesh)> preferred-list 3-------------------------------------------------------------------------"Priority" "Base MAC"------------------------------------------------------------------------- 1 00:15:70:41:9F:9F


Related Commands

<radio-idx> <mac>

Adds the base to the device’s Preferred Base Bridge List. The <radio-idx> (1-12) is the unique ID for the radio. <mac> is the address of the base device to be added to the list.

del Removes preferred bases from the listpreferred-list Shows a list of preferred bases


3.9.3 Network AP Mesh del Command

delNetwork AP Mesh Commands

Removes a Mesh Base from the device’s Preferred Base Bridge List.

Syntaxdel [<radio-idx>] [all|<index>]

Parameters

Exampleadmin(network.ap.mesh)> preferred-list 3-------------------------------------------------------------------------"Priority" "Base MAC"------------------------------------------------------------------------- 1 00:15:70:41:9F:9F 2 00:15:45:70:9C:8D 3 15:03:54:07:23:45

admin(network.ap.mesh)> del 3 2admin(network.ap.mesh)> preferred-list 3-------------------------------------------------------------------------"Priority" "Base MAC"------------------------------------------------------------------------- 1 00:15:70:41:9F:9F 2 15:03:54:07:23:45

admin(network.ap.mesh)> del 3 alladmin(network.ap.mesh)> preferred-list 3-------------------------------------------------------------------------"Priority" "Base MAC"-------------------------------------------------------------------------


Related Commands

<radio-idx> [all|<index>]

• Removes all preferred bases from the device’s Preferred Base Bridge List for the radio specified by the <radio-idx> (1-12).• all – Indicates all the preferred base devices.• <index> – Indicates the selected preferred base device.

add Adds a preferred base to the listpreferred-list Shows a list of preferred bases


3.9.4 Network AP Mesh preferred-list Command

preferred-listNetwork AP Mesh Commands

Displays the Preferred Base Bridge List for the device

Syntaxpreferred-list <radio-idx>

Parameters

Exampleadmin(network.ap.mesh)> preferred-list 3-------------------------------------------------------------------------"Priority" "Base MAC"------------------------------------------------------------------------- 1 00:15:70:41:9F:9F 2 00:15:45:70:9C:8D 3 15:03:54:07:23:45


Related Commands

<radio-idx> Displays the selected radio’s (<radio-idx> (1-12)) Preferred Base Bridge List.

add Adds a preferred base to the listdel Removes preferred bases from the list


3.9.5 Network AP Mesh available-list Command

available-listNetwork AP Mesh Commands

Displays the list of available base bridges along with their MAC addresses and the RSSI.

Syntaxavailable-list <radio-idx>

Parameters

Exampleadmin(network.ap.mesh)> available-list 3-------------------------------------------------------------------------"MAC" "Channel" "RSSI"-------------------------------------------------------------------------00:15:70:41:9A:9A 11 189


Related Commands

<radio-idx> Displays the available base bridges for a particular radio indicated by the <radio-idx> (1-12) value.

add Adds a preferred base to the listdel Removes preferred bases from the listpreferred-list Shows a list of preferred bases


3.9.6 Network AP Mesh show Command

showNetwork AP Mesh Commands

Displays the mesh details for a particular radio.

Syntaxshow <radio-idx>

Parameters

Exampleadmin(network.ap.mesh)> show 3-------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients"------------------------------------------------------------------------- Base and Client WLAN2 Enabled 4

<radio-idx> Displays the mesh configuration information for the radio indicated by the <radio-idx> (1-12) value.


3.10 Network DCHP Commands

dhcpnetwork

Displays the DHCP submenu.

Syntaxadmin(network)> dhcpadmin(network.dhcp)>



set Sets system updated flags. page 3-49show Shows system updated flags. page 3-50quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.10.1 Network DHCP set Command

setNetwork DCHP Commands

Sets parameters for automated firmware and configuration upgrades.

Syntaxset [firmwareupgrade|configureupgrade|interface|

dhcpvendorclassid|autoupgradeinterval]

Exampleadmin(network.dhcp)>show all

Auto Firmware upgrade flag : 0Auto Config upgrade flag : 0Interface : w

admin(network.dhcp)>set firmwareupgrade 1admin(network.dhcp)>set con 1admin(network.dhcp)>set inter s1admin(network.dhcp)>show all

Auto Firmware upgrade flag : 1Auto Config upgrade flag : 1Interface : s1

Related Commands

firmwareupgrade [0|1] Enables (1) or disables (0) automatic switch firmware upgrade.configupgrade [0|1] Enables (1) or disables (0) automatic switch configuration update.interface <iface> Sets the interface <iface> for the upgrades to the device:

s1 – subnet 1s2 – subnet 2s3 – subnet 3s4 – subnet 4s5 – subnet 5s6 – subnet 6w – WAN

dhcpvendorclassid <dhcp vendor class id>

Sets the DHCP vendor class id to <dhcp vendor class id>. Note: Vendor class id must be preceded by “Sym”.

autoupgradeinterval<autoupgradeinterval>

Sets the Light Weight DHCP Client Auto Upload time interval to <autoupgradeinterval> (1-65535) seconds.

show all Shows the settings for all the automatic update parameters.


3.10.2 Network DHCP show Command

showNetwork DCHP Commands

Displays system updated flags.

Syntaxshow all

Parameters

Exampleadmin(network.dhcp)>show all

Auto Firmware upgrade flag : 1Auto Config upgrade flag : 1Interface : wDhcp Vendor Class Id : SymbolWS.WS2K-V2-0Auto Upgrade Interval : 600

Related Commands

all Displays all of the DHCP-related system update parameters.

set Sets the DHCP-related parameters for updating system firmware and configuration.


3.11 Network Firewall Commands

fwnetwork

Displays the firewall submenu.

Syntaxadmin(network)> fwadmin(network.fw)>


The commands in this menu are available in the Web interface on the Network>Firewall screen.


set Sets firewall parameters. page 3-52show Shows firewall parameters. page 3-54submap Goes to the subnet mapping submenu. page 3-80policy Goes to the advanced subnet mapping submenu. page 3-64timeradd Creates a new timeout value page 3-55timerset Sets timeout values page 3-58timerdel Deletes a named timer page 3-56timerlist Shows the list of timers page 3-57ips Goes to the Intrusion Prevention System submenu. page 3-59quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.11.1 Network Firewall set Command

set Network Firewall Commands

Sets firewall parameters. In the Web interface, this functionality is provide by the Network->Firewall screen.

Syntaxset [mode|override|ftp|ip|seq|src|syn|win|spoof|rst|

range|netbios-alg] [enable|disable]

set mime [filter|hdr|len]set mime filter [enable|disable]set mime hdr <count>set mime len <length>

set timeout <time>set fin <time>

Parameters

Exampleadmin(network.fw)>show all

Firewall Status : enable

Subnet Access Override : disable

Configurable Firewall Filters

mode [enable|disable] Enables or disables the firewall.override [enable|disable] Enables or disables subnet access override.ftp [enable|disable] Enables or disables FTP bounce attack check.ip [enable|disable] Enables or disables IP unaligned timestamp check.mime [filter [enable|disable]|hdr <count>|len <length>]

• filter [enable|disable] – Enables or disables MIME flood attack check.• hdr <count> – Sets the max number of headers as specified in <count>

(12-34463)• len <length> – Sets the max header length in bytes as specified by <length>

(256-34463)seq [enable|disable] Enables or disables sequence number prediction check.src [enable|disable] Enables or disables source routing check.syn [enable|disable] Enables or disables SYN flood attack check.timeout <time> Sets the firewall timeout to <time> minutes (1–90).win [enable|disable] Enables or disables Winnuke attack check. spoof [enable|disable] Enables or disables IP Spoofing attack checkrst [enable|disable] Enables or disable reset attack checkrange [enable|disable] Enables or disable sequence out of range checkfin <time> Sets fin timeout to <time> seconds.netbios-alg [enable|disable]

Enables or disables NetBIOS ALG support.


ftp bounce attack filter : enablesyn flood attack filter : enableunaligned ip timestamp filter : enablesource routing attack filter : enablewinnuke attack filter : enableseq num prediction attack filter : enablemime flood attack filter : enablemax mime header length : 8192max mime headers : 16nat timeout interval in minutes : 30ip spoofing attack filter : enablereset attack filter : enableack/seq number out of range check : enablefin timeout : 20

Always On Firewall Filters

land attack filter : enableping of death attack filter : enablereassembly attack filter : enableNetBIOS alg : disableadmin(network.fw)>

Related Commands

show Shows the current firewall settings.


3.11.2 Network Firewall show Command

showNetwork Firewall Commands

Displays the firewall parameters.

Syntaxshow all

Parameters

Exampleadmin(network.fw)>show all






land attack filter : enableping of death attack filter : enablereassembly attack filter : enableNetBIOS alg : disable

admin(network.fw)>

Related Commands

all Shows all firewall settings.

set Sets firewall settings.


3.11.3 Network Firewall timeradd Command

timeraddNetwork Firewall Commands

Adds a new named timeout value.

Syntaxtimeradd <name> <protocol> <port> <value>

Parameters

Exampleadmin(network.fw)> timeradd newtcp tcp 21 4500admin(network.fw)> timerlist-----------------------------------------------------------Name Protocol Port Timeout ( Secs )-----------------------------------------------------------newtcp tcp 21 4500

admin(network.fw)

timeradd <name> <protocol> <port> <value>

Adds a new named timeout value.• <name> is the name of the time out value (1-15 characters)• <protocol> is the protocol to be used. (tcp or udp)• <port> is the port number (0-32767)• <value> is the timeout value in seconds

(60-268400000)


3.11.4 Network Firewall timerdel Command

timerdelNetwork Firewall Commands

Deletes a named timeout value.

Syntaxtimerdell <timer name>

Parameters

Exampleadmin(network.fw)>timeradd newudp udp 21 4500admin(network.fw)>timerlist-----------------------------------------------------------Name Protocol Port Timeout ( Secs )-----------------------------------------------------------newtcp tcp 21 4500newudp udp 21 4500

admin(network.fw)timerdel newtcpadmin(network.fw)>timerlist-----------------------------------------------------------Name Protocol Port Timeout ( Secs )-----------------------------------------------------------newudp udp 21 4500

timerdel <timername> Deletes a timer named <timer name>.


3.11.5 Network Firewall timerlist Command

timerlistNetwork Firewall Commands

Displays all named time outs.

Syntaxtimerlist

ParametersNone

Exampleadmin(network.fw)>timerlist-----------------------------------------------------------Name Protocol Port Timeout ( Secs )-----------------------------------------------------------newtcp tcp 21 4500newudp udp 21 4500

admin(network.fw)


3.11.6 Network Firewall timerset Command

timersetNetwork Firewall Commands

Sets the timeout value for a named timer.

Syntaxtimerset <timer name> <value>

Parameters

Exampleadmin(network.fw)>timerset newudp 5000admin(network.fw)>timerlist-----------------------------------------------------------Name Protocol Port Timeout ( Secs )-----------------------------------------------------------newtcp tcp 21 4500newudp udp 21 5000

timerset <timer name> <value>

Sets the timer value <value> (60-268400000) for a timer named <timer name>.


3.12 Network Firewall Intrusion Prevention System Commands

ipsNetwork Firewall Commands

Displays the firewall Intrusion Prevention System (IPS) submenu.

Syntaxadmin(network.fw)> ipsadmin(network.fw.ips)>



set Sets the IPS parameters page 3-60show Displays the IPS settings page 3-62quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.12.1 Network Firewall IPS set Command

setNetwork Firewall Intrusion Prevention System Commands

Sets the Intrusion Prevention System (IPS) parameters.

Syntaxset [mode|anomaly-config|signature-categories|direction]

set mode [enable|disable]set signature-categorises <category-list>set direction [default|bi-directional]set anomaly-config[-sl <smtplen>|-ml <mimelen>|-md <mimedepth>|

-hl <httpline>|-hz <httpsize>|-hlz <httplinesize>|-huz <httpurisize>]

Exampleadmin(network.fw.ips)>set mode enableadmin(network.fw.ips)>set anomaly-config -sl 100admin(network.fw.ips)>set direction defaultadmin(network.fw.ips)>set signature-categories TELNET POP3 TCP UDPadmin(network.fw.ips)>show allIPS mode : enableSMTP Header length : 1024MIME header length : 1024Depth of MIME boundary header : 5Field in HTTP header : 50HTTP header size : 4096HTTP header line size : 3072

mode [enable|disable] Enables or disables IPS.anomaly-config [-sl <smtplen>| -ml <mimelen>| -md <mimedepth>| -hl <httphline>| -hz <httphsize>| -hlz <httplinesize>| -huz <httpurisize>]

• -sl <smtplen> – Sets the SMTP header length.• -ml <mimelen> – Sets the MIME header length.• -md <mimedepth> – Sets the depth of MIME boundary header.• -hl <httphline> – Sets the field in the HTTP header.• -hz <httphsize> – Sets the HTTP header size.• -hlz <httplinesize> – Sets the HTTP header line size.• -huz <httpurisize> – Sets the HTTP URI size.

signature-categories <category-list>

Sets the signature categories for IPS. Select <category-list> from TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS, TCPRPC, UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, ICMP, TCP, UDP, IP.If more than one signature category is specified, separate each category with a space. Each of the signature category must be specified in Upper Case only.

direction [default|bi-directional] Sets the direction to inspect packets.• default – Sets direction as default. This is defined in the signature.• bi-directional – Sets direction as bi-directional. Packets are inspected

when received or sent.


HTTP URI size : 3072Loaded Signature Categories : TELNET POP3 TCP UDP IMAP HTTP SMTPPacket Direction of signatures : defaultadmin(network.fw.ips)>


3.12.2 Network Firewall IPS show Command

showNetwork Firewall Intrusion Prevention System Commands

Displays the Intrusion Prevention System (IPS) configurations.

Syntaxshow all

Parameters

Exampleadmin(network.fw.ips)>show allIPS mode : enableSMTP Header length : 1024MIME header length : 1024Depth of MIME boundary header : 5Field in HTTP header : 50HTTP header size : 4096HTTP header line size : 3072HTTP URI size : 3072Loaded Signature Categories : TELNET POP3 TCP UDP IMAP HTTP SMTpPacket Direction of signatures : defaultadmin(network.fw.ips)>

admin(network.fw)>show all






land attack filter : enableping of death attack filter : enablereassembly attack filter : enable

all Displays the IPS configuration.


NetBIOS alg : disableHTTP alg : enableadmin(network.fw)>


3.13 Network Firewall Policy Commands

policyNetwork Firewall Commands

Displays the firewall policy submenu.

Syntaxadmin(network.fw)> policyadmin(network.fw.policy)>


NOTE: The Policy menu can only be accessed when Subnet Access Override mode is enabled. To enable Subnet Access Override use the command

admin(network.fw)> set override enable


inbound Goes to the inbound policy submenu. page 3-66outbound Goes to the outbound policy submenu. page 3-73import Imports subnet access rules. page 3-65quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.13.1 Network Firewall Policy import command

importNetwork Firewall Policy Commands

Imports subnet access rules from current subnet access settings created in the GUI interface (Network-> Firewall -> Subnet Access menu item) or using the CLI submap menu commands. Previously set outbound firewall policies will be deleted.

Syntaximport

ParametersNone

Exampleadmin(network.fw.policy)>importWARNING : You will loose all your current advanced access policies.Do you want to continue [n/y]?y

admin(network.fw.policy)>admin(network.fw.policy.outb)>list-----------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp Src Ports Dst Ports NAT Action-----------------------------------------------------------------------------1 192.168.0.1- 192.168.1.1- all 1:65535 1:65535 none allow

255.255.255.0 255.255.255.02 192.168.0.1- 192.168.2.1- all 1:65535 1:65535 none allow

255.255.255.0 255.255.255.03 192.168.1.1- 192.168.0.1- all 1:65535 1:65535 none allow

255.255.255.0 255.255.255.04 192.168.1.1- 192.168.2.1- all 1:65535 1:65535 none allow

255.255.255.0 255.255.255.05 192.168.2.1- 192.168.0.1- all 1:65535 1:65535 none allow

255.255.255.0 255.255.255.06 192.168.2.1- 192.168.1.1- all 1:65535 1:65535 none allow

255.255.255.0 255.255.255.07 192.168.0.0- 192.168.32.2- all 1:65535 1:65535 none allow

255.255.255.0 255.255.255.08 192.168.0.0- 0.0.0.0- all 1:65535 1:65535 wan1 allow

255.255.255.0 0.0.0.09 192.168.1.0- 0.0.0.0- all 1:65535 1:65535 none allow

255.255.255.0 0.0.0.010 192.168.2.0- 0.0.0.0- all 1:65535 1:65535 none allow

255.255.255.0 0.0.0.0

Related Commands

submap > list Lists the currently defined subnet to subnet/WAN communication rules into the outbound firewall policy list.

outb > list Lists the current outbound firewall policies.


3.14 Network Firewall Policy Inbound Commands

inboundNetwork Firewall Policy Commands

Displays the inbound policy submenu.

Syntaxadmin(network.fw.policy)> inbadmin(network.fw.policy.inb)>



add Adds a firewall policy. page 3-67set Sets firewall policy parameters. page 3-72delete Deletes a firewall policy. page 3-68list Lists firewall policies. page 3-70move Moves a firewall policy to a different position in the list. page 3-71insert Inserts a new firewall policy before an existing policy. page 3-69quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.14.1 Network Firewall Policy Inbound add Command

add Network Firewall Policy Inbound Commands

Adds an inbound firewall policy.

Syntaxadd <sip> <netmask> <dip> <dnetmask>

Parameters

Exampleadmin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224

Inbound Policy Successfully added at index 1admin(network.fw.policy.inb)>list -------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action -------------------------------------------------------------------------1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0 deny

255.255.255.0 255.255.255.224 65535 65535 nat port 0

Related Commands

<sip> <netmask> <dip> <dnetmask>

Adds a firewall policy to be effective on communications between a source site and a destination site.• <sip> – The source IP• <snetmask> – The source IP’s network mask• <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask

delete Deletes firewall policies from the inbound list.move Moves firewall policies either up or down in the list of policies.


3.14.2 Network Firewall Policy Inbound delete Command

delete Network Firewall Policy Inbound Commands

Deletes a firewall policy.

Syntaxdelete [all|<idx>]

Parameters

Exampleadmin(network.fw.policy.inb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 02 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow

255.255.255.224 255.255.255.0 201 nat port 0admin(network.fw.policy.inb)>del 1admin(network.fw.policy.inb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow

255.255.255.224 255.255.255.0 201 nat port 0

<idx> Deletes inbound firewall policy <idx> from the policy list. all Deletes all inbound firewall policies.


3.14.3 Network Firewall Policy Inbound insert Command

insertNetwork Firewall Policy Inbound Commands

Inserts a new firewall policy before an existing policy.

Syntaxinsert <idx> <sip> <snetmask> <dip> <dnetmask>

Parameters

Exampleadmin(network.fw.policy.inb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 0admin(network.fw.policy.inb)>insert 1 209.239.160.44 255.255.255.224 192.168.55.44 255.255.255.0Inbound Policy Successfully inserted at index 1admin(network.fw.policy.inb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 02 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 0

<idx> <sip> <snetmask> <dip> <dnetmask>

Inserts a new policy into the inbound firewall policy list at a specified index.• <idx> – The index in the firewall policy list where this policy is to be inserted.• <sip> – The source IP• <snetmask> – The source IP’s network mask• <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask


3.14.4 Network Firewall Policy Inbound list Command

listNetwork Firewall Policy Inbound Commands

Lists inbound firewall policies.

Syntaxlist {<idx>}

Parameters

Example: admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0

209.239.170.45 255.255.255.224

Inbound Policy Successfully added at index 1

admin(network.fw.policy.inb)>list -------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action -------------------------------------------------------------------------1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0 deny

255.255.255.0 255.255.255.224 65535 65535 nat port 0

<idx> Displays firewall policy with number <idx>.


3.14.5 Network Firewall Policy Inbound move Command

moveNetwork Firewall Policy Inbound Commands

Moves a firewall policy to a different position in the list and renumbers all affected items in the list.

Syntaxmove [up|down] <idx>

Parameters

Exampleadmin(network.fw.policy.inb)>list----------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow

255.255.255.224 255.255.255.0 201 nat port 0

2 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny255.255.255.224 255.255.255.0 65535 65535 nat port 0

admin(network.fw.policy.inb)>move up 2admin(network.fw.policy.inb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 0

2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow255.255.255.224 255.255.255.0 201 nat port 0

[up|down] <idx> Moves policy with index <idx> up or down one (to a lower or a higher number) in the policy list.


3.14.6 Network Firewall Policy Inbound set Command

setNetwork Firewall Policy Inbound Commands

Sets inbound firewall policy parameters.

Syntaxset [saddr|daddr|tp|sport}dport|rnat|rport|action|logging]

Parameters

Exampleadmin(network.fw.policy.inb)>set tp 1 greadmin(network.fw.policy.inb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 0admin(network.fw.policy.inb)>set sport 1 20 21admin(network.fw.policy.inb)>set dport 1 200 201admin(network.fw.policy.inb)>set action 1 allowadmin(network.fw.policy.inb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow

255.255.255.224 255.255.255.0 201 nat port 0

saddr <idx> <Ip Addr> <netmask>

Sets source IP address <Ip Addr> and IP netmask <netmask> for inbound firewall policy <idx>.

daddr <idx> <Ip Addr> <netmask>

Sets destination IP address <Ip Addr> and IP netmask <netmask> for inbound firewall policy <idx>.

tp <idx> <tp> Sets transport protocol for inbound firewall policy <idx> to <tp> (one of all, tcp, udp, icmp, ah, esp, gre).

sport <idx> <port1> [<port2>]

Sets source port range for inbound firewall policy <idx> from <port1>(1–65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range.

dport <idx> <port1> [<port2>]

Sets destination port range for inbound firewall policy <idx> from <port1> (1–65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range.

rnat <idx> <Ip Addr> Sets reverse NAT IP address for inbound firewall policy <idx> to<Ip Addr> (a.b.c.d).

rport <idx> <rport> Sets reverse NAT port for inbound firewall policy <idx> to <rport>(0–65535).

action <idx> [allow|deny] Sets action of inbound firewall policy <idx> to allow or deny.


3.15 Network Firewall Policy Outbound Commands

outboundNetwork Firewall Policy Commands

Displays the outbound policy submenu.

Syntaxadmin(network.fw.policy)> outboundadmin(network.fw.policy.outbound)>



add Adds a firewall policy. page 3-74set Sets firewall policy parameters. page 3-79delete Deletes a firewall policy. page 3-75list Lists firewall policies. page 3-77move Moves a firewall policy to a different position in the list. page 3-78insert Inserts a new firewall policy before an existing policy. page 3-76quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.15.1 Network Firewall Policy Outbound add Command

addNetwork Firewall Policy Outbound Commands

Adds an outbound firewall policy.

Syntaxadd <sip> <netmask> <dip> <netmask>

Parameters

Exampleadmin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0

209.239.170.45 255.255.255.224

Outbound Policy Successfully added at index 1admin(network.fw.policy.outb)>list -------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action -------------------------------------------------------------------------1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0 deny

255.255.255.0 255.255.255.224 65535 65535 nat port 0

Related Commands

<sip> <netmask> <dip> <dnetmask>

Adds a firewall policy to be effective on communications between a source site and a destination site.• <sip> – The source IP• <snetmask> – The source IP’s network mask• <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask

delete Deletes firewall policies from the outbound list.move Moves policies either up or down in the list of policies.


3.15.2 Network Firewall Policy Outbound delete Command

deleteNetwork Firewall Policy Outbound Commands

Deletes an outbound firewall policy.


Parameters

Exampleadmin(network.fw.policy.outb)>list-----------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-----------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 02 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow

255.255.255.224 255.255.255.0 201 nat port 0admin(network.fw.policy.outb)>del 1admin(network.fw.policy.outb)>list-----------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-----------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow

255.255.255.224 255.255.255.0 201 nat port 0

<idx> Deletes inbound firewall policy <idx> from the policy list. all Deletes all outbound firewall policies.


3.15.3 Network Firewall Policy Outbound insert Command

insertNetwork Firewall Policy Outbound Commands

Inserts a new outbound firewall policy before an existing policy.

Syntaxinsert <idx> <sip> <netmask> <dip> <netmask>

Parameters

Exampleadmin(network.fw.policy.outb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 0admin(network.fw.policy.outb)>insert 1 209.239.160.44 255.255.255.224 192.168.55.44 255.255.255.0Outbound Policy Successfully inserted at index 1admin(network.fw.policy.outb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 02 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 0

<idx> <sip> <snetmask> <dip> <dnetmask>

Inserts a new policy into the outbound firewall policy list at a specified index.• <idx> – The index in the firewall policy list where this policy is to be inserted.• <sip> – The source IP• <snetmask> – The source IP’s network mask• <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask


3.15.4 Network Firewall Policy Outbound list Command

listNetwork Firewall Policy Outbound Commands

Lists outbound firewall policies.

Syntaxlist {<idx>}

Parameters

Exampleadmin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0

209.239.170.45 255.2 55.255.224

Inbound Policy Successfully added at index 1

admin(network.fw.policy.outb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0 deny

255.255.255.0 255.255.255.224 65535 65535 nat port 0

<idx> Displays firewall outbound policy with number <idx>.


3.15.5 Network Firewall Policy Outbound move Command

moveNetwork Firewall Policy Outbound Commands

Moves an outbound firewall policy up or down in the policy list and renumbers the policy affected by the move.

Syntaxmove [up|down] <idx>

Parameters

Exampleadmin(network.fw.policy.outb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow

255.255.255.224 255.255.255.0 201 nat port 0

2 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny255.255.255.224 255.255.255.0 65535 65535 nat port 0

admin(network.fw.policy.outb)>move up 2admin(network.fw.policy.outb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-----------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 0

2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow255.255.255.224 255.255.255.0 201 nat port 0

[up|down] <idx> Moves policy with index <idx> up or down one (to a lower or a higher number) in the policy list.


3.15.6 Network Firewall Policy Outbound set Command

setNetwork Firewall Policy Outbound Commands

Sets firewall policy parameters.

Syntaxset [saddr|daddr|tp|sport|dport|nat|action|logging]

Parameters

Example admin(network.fw.policy.outb)>set tp 1 greadmin(network.fw.policy.outb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 0admin(network.fw.policy.outb)>set sport 1 20 21admin(network.fw.policy.outb)>set dport 1 200 201admin(network.fw.policy.outb)>set action 1 allowadmin(network.fw.policy.outb)>list-------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action-------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow

255.255.255.224 255.255.255.0 201 nat port 0

saddr <idx> <Ip Addr> <netmask>

Sets source IP address <Ip Addr> and IP netmask <netmask> for outbound firewall policy <idx>.

daddr <idx> <Ip Addr> <netmask>

Sets destination IP address <Ip Addr> and IP netmask <netmask> for outbound firewall policy <idx>.

tp <idx> <tp> Sets transport protocol for outbound firewall policy <idx> to <tp> (one of all, tcp, udp, icmp, ah, esp, gre).

sport <idx> <port1> [<port2>]

Sets source port range for outbound firewall policy <idx> from <port1>(1–65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range.

dport <idx> <port1> [<port2>]

Sets destination port range for outbound firewall policy <idx> from <port1> (1–65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range.

nat <idx> <wan id> Sets NAT WAN ID for outbound firewall policy <idx> to<wan id> (0-8) where 0 = none, 1 = WAN 1, 2 = WAN 2, etc.

action <idx> [allow|deny] Sets action of outbound firewall policy <idx> to allow or deny.logging <idx> [enable|disable]

Sets logging of outbound firewall policy <idx> to enable or disable.


3.16 Network Firewall Submap Commands

submapNetwork Firewall Commands

Displays the subnet mapping submenu.

Syntaxadmin(network.fw)> submapadmin(network.fw.submap)>


NOTE: The submap menu can only be accessed when Subnet Access Override mode is disabled. To disable Subnet Access Override use the command

admin(network.fw)> set override disable


add Adds subnet access exception rules. page 3-81delete Deletes subnet access exception rules. page 3-83list Lists subnet access exception rules. page 3-84set Sets subnet access parameters. page 3-85show Shows subnet access parameters. page 3-86quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.16.1 Network Firewall Submap add Command

addNetwork Firewall Submap Commands

Adds subnet access exception rules.

Syntaxadd <from> <to> <name> <tran> <port1> <port2>

Parameters

Exampleadmin(network.fw.submap)>add s1 w test gre 21 101 admin(network.fw.submap)>list s1 -------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------1 subnet1 wan test gre 21 101

admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300

admin(network.fw.submap)>list s1 -------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80

add <from> <to> <name> <tran> <port1> <port2>

Adds a subnet access exception rule for communication. • <from> – The source subnet (one of s1 = subnet1, s2 =

subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6)

• <to> – The destination subnet (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w=WAN)

• <name> – The name of this exception rule. (1-7 characters)

• <trans> – The transport protocol to deny access. (one of the following transport protocols: tcp, udp, icmp, ah, esp, gre, or all)

• <port1> <port2> – Ports in the range <port1> to <port2>


admin(network.fw.submap)>list s2 -------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------1 subnet2 subnet3 test3 all 20 300

admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 -------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------


3.16.2 Network Firewall Submap delete Command

deleteNetwork Firewall Submap Commands

Deletes subnet access exception rules.

Syntaxdelete <from> [<idx>|all]

Parameters

Exampleadmin(network.fw.submap)>list s1 -------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80

admin(network.fw.submap)>delete s1 2

admin(network.fw.submap)>list s1 -------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------1 subnet1 wan test gre 21 101


admin(network.fw.submap)>delete s2 all

admin(network.fw.submap)>list s2 -------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------

<from> [<idx>|all] • <idx> – Deletes access exception rule entry <idx> from subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6).

• all – Deletes all access exception rule entries from subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6).


3.16.3 Network Firewall Submap list Command

listNetwork Firewall Submap Commands

Lists subnet access exception rules.

Syntaxlist <from>

Parameters

Exampleadmin(network.fw.submap)>list s1 -------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------1 subnet1 wan test gre 21 101

admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300

admin(network.fw.submap)>list s1 -------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80


admin(network.fw.submap)>delete s2 all

admin(network.fw.submap)>list s2 -------------------------------------------------------------------------index from to name prot start port end port

<from> Lists the access exception entries for <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6).


3.16.4 Network Firewall Submap set Command

setNetwork Firewall Submap Commands

Sets a default subnet access rule to allow or deny communication.

Syntaxset [default|subnet-logging|logging]

Parameters

Exampleadmin(network.fw.submap)>set default s2 w denyadmin(network.fw.submap)>set default s2 s4 denyadmin(network.fw.submap)>set subnet-logging s2 s3 enableadmin(network.fw.submap)>set logging s1 s2 s1s2allow defaultadmin(network.fw.submap)>show default s2-------------------------------------------------------------------------wan subnet1 subnet2 subnet3 subnet4 subnet5

subnet6-------------------------------------------------------------------------deny allow allow allow deny allow

allow(log enabled)

admin(network.fw.submap)>

default <from> <to> <rule>

Sets the default subnet access rule.• <from> – The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3,

s4 = subnet4, s5 = subnet5, s6 = subnet6).• <to> – The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3,

s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN).• <rule> – The rule to be enforced. Select from allow or deny.

subnet-logging <from> <to> [enable|disable]

Enables or disables logging for a subnet access rule.• <from> – The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3,


s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN).• enable – Enables he logging• disable – Disables logging

logging <from> <to> <rule-name> [enable|disable|default]

Enables, disables, or sets to default the logging for a subnet access exception rule.• <from> – The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3,


s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN).• enable – Enables he logging• disable – Disables logging• default – Adopts subnet access configuration.


3.16.5 Network Firewall Submap show Command

showNetwork Firewall Submap Commands

Displays default subnet access exception rules for indicated subnet.

Syntaxshow default <from>

Parameters

Exampleadmin(network.fw.submap)>set default s2 w denyadmin(network.fw.submap)>set default s2 s4 denyadmin(network.fw.submap)>set subnet-logging s2 s3 enableadmin(network.fw.submap)>set logging s1 s2 s1s2allow defaultadmin(network.fw.submap)>show default s2-------------------------------------------------------------------------wan subnet1 subnet2 subnet3 subnet4 subnet5

subnet6-------------------------------------------------------------------------deny allow allow allow deny allow

allow(log enabled)

admin(network.fw.submap)>

default <from> Shows all default access exception rules for subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) to all other subnets.


3.17 Network LAN Commands

lannetwork

Displays the LAN submenu.

Syntaxadmin(network)>lanadmin(network.lan)>



dhcp Goes to the DHCP submenu. page 3-93set Sets LAN parameters. page 3-88show Shows LAN parameters. page 3-90updateDNS Updates DNS for a subnet page 3-91updateAllDNS Updates DNS for all subnets page 3-92bridge Goes to the bridge submenu page 3-101quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.17.1 Network LAN set Command

setNetwork LAN Commands

Sets the LAN parameters for the six subnets.

Syntaxset [ipadr|mask|dgw|mode|name|port|wlan|stp]

set ipadr <idx> <ip>set mask <idx> <netmask>set dgw <idx> <ip>set mode [enable|disable]set name <idx> <name>set port <port> <subnet>set wlan <wlan> <subnet>set stp <mode>

Parameters

Example admin(network.lan)>show lan 1

subnet name : Subnet1 subnet interface : enable ip address : 192.168.0.1 network mask : 255.255.255.0 ports : port1 port2 port3 port4 port5 port6 wlans : wlan1

ipadr <idx> <ip> Sets the IP address of subnet <idx> (1–6) to the IP address <ip> in the form a.b.c.d.

mask <idx> <netmask> Sets the netmask of subnet <idx> (1–6) to IP address mask <netmask> in the form a.b.c.d.

dgw <idx> <ip> Sets the default gateway for the subnet <idx> (1-6) to the IP <ip>.mode <idx> [enable|disable]

Enables or disables the subnet identified by <idx> (1–6).

name <idx> <name> Sets the name of the subnet <idx>(1–6) to <name> (can be up to 7 characters).port <port> <subnet> Assigns port <port>(1–6) to the subnet indicated by <subnet> (none, s1, s2,

s3, s4, s5, s6). Unassigns a port with <subnet> = none.wlan <wlan> <subnet> Assigns WLAN number <wlan> to the subnet indicated by (none, s1, s2, s3,

s4, s5, s6). Unassigns a WLAN with <subnet> = none.stp <mode> Enables or disables Spanning Tree Protocol (STP) for the subnets. Choose

<mode> from enable or disable.

NOTE: STP is applied on mesh networks even if it is disabled through the set command.


admin(network.lan)>set name 1 NewName admin(network.lan)>set port 4 none admin(network.lan)>set wlan 2 s1 admin(network.lan)>show lan 1

subnet name : OfficeNsubnet interface : enableip address : 192.168.0.1network mask : 255.255.255.0default gateway : 192.168.0.1ports : port1 port2 port3 port4 port5wlan : wlan1 wlan3vlan tag : 1

admin(network.lan)> set stp enableadmin(network.lan)> show stp

STP Mode : Enable

Related Commands

show lan Shows the current settings for the specified subnet (LAN).


3.17.2 Network LAN show Command

showNetwork LAN Commands

Shows the LAN parameters.

Syntaxshow [lan|stp]

Parameters

Exampleadmin(network.lan)>show lan 1

subnet name : Subnet1subnet interface : enableip address : 192.168.0.1network mask : 255.255.255.0ports : port1 port2 port3 port4 port5 port6wlans : wlan1

admin(network.lan)>set name 1 NewNameadmin(network.lan)>set port 4 noneadmin(network.lan)>set wlan 2 s1admin(network.lan)>show lan 1

subnet name : NewNamesubnet interface : enableip address : 192.168.0.1network mask : 255.255.255.0ports : port1 port2 port3 port5 port6wlans : wlan1 wlan2

admin(network.lan)> set stp enableadmin(network.lan)> show stp

STP Mode : Enable

Related Commands

lan <idx> Shows the settings for the subnet <idx> (1–4).stp Shows the STP status for the device

set Sets the parameters for a specified subnet (LAN).set stp Enables or disables Spanning Tree Protocol for the device.


3.17.3 Network LAN updateDNS Command

updateDNSNetwork LAN Commands

Updates the DNS for the selected subnet.

SyntaxupdateDNS <idx>

Parameters

Exampleadmin(network.lan)>updateDNS 1admin(network.lan)>

Related Commands

<idx> The subnet ID (1-6)

updateAllDNS Updates the DNS for all subnets.


3.17.4 Network LAN updateAllDNS Command

updateAllDNSNetwork LAN Commands

Updates the DNS for all the active subnets.

SyntaxupdateAllDNS

ParametersNone

Exampleadmin(network.lan)> updateAllDNSadmin(network.lan)>

Related Commands

updateDNS Updates the DNS for a selected subnet.


3.18 Network LAN DHCP Commands

dhcpNetwork LAN Commands

Displays the DHCP submenu.

Syntaxadmin(network.lan)> dhcpadmin(network.lan.dhcp)>



add Adds static DHCP address assignments. page 3-94delete Deletes static DHCP address assignments. page 3-95list Lists static DHCP address assignments. page 3-96set Sets DHCP parameters. page 3-97show Shows DHCP parameters. page 3-99renew Renews the DHCP IP address. page 3-100quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.18.1 Network LAN DHCP add Command

addNetwork LAN DHCP Commands

Adds static DHCP address assignments.

Syntaxadd <idx> <mac> <ip>

Parameters

Exampleadmin(network.lan.dhcp)>add 1 00A0F8F01234 192.160.24.6admin(network.lan.dhcp)>add 1 00A1F1F24321 192.169.24.7admin(network.lan.dhcp)>list 1

-------------------------------------------------------------------------index mac address ip address-------------------------------------------------------------------------1 00A0F8F01234 192.160.24.62 00A1F1F24321 192.169.24.7

admin(network.lan.dhcp)>

<idx> <mac> <ip> Adds a static DHCP address assignment for subnet <idx> (1-6) where the device with the MAC address <mac> (aabbccddeeff format) is assigned the IP address <ip> (a.b.c.d format).


3.18.2 Network LAN DHCP delete Command

deleteNetwork LAN DHCP Commands

Deletes static DHCP address assignments.


Parameters

Exampleadmin(network.lan.dhcp)>list 1

-------------------------------------------------------------------------index mac address ip address-------------------------------------------------------------------------admin(network.lan.dhcp)>add 1 0011223344FF 191.168.0.42admin(network.lan.dhcp)>add 1 4433221100AA 191.168.0.43admin(network.lan.dhcp)>list 1

-------------------------------------------------------------------------index mac address ip address-------------------------------------------------------------------------1 0011223344FF 191.168.0.422 4433221100AA 191.168.0.43

admin(network.lan.dhcp)>delete 1 1admin(network.lan.dhcp)>list 1

-------------------------------------------------------------------------index mac address ip address-------------------------------------------------------------------------1 4433221100AA 191.168.0.43

-------------------------------------------------------------------------index mac address ip address-------------------------------------------------------------------------1 0011223344FF 191.168.0.422 4433221100AA 191.168.0.43

<idx> [<entry>|all] Deletes static DHCP assignment entries.• <idx> – The subnet index (1-6)• <entry> – The DHCP entry (1-30)• all – All entries.


3.18.3 Network LAN DHCP list Command

listNetwork LAN DHCP Commands

Lists static DHCP address assignments.

Syntaxlist <idx>

Parameters

Exampleadmin(network.lan.dhcp)>add 1 00A0F8F01234 192.168.63.5admin(network.lan.dhcp)>list 1-------------------------------------------------------------------------index mac address ip address-------------------------------------------------------------------------1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)>

admin(network.lan.dhcp)>add 1 12332244AABB 192.168.64.3admin(network.lan.dhcp)>list 1-------------------------------------------------------------------------index mac address ip address-------------------------------------------------------------------------1 00A0F8F01234 192.168.63.52 12332244AABB 192.168.64.3

<idx> Lists the static DHCP address assignments for subnet <idx> (1–6).


3.18.4 Network LAN DHCP set Command

setNetwork LAN DHCP Commands

Sets DHCP parameters for the subnets.

Syntaxset [dgw|dns|wins|lease|domain|mode|range|

relayserverip|ddnsmode|fwdzone|ddnsusrcls|tftp-server|bootfile|option-189|option-43]

Parameters

dgw <idx> <a.b.c.d> Sets the default gateway for subnet <idx> (1–6) to the IP address <a.b.c.d>.

dns <a> <b> <c> Sets the primary/secondary DNS servers for the selected subnet.• <a> – The subnet (1-6)• <b> – The DNS server type (1=primary, 2=secondary)• <c> – The IP address of the server type selected in <b> in the a.b.c.d form.

wins <idx> <a.b.c.d> Sets the WINS server for subnet <idx> (1–6) to the IP address <a.b.c.d>.lease <idx> <lease> Sets the DHCP lease time for subnet <idx> (1–6) to <lease> seconds

(1–999999).domain <idx> <dn> Sets the domain name for subnet <idx> (1–6) to the domain name <dn>

(1 to 63 characters).mode <idx> <mode> Sets the DHCP mode for subnet <idx> (1–4) to <mode>.

<mode> can be one of (none, client, server, relay) where: • none – disables DHCP node • client – enables the subnet to be a DHCP client• server – enables the subnet to be a DHCP server • relay – enables the subnet to be a DHCP relay

range <a> <b> <c> Sets the DHCP assignment range for subnet <a> (1–6) from IP address <b> to another IP address <c>.

relayserverip <idx> <a.b.c.d> Sets the DHCP relay server IP for subnet <idx> (1-6) to the IP <a.b.c.d>.ddnsmode <idx> <mode> Enables or disables DDNS for the subnet <idx> (1-6). <mode> can be one

of enable or disable.fwdzone <idx> <fwdzone> Sets the DHCP forward zone for the subnet <idx> (1-6) to the zone specified

by <fwdzone> (1 to 63 characters)ddnsusrcls <idx> <usrcls> Sets the DDNS user class <usrcls> to single or multiple for the subnet

<idx> (1-6).tftp-server <idx> <tftp-server>

Sets the tftp-server IP for the subnet <idx> (1-6) to the IP <tftp-server>

bootfile <idx> <bootfile> Sets the bootfile name for the subnet <idx> (1-6) to the boot file name <boot-file> (max 31 characters)


Exampleadmin(network.lan.dhcp)>set dns 1 1 209.160.0.18admin(network.lan.dhcp)>set dns 1 2 209.160.0.218admin(network.lan.dhcp)>show dhcp 1dhcp mode : serverdefault gateway : 192.168.0.1primary dns server : 209.160.0.18secondary dns server : 209.160.0.218wins server : 192.168.0.254starting ip address : 192.168.0.11ending ip address : 192.168.0.254lease time : 10000domain name :admin(network.lan.dhcp)>set domain 1 BigFishCoadmin(network.lan.dhcp)>show dhcp 1dhcp mode : serverdefault gateway : 192.168.0.1primary dns server : 209.160.0.18secondary dns server : 209.160.0.218wins server : 192.168.0.254starting ip address : 192.168.0.11ending ip address : 192.168.0.254lease time : 10000domain name : BigFishCoadmin(network.lan.dhcp)>

option-189 <idx> <ip list> Sets the IP addresses and ports numbers for WIAP enabled switches for the subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format a.b.c.d:xx and multiple addresses must be separated by comma.

option-43 <idx> <ip list> Sets the IP address for WIAP enabled switches for the subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format a.b.c.d and multiple addresses must be separated by a comma.


3.18.5 Network LAN DHCP show Command

showNetwork LAN DHCP Commands

Shows DHCP parameter settings for specified subnets.

Syntaxshow dhcp <idx>

Parameters

Exampleadmin(network.lan.dhcp)>set dns 1 2 192.168.0.242admin(network.lan.dhcp)>set dns 1 2 192.168.0.1admin(network.lan.dhcp)>show dhcp 1dhcp mode : serverddns mode : disableuser class :default gateway : 192.168.0.50primary dns server : 192.168.10.1secondary dns server : 192.168.0.1wins server : 192.168.0.254starting ip address : 192.168.0.100ending ip address : 192.168.0.254relay server ip address : 0.0.0.0lease time : 86400domain name :forward zone :tftp-server : 0.0.0.0bootfile :option-189 :option-43 :admin(network.lan.dhcp)>set domain 1 BigFishCoadmin(network.lan.dhcp)>show dhcp 1admin(network.lan.dhcp)>show dhcp 1dhcp mode : serverddns mode : disableuser class :default gateway : 192.168.0.50primary dns server : 192.168.10.1secondary dns server : 192.168.0.1wins server : 192.168.0.254starting ip address : 192.168.0.100ending ip address : 192.168.0.254relay server ip address : 0.0.0.0lease time : 86400domain name : BigFishCoforward zone :tftp-server : 0.0.0.0bootfile :option-189 :option-43 :

show dhcp <idx> Displays the DHCP parameter settings for subnet <idx> (1–6). These parameters are set with the set command.


3.18.6 Network LAN DHCP renew Command

renewNetwork LAN DHCP Commands

Renews the IP address assigned by DHCP.

Syntaxrenew

ParametersNone

Exampleadmin(network.lan.dhcp)> renew


3.19 Network LAN Bridge commands

bridgeNetwork LAN Commands

Displays the Bridge submenu.

Syntaxadmin(network.lan)> bridgeadmin(network.lan.bridge)>



show Shows the bridge configuration parameters page 3-102set Sets bridge configuration parameters page 3-104quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.19.1 Network LAN Bridge show Command

showNetwork LAN Bridge commands

Displays the bridge configuration parameters.

Syntaxshow

ParametersNone

Exampleadmin(network.lan.bridge)> showadmin(network.lan.bridge)>show

** LAN1 Bridge Configuration **Bridge Priority : 32768Hello Time (seconds) : 2Message Age Time (seconds) : 20Forward Delay Time (seconds) : 15

Entry Ageout Time (seconds) : 60

Wireless Trunking : disable
















Wireless Trunking : disableadmin(network.lan.bridge)>


3.19.2 Network LAN Bridge set Command

setNetwork LAN Bridge commands

Sets the bridge configuration parameters.

Syntaxset [priority|hello|msgage|fwddelay|ageout|wireless-trunking]

Parameters

Exampleadmin(network.lan.bridge)>set priority 1 5admin(network.lan.bridge)>set wireless-trunking 1 enableadmin(network.lan.bridge)>show



Wireless Trunking : enable




[...]

priority <LAN-idx> <priority> Sets the bridge priority to <priority> (0-65535) for the lan <LAN-idx> (1-6)

hello <LAN-idx> <hello> Sets the bridge’s hello time to <hello> (1-10) seconds for the lan <LAN-idx> (1-6)

msgage <LAN-idx> <msgage> Sets the bridge message age time to <msgage> (6-40) seconds for lan <LAN-idx> (1-6)

fwddelay <LAN-idx> <fwddelay> Sets the bridge forward delay time to <fwddelay> (4-30) seconds for lan <LAN-idx> (1-6)

ageout <LAN-idx> <ageout> Sets the bridge forward table entry ageout to <ageout> (4-3600) seconds for lan <LAN-idx> (1-6).

wireless-trunking <LAN-idx> <mode> Sets the wireless trunking mode <mode> (enable/disable) for lan <LAN-idx> (1-6)


3.20 Network QoS Commands

qosnetwork

Displays the quality of service (QoS) submenu.

Syntaxadmin(network)> qosadmin(network.qos)>



clear Clears QoS parameters. page 3-106set Sets QoS parameters. page 3-107show Shows QoS parameters. page 3-108quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.20.1 Network QOS clear Command

clearNetwork QoS Commands

Clears QoS radio statistics.

Syntaxclear queuing

ParametersNone

Exampleadmin(network.qos)>clear queue

Related Commands

set Sets the QoS parameters.show Shows the QoS parameters and the QoS queuing statistics.


3.20.2 Network QOS set Command

setNetwork QoS Commands

Sets QoS parameters.

Syntaxset bw-share [mode|weight|threshold]

Parameters

Exampleadmin(network.qos)>set bw-share mode weightedadmin(network.qos)>set bw-share weight 1 6admin(network.qos)>set bw-share threshold 1 12000admin(network.qos)>show bw-share BW Share Mode:weighted--------------------------------WLAN BW Share Weight--------------------------------1 62 13 14 15 16 17 18 1

admin(network.qos)>

Related Commands

mode <mode> Set bandwidth share mode <mode> (none, static, weighted or rate-limit)

weight <idx> <weight> Set the weight for WLAN <idx> (1–8) to <weight> (1–10). A weight can only be set if the bandwidth share mode is set to weighted.

threshold <idx> <speed> Sets the bandwidth share threshold for WLAN <idx> (1–6) to speed <speed> <0–54000>

show Shows the bandwidth settings and the queuing statistics.clear Clears the queuing statistics.


3.20.3 Network QOS show Command

showNetwork QoS Commands

Shows QoS parameters and queuing statistics.

Syntaxshow [bw-sharing|queuing]

Parameters

Exampleadmin(network.qos)>show bwBW Share Mode:static

admin(network.qos)>show qu 1 BW Share Mode:static-------------------------------------------------------------------------Priority In Out Dropped--------------------------------------------------------------------------------------------------------------------------------------------------WLAN: 1-------------------------------------------------------------------------0 0 0 01 0 0 02 0 0 0

admin(network.qos)>

Related Commands

bw-share Shows the bandwidth sharing settings.queuing Displays the radio QoS queuing statistics.

set Sets the QoS parameters.clear Clears the QoS queuing statistics.


3.21 Network Router Commands

routernetwork

Displays the router submenu.

Syntaxadmin(network)> routeradmin(network.router)>



add Adds user-defined routes. page 3-110delete Deletes user-defined routes. page 3-111list Lists user-defined routes. page 3-112set Sets RIP parameters. page 3-113show Shows routes/RIP parameters. page 3-114quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.21.1 Network Router add Command

addNetwork Router Commands

Adds user-defined routes.

Syntaxadd <dest> <netmask> <gw> <iface> <metric>

Parameters

Exampleadmin(network.router)>add 202.57.42.6 255.255.255.224 202.57.42.1 s2 3admin(network.router)>list------------------------------------------------------------------index destination netmask gateway interface metric------------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3

admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5admin(network.router)>list------------------------------------------------------------------index destination netmask gateway interface metric------------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 32 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5

<dest> <netmask> <gw> <iface> <metric>

Adds a route with destination IP address <dest>, IP netmask <netmask>, gateway IP address <gw>, interface subnet or WAN set to <iface> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6 or w = WAN), and metric set to <metric> (1–15).


3.21.2 Network Routes delete Command

deleteNetwork Router Commands

Deletes user-defined routes.


Parameters

Exampleadmin(network.router)>list------------------------------------------------------------------index destination netmask gateway interface metric------------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 32 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5admin(network.router)>delete 2admin(network.router)>list------------------------------------------------------------------index destination netmask gateway interface metric------------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3

<idx> Deletes the user-defined route <idx> (1–20) from the list.all Deletes all user-defined routes.


3.21.3 Network Router list Command

listNetwork Router Commands

Lists user-defined routes.

Syntaxlist

ParametersNone

Example admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5admin(network.router)>list-------------------------------------------------------------------------index destination netmask gateway interface metric-------------------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 32 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5


3.21.4 Network Router set Command

setNetwork Router Commands

Sets routing information protocol (RIP) parameters.

Syntaxset [auth|dir|id|key|passwd|type|dgw-if]

Parameters

Exampleadmin(network.router)>set auth md5admin(network.router)>set key 1 12345678admin(network.router)>set key 2 87654321admin(network.router)>show rip

rip type : offrip direction : bothrip authentication type : md5rip simple auth password : ********rip md5 id 1 : 1rip md5 key 1 : ********rip md5 id 2 : 1rip md5 key 2 : ********S

admin(network.router)>set type ripv1

Warning: Having RIP enabled compromises your Subnet to Subnet firewall.

admin(network.router)>show rip

rip type : ripv1rip direction : bothrip authentication type : md5rip simple auth password : ********rip md5 id 1 : 1rip md5 key 1 : ********rip md5 id 2 : 1rip md5 key 2 : ********

auth <auth> Sets RIP authentication type to <auth> to one of none, simple, or md5dir <dir> Sets RIP direction to <dir> to one of rx = receive, tx = transmit, or both). id <idx> <id> Sets MD5 authentication ID for key <idx> (1–2) to the MD5 key id <id> (1–

256).key <idx> <key> Sets the MD5 authentication ID for key <idx> (1–2) to MD5 key <key> (up to

16 characters).passwd <passwd> Sets password for simple authentication to <passwd> (1 to 16 characters). type <type> Sets RIP type to <type> to ne of off, ripv1, ripv2, or ripv1v2.dgw-if <if> Sets the Default Gateway Interface to <if> one of none, wan, s1, s2, s3, s4,

s5, s6, and default.


3.21.5 Network Router show Command

showNetwork Router Commands

Shows connected routes and routing information protocol (RIP) parameters.

Syntax show [rip|routes]

Parameters

Exampleadmin(network.router)>show riprip type : offrip direction : bothrip authentication type : md5rip simple auth password : ********rip md5 id 1 : 1rip md5 key 1 : ********rip md5 id 2 : 1rip md5 key 2 : ********admin(network.router)>show routes----------------------------------------------------------------------------index destination netmask gateway interface metric----------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 0.0.0.0 subnet3 02 192.168.1.0 255.255.255.0 0.0.0.0 subnet2 03 192.168.0.0 255.255.255.0 0.0.0.0 subnet1 04 192.168.24.0 255.255.255.0 0.0.0.0 wan 05 0.0.0.0 0.0.0.0 192.168.24.1 wan 0

rip Shows RIP parameters.routes Shows connected routes.


3.22 Network VLAN Commands

vlannetwork

Displays the VLAN submenu.

Syntaxadmin(network)> vlanadmin(network.vlan)>



set Sets VLAN parameters. page 3-116show Shows VLAN parameters. page 3-117quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.22.1 Network VLAN set Command

setNetwork VLAN Commands

Sets VLAN parameters.

Syntaxset [assign-mode|default|vlan-id|trunk-port|allow]

Syntax:

Exampleadmin(network.vlan)>set assign-mode useradmin(network.vlan)>set default 3admin(network.vlan)>show vlan 3

VLAN assignment mode : userVLAN ID : 3VLAN Mapped Subnet : Subnet3Default VLAN ID : Yes

Related Commands

assign-mode <mode> Assigns the VLAN assignment mode <mode> to one of user or port. default <vlan_id> Assigns the default VLAN ID to <vlan_id>, which is a number between 1

and 4094.vlan-id <subnet_id> <vlan_id>

Sets the VLAN ID for subnet <subnet_id> (one of s1, s2, s3, s4, s5,or s6) to <vlan_id> (1–4094).

trunk-port <port> Sets the Trunk Port <port> to one of none or wan.allow [vlans <list>|all|none] Sets the list of VLANs allowed access to the trunk port.

• vlans <list> – Sets the allowed VLANs from <list>, a comma separated list of VLAN Ids.

• all – Sets the allowed VLANs to all VLANs.• none – Sets the list of allowed VLANs to none.

show Displays the VLAN settings.


3.22.2 Network VLAN show Command

showNetwork VLAN Commands

Shows VLAN parameters.

Syntaxshow [vlan|trunk]

Parameters

Exampleadmin(network.vlan)>show vlan 3

VLAN assignment mode : userVLAN ID : 3VLAN Mapped Subnet : Subnet3Default VLAN ID : Yes

admin(network.vlan)>show vlan 2

VLAN assignment mode : userVLAN ID : 2VLAN Mapped Subnet : Subnet1Default VLAN ID : No

admin(network.vlan)>set trunk-port wanadmin(network.vlan)>set all vlans 1-20admin(network.vlan)>show trunk

Trunk Port : WANAllowed VLANs : 1-20

Related Commands

vlan <id> Displays the VLAN settings for the VLAN specified by <id> (1–4094).trunk Displays the Trunk settings.

set Sets the VLAN parameters.


3.23 Network WAN Commands

wannetwork

Displays the WAN submenu.

Syntaxadmin(network)> wanadmin(network.wan)>



vpn Goes to the VPN submenu. page 3-144nat Goes to the NAT submenu. page 3-138app Goes to the outbound content filtering submenu. page 3-123dyndns Goes to the Dynamic DNS submenu page 3-129trunkipfpolicy Goes to the Trunk Port IP Filter Policy submenu page 3-133renew Renews the IP address. page 3-119set Sets WAN parameters. page 3-120show Shows WAN parameters. page 3-122quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.23.1 Network WAN renew Command

renewNetwork WAN Commands

Renews the IP address.

Syntaxrenew

ParametersNone

Exampleadmin(network.wan)>renewadmin(network.wan)>


3.23.2 Network WAN set Command

set Network WAN Commands

Sets the WAN parameters. In the Web interface, this functionality if provided by the Network->WAN screen.

Syntaxset [dhcp|dgw|dns|ipadr|mask|mode|ppope|mtu]

Parameters

Exampleadmin(network.wan)>set dhcp enable admin(network.wan)>set dgw 192.168.122.25admin(network.wan)>set pppoe mode enable admin(network.wan)>set pppoe type chap admin(network.wan)>set pppoe user JohnDoe admin(network.wan)>set pppoe passwd @#$goodpassword%$#

dhcp <mode> Enables or disables the switch as a DHCP client. <mode> can be one of enable or disable.

dgw <a.b.c.d> Sets the default gateway IP address to <a.b.c.d>.dns <idx> <a.b.c.d> Sets the IP address of one or two DNS servers, where <idx> indicates

either the primary (1) or secondary (2) server, and <a.b.c.d> is the IP address of the server.

ipadr <idx> <a.b.c.d> Sets up to 8 (using <idx> from 1 to 8) IP addresses <a.b.c.d> for the WAN interface of the switch.

mask <a.b.c.d> Sets the subnet mask to <a.b.c.d>.mode <idx> <mode> Enables or disables the WAN interface associated with the given <idx> (1–

8) as set using the set ipadr command. <mode> can be one of enable or disable.

pppoe [idle|ka|mode|passwd|type|user|mss]

Sets PPPoE parameters.• idle <val> – Sets the PPPoE idle value <val> (1–65535) seconds.• ka <mode> – Sets the PPPoE keep alive mode <mode> (enable,

disable).• mode <mode> – Enables or disables PPPoE. <mode> can be one of

enable or disable.• passwd <password> – Sets the PPPoE password to <password> (1 – 39

Characters)• type <type> – Sets the PPPoE authentication type to <type> (none, pap/

chap, pap, chap).• user <username> – Sets the PPPoE user name to <username> (1 – 47

Characters).• mss <msssize> – Sets the PPPoE maximum segment size to <msssize>

(20–1460).mtu Sets MTU size of wan interface. The minimum value is 128 bytes and

maximum is 1500 bytes.


admin(network.wan)>set pppoe keepalive enable

Related Commands

show ip Shows the IP settings for the WAN. show pppoe Shows the PPPoE settings for the WAN.


3.23.3 Network WAN show Command

showNetwork WAN Commands

Shows the WAN parameters.

Syntaxshow [ip|pppoe|mtuc]

Parameters

Exampleadmin(network.wan)>show ip 3

wan interface : enable ip address : 0.0.0.0 network mask : 0.0.0.0 default gateway : 192.168.24.1 dhcp mode : enable primary dns server : 209.142.0.2 secondary dns server : 209.142.0.218

admin(network.wan)>show pppoe

pppoe mode : disableip address : 0.0.0.0default gateway : 0.0.0.0primary dns server : 0.0.0.0secondary dns server : 0.0.0.0pppoe keepalive mode : disablepppoe authentication type : pap/chappppoe idle time : 600pppoe user name :pppoe password : ********pppoe MSS : 1452

ip <idx> Shows the general IP parameters for the WAN along with settings for the WAN interface associated with <idx> (where <idx> is in the range 1–8).Note: If the WAN interface IP addresses have not been specified for <idx>, the IP and Mask values will be shown as 0.0.0.0.

pppoe Shows all PPPoE settings.mtu Sets MTU size of wan interface. The minimum value is 128 bytes and maximum is 1500

bytes.


3.24 Network WAN App Commands

appNetwork WAN Commands

Displays the outbound content filtering submenu.

Syntaxadmin(network.wan)> appadmin(network.wan.app)>



addcmd Adds app control commands to the deny list. page 3-124delcmd Deletes app control commands from the deny list. page 3-126list Lists app control records. page 3-128quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.24.1 Network WAN APP addcmd Command

addcmdNetwork WAN App Commands

Adds app control commands to the deny list.

Syntaxaddcmd [web|ftp|smtp]

Parameters

Exampleadmin(network.wan.app)>addcmd ftp ?

put : store command get : retrieve command ls : directory list command mkdir : create directory command cd : change directory command pasv : passive mode command

web [file <filename>.<ext>|proxy|activex]

Denies access to the specified web files.• file <filename>.<ext> – Denies specified web file name. <filename> can be up to 15

characters and “*” can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified.

• proxy – Denies web proxies• activex – Denies ActiveX files

ftp [put|get|ls|mkdir|cd|pasv]

Denies access to the following FTP commands:• put – Denies access to FTP put command• get – Denies access to FTP get command• ls – Denies access to FTP ls command• mkdir – Denies access to FTP mkdir command• cd – Denies access to FTP cd command• pasv – Denies access to FTP pasv command

smtp [helo|mail|rcpt|data|quit|send|saml|rset|vrfy|expn]

Denies access to the following SMTP command:• helo – Denies access to the SMTP helo command• mail – Denies access to the SMTP mail command• rcpt – Denies access to the SMTP rcpt command• data – Denies access to the SMTP data command• quit – Denies access to the SMTP quit command• send – Denies access to the SMTP send command• saml – Denies access to the SMTP saml command• rset – Denies access to the SMTP rset command• vrfy – Denies access to the SMTP vrfy command• expn – Denies access to the SMTP expn command


admin(network.wan.app)>addcmd ftp put admin(network.wan.app)>addcmd ftp cd admin(network.wan.app)>addcmd ftp pasv

admin(network.wan.app)>list ftp

FTP Commands

Storing Files : deny Retrieving Files : allow Directory List : allow Create Directory : allow Change Directory : deny Passive Operation : deny

admin(network.wan.app)>addcmd smtp helo admin(network.wan.app)>addcmd smtp vrfy admin(network.wan.app)>list smtp

SMTP Commands

HELO : deny MAIL : allow RCPT : allow DATA : allow QUIT : allow SEND : allow SAML : allow RESET : allow VRFY : deny EXPN : allow

admin(network.wan.app)>

Related Commands

delcmd Removes a file or command from the deny list.


3.24.2 Network WAN APP delcmd Command

delcmdNetwork WAN App Commands

Deletes application control commands from the deny list.

Syntaxdelcmd [web|ftp|smtp]

Parameters

Exampleadmin(network.wan.app)>list ftp

FTP Commands

Storing Files : deny Retrieving Files : allow Directory List : allow Create Directory : allow Change Directory : deny

web [file <filename>.<ext>|proxy|activex]

Deletes the specified web files from the access denied list.• file <filename>.<ext> – Denied web file name. <filename> can be up to 15

characters and “*” can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified.

• proxy – Web proxies• activex – ActiveX files

ftp [put|get|ls|mkdir|cd|pasv]

Deletes the following FTP commands from the access denied list.• put – FTP put command• get – FTP get command• ls – FTP ls command• mkdir – FTP mkdir command• cd – FTP cd command• pasv – FTP pasv command

smtp [helo|mail|rcpt|data|quit|send|saml|rset|vrfy|expn]

Deletes the following SMTP command from the access denied list.• helo – SMTP helo command• mail – SMTP mail command• rcpt – SMTP rcpt command• data – SMTP data command• quit – SMTP quit command• send – SMTP send command• saml – SMTP saml command• rset – SMTP rset command• vrfy – SMTP vrfy command• expn – SMTP expn command


Passive Operation : deny

admin(network.wan.app)>delcmd ftp put admin(network.wan.app)>delcmd ftp cd


FTP Commands

Storing Files : allow Retrieving Files : allow Directory List : allow Create Directory : allow Change Directory : allow Passive Operation : deny

admin(network.wan.app)>list smtp

SMTP Commands


admin(network.wan.app)>delcmd smtp helo admin(network.wan.app)>list smtp

SMTP Commands

HELO : allow MAIL : allow RCPT : allow DATA : allow QUIT : allow SEND : allow SAML : allow RESET : allow VRFY : deny EXPN : allow

Related Commands

addcmd Adds a file or command to the deny list.


3.24.3 Network WAN APP list Command

list Network WAN App Commands

Lists the app control records.

Syntaxlist [web|ftp|smtp]

Parameters

Exampleadmin(network.wan.app)>list web

HTTP Files/Commands

Web Proxy : deny ActiveX : deny filename :


FTP Commands

Storing Files : allow Retrieving Files : allow Directory List : allow Create Directory : deny Change Directory : deny Passive Operation : deny

admin(network.wan.app)>list smtp

SMTP Commands


admin(network.wan.app)>

web Lists Web/HTTP app control settings.ftp Lists FTP app control settings. smtp Lists SMTP app control record.


3.25 Network WAN DynDNS Commands

dyndnsNetwork WAN Commands

Displays the Dynamic DNS menu. DynDNS provides a facility to update the domain name information when the IP address associated with the domain name changes.

Syntaxadmin(network.wan)> dyndnsadmin(network.wan.dyndns)>



set Sets the different Dynamic DNS parameters page 3-130show Displays the Dynamic DNS parameters and current status page 3-131update Manually updates the Dynamic DNS status page 3-132quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.25.1 Network WAN DynDNS set Command

setNetwork WAN DynDNS Commands

Sets the DynDNS parameters

Syntaxset [mode|username|password|hostname]

set mode <mode>set username <username>set password <password>set hostname <hostname>

Parameters

Exampleadmin(network.wan.dyndns)>set mode enableadmin(network.wan.dyndns)>set username JohnDoeadmin(network.wan.dyndns)>set password JohnDoeadmin(network.wan.dyndns)>set hostname motPropServ

admin(network.wan.dyndns)>show

DynDNS Configuration

Mode : enableUsername : JohnDoePassword : ********Hostname : motPropServ

DynDNS Update Response

IP Address : 192.168.10.1Hostname : motPropServStatus : Connected

mode <mode> Enables or disables DynDNS. <mode> can be enable or disable.username <username> Sets the DynDNS user name to <username> (1-32 characters)password <password> Sets the password to <password> (1-32 characters) for the DynDNS username

<username>.hostname <hostname> Sets the DynDNS server host name to <hostname> (1-32 characters).


3.25.2 Network WAN DynDNS show Command

showNetwork WAN DynDNS Commands

Displays the Dynamic DNS parameter information and the current status.

Syntaxshow

ParametersNone

Exampleadmin(network.wan.dyndns)>show

DynDNS Configuration

Mode : enableUsername : JohnDoePassword : ********Hostname : motPropServ

DynDNS Update Response

IP Address : 192.168.10.1Hostname : motPropServStatus : Connected


3.25.3 Network WAN DynDNS update Command

updateNetwork WAN DynDNS Commands

Manually updates the Dynamic DNS information.

Syntaxupdate

ParametersNone

Exampleadmin(network.wan.dyndns)>update

IP Address : 192.168.10.1Hostname : motPropServ


3.26 Network WAN TrunkIPFPolicy Commands

trunkipfpolicyNetwork WAN Commands

Displays the Trunk IP Filter Policy submenu.

Syntaxadmin(network.wan)>trunkipfpolicyadmin(network.wan.trunkipfpolicy)>



add Adds Trunk Port IP Filter association table entry page 3-134del Removes Trunk Port IP Filter association table entry page 3-135set Sets Trunk Port IP Filter association parameters page 3-136show Displays Trunk Port IP Filter association parameters page 3-137quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.26.1 Network WAN TrunkIPFPolicy add Command

addNetwork WAN TrunkIPFPolicy Commands

Adds a Trunk Port IP Filter association table entry.

Syntaxadd <filter-name> <direction> <action>

Parameters

Example

<filter-name> Name of the Trunk Port Filter entry<direction> The direction for the filter<action> One of allow or deny.


3.26.2 Network WAN TrunkIPFPolicy del Command

delNetwork WAN TrunkIPFPolicy Commands

Deletes an entry from the Trunk Port IP Filter association table.

Syntaxdel [all|<index>]

Parameters

Exampleadmin(network.wan.trunkipfpolicy)> del 1admin(network.wan.trunkipfpolicy)>

all Removes all trunk port IP filter association table entries.<index> Remove trunk port ip filter association table entry at the index <index>.


3.26.3 Network WAN TrunkIPFPolicy set Command

setNetwork WAN TrunkIPFPolicy Commands

Sets the different Trunk Port IP Filter Policy configuration settings

Syntaxset [ipf-mode|default]

set ipf-mode <mode>

set default [incoming|outgoing] [allow|deny]

Parameters

Exampleadmin(network.wan.trunkipfpolicy)>show----------------------------------------------------------------Filter-Name Direction Action----------------------------------------------------------------

IP Filter Mode : enable

Default Incoming Action : allow

Default Outgoing Action : allow

admin(network.wan.trunkipfpolicy)>set default outgoing denyadmin(network.wan.trunkipfpolicy)>show------------------------------------------------------------Filter-Name Direction Action------------------------------------------------------------



Default Outgoing Action : deny

ipf-mode <mode> Enables or disables the Trunk Port IP Filteringdefault [incoming|outgoing] [allow|deny]

Sets the default properties for incoming and outgoing direction to either allow or deny.


3.26.4 Network WAN TrunkIPFPolicy show Command

showNetwork WAN TrunkIPFPolicy Commands

Displays the Trunk Port IP Filter policy configuration information.

Syntaxshow

ParametersNone

Exampleadmin(network.wan.trunkipfpolicy)>show----------------------------------------------------Filter-Name Direction Action----------------------------------------------------



Default Outgoing Action : deny

admin(network.wan.trunkipfpolicy)>?


3.27 Network WAN NAT Commands

natNetwork WAN Commands

Displays the nat submenu.

Syntaxadmin(network.wan)> natadmin(network.wan.nat)>



add Adds NAT records. page 3-139delete Deletes NAT records. page 3-140listt Lists NAT records. page 3-141set Sets NAT parameters. page 3-142show Shows NAT parameters. page 3-143quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.27.1 Network WAN NAT add Command

addNetwork WAN NAT Commands

Adds NAT records.

Syntaxadd inb <idx> <name> <tran> <port1> <port2> <ip> <dst_port>

Parameters

Exampleadmin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21

admin(network.wan.nat)>list inb 2 -------------------------------------------------------------------------index name prot start port end port internal ip translation port -------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21

Related Commands

inb <idx> <name> <tran> <port1> <port2> <ip> <dst_port>

Sets an inbound Network Address Translation (NAT) entry.• <idx> – The WAN address• <name> – The NAT entry name• <tran> – The transport protocol (one of cp, udp, icmp, ah, esp, gre, or all)• <port1> – The starting port number in a port range• <port2> – The ending port number in a port range• <ip> – The internal IP address• <dst_port> – The optional internal translation port

delete inb Deletes one of the inbound NAT entries from the list. list inb Displays the list of inbound NAT entries.


3.27.2 Network WAN NAT delete Command

deleteNetwork WAN NAT Commands

Deletes NAT records.

Syntaxdelete inb <idx> [<entry>|all]

Syntax:

Exampleadmin(network.wan.nat)>list inb 2 -------------------------------------------------------------------------index name prot start port end port internal ip translation port -------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21

admin(network.wan.nat)>delete inb 2 all ^

admin(network.wan.nat)>list inb 2 -------------------------------------------------------------------------index name prot start port end port internal ip translation port -------------------------------------------------------------------------

Related Commands

inb <idx> [<entry>|all] Deletes a NAT table entry.• <idx> – The WAN index (1–8)• <entry> – The NAT entry (1–20)• all – All NAT entries associated with the WAN <idx> (1–8)

add inb Adds entries to the list of inbound NAT entries.list inb Displays the list of inbound NAT entries.


3.27.3 Network WAN NAT list Command

list Network WAN NAT Commands

Lists NAT records.

Syntaxlist inb <idx>

Parameters

Exampleadmin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21

admin(network.wan.nat)>list inb 2 -------------------------------------------------------------------------index name prot start port end port internal ip translation port -------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21

Related Commands

list inb <idx> Lists the inbound NAT entries associated with WAN port <idx> (1–8).

delete inb Deletes one of the inbound NAT entries from the list. add inb Adds entries to the list of inbound NAT entries.


3.27.4 Network WAN NAT set Command

setNetwork WAN NAT Commands

Sets NAT inbound and outbound parameters.

Syntaxset [inb|outb|type]

Parameters

Exampleadmin(network.wan.nat)>set type 1 1-to-1 admin(network.wan.nat)>set outb ip 1 209.239.44.36 admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1

nat type : 1-to-1 one to one nat ip address : 209.239.44.36 port forwarding mode : enable port forwarding ip address : 0.0.0.0 one to many nat mapping : subnet1 subnet2 subnet3 subnet4 _

inb [mode|ip] Sets the inbound NAT parameters.• mode <idx> <mode> – Sets the inbound NAT mode for the WAN with index <idx>

(1–8). <mode> can be one of enable or disable.• ip <idx> <a.b.c.d> – Forward unspecified ports and to the IP <a.b.c.d> for the WAN

with index <idx> (1–8).outb [ip|map] Sets the outbound NAT parameters.

• ip <idx> <a.b.c.d> – Sets 1-to-1 NAT IP mapping entries where <idx> (1–8) is the index of the WAN to the ip address <a.b.c.d>.

• map <from> <to> – Sets 1-to-many NAT mapping entries where <from> is one of s1, s2, s3, s4, s5, and s6. <to> is the Wan index (1–8) or none.

type <idx> <type> Sets the type of NAT translation for WAN address index <idx> (1–8) to one of none, 1-to-1, or 1-to-many.


3.27.5 Network WAN NAT show Command

showNetwork WAN NAT Commands

Shows NAT parameters.

Syntaxshow nat <idx>

Parameters

Exampleadmin(network.wan.nat)>set inb mode 1 enableadmin(network.wan.nat)>show nat 1

nat type : 1-to-1one to one nat ip address : 209.239.44.36port forwarding mode : enableport forwarding ip address : 0.0.0.0one to many nat mapping : subnet1 subnet2 subnet3 subnet4

show nat <idx> Shows NAT settings for WAN <idx> (1–8).


3.28 Network WAN VPN Commands

vpnNetwork WAN Commands

Displays the VPN submenu.

Syntaxadmin(network.wan)> vpnadmin(network.wan.vpn)>



cmgr Goes to the cmgr (Certificate Manager) submenu. page 3-156add Adds an security policy database (SPD) entry. page 3-145set Sets SPD parameters. page 3-150list Lists SPD entries. page 3-148delete Deletes SPD entries. page 3-146stats Lists statistics for all active tunnels. page 3-155ikestate Lists statistics for all active tunnels. page 3-147reset Resets all VPN tunnels. page 3-149quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.28.1 Network WAN VPN add Command

addNetwork WAN VPN Commands

Adds a security policy database (SPD) entry.

Syntaxadd <name> <LSubnet> <LWANIP> <RSubnetIP> <RSubnetMask> <RGatewayIP>

Parameters

Exampleadmin(network.wan.vpn)>add Bob 1 209.239.160.55 206.107.22.45 255.255.255.224 206.107.22.2 If tunnel type is Manual, proper SPI values and Keys must be configured after adding the tunnel admin(network.wan.vpn)>list ------------------------------------------------------------------------ Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet -------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1

admin(network.wan.vpn)>

<name> <LSubnet> <LWanIP> <RSubnetIP> <RSubnetMask> <RGatewayIP>

Creates a tunnel named <name> (1 to 13 characters) to gain access to local subnet <LSubnet> (1, 2, 3, 4, 5, 6), through local WAN IP <LWanIP> from the remote subnet with address <RSubnetIP> and subnet mask <RSubnetMask> using the remote gateway <RGatewayIP>.

The local WAN IP can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP server is then used to initiate the VPN tunnel. The VPN peer must set it’s Remote Gateway address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only.


3.28.2 Network WAN VPN delete Command

deleteNetwork WAN VPN Commands

Deletes security policy database (SPD) entries.

Syntaxdelete [*|<name>]

Parameters

Exampleadmin(network.wan.vpn)>list -------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet -------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1

admin(network.wan.vpn)>delete Bob admin(network.wan.vpn)>list -------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet -------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1


* Deletes all SPD entries.<name> Deletes SPD entries named <name>.


3.28.3 Network WAN VPN ikestate Command

ikestateNetwork WAN VPN Commands

Displays statistics for all active tunnels using Internet Key Exchange (IKE). In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key.

Syntaxikestate

ParametersNone

Exampleadmin(network.wan.vpn)>ikestate ---------------------------------------------------------------------- Tunnel Name IKE State Dest IP Remaining Life ---------------------------------------------------------------------- Eng2EngAnnex Not Connected ---- --- Bob Not Connected ---- ---



3.28.4 Network WAN VPN list Command

listNetwork WAN VPN Commands

Lists security policy database (SPD) entries.

Syntaxlist {<name>}

Parameters

Exampleadmin(network.wan.vpn)>list-------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet-------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1

admin(network.wan.vpn)>list bob

bad index value

admin(network.wan.vpn)>list Bob-------------------------------------------------------------------------Detail listing of VPN entry:-------------------------------------------------------------------------Name : BobLocal Subnet : 1Tunnel Type : ManualRemote IP : 206.107.22.45Remote IP Mask : 255.255.255.224Remote Security Gateway : 206.107.22.2Local Security Gateway : 209.239.160.55AH Algorithm : NoneEncryption Type : ESPEncryption Algorithm : DESESP Inbound SPI : 0x00000100ESP Outbound SPI : 0x00000100

Lists all tunnel entries.<name> Lists detailed information about tunnel named <name>. Note that the <name> must

match case with the name in the SPD entry. “Bob” is not equal to “bob”, as shown in the example below.


3.28.5 Network WAN VPN reset Command

resetNetwork WAN VPN Commands

Resets all VPN tunnels.

Syntaxreset

ParametersNone

Exampleadmin(network.wan.vpn)>reset

VPN tunnels reset.



3.28.6 Network WAN VPN set Command

setNetwork WAN VPN Commands

Sets security policy database (SPD) entry parameters.

Syntaxset [ike|type|sub|remip|remmask|remgw|authalgo|espauthalgo|enckey|espauthkey|spi| localgw|usepfs|pfsgrp|salife|ipsecdel|auto-initiation|

auto-initiate-interval]

set ike [myidtype|remidtype|myiddata|opmode|authtype|authalgo|psk|encalgo|lifetime|group]

set ike myidtype <name> <idtype>set ike remidtype <name> <idtype>set ike myiddata <name> <idtype>set ike opmode <name> <opmode>set ike authtype <name> <authtype>set ike authalgo <name> <authalgo>set ike psk <name> <psk>set ike encalgo <name> <encalgo>set ike lifetime <name> <lifetime>set ike group <name> <group>

set type <name> <type>

set sub <name> <sub>

set remip <name> <remip>

set remmask <name> <remmask>

set remgw <name> <remgw>

set authalgo <name> <auth>

set enctype <name> <enctype>

set encalgo <name> <encalgo>

set espauthalgo <name> <espauthalgo>

set enckey <name> <direction> <enckey>

set espauthkey <name> <direction> <espauthkey>

set spi <name> <algo> <direction> <spi>

set localgw <name> <localgw>

set usepfs <name> <usepfs>

set pfsgrp <name> <pfsgrp>

set salife <name> <lifetime>


set ipsecdel <name> <mode>

set auto-initiation <name> <mode>

set auto-initiate-interval <interval>

Parameters

ike myidtype <name> <idtype>

Sets the Local ID type for IKE authentication for SPD <name> (1 to 13 characters) to <idtype> (one of IP, FQDN, or UFQDN).

ike remidtype <name> <idtype>

Sets the Remote ID type for IKE authentication for SPD <name> (1 to 13 characters) to <idtype> (one of IP, FQDN, or UFQDN).

ike myiddata <name> <iddata>

Sets the Local ID data for IKE authentication for SPD <name> (1 to 13 characters) to <iddata>. This value is not required when the ID type is set to IP.

ike remiddata <name> <iddata>

Sets the Remote ID data for IKE authentication for SPD <name> (1 to 13 characters) to <idtype>.

ike opmode <name> <opmode>

Sets the Operation Mode of IKE for SPD <name> (1 to 13 characters) to 4. <opmode> can be one of Main or Aggr(essive).

ike authtype <name> <authtype>

Sets the IKE Authentication type for SPD <name> (1 to 13 characters) to <authtype> (one of PSK or RSA).

ike authalgo <name> <authalgo>

Sets the IKE Authentication Algorithm for SPD <name> (1 to 13 characters) to <authalgo>. <authalgo> can be either MD5 or SHA1.

ike psk <name> <psk> Sets the IKE Pre-Shared Key for SPD <name> (1 to 13 characters) to <psk> (1–49 characters).

ike encalgo <name> <encalgo>

Sets the IKE Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo> (one of DES, 3DES, AES128, AES192, or AES256).

ike lifetime <name> <lifetime>

Sets the IKE Key life time in seconds for SPD <name> (1 to 13 characters) to <lifetime> seconds.

ike group <name> <group>

Sets the IKE Diffie-Hellman Group for SPD <name> (1 to 13 characters) to <group> (one of G768 or G1024)

type <name> <type> Sets the authentication type of SPD <name> (1 to 13 characters) to <type> (Auto or Manual).

sub <name> <sub> Sets the Local Subnet (1, 2, 3, 4, 5 or 6) for SPD <name> (1 to 13 characters) to subnet number <sub> (1, 2, 3, 4, 5 or 6).

remip <name> <remip> Sets the IP address for the remote end of SPD <name> (1 to 13 characters) to remote ip <remip> (a.b.c.d).

remmask <name> <remmask>

Sets the IP Mask for the remote end of SPD <name> (1 to 13 characters) to <remmask> (a.b.c.d).

remgw <name> <remgw>

Sets the Remote IP gateway for SPD <name> (1 to 13 characters) to be <remgw> (a.b.c.d). Set this value to 0.0.0.0 to support tunneling to VPN peer which is a DHCP client.

authalgo <name> <authalgo>

Sets the authentication algorithm for SPD <name> (1 to 13 characters) to <authalgo> (one of None, MD5, or SHA1).


Exampleadmin(network.wan.vpn)>list Bob -------------------------------------------------------------------------Detail listing of VPN entry: ------------------------------------------------------------------------ Name : Bob Local Subnet : 1

authkey <name> <direction> <authkey>

Sets the AH authentication key (if SPD type is Manual) for tunnel <name> (1 to 13 characters) with the direction <direction> set to IN or OUT, and the manual authentication key set to <authkey>. (The key size is 32 hex characters for MD5, and 40 hex characters for SHA1).

enctype <name> <enctype>

Sets the Encryption type for SPD <name> (1 to 13 characters) to <enctype> (one of None, ESP, or ESP-AUTH).

encalgo <name> <encalgo>

Sets the Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo> (one of DES, 3DES, AES128, AES192, or AES256).

espauthalgo <name> <espauthalgo>

Sets ESP Authentication Algorithm for SPD <name> to <espauthalgo> (one of MD5 or SHA1).

enckey <name> <direction> <enckey>

Sets the Manual Encryption Key in ASCII for SPD <name> and direction <direction> (IN or OUT) to the key <enckey>. The size of the key depends on the encryption algorithm.- 16 hex chars for DES - 48 hex chars for 3DES - 32 hex chars for AES128 - 48 hex chars for AES192 - 64 hex chars for AES256

espauthkey <name> <direction> <espauthkey>

Sets Manual ESP Authentication Key for SPD <name> (1 to 13 characters) either for direction <direction> (IN or OUT) to <espauthkey>, an ASCII string of hex characters. If authalgo is set to MD5, the provide 32 hex characters. If authalgo is set to SHA1, provide 40 hex characters.

spi <name> <algo> <direction> <spi>

Sets the direction <direction> (IN(bound) or OUT(bound)) SPI for <algo> (AUTH (Manual Authentication) or ESP) for SPD <name> (1 to 13 characters) to <spi> (a hex value more than 0xFF).

localgw <name> <ip> Sets the Local WAN IP to <ip> (a.b.c.d) for a SPI <name> (1 to 13 characters).The local WAN IP (local gateway) can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP server is then used to initiate the VPN tunnel. The VPN peer must set it’s Remote Gateway address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only.

usepfs <name> <usepfs>

Enables or disables Perfect Forward Secrecy for SPD <name> (1 to 13 characters).

salife <name> <lifetime>

Sets SA life time to <lifetime> seconds (minimum 300).

ipsecdel <name> <mode>

Enables the deletion of IPSEC SA when IKE SA is deleted for the tunnel named <name> (1 to 13 characters).

auto-initiation <name> <mode>

Enables / disables auto-initiation by WS2000 for the tunnel named <name> (1 to 13 characters).

auto-initiate-interval <time>

Sets the time duration between two consecutive auto-initiation attempts. This time duration is in seconds.


Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : None Encryption Type : ESP Encryption Algorithm : DES ESP Inbound SPI : 0x00000100 ESP Outbound SPI : 0x00000100

admin(network.wan.vpn)>set usepfs Bob enable admin(network.wan.vpn)>set spi Bob ESP IN abcde admin(network.wan.vpn)>set spi Bob ESP OUT cdef23 admin(network.wan.vpn)>list Bob -------------------------------------------------------------------------Detail listing of VPN entry: -------------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : None Encryption Type : ESP Encryption Algorithm : DES ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23

admin(network.wan.vpn)>set authalgo Bob MD5 admin(network.wan.vpn)>list Bob -------------------------------------------------------------------------Detail listing of VPN entry: ------------------------------------------------------------------------ Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : MD5 Encryption Type : ESP Encryption Algorithm : DES Auth Inbound SPI : 0x00000100 Auth Outbound SPI : 0x00000100 ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23

admin(network.wan.vpn)>set authkey Bob IN 12345678901234567890123456789012 admin(network.wan.vpn)>set authkey Bob OUT 11111111112222222222333333333344 admin(network.wan.vpn)>set spi Bob AUTH IN 2233445 admin(network.wan.vpn)>set spi Bob AUTH OUT 33344 admin(network.wan.vpn)>list Bob -------------------------------------------------------------------------


Detail listing of VPN entry: ------------------------------------------------------------------------ Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : MD5 Encryption Type : ESP Encryption Algorithm : DES Auth Inbound SPI : 0x02233445 Auth Outbound SPI : 0x00033344 ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23


3.28.7 Network WAN VPN stats Command

statsNetwork WAN VPN Commands

Lists statistics for all active tunnels.

Syntaxstats

ParametersNone

Exampleadmin(network.wan.vpn)>stats ------------------------------------------------------------------------ Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx) ------------------------------------------------------------------------ Eng2EngAnnex Not Active Bob Not Active


3.29 Network WAN VPN Cmgr Commands

cmgrNetwork WAN VPN Commands

Displays to the Certificate Manager submenu.

Syntaxadmin(network.wan.vpn)> cmgradmin(network.wan.vpn.cmgr)>



genreq Generates a Certificate Request. page 3-162loadca Loads a trusted certificate from CA. page 3-167loadself Loads a self certificate signed by CA. page 3-168showreq Displays a certificate request in PEM format. page 3-169listprivkey Lists names of private keys. page 3-165listself Lists the self certificate loaded. page 3-166listca Lists the trusted certificate loaded. page 3-164delprivkey Deletes the private key. page 3-158delself Deletes the self certificate. page 3-159delca Deletes the trusted certificate. page 3-157expcert Exports the certificate file. page 3-160impcert Imports the certificate file. page 3-163quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.29.1 Network WAN VPN Cmgr delca Command

delcaNetwork WAN VPN Commands

Deletes a trusted certificate.

Syntaxdelca <IDname>

Parameters

Exampleadmin(network.wan.vpn.cmgr)>delca CAfinanceadmin(network.wan.vpn.cmgr)>

<IDname> Deletes the trusted certificate <IDname>.


3.29.2 Network WAN VPN Cmgr delprivkey Command

delprivkeyNetwork WAN VPN Commands

Deletes a private key.

Syntaxdelprivkey <IDName>

Parameters

Exampleadmin(network.wan.vpn.cmgr)>delprivkey <IDname>admin(network.wan.vpn.cmgr)>

<IDname> The key name to be deleted.


3.29.3 Network WAN VPN Cmgr delself Command

delselfNetwork WAN VPN Cmgr Commands

Deletes a self certificate.

Syntaxdelself <IDName>

Parameters

Exampleadmin(network.wan.vpn.cmgr)>delself<IDname>admin(network.wan.vpn.cmgr)>

<IDname> The name of the self certificate to be deleted.


3.29.4 Network WAN VPN Cmgr expcert Command

expcertNetwork WAN VPN Cmgr Commands

Exports the certificate file.

Syntaxexpcert [ftp|tftp] <filename>

Parameters

Exampleadmin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd

admin(network.wan.vpn.cmgr)>expcert ftp mycertificateadmin(network.wan.vpn.cmgr)>

Related Commands

[ftp|tftp] <file name> Exports the certificate with specified filename <file name> by either ftp or tftp. The tftp or ftp options for this file transfer will use the settings for the configuration file settings. See System Config set Command for information on how to set the tftp/ftp options.

impcert Imports a certificate.


3.29.5 Network WAN VPN Cmgr export-req Command

export-reqNetwork WAN VPN Cmgr Commands

Exports the private key ID name to a file. The exported file will be in the same directory as used for importing or exporting configuration files.

Syntaxexport-req ftp <idname> <filename>

Parameters

Exampleadmin(network.wan.vpn.cmgr)> export-req ftp key1 filekey1

ftp <idname> <filename>

Exports the private key ID name to a file. This file is exported to the same directory as used for exporting or importing configuration files.


3.29.6 Network WAN VPN Cmgr genreq Command

genreqNetwork WAN VPN Cmgr Commands

Generates a Certificate Request.

Syntaxgenreq <IDName> <subject> {-ou <Organization Unit>} {-on <Organization Name>} {-cn <City Name>} {-st <State>} {-p <Postal Code>} {-cc <Country Code>} {-e <Email Address>} { -d <Domain Name>} {-i <IP Address>} {-sa <Signature Algorithm>} {-k <Key Size>}

Syntax:

Note: The parameters in {curly brackets} are optional. Check with the CA to determine what fields are necessary. For example, most CAs require an email address and an IP address, but not the address of the organization.

Exampleadmin(network.wan.vpn.cmgr)>genreq MyCert2 MySubject -ou MyDept -on MyCompany Please wait. It may take some time...

-----BEGIN CERTIFICATE REQUEST----- MIHzMIGeAgEAMDkxEjAQBgNVBAoTCU15Q29tcGFueTEPMA0GA1UECxMGTXlEZXB0 MRIwEAYDVQQDEwlNeVN1YmplY3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtKcX plKFCFAJymTFX71yuxY1fdS7UEhKjBsH7pdqnJnsASK6ZQGAqerjpKScWV1mzYn4 1q2+mgGnCvaZUlIo7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG/C1f Bj8AszttSo/bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX/d6+Q1SMbs+tG4RP0lRSr iWDyuvwx -----END CERTIFICATE REQUEST-----

genreq <IDname> <Subject> ...optional arguments...

Generates a self-certificate request for a Certification Authority (CA), where <IDname> is the private key ID (up to 7 characters) and <subject> is the subject name (up to 49 characters). A number of optional arguments can also be specified as indicated below.

-ou <Organization Unit> Organization Unit (1 to 49 chars) -on <Organization Name> Organization Name (1 to 49 chars)-cn <City Name> City Name of Organization (1 to 49 chars)-st <State> State Name (1 to 49 chars)-p <Postal Code> Postal code (9 digits) -cc <Country Code> Country code (2 chars)-e <Email Address> E-mail Address (1 to 49 chars) -d <Domain Name> Domain Name (1 to 49 chars)-i <IP Address> IP Address (a.b.c.d) -sa <Signature Algorithm> Signature Algorithm (one of MD5-RSA or SHA1-RSA) -k <Key Size> Key size in bits (one of 512, 1024, or 2048)


3.30 Network WAN VPN Cmgr impcert Command

impcertNetwork WAN VPN Cmgr Commands

Imports the certificate file.

Syntaximpcert <type> <filename>

Parameters

Exampleadmin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd

admin(network.wan.vpn.cmgr)>impcert ftp mycertificateadmin(network.wan.vpn.cmgr)>

Related Commands

[ftp|tftp] <filename> Imports the certificate with specified filename <file name> by either ftp or tftp. The tftp or ftp options for this file transfer will use the settings for the configuration file settings. See System Config set Command for information on how to set the tftp/ftp options.

expcert Exports a certificate.


3.30.1 Network WAN VPN Cmgr listca Command

listcaNetwork WAN VPN Cmgr Commands

Lists the loaded trusted certificate.

Syntaxlistca

ParametersNone

Exampleadmin(network.wan.vpn.cmgr)>listca Trusted Certificate List:


3.30.2 Network WAN VPN Cmgr listprivkey Command

listprivkeyNetwork WAN VPN Cmgr Commands

Lists the names of private keys.

Syntaxlistprivkey

ParametersNone

Exampleadmin(network.wan.vpn.cmgr)>listprivkey -------------------------------------------------------------------------Private Key Name Certificate Associated -------------------------------------------------------------------------


3.30.3 Network WAN Vpn Cmgr listself Command

listselfNetwork WAN VPN Cmgr Commands

Lists the loaded self certificates.

Syntaxlistself

ParametersNone

Exampleadmin(network.wan.vpn.cmgr)>listself

Self Certificate List:


3.30.4 Network WAN VPN Cmgr loadca Command

loadcaNetwork WAN VPN Cmgr Commands

Loads a trusted certificate from the Certificate Authority.

Syntaxloadca {ftp <filename>}

Parameters

Example

admin(network.wan.vpn.cmgr)>loadca ftp cert1Starting file transfer ...

Certificate transferred successfully

admin(network.wan.vpn.cmgr)>loadcaCurrently Only certificates in PEM format can be uploadedEnter 'Ctrl C' to abort. Paste the certificate:

loadca Loads the trusted certificate (in PEM format) that is pasted into the command line.ftp <filename> – (Optional parameter) Loads a CA certificate from a FTP server. <filename> is the name of the certificate file to load. The default path for loading the file is the same as used for importing or exporting configuration files.


3.30.5 Network WAN VPN Cmgr loadself Command

loadselfNetwork WAN VPN Cmgr Commands

Loads a self certificate signed by the Certificate Authority.

Syntaxloadself [<IDname>|ftp <IDname> <filename>]

Parameters

Exampleadmin(network.wan.vpn.cmgr)> loadself ftp MyCert mycert.certStarting file transfer ...

admin(network.wan.vpn.cmgr)>

admin(network.wan.vpn.cmgr)>loadself MyCert Currently Only certificates in PEM format can be uploaded. Paste the certificate:

<IDname> Loads the self certificate signed by the CA with name <IDname>. ftp <IDname> <filename>

Loads the self certificate <IDName> from a file <filename> on an FTP server. The certificate file is loaded from the same directory as used for importing or exporting configuration files.


3.30.6 Network WAN VPN Cmgr showreq Command

showreqNetwork WAN VPN Cmgr Commands

Displays a certificate request in PEM format.

Syntaxshowreq <IDname>

Parameters

showreq <IDname>

Displays a certificate request named <IDname> generated from the genreq command.


3.31 Network WLAN Commands

wlannetwork

Displays the WLAN submenu.

Syntaxadmin(network)> wlanadmin(network.wlan)>



add Adds MU access control list entries. page 3-171delete Deletes MU access control list entries. page 3-172list Lists MU access control list entries. page 3-173rogueap Goes to the rogue AP submenu. page 3-181enhancedrogueap Goes to the Enhanced Rogue AP submenu. page 3-207muprobe Goes to the MU Probe submenu page 3-210hotspot Goes to the Hotspot submenu page 3-213wlanipfpolicy Goes to WLAN IPF policy submenu. page 3-226set Sets WLAN parameters. page 3-174show Shows WLAN parameters. page 3-179quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.31.1 Network WLAN add Command

addNetwork WLAN Commands

Adds entries to the mobile unit (MU) access control list.

Syntaxadd <idx> <mac1> <mac2> <name>

Parameters

Exampleadmin(network.wlan)>add 1 000000000000 112233445566 admin(network.wlan)>list 1 ------------------------------------------------------------------------ index start mac end mac ------------------------------------------------------------------------ 1 000000000000 112233445566 admin(network.wlan)>

Related Commands

<idx> <mac1> <mac2> <name>

Adds an entry to the MU access control list, where <idx> is the WLAN index (1–8), <mac1> is the starting MAC address (e.g., 001122334455), and <mac2> is ending MAC address in the acceptable range. <name> is the name of the MU ACL.

delete Deletes entries from the MU access control list.list Shows entries in the MU access control list.


3.31.2 Network WLAN delete Command

deleteNetwork WLAN Commands

Deletes specified entry or entries from mobile unit (MU) access control list.


Parameters

Exampleadmin(network.wlan)>add 1 223344556677 334455667788 admin(network.wlan)>list 1 ------------------------------------------------------------------------ index start mac end mac ------------------------------------------------------------------------ 1 000000000000 112233445566 2 223344556677 334455667788

admin(network.wlan)>delete 1 2 admin(network.wlan)>list 1 -------------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------------ 1 000000000000 112233445566

admin(network.wlan)>

Related Commands

<idx> [<entry>|all] Deletes MU ACL entries.• <entry> – Deletes MU access control list entry <entry> (1–30) for WLAN

<idx> (1–8).• all – Deletes all access control list entries for the WLAN specified by

<idx>.

add Adds entries to the MU access control list.list Displays entries in the MU access control list.


3.31.3 Network WLAN list Command

listNetwork WLAN Commands

Lists the entries in the mobile unit (MU) access control list.

Syntaxlist <idx>

Parameters

Exampleadmin(network.wlan)>list 1 -------------------------------------------------------------------------index start mac end mac -------------------------------------------------------------------------1 000000000000 112233445566

Related Commands

list <idx> Displays the entries in the MU access control list for WLAN <idx> (1–8).

add Adds entries to the MU access control list.delete Deletes entries from the MU access control list.


set tkip [key|type|phrase|rotate-mode|interval|wpa2|preauth|pmk]set tkip key <idx> <key>set tkip type <idx> <type>set tkip phrase <idx> <phrase>set tkip [rotate-mode|wpa2|preauth|pmk] <idx> <mode>set tkip interval <idx> <interval>

set ccmp [key|type|phrase|rotate-mode|interval|mixed-mode|preauth|opp-pmk]set ccmp key <idx> <key>set ccmp type <idx> <type>set tkip phrase <idx> <phrase>set tkip [rotate-mode|mixed-mode|preauth|opp-pmk] <idx> <mode>set tkip interval <idx> <interval>

set wep-mcm [index|key]set wep-mcm index <a> <b>set wep-mcm key <a> <b> <c>

set mu-inact <timeout>

set wep_shared <mode>

set handshake-timeout <idx> <timeout>

set handshake-retry-count <idx> <retry-count>

Parameters

acl <idx> <mode> Sets the default MU access control mode <mode> to allow or deny for WLAN <idx> (1–8).

adopt <idx> <mode> Sets default Access Port adoption mode <mode> to allow or deny for WLAN <idx> (1–8).

auth <idx> <type> Sets the authentication type for WLAN <idx> (1–8) to <type> (none, eap, or kerberos).Note: EAP parameters are only in effect if “eap” is specified for the authentication method (set auth <idx> <type>).

bcast <idx> <mode> Enables or disables the broadcast ESS answer for the WLAN <idx> (1–8).

eap adv mu-quiet <idx> <period>

Sets the EAP MU/supplicant quiet period for WLAN <idx> (1–8) to <period> seconds (1–65535).

eap adv mu-tx <idx> <period> Sets the EAP MU/supplicant TX period for WLAN <idx> (1–8) to <period> seconds (1–65535).

eap adv mu-timeout <idx> <timeout>

Sets the EAP MU/supplicant timeout for WLAN <idx> (1–8) to <timeout> seconds (1–255).

eap adv mu-retry <idx> <retry> Sets the EAP maximum number of MU retries to <retry> (1–10) for WLAN <idx> (1–8).

eap adv server-timeout <idx> <timeout>

Sets the server timeout for WLAN <idx> (1–8) to <timeout> seconds (1–255).

eap adv server-retry <idx> <retry>

Sets the maximum number of server retries for WLAN <idx> (1–8) to <retry> (1–10).


eap server <idx> <rsidx> <ip> Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN <idx> (1–8) to IP address <ip>.

eap port <idx> <rsidx> <port> Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN <idx> (1–8) to <port>.

eap rad-acct mode <idx> <mode>

Enables/disables RADIUS accounting for WLAN <idx> (1–8).

eap rad-acct retry-count <idx> <count>

Sets RADIUS accounting retry count to <count> (1–10) for WLAN <idx> (1–8).

eap rad-acct timeout <idx> <time>

Sets RADIUS accounting retry timeout to <time> seconds (1–255) for WLAN <idx> (1–8). 0 indicates no timeout.

eap rad-bind-interface <idx> <server> <interface>

Binds the RADIUS server type <server> (1 - Primary, 2 - Secondary) to the interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2, ...s6-Subnet 6, w-wan) for the WLAN <idx> (1–8).

eap reauth mode <idx> enable/disable

Enables or disables the EAP reauthentication parameters for WLAN <idx> (1–8).

eap reauth period <idx> <period>

Sets the reauthentication period for WLAN <idx> (1–8) to <period> seconds (30–9999).

eap reauth retry <idx> <retry> Sets the maximum number of reauthentication retries to <retry> (1–99) for WLAN <idx> (1–8).

eap secret <idx> <rsidx> <secret>

Sets the EAP shared secret <secret> (1–127 characters) for server <rsidx> (1-primary or 2-secondary) on WLAN <idx> (1–8).Note: Kerberos parameters are only in effect if “kerberos” is specified for the authentication method (set auth <idx> <type>).

eap syslog ip <idx> <ip> Sets the remote syslog server for WLAN <idx> (1–8) to the IP address <ip> (a.b.c.d).

eap syslog mode <idx> enable/disable

Enables/disables remote syslog for WLAN <idx> (1–8).

enc <idx> <type> Sets the encryption type to <type> (one of none, wep40, wep104, keyguard, tkip, or ccmp) for WLAN <idx> (1–8). Note: TKIP parameters are only in effect if “tkip” is selected as the encryption type.

ess <idx> <ess> Sets the 802.11 ESS ID for WLAN <idx> (1–8) to <ess>.kerb passwd <idx> <password>

Sets the Kerberos password to <password> (1–21 characters) for WLAN <idx> (1–8).

kerb port <idx> <ksidx> <port> Sets the Kerberos port to <port> (KDC port) for server <ksidx> (1-primary, 2-backup, or 3-remote) for WLAN <idx> (1–8).

kerb realm <idx> <realm> Sets the Kerberos realm name for WLAN <idx> (1–8) to <realm> (1–63 characters).

kerb server <idx> <ksidx> <ip> Sets the Kerberos server <ksidx> (1-primary, 2-backup, or 3-remote) IP address for WLAN <idx> (1–8) to <ip>.

kerb user <idx> <name> Sets the Kerberos user name for WLAN <idx> (1–8) to <name> (1–21 characters).

mcast <idx> <midx> <mic> Sets the multicast group address <midx> (1, 2) for WLAN <idx> (1–8) to MAC address <mac>.

mode <idx> <mode> Enables or disables WLAN <idx> (1–8).name <idx> <name> Sets the name of WLAN <idx> (1–8) to <name> (1–7 characters).


no-mu-mu <idx> <mode> Enables or disables the stoppage of MU-to-MU communication for WLAN <idx> (1–8).

vop <idx> <mode> Enables or disables the voice priority mode for WLAN <idx> (1–8).tkip key <idx> <key> Sets the TKIP key to <key> (1–64 hex digits) for WLAN <idx> (1–8). tkip type <idx> <type> Sets the TKIP key type to phrase or key for WLAN <idx> (1–8).tkip phrase <idx> <phrase> Sets the TKIP ASCII pass phrase to <phrase> (8–63 characters) for WLAN

<idx> (1–8).tkip rotate-mode <idx> <mode> Enables or disabled the broadcast key rotation for WLAN <idx> (1–8).tkip interval <idx> <interval> Sets the broadcast key rotation interval to <interval> seconds (300–

604800) for WLAN <idx> (1–8).ccmp key <idx> <key> Sets the CCMP key to <key> (1–64 hex digits) for WLAN <idx> (1–8).

Must be specified when type parameter is set to key.ccmp type <idx> phrase/key

Sets the CCMP key type to phrase or key for WLAN <idx> (1–8).

ccmp phrase <idx> <phrase> Sets the CCMP ASCII pass phrase for WLAN <idx> (1–8) to <phrase> (8–63 characters). Must be specified when type parameter is set to phrase.

ccmp rotate-mode <idx> enable/disable

Enables or disables the broadcast key rotation for WLAN <idx> (1–8).

ccmp interval <idx> <interval> Sets the broadcast key rotation interval for WLAN <idx> (1–8) to <interval> (300–604800) seconds.

ccmp mixed-mode <idx> enable/disable

Enables or disables mixed mode (allowing WPA-TKIP clients) for WLAN <idx> (1–8).

ccmp preauth <idx> enable/disable

Enables or disables pre-authentication (fast roaming) for WLAN <idx> (1–8).

ccmp opp-pmk <idx> enable/disable

Enables or disables opportunistic PMK caching (fast roaming) for WLAN <idx> (1–8).Note: The WEP authentication mechanism saves up to four different keys (one for each WLAN). It is not a requirement to set all keys, but you must associate a WLAN with the appropriate key.

wep-mcm index <idx> <kidx> Selects the WEP/KeyGuard key (from one of the four potential values of <kidx> (1–4) for WLAN <idx> (1–8).

wep-mcm key <idx> <kidx> <key>

Sets the WEP/KeyGuard key for key index <kidx> (1–4) for WLAN <idx> (1–8) to <key> 1 to 26 (hex digits).

vlan-id <idx> <vlan-id> Sets the VLAN-ID mapping to WLAN <idx> (1–8) to VLAN <vlan-id> (1–4094).

mu-inact <timeout> Sets the MU inactivity timeout value to <timeout> (1-60) minutes.wep_shared <mode> Enables or disables WEP shared mode.handshake-timeout <idx> <timeout>

Sets the 802.11i handshake timeout value to <timeout> (100-2000 ms) for the WLAN <idx> (1–8). This feature is provided to prevent those MUs that do not receive EAPOL messages from restarting the association procedure. The default retry for these MUs is 2 seconds. This switch is provided to control the retry for EAPOL messages to a value that is less than 2 seconds.


Exampleadmin(network.wlan)>set name 1 store admin(network.wlan)>set name 2 backoff admin(network.wlan)>set auth 1 kerberos

Kerberos requires WEP 104 or Keyguard. The encryption type has been changed to W EP104.

admin(network.wlan)>set no-mu-mu 1 enable admin(network.wlan)>show wlan 1

wlan name : WLAN1ess identifier : 101wlan mode : enablesubnet : s1vlan_id : 1enc type : noneauth type : nonevoice prioritization : enabledisallow mu to mu : disableanswer broadcast ess : disablesecure beacon mode : disabledefault mu acl mode : allow alldefault ap adopt mode : allow allmulticast address 1 : 01005E000000multicast address 2 : 09000E000000handshake timeout in milliseconds : 2000handshake retry count : 3

admin(network.wlan)>

handshake-retry-count <idx> <retry-count>

Sets the 802.11i handshake retry count to <retry-count> (1-10) for the WLAN <idx> (1–8). This in conjunction with the handshake-timeout command controls the handshake retry time and retry count for those MUs that do not receive EAPOL messages.

secure-beacon <idx> <mode> Enables or disables secure beacon for the WLAN <idx> (1–8)enforce-pmk-validation <mode>

Enables or disables PMK validation across association and EAPOL packets

wireless-stp <mode> Enable or disables STP on wireless side


3.31.5 Network WLAN show Command

showNetwork WLAN Commands

Displays the WLAN parameters.

Syntaxshow [eap|kerb|tkip|ccmp|wep-mcm|wlan|mu-inact|wep_shared|enforce-pmk-validation|wireless-stp] <idx>

Syntax:

Exampleadmin(network.wlan)>show tkip 1

tkip key type : phrasetkip phrase : ********tkip key : ********tkip rotate mode : disabletkip rotate interval : 86400

admin(network.wlan)>show ccmp 1

ccmp key type : phraseccmp phrase : ********ccmp key : ********ccmp rotate mode : disableccmp rotate interval : 86400ccmp mixed mode (allow WPA) : disable802.11i preauthentication : disableOpportunistic PMK Caching : enable

admin(network.wlan)>show wep-mcm 1

wep key index : 1wep key 1 : ********wep key 2 : ********wep key 3 : ********wep key 4 : ********

eap <idx> Shows the EAP parameters for WLAN <idx> (1–8).kerb <idx> Shows the Kerberos parameters for WLAN <idx> (1–8).tkip <idx> Shows the TKIP parameters for WLAN <idx> (1–8).ccmp <idx> Shows the CCMP parameters for WLAN <idx> (1–8).wep-mcm <idx> Shows the WEP/Keyguard parameters for WLAN <idx> (1–8).wlan <idx> Shows the basic WLAN parameters for WLAN <idx> (1–8).mu-inact Shows the MU inactivity timeout value.wep_shared Shows the WEP Shared parameters.enforce-pmk-validation

Shows enforce-pmk-validation configuration value

wireless-stp Show wireless STP configuration


admin(network.wlan)>show wlan 1

wlan name : WLAN1ess identifier : 101wlan mode : enableenc type : noneauth type : nonevoice prioritization : enabledisallow mu to mu : disableanswer broadcast ess : disabledefault mu acl mode : allow alldefault ap adopt mode : allow allmulticast address 1 : 01005E000000multicast address 2 : 09000E000000

admin(network.wlan)>show eap 1

server ip 1 : 0.0.0.0server ip 2 : 0.0.0.0server port 1 : 1812server port 2 : 1812eap secret 1 : ********eap secret 2 : ********

eap remote syslog mode : disablesyslog server ip : 0.0.0.0Bind interface (for server 1) : s1Bind interface (for server 2) : none

eap reauth mode : disableeap reauth retries : 2eap reauth period : 3600

eap mu quiet period : 10eap mu tx period : 5eap mu timeout : 10eap mu retries : 2eap server timeout : 5eap server retries : 2

radius accounting retry mode : disableradius accounting retry timeout : 10radius accounting retry count : 2

Related Commands

set Sets WLAN parameters.


3.32 Network WLAN Rogue AP Commands

rogueapNetwork WLAN Commands

Displays the rogue AP submenu.

Syntaxadmin(network.wlan)> rogueapadmin(network.wlan.rogueap)>



show Shows current rogue AP configuration. page 3-183set Sets rogue AP parameters. page 3-182rulelist Goes to the rule list submenu. page 3-202approvedlist Goes to the approved AP list submenu. page 3-184roguelist Goes to the rogue AP list submenu. page 3-189quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.32.1 Network WLAN Rogueap set Command

setNetwork WLAN Rogue AP Commands

Sets rogue access point parameters.

Syntaxset [muscan|apscan|detscan|fullapscan] [mode <mode>|interval <interval>]

Parameters

Exampleadmin(network.wlan.rogueap)>set apscan mode enableadmin(network.wlan.rogueap)>set apscan int 60

Related Commands

[muscan|apscan|detscan|fullapscan] [mode <mode>|interval <interval>

Sets the different Rogue AP parameters• muscan – Sets MU scanning parameters• apscan – Sets AP scanning parameters.• detscan – Sets Detector scanning parameters. For

this feature to work, you must set one of the Access Ports as a Detector AP.

• fullapscan – Sets full AP scanning parameter. For this feature to work, you must set one of the Access Ports as a Full Detector AP.

Each of the above options have these settings• mode <mode> – <mode> can be enable or

disable. Use this to enable or disable a rogue ap parameter

• interval <interval> – Sets the scanning interval for rogue ap detection. <interval> can be between 5 to 65535 minutes. For fullapscan, the interval is in seconds.

Enables or disables mobile unit scanning.

show Displays the rogue AP parameters.


3.32.2 Network WLAN Rogueap show Command

showNetwork WLAN Rogue AP Commands

Shows the current rogue AP configuration.

Syntaxshow

ParametersNone

Exampleadmin(network.wlan.rogueap)>show

mu scan : disabled mu scan interval : 60 minutes ap scan : disabled ap scan interval : 60 minutes detector ap scan : disabled detector ap scan interval : 60 minutes full detector ap scan : disabled full detector ap scan interval : 60 seconds

Related Commands

set Sets the rogue AP scanning parameters.


3.33 Network WLAN Rogue AP Approvedlist Commands

approvedlistNetwork WLAN Rogue AP Commands

Displays the approved AP list submenu.

Syntaxadmin(network.wlan.rogueap)> approvedlistadmin(network.wlan.rogueap.approvedlist)>



show Shows the approved AP list. page 3-188ageoute Displays the ageout time for an approved list entry. page 3-185approve Approves an AP. page 3-186erase Erases the list. page 3-187quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.33.1 Network WLAN Rogueap Approvedlist ageout Command

ageouteNetwork WLAN Rogue AP Approvedlist Commands

Displays ageout time for an approved list entry.

Syntaxageout <interval>

Parameters

Exampleadmin(network.wlan.rogueap.approvedlist)>ageout 30admin(network.wlan.rogueap.approvedlist)>

Related Commands

ageout <interval> Sets the number of minutes, the <interval> (0–1000), before an entry in the approved list is automatically removed.

erase Erases the approved AP list.


3.33.2 Network WLAN Rogueap Approvedlist approve Command

approveNetwork WLAN Rogue AP Approvedlist Commands

Approves an AP.

Syntaxapprove [<index>|all]

Parameters

Exampleadmin(network.wlan.rogueap.approvedlist)>approve 1admin(network.wlan.rogueap.approvedlist)>approve alladmin(network.wlan.rogueap.approvedlist)>

Related Commands

approve [<index>|all]

• approve <index> – Approves an access point from the list based on the location specified by <index>.

• approve all – Approves all access points in the list.

erase Erases all access points in the list.


3.33.3 Network WLAN Rogueap Approvedlist erase Command

eraseNetwork WLAN Rogue AP Approvedlist Commands

Erases the approved AP list.

Syntaxerase all

Parametersnone

Example admin(network.wlan.rogueap.approvedlist)>erase alladmin(network.wlan.rogueap.approvedlist)>show

approved ap list ++++++++++++++++

approved list ageout : 30 minutes

index ap essid----- -- ------

Related Commands

approve Adds an Access Port to the approved list.show Displays the approved list.


3.33.4 Network WLAN Rogueap Approvedlist show Command

showNetwork WLAN Rogue AP Approvedlist Commands

Shows the approved AP list.

Syntaxshow

ParametersNone

Exampleadmin(network.wlan.rogueap.approvedlist)>show

approved ap list ++++++++++++++++

approved list ageout : 30 minutes


Related Commands

approve Adds an AP to the approved list.


3.34 Network WLAN Rogue AP Roguelist Commands

roguelistNetwork WLAN Rogue AP Commands

Displays the rogue AP list submenu.

Syntaxadmin(network.wlan.rogueap)> roguelistadmin(network.wlan.rogueap.roguelist)>



show Displays the rogue list entries. page 3-193locate Goes to the submenu for locating a rogue AP. page 3-196muscan Goes to the submenu for on-demand MU polling. page 3-199ageout Displays the ageout time for a rogue list entry. page 3-190approve Approves a rogue AP. page 3-191erase Erases the list. page 3-192set Sets rogue AP related parameters page 3-194deauth Configuration related to Rogue AP Containment. page 3-195quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.34.1 Network WLAN Rogue AP Roguelist ageout Command

ageoutNetwork WLAN Rogue AP Commands

Displays the ageout time for a rogue list entry.

Syntaxageout <time>

Parameters

Exampleadmin(network.wlan.rogueap.roguelist)>ageout 50

Related Commands

ageout <time> Sets the ageout time for the entry associated to <time> (1–1000) minutes.

locate Locates a rogue AP.show Shows the rogue AP list parameters and entries.


3.34.2 Network WLAN Rogue AP Roguelist approve Command

approveNetwork WLAN Rogue AP Commands

Moves a rogue AP into the approved AP list.

Syntaxapprove [<index>|all]

Parameters

Exampleadmin(network.wlan.rogueap.approvedlist)>approve all

Related Commands

approve [<index>|all]

• approve <index> – Puts the rogue AP <index> into the approved AP list.• approve all – Puts all the entries of the rogue list into the approved AP list.

show Shows the rogue list entries.


3.34.3 Network WLAN Rogue AP Roguelist erase Command

eraseNetwork WLAN Rogue AP Commands

Erases the rogue AP list.

Syntaxerase all

ParametersNone

Exampleadmin(network.wlan.rogueap.roguelist)>erase all

Example

show Lists all entries in the rogue AP list.


3.34.4 Network WLAN Rogue AP Roguelist show Command

showNetwork WLAN Rogue AP Commands

Displays the rogue list entries.

Syntaxshow [all|<index>|deauth-list]

Parameters

Exampleadmin(network.wlan.rogueap.roguelist)>show all

rogue ap list ++++++++++++++++++++

rogue list ageout : 0 minutes

-------------------------------------------------------------------------Idx AP Essid Channel-------------------------------------------------------------------------

Related Commands

show [all|<index>|deauth-list]

Displays Rogue AP lists.• all – Displays the complete list of rogue APs.• <index> – Displays detailed information for the rogue AP with index number

<index>.• deauth-list – Displays the Rogue AP Containment list

locate Locates a rogue AP.approve Approves a rogue AP


3.34.5 Network WLAN Rogue AP Roguelist set Command

setNetwork WLAN Rogue AP Commands

Sets rogue list parameters.

Syntaxset [rap-containment|deauth-interval|deauth-all]

set RAP-Containment <mode>set deauth-interval <interval>set dauth-all <mode>

Syntax:

Example admin(network.wlan.rogueap)>set RAP-Containment enableadmin(network.wlan.rogueap)>set deauth-interval 10admin(network.wlan.rogueap)>set deauth-all enable

Related Commands

RAP-Containment <mode>

• Enables or disables Rogue AP Containment feature.

deauth-interval <interval>

Sets the Rogue AP de-authentication interval to <interval> (1–300) seconds. This is the time after which MUs associated to a Rogue AP is deauthenticated.

deauth-all <mode> Enables or disables deauthenticating all rogue APs in the containment list.•

show Displays the rogue AP parameters.


3.34.6 Network WLAN Rogue AP Roguelist deauth Command

deauthNetwork WLAN Rogue AP Commands

Manages the Rogue AP Containment list by adding APs, their MAC address to the list and deleting APs from the list.

Syntaxdeauth [add-to-list|add-mac-to-list|remove-from-list] <index>deauth all

Parameters

Exampleadmin(network.wlan.rogueap.roguelist)>deauth add-to-list 1admin(network.wlan.rogueap.roguelist)>

admin(network.wlan.rogueap.roguelist)>deauth add-mac-to-list 11-22-33-44-55-66admin(network.wlan.rogueap.roguelist)>

deauth [add-to-list|add-mac-to-list|remove-from-list] <index>

Adds or removes APs from the ACL.• add-to-list <index> – Adds an AP to the Rogue AP containment list at the position

specified by <index>.• add-mac-to-list <index> – Adds the MAC address of a Rogue AP to the Rogue AP

containment list at the position specified by <index>.• remove-from-list <index> – Removes a MAC from the Rogue AP Containment

list.deauth all Removes all the contents from the Rogue AP Containment list


3.35 Network WLAN Rogue AP Rogue List Locate Commands

locateNetwork WLAN Rogue AP Roguelist Commands

Displays the locate submenu.

Syntaxadmin(network.wlan.rogueap.roguelist)> locateadmin(network.wlan.rogueap.roguelist.locate)>



start Starts locating a rogue AP. page 3-198list Lists results of the locate rogue AP scan. page 3-200quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.35.1 Network WLAN Rogue AP Rogue List Locate list Command

listNetwork WLAN Rogue AP Rogue List Locate Commands

Lists the results of the locate rogue AP scan.

Syntaxlist

ParametersNone

Exampleadmin(network.wlan.rogueap.roguelist.locate)>list

Related Commands

start Starts the rogue AP location process.


3.35.2 Network WLAN Rogue AP Rogue List Locate start Command

startNetwork WLAN Rogue AP Rogue List Locate Commands

Locates a rogue AP.

Syntaxstart <MAC> <ESSID>

Parameters

Exampleadmin(network.wlan.rogueap.roguelist.locate)>start 00A0f8fe2344 wlan-engg

Related Commands

start <MAC> <ESSID> Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the rogue AP, and <essid> is the ESSID for the rogue AP.

list Lists information for the rogue AP found during the scan.


3.36 Network WLAN Rogue AP Rogue List MU Scan Commands

muscanNetwork WLAN Rogue AP Roguelist Commands

Displays the MU scan submenu.

Syntaxadmin(network.wlan.rogueap.roguelist)> muscanadmin(network.wlan.rogueap.roguelist.muscan)>



start Starts a rogue AP scan using on-demand MU polling. page 3-201list Lists the rogue APs found during the scan. page 3-200quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.36.1 Network WLAN Rogue AP Rogue List MU Scan list Command

listNetwork WLAN Rogue AP Roguelist Commands

Lists the results of the locate rogue AP scan.

Syntaxlist

ParametersNone

Exampleadmin(network.wlan.rogueap.roguelist.muscan)>list

Related Commands

start Starts the MU scan process.


3.36.2 Network WLAN Rogue AP Rogue List MU Scan start Command

startNetwork WLAN Rogue AP Roguelist Commands

Starts an on-demand MU polling for rogue APs.

Syntaxstart <MAC> <ESSID>

Parameters

Exampleadmin(network.wlan.rogueap.roguelist.muscan)>start 00A0f8fe2344

Related Commands

start <MAC> <ESSID> Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the rogue AP, and <ESSID> is the ESSID for the rogue AP.

list Lists information for the rogue AP found during the scan.


3.37 Network WLAN Rogue AP Rule List Commands

rulelistNetwork WLAN Rogue AP Commands

Displays the rule list submenu.

Syntaxadmin(network.wlan.rogueap)> rulelistadmin(network.wlan.rogueap.rulelist)>



show Displays the rule list. page 3-206add Adds an entry to the rule list. page 3-203delete Deletes an entry from the rule list. page 3-205authsymbolap Authorizes all Symbol APs. page 3-204quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.37.1 Network WLAN Rogue AP Rule List add Command

addNetwork WLAN Rogue AP Rule List Commands

Adds an entry to the rule list.

Syntaxadd <MAC> <ESSID>

Parameters

Exampleadmin(network.wlan.rogueap.rulelist)>add 00a0f8f31212 mywlanadmin(network.wlan.rogueap.rulelist)>show

rule list +++++++++

symbol ap authorization : disabled

index ap essid----- -- ------1 00:a0:f8:f3:12:12 mywlan

admin(network.wlan.rogueap.rulelist)>?

Related Commands

add <MAC> <ESSID> Adds an entry into the rule list to allow an AP with the mac address <MAC> and the ESSID <ESSID>.

show Shows the entries in the rule list.


3.37.2 Network WLAN Rogue AP Rule List authsymbolap Command

authsymbolapNetwork WLAN Rogue AP Rule List Commands

Authorizes all Symbol APs.

Syntaxauthsymbolap <mode>

Parameters

Exampleadmin(network.wlan.rogueap.rulelist)>auth enableadmin(network.wlan.rogueap.rulelist)>show

rule list +++++++++

symbol ap authorization : enabled


Related Commands

authsymbolap <mode> Enables or disables automatic authorization of all Symbol APs. <mode> can be enable or disable.

show Shows all the rules in the rule list and shows status of the Symbol AP automatic authorization.


3.37.3 Network WLAN Rogue AP Rule List delete Command

deleteNetwork WLAN Rogue AP Rule List Commands

Deletes an entry from the rule list.


Parameters

Exampleadmin(network.wlan.rogueap.rulelist)>delete alladmin(network.wlan.rogueap.rulelist)>show

rule list +++++++++



Related Commands

delete [all|<idx>] Deletes entries in the rule list.• all – Deletes all entries in the rule list.• <idx> – Deletes the entry at the <idx> index in the rule list.

show Displays the entries in the rule list.


3.37.4 Network WLAN Rogue AP Rule List show Command

showNetwork WLAN Rogue AP Rule List Commands

Displays the rule list.

Syntaxshow

ParametersNone

Exampleadmin(network.wlan.rogueap.rulelist)>show

rule list +++++++++



Related Commands

delete Deletes entries from the rule list.add Adds entries to the rule list.


3.38 Network WLAN Enhanced Rogue AP Commands

enhancedrogueapNetwork WLAN Commands

Displays the Enhanced Rogue AP detection submenu.

Syntaxadmin(network.wlan)> enhancedrogueapadmin(network.wlan.enhancedrogueap)>



show Displays the Enhanced Rogue AP parameters. page 3-208set Sets the Enhanced Rogue AP parameters page 3-209quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.38.1 Network WLAN Enhanced Rogue AP show Command

showNetwork WLAN Enhanced Rogue AP Commands

Displays the Enhanced Rogue AP parameters.

Syntaxshow

ParametersNone

Exampleadmin(network.wlan.enhancedrogueap)>show

Enhanced RAP mode : disabled ERAP scan interval : 10 seconds ERAP scan duration : 100 milli seconds Channel Set for Radio A : Channel Set for Radio B/G :

admin(network.wlan.enhancedrogueap)>


3.38.2 Network WLAN Enhanced Rogue AP set Command

setNetwork WLAN Enhanced Rogue AP Commands

Sets the Enhanced Rogue AP parameters.

Syntaxset [mode|scaninterval|scanduration|A_channels|BG_channels|erase]

set mode <mode>set scaninterval <scaninterval>set scanduration <scanduration>set A_channel {channelset}set BG_channel {channelset}set erase

Parameters

Exampleadmin(network.wlan.enhancedrogueap)> show

Enhanced RAP mode : disabled ERAP scan interval : 10 seconds ERAP scan duration : 100 milli seconds Channel Set for Radio A : Channel Set for Radio B/G :admin(network.wlan.enhancedrogueap)> set mode enableadmin(network.wlan.enhancedrogueap)> set scaninterval 33admin(network.wlan.enhancedrogueap)> set scanduration 110admin(network.wlan.enhancedrogueap)> set A_channels 36 40admin(network.wlan.enhancedrogueap)> set BG_channels 1 2 3admin(network.wlan.enhancedrogueap)> show

Enhanced RAP mode : enabled ERAP scan interval : 33 seconds ERAP scan duration : 110 milli seconds Channel Set for Radio A : 36, 40, Channel Set for Radio B/G : 1, 2, 3,

mode <mode> Enables or disables the Enhanced Rogue AP featurescaninterval <scaninterval>

Sets the Enhanced Rogue AP feature scan interval.

scanduration <scanduration>

Sets the Enhanced Rogue AP feature scan duration

A_channels {<channelset>}

Sets A channels to scan for Enhanced Rogue AP feature.• <channelset> (Optional) – Enter a list of valid channels for A Radio.

BG_channels {<channelset>}

Sets BG channels to scan for Enhanced Rogue AP feature• <channelset> (Optional) – Enter a list of valid channels for b/g Radio.

erase Clears the Enhanced Rogue AP feature list.


3.39 Network WLAN MU Probe Commands

muprobeNetwork WLAN Commands

Displays the MU Probe sub menu.

Syntaxadmin(network.wlan)> muprobeadmin(network.wlan.muprobe)>



show Shows the MU Probe Table configuration page 3-211set Sets the MU Probe Table configuration page 3-212quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.39.1 Network WLAN MU Probe show Command

showNetwork WLAN MU Probe Commands

Displays the MU Probe Table configuration information.

Syntaxshow

ParametersNone

Exampleadmin(network.wlan.muprobe)> show

mu probe table : disabled mu probe table size : 200 MUs (number of rows could be more) mu probe window : 30 seconds


3.39.2 Network WLAN MU Probe set Command

setNetwork WLAN MU Probe Commands

Sets the different MU Probe Table configurations.

Syntaxset [mode|size|erase|windows]

set mode <mode>set size <size>set eraseset window <value>

Parameters

Exampleadmin(network.wlan.muprobe)> show

mu probe table : disabled mu probe table size : 200 MUs (number of rows could be more) mu probe window : 30 seconds

admin(network.wlan.muprobe)> set mode enableadmin(network.wlan.muprobe)> set size 100admin(network.wlan.muprobe)> set window 50admin(network.wlan.muprobe)> show

mu probe table : enabled mu probe table size : 100 MUs (number of rows could be more) mu probe window : 50 seconds

mode <mode> Enables or disables MU Probe scans. <mode> can be enable or disable.size <size> Sets the size <size> in number of rows of the MU Probe Table.erase Erases the MU Probe Tablewindow <value> Sets the MU Probe time window to <value> (5-300) seconds.


3.40 Network WLAN Hotspot Commands

hotspotNetwork WLAN Commands

Displays the Hotspot sub menu.

Syntaxadmin(network.wlan)> hotspotadmin(network.wlan.hotspot)>



set Sets the hotspot parameters page 3-214show Displays the hotspot parameters page 3-216import Imports hotspot display pages page 3-217radius Sets hotspot RADIUS configuration. Goes to a submenu. page 3-218white-list Sets the hotspot white-list. Goes to a submenu. page 3-222quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.40.1 Network WLAN Hotspot set Command

setNetwork WLAN Hotspot Commands

Sets the different Hotspot parameters.

Syntaxset [mode|page-loc|exturl|http-mode|hotspot-session-timeout|

hotspot-cred-cache]

set mode <idx> <mode>set page-loc <idx> <page-loc>set exturl <idx> <page> <url>set http-mode <idx> <http-mode>set hotspot-session-timeout <timeout>set hotspot-cred-cache <hotspot-cred-cache>

Parameters

Exampleadmin(network.wlan.hotspot)> show hotspot 1

WLAN 1Hotspot Mode : disableHotspot Page Location : defaultExternal Login URL :External Welcome URL :

mode <idx> <mode> Enables or disables hotspot for a WLAN with the index value <idx> (1-8).

page-loc <idx> <page-loc> Sets the location of the welcome page for Hotspot for a WLAN with the index <idx> (1-8). <page-loc> can be one of default, cf, url. • When <page-loc> is default, the default pages are shown. • When <page-loc> is cf, the pages for login, welcome, and fail are

stored on the CF card and are displayed from there. • When <page-loc> is url, the pages are displayed from a URL. The

URL information is provided through the set exturl command.exturl <idx> <page> <url> Sets the URL locations for the hotspot login, welcome, and fail pages

for a WLAN with the index value <idx> (1-8). <page> should be one of login, welcome, or fail and indicates the page type. <url> is the fully qualified path to the page indicated by the <page> value.

http-mode <idx> <http-mode> Sets the HTTP mode for the hotspot for the WLAN with index <idx> (1-8). <http-mode> can be one of http or https. HTTP indicates that connections to the hotspot does not use security. HTTPS indicates use of security.

hotspot-session-timeout <hotspot-session-timeout>

Sets the timeout value for the hotspot to <hotspot-session-timeout> minutes. This value is global and is applicable to all WLANs. The default value for <hotspot-session-timeout> is 20 minutes and the maximum value that can be entered is 1440 minutes (1 day).

hotspot-cred-cache <hotspot-cred-cache>

Enables or disables hotspot user credential caching for the WS2000.


External Fail URL :Http Mode : https

admin(network.wlan.hotspot)> set mode 1 enableadmin(network.wlan.hotspot)> set page-loc 1 urladmin(network.wlan.hotspot)> set exturl 1 login //192.168.1.10/wlan1/hotspt/login.htmadmin(network.wlan.hotspot)> set exturl 1 welcome //192.168.1.10/wlan1/hotspt/welcome.htmadmin(network.wlan.hotspot)> set exturl 1 fail //192.168.1.10/wlan1/hotspt/fail.htmadmin(network.wlan.hotspot)> show hotspot 1

WLAN 1Hotspot Mode : enableHotspot Page Location : urlExternal Login URL : //192.168.1.10/wlan1/hotspt/login.htmExternal Welcome URL : //192.168.1.10/wlan1/hotspt/welcome.htmExternal Fail URL : //192.168.1.10/wlan1/hotspt/fail.htmHttp Mode : https


3.40.2 Network WLAN Hotspot show Command

showNetwork WLAN Hotspot Commands

Displays the different hotspot configuration settings.

Syntaxshow [hotspot|white-list|hs-session-timeout|hs-cred-cache]

show hotspot <idx>show white-list <idx>

Parameters

Exampleadmin(network.wlan.hotspot)> show hotspot 1

WLAN 1Hotspot Mode : enableHotspot Page Location : urlExternal Login URL : //192.168.1.10/wlan1/hotspt/login.htmExternal Welcome URL : //192.168.1.10/wlan1/hotspt/welcome.htmExternal Fail URL : //192.168.1.10/wlan1/hotspt/fail.htmHttp Mode : https

admin(network.wlan.hotspot)> show white-list 1

WhiteList Rules------------------------------------------------------------------------- Idx IP Address------------------------------------------------------------------------- 1 192.168.1.322 192.168.1.453 192.168.1.554 192.168.1.56

admin(network.wlan.hotspot)> show hs-session-timeout Hotspot Session Timeout : 10

admin(network.wlan.hotspot)> show hs-cred-caching Hotspot Credential Cache Mode : Disabled

hotspot <idx> Displays the hotspot configuration settings.white-list <idx> Displays the white list rules.hs-session-timeout Displays the global hotspot session timeout value.hs-cred-cache Displays the enable/disable status for hotspot user credentials caching.


3.40.3 Network WLAN Hotspot Import Command

importNetwork WLAN Hotspot Commands

Imports the html pages for the welcome, login, and fail screens.

Syntaximport <idx> <page>

Parameters

Exampleadmin(network.wlan.hotspot)> import 1 loginEnter 'Ctrl C' to abort. Paste the HTML Page:<html><Head><title>Office1 WLAN - Login Page</title></head><body><h1 align="center">Office1 Wireless LAN - Login Page</h1><HR width=50%><p align ="center"><b>Please enter your login information below</b></p><form action="login.asp><center><table width=25%><tr><tD>User Name</td><td><input > </input></td></tr><tr><td>Password</td><td><input type=password> </input></td></tr></table><br><button type=submit><strong>Login</strong></button><hr width=50%><p>Page usage monitored and IP captured. Do not login if not authorized.</p></center></form></body></html>

import <idx> <page> Imports the specified page for the WLAN with index <idx> (1-8). <page> must be one of login, welcome, or fail. Paste the html page into the console.


3.41 Network WLAN Hotspot RADIUS commands

radiusNetwork WLAN Hotspot Commands

Displays the RADIUS server commands for hotspot. RADIUS is used to authenticate hotspot users.

Syntaxadmin(network.wlan.hotspot)> radiusadmin(network.wlan.hotspot.radius)>



show Shows RADIUS configuration settings. page 3-219set Sets RADIUS configuration page 3-220quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.41.1 Network WLAN Hotspot RADIUS show Command

showNetwork WLAN Hotspot RADIUS commands

Displays the RADIU ?S server information for each hotspot.

Syntaxshow radius <idx>

Parameters

Exampleadmin(network.wlan.hotspot.radius)> show radius 1Primary Server Ip adr : 127.0.0.1Primary Server Port : 1812Primary Server Secret : ******Secondary Server Ip adr : 0.0.0.0Secondary Server Port : 1812Secondary Server Secret : ******Accounting Mode : disableAccounting Timeout : 1Accounting Retry-count : 1

show radius <idx> Displays the RADIUS information for the WLAN with the index <idx> (1-8).


3.41.2 Network WLAN Hotspot RADIUS set Command

setNetwork WLAN Hotspot RADIUS commands

Configures the RADIUS server information for hotspots for each WLAN.

Syntaxset [server|port|secret|acct-mode|acct-timeout|acct-retry|

bind-interface|auth-mode]

set server <idx> <srvr_type> <ipadr>set port <idx> <srvr_type> <port>set secret <idx> <srvr_type> <secret>set acct-mode <idx> <mode>set acct-timeout <idx> <timeout>set acct-retry <idx> <retry_count>set bind-interface <idx> <server> <interface>set auth-mode <idx> <mode>

Parameters

Exampleadmin(network.wlan.hotspot.radius)> set server 1 primary 192.169.1.222admin(network.wlan.hotspot.radius)> set server 1 secondary 192.169.1.223admin(network.wlan.hotspot.radius)> set port 1 primary 1812admin(network.wlan.hotspot.radius)> set port 1 secondary 1812admin(network.wlan.hotspot.radius)> set secret 1 primary hello1

server <idx> <srvr_type> <ipadr>

Sets the IP address <ipadr> of the RADIUS server for the WLAN with index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server.

port <idx> <srvr_type> <port> Sets the port <port> of the RADIUS server for the WLAN with the index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server.

secret <idx> <srvr_type <secret>

Sets the secret <secret> for accessing the RADIUS server for the WLAN with the index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server.

acct-mode <idx> <mode> Enables or disables accounting mode for the RADIUS server for the WLAN with the index <idx> (1-8). When enabled, RADIUS accounting log is written to the CF card when the RADIUS server is not reachable.

acct-timeout <idx> <timeout> Sets the time duration <timeout> (1-255) seconds after which RADIUS logs are written to the CF card.

acct-retry <idx> <retry-count> Sets the number of re-tries <retry-count> (1-10) made before RADIUS logs are written to the CF card.

bind-interface <idx> <server> <interface>

Binds the RADIUS server type <server> (Primary or Secondary) to the interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2, ...s6-Subnet 6, w-wan) for the WLAN <idx> (1–8).

auth-mode <idx> <mode> Sets the radius authentication mode to either PAP or CHAP. This is used to encrypt authentication packets when authenticating with radius servers located on the WAN side of WS2000.


admin(network.wlan.hotspot.radius)> set secret 1 secondary hello2admin(network.wlan.hotspot.radius)> set acct-mode 1 enableadmin(network.wlan.hotspot.radius)> set acct-timeout 1 90admin(network.wlan.hotspot.radius)> set acct-retry 1 8admin(network.wlan.hotspot.radius)> set bind-interface 1 primary s1admin(network.wlan.hotspot.radius)> set auth-mode 1 PAPadmin(network.wlan.hotspot.radius)>show radius 1Primary Server Ip adr : 192.168.1.222Primary Server Port : 1812Primary Server Secret : ******Primary client bind interface : s1Secondary Server Ip adr : 192.169.1.223Secondary Server Port : 1812Secondary Server Secret : ******Secondary client bind interface : noneAccounting Mode : disableAccounting Timeout : 10Accounting Retry-count : 3RADIUS auth-mode : PAP

admin(network.wlan.hotspot.radius)>


3.42 Network WLAN Hotstpot White-list Commands

white-listNetwork WLAN Hotspot Commands

Displays the White-list submenu. White-list is a list of devices that can use the hotspot.

Syntaxadmin(network.wlan.hotspot)> white-listadmin(network.wlan.hotspot.whitelist)>



add Adds hotspot white-list entries. page 3-223clear Clears the hotspot white-list entries. page 3-225show Displays the hotspot white-list entries. page 3-225quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.42.1 Network WLAN Hotspot White-list add Command

addNetwork WLAN Hotstpot White-list Commands

Adds an entry to the WLAN hotspot white-list. White-list is a list of devices that can access the hotspot.

Syntaxadd rule <wlan_idx> <ipadr>

Parameters

Exampleadmin(network.wlan.hotspot.whitelist)> add rule 1 192.168.1.67admin(network.wlan.hotspot.whitelist)> show white-rules 1

WhiteList Rules------------------------------------------------------------------------- Idx IP Address------------------------------------------------------------------------- 1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67

add rule <wlan_idx> <ipadr>

Adds an IP entry <ipadr> to the White-list for the WLAN specified by the index <wlan_idx> (1-8)


3.42.2 Network WLAN Hotspot White-list clear Command

clearNetwork WLAN Hotstpot White-list Commands

Clears or deletes the WLAN hotspot white-list entries.

Syntaxclear rule [all|<wlan_idx> [all|<ipadr>]]

clear rule allclear rule <wlan_idx> allclear rule <wlan_idx> <ipadr>

Parameters

Exampleadmin(network.wlan.hotspot.whitelist)> show white-rules 1


admin(network.wlan.hotspot.whitelist)> clear rule 1 192.168.1.67admin(network.wlan.hotspot.whitelist)> show white-rules 1

WhiteList Rules------------------------------------------------------------------------- Idx IP Address------------------------------------------------------------------------- 1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56

admin(network.wlan.hotspot.whitelist)> clear rule alladmin(network.wlan.hotspot.whitelist)> show white-rules 1

WhiteList Rules------------------------------------------------------------------------- Idx IP Address-------------------------------------------------------------------------

clear rule [all|<wlan_idx> [all|<ipadr>]]

• clear rule all – Clears all the hotspot white-list entries.• clear rule <wlan_idx> all – Clears all the hotspot white-list entries for

the WLAN specified by the <wlan_idx> (1-8) value.• clear rule <wlan_idx> <ipadr> – Clears a specific IP address <ipadr>

from the hotspot white-list entries for the WLAN specified by the <wlan_idx> (1-8) value.


3.42.3 Network WLAN Hotspot White-list show Command

showNetwork WLAN Hotstpot White-list Commands

Displays the WLAN hotspot white-list entries.

Syntaxshow white-rules <idx>

Parameters

Exampleadmin(network.wlan.hotspot.whitelist)> show white-rules 1


show white-rules <idx> Displays the hotspot white-list for the WLAN with the index <idx> (1-8).


3.43 Network WLAN WLAN IP Fiter Policy Commands

wlanipfpolicyNetwork WLAN Commands

Displays the WLAN IP Filter Policy submenu.

Syntaxadmin(network.wlan)> wlanipfpolicyadmin(network.wlan.wlanipfpolicy)>



set Sets the WLAN IP Filter Policy configurations. page 3-227add Adds entries to the WLAN IP Filter table. page 3-228del Deletes entries from the WLAN IP Filter table. page 3-229show Displays the WLAN IP filter table. page 3-230quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.43.1 Network WLAN WLAN IP Filter Policy set Command

setNetwork WLAN WLAN IP Fiter Policy Commands

Sets the WLAN IP filter policy configuration. IP Filters have to be set up through the Network > IPFilter menu.

Syntaxset [ipf-mode|default]

set ipf-mode <wlan-idx> <ipf-mode>set default [incoming|outgoing] <wlan-idx> <action>

Syntax:

Exampleadmin(network.wlan.wlanipfpolicy)> show 1-------------------------------------------------------------------------Filter-Name Direction Action-------------------------------------------------------------------------

IP Filter Mode : disableDefault Incoming Action : denyDefault Outgoing Action : deny

admin(network.wlan.wlanipfpolicy)> set ipf-mode 1 enableadmin(network.wlan.wlanipfpolicy)> set default outgoing 1 allowadmin(network.wlan.wlanipfpolicy)> set default incoming 1 allowadmin(network.wlan.wlanipfpolicy)>show 1-------------------------------------------------------------------------Filter-Name Direction Action-------------------------------------------------------------------------

IP Filter Mode : enableDefault Incoming Action : allowDefault Outgoing Action : allow

ipf-mode <wlan-idx> <ipf-mode>

Sets the IP filter mode <ipf-mode> (enable/disable) for the WLAN with the index <idx> (1-8).

default [incoming|outgoing] <wlan-idx> <action>

• incoming – Sets the default incoming action to <action> (allow/deny) for IP filtering for he WLAN with the index <idx> (1-8).

• outgoing – Sets the default outgoing action to <action> (allow/deny) for IP filtering for he WLAN with the index <idx> (1-8).


3.43.2 Network WLAN WLAN IP Filter Policy add Command

addNetwork WLAN WLAN IP Fiter Policy Commands

Adds a new IP Filter association table entry. IP Filters have to be set up through the Network > IPFilter menu.

Syntaxadd <wlan-idx> <filter-name> <direction> <action>

Parameters

Exampleadmin(network.wlan.wlanipfpolicy)> add 1 allow_tcp incoming allowadmin(network.wlan.wlanipfpolicy)> add 1 allow_tcp outgoing denyadmin(network.wlan.wlanipfpolicy)> show 1-------------------------------------------------------------------------Filter-Name Direction Action-------------------------------------------------------------------------allow_tcp incoming allowallow_tcp outgoing deny


add <wlan-idx> <filter-name> <direction> <action>Adds a new IP Filter association table entry. The <filter-name> is the name of the filter to be added to the WLAN specified by the <wlan-idx> (1-8). The <direction> could be incoming or outgoing. The <action> could be allow or deny.


3.43.3 Network WLAN WLAN IP Filter Policy del Command

delNetwork WLAN WLAN IP Fiter Policy Commands

Deletes a entry from the IP Filter association table.

Syntaxdel <wlan-idx> [all|<index>]

Syntax:

Exampleadmin(network.wlan.wlanipfpolicy)> show 1-------------------------------------------------------------------------Filter-Name Direction Action-------------------------------------------------------------------------allow_tcp incoming allowallow_tcp outgoing deny


admin(network.wlan.wlanipfpolicy)> del 1 2admin(network.wlan.wlanipfpolicy)> show 1-------------------------------------------------------------------------Filter-Name Direction Action-------------------------------------------------------------------------allow_tcp incoming allow


delete <wlan-idx> [all|<index>]

Deletes an IP Filter association table entry. The WLAN is specified by the <wlan-idx> (1-8). <index> indicates the filter to delete. all is used to delete all entries from the IP Filter association table.


3.43.4 Network WLAN WLAN IP Filter Policy show Command

showNetwork WLAN WLAN IP Fiter Policy Commands

Displays the contents of the IP Filter association table.

Syntaxshow <wlan-idx>

Parameters

Exampleadmin(network.wlan.wlanipfpolicy)> show 1-------------------------------------------------------------------------Filter-Name Direction Action-------------------------------------------------------------------------allow_tcp incoming allowallow_tcp outgoing deny


show <wlan-idx> Displays the IP filter association table for the WLAN with the index <wlan-idx> (1-8).


3.44 Network Port Commands

portnetwork

Displays the port configuration submenu.

Syntaxadmin(network)>portadmin(network.port)>



show Shows the port configuration settings. page 3-233set Sets the port configuration page 3-232quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.44.1 Network Port set Command

setNetwork Port Commands

Sets the port configuration parameters.

Syntaxset [auto-negotiation|speed|duplex]

set auto-negotiation <idx> <auto-negotiation>set speed <idx> <speed>set duplex <idx> <duplex>

Parameters

Exampleadmin(network.port)> show port1

auto-negotiation : disablespeed : 10Mduplex : half

admin(network.port)> set auto-negotiation port1 enableadmin(network.port)> set speed port1 100Madmin(network.port)> set duplex port1 fulladmin(network.port)> show port1

auto-negotiation : enablespeed : 100Mduplex : full

auto-negotiation <idx> <auto-negotiation>

Enables or disables auto negotiation. When enabled, the port negotiates the speed and the duplex type. <auto-negotiation> can be one of enable or disable. <idx> (port1-port6, wan) is the port number.

speed <idx> <speed>

Sets the speed for the port with the index <idx> (port1-port6, wan). Set <speed> from 10M or 100M.

duplex <idx> <duplex>

Sets the duplex mode for the port with the index <idx> (port1-port6, wan). Set the <duplex> value from full or half.


3.44.2 Network Port show Command

showNetwork Port Commands

Displays the port configuration parameters.

Syntaxshow <idx>

Parameters

Exampleadmin(network.port)> show port1

auto-negotiation : enablespeed : 100Mduplex : full

show <idx> Displays the port configuration settings for the port <idx> (port1-port6, wan).


3.45 Network IP Filter Commands

ipfilternetwork

Displays the IP Filter submenu.

IP based filtering allows administrators to configure Incoming and Outgoing IP filtering policies on packets within the same Subnet / WLAN and between wired and wireless hosts. Filters can be set up based on IP Address or as a default rule for all IPs in a given direction.

Syntaxadmin(network)> ipfilteradmin(network.ipfilter)>



add Adds a filter to the global IP Filter table. page 3-235del Deletes a filter from the global IP Filter table. page 3-236show Shows the global IP Filter table. page 3-237quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.45.1 Network IP Filter add Command

addNetwork IP Filter Commands

Adds an entry into the global IP Filter table.

Syntaxadd <filter-name> <protocol> <port> <start-src-address> <end-src-address> <start-dest-address> <end-dest-address>

Parameters

Exampleadmin(network.ipfilter)> add port80tcp TCP 80 192.168.1.100 192.168.1.250 0.0.0.0 0.0.0.0admin(network.ipfilter)> show-------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use-------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0port80tcp TCP 192.168.1.100 0.0.0.0 NO 80 192.168.1.250 0.0.0.0

add <filter-name> <protocol> <port> <start-src-address> <end-src-address> <start-dest-address> <end-dest-address>

Adds an IP Filter with <filter-name> to the IP Filter table.• <protocol> can be one of tcp, udp, icmp, pim, gre, rsvp, idp, pup, egp, ipip, esp, ah, igmp,

ipv6, compr_h, raw_ip.• <port> is the port number. Could also be all.• <start-src-address> to <end-src-address> is the source ip range for which this filter is applied• <start-dest-address> to <end-dest-address> is the destination ip range for which this filter is

applied.


3.45.2 Network IP Filter del Command

delNetwork IP Filter Commands

Deletes an entry from the global IP Filter table.

Syntaxdel [all|<idx>]

Parameters

Exampleadmin(network.ipfilter)> del 3admin(network.ipfilter)> show-------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use-------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0

del [all|<index>] Deletes IP Filter table entries.• del <index> – Deletes the global IP Filter table entry at <index>.• del all – Deletes all entries of the global IP Filter table.


3.45.3 Network IP Filter Shlow Command

showNetwork IP Filter Commands

Displays the global IP Filter table.

Syntaxshow

ParametersNone

Exampleadmin(network.ipfilter)> show-------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use-------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0


3.46 Network WIPS Command

wipsnetwork

Description:

Displays the Wireless Intrusion Protection System (WIPS) submenu.

Syntaxadmin(network)> wipsadmin(network.wips)>



set Sets WIPS parameters. page 3-239show Displays WIPS parameters page 3-240list Lists the APs and Sensors discovered. page 3-241convert Converts APs to dedicated WIPS sensors page 3-242revert Revers dedicated WIPS sensors to APs page 3-243update Sends WIPS configuration to the sensors page 3-244defaults Goes to the Defaults submenu. page 3-245quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.46.1 Network WIPS set Command

setNetwork WIPS Command

Enables or disables WIPS.

Syntaxset mode <mode>

Parameters

Exampleadmin(network.wips)> set mode enableadmin(network.wips)> show modeState : enable

set mode <mode> Enables or disables WIPS. <mode> can be either enable or disable.


3.46.2 Network WIPS show Command

showNetwork WIPS Command

Displays the WIPS parameters.

Syntaxshow [mode|sensor]

Parameters

Exampleadmin(network.wips)> show modeState : enable

mode Enables or disables WIPS modesensor <mac> Shows sensor configuration

<mac> – Shows mac-Sensor MAC address


3.46.3 Network WIPS list Command

listNetwork WIPS Command

Lists the adopted APs and detected sensors for WIPS.

Syntaxlist [sensors|aps]

Parameters

Exampleadmin(network.wips)> list sensors-------------------------------------------------------------------------Idx Sensor MAC IP address-------------------------------------------------------------------------1 00a0f8bf8a70 192.168.0.167

admin(network.wips)> list APs-------------------------------------------------------------------------Idx AP MAC Conversion State-------------------------------------------------------------------------1 00a0f8bf8a70

list [sensors|aps] • list aps – Lists the sensor APs• list sensors – Lists the discovered APs


3.46.4 Network WIPS convert Command

convertNetwork WIPS Command

Converts an existing AP to a dedicated Sensor device. This command is only valid for Motorola AP300.

Syntaxconvert <mac1> <mac2> ...

Parameters

Exampleadmin(network.wips)> convert 00a0f8bf8a70

Conversion is started in the backgroundadmin(network.wips)> list sensors-------------------------------------------------------------------------Idx Sensor MAC IP address-------------------------------------------------------------------------1 00a0f8bf8a70 192.168.0.167

convert <mac1> <mac2> ...

Converts the list of AP represented by their MAC addresses <mac1> <mac2>... to dedicated sensor devices.


3.46.5 Network WIPS revert Command

revertNetwork WIPS Command

Reverts a dedicated Sensor device to an AP. This command is only valid for Motorola AP300.

Syntaxrevert <mac1> <mac2> ...

Syntax:

Exampleadmin(network.wips)> revert 00a0f8bf8a70

Revert is started in the backgroundadmin(network.wips)> list aps-----------------------------------------------------------------------------Idx AP MAC Conversion State-----------------------------------------------------------------------------1 00a0f8bf8a70

revert <mac1> <mac2> ...

Converts the list of Sensors represented by their MAC addresses <mac1> <mac2>... to APs.


3.46.6 Network WIPS update Command

updateNetwork WIPS Command

Sends configuration information to dedicated sensor devices.

Syntaxupdate <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>}

Parameters

Exampleadmin(network.wips)> show sensor 00a0f8bf8a70

Sensor MAC : 00a0f8bf8a70DHCP Mode : clientIP Address : 192.168.1.107IP Mask : 255.255.255.0Default Gateway : 192.168.1.1Primary WIPS Server : 192.168.0.20Secondary WIPS Server : 192.168.0.21

admin(network.wips)> update 00a0f8bf8a70 static 192.168.1.108 255.255.255.0 192.168.1.10 192.168 .0.20 192.168.0.21

admin(network.wips)> show sensor 00a0f8bf8a70

Sensor MAC : 00a0f8bf8a70DHCP Mode : clientIP Address : 192.168.2.100IP Mask : 255.255.255.0Default Gateway : 192.168.2.1Primary WIPS Server : 192.168.0.20Secondary WIPS Server : 192.168.0.21

update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>}Sends the configuration information to the sensor device, where:<mac> is the MAC address of the sensor device.<dhcp_mode> is the dhcp mode. Mode can be either client or static.<ipaddr> is the IP address of the sensor device. This field is only required when the <dhcp_mode> is static.<mask> is the subnet mask for the IP address of the sensor device. This field is only required when the <dhcp_mode> is static.<dgw> is the default gateway for the sensor device. This field is only required when the <dhcp_mode> is static.<pwips> is the IP address of the primary WIPS server.<swips> is the IP address of the secondary WIPS server. This value is optional.


3.47 Network WIPS Default commands

defaultsNetwork WIPS Command

Goes to the WIPS default configuration menu.

Syntaxadmin(network.wips)>defaultsadmin(network.wips.defaults)>


Default Description Ref.

show Shows the WIPS default configuration settings. page 3-247set Sets the Sensor default configuration for WIPS. page 3-246quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.47.1 Network WIPS set Command

setNetwork WIPS Default commands

Sets the default WIPS configuration settings. These settings are used when WIPS configurations are not changed.

Syntaxset mode <mode>

set [ipaddr|mask|dgw|pwips|swips] <a.b.c.d>

Syntax:

Exampleadmin(network.wips.default)> set mode enableadmin(network.wips.default)> set ipaddr 192.168.0.10admin(network.wips.default)> set mask 255.255.255.0admin(network.wips.default)> set dgw 192.168.0.1admin(network.wips.default)> set pwips 192.168.0.20admin(network.wips.default)> set swips192.168.0.21admin(network.wips.default)> show

DHCP Mode : clientIP Address : 192.168.0.10IP Mask : 255.255.255.0Default Gateway : 192.168.0.1Primary WIPS Server : 192.168.0.20Secondary WIPS Server : 192.168.0.21

mode <mode> Sets the default mode to enable or disable.ipaddr <a.b.c.d>

Sets the IP address to <a.b.c.d> for the WIPS sensor.

mask <a.b.c.d> Sets the network mask to <a.b.c.d> for the WIPS sensordgw <a.b.c.d> Sets the default gateway for the WIPS sensor to <a.b.c.d>pwips <a.b.c.d>

Sets the primary WIPS server to <a.b.c.d>

swips <a.b.c.d>

Sets the secondary WIPS server to <a.b.c.d>.


3.47.2 Network WIPS show Command

showNetwork WIPS Default commands

Displays the default WIPS configuration.

Syntaxshow

ParametersNone

Exampleadmin(network.wips.default)> show

DHCP Mode : clientIP Address : 192.168.0.10IP Mask : 255.255.255.0Default Gateway : 192.168.0.1Primary WIPS Server : 192.168.0.20Secondary WIPS Server : 192.168.0.21


3.48 Network WIDS Commands

widsnetwork

Displays the Wireless Intrusion Detection System (WIDS) commands.

Syntaxadmin(network)>widsadmin(network.wids)>



show Shows WIDS status and statistics page 3-254set Sets WIDS parameters page 3-250delete Removes WIDS MU List entries page 3-249quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.48.1 Network WIDS delete Command

deleteNetwork WIDS Commands

Deletes WIDS MU list entries.


Parameters

Exampleadmin(network.wids)> delete 1admin(network.wids)> delete alladmin(network.wids)>

delete [all|<idx>] • all – Deletes all the MU from the list.• <idx> – Deletes MU list entry at the index <idx>.


3.48.2 Network WIDS set Command

setNetwork WIDS Commands

Sets the WIDPS parameters.

Syntaxset [mode|detect-window|anomaly-detect|excess-op]

set mode <mode>set detect-window <detect-window>set anomaly-mode [mode|filter-ageout]set anomaly-mode mode <violation-type> <mode>set anomaly-mode filter-ageout <type> <filter-ageout>set excess-op [threshold|filter-ageout]set excess-op threshold [mu|radio|switch] <type> <threshold>set excess-op filter-ageout <type> <filter-ageout>

Parameters

mode <mode> Enables or disables WIDS. <mode> can be enable or disable.detect-window <detect-window>

Sets the duration for which WIDS information is collected to <detect-window> (5-300) seconds. Once collected, the information is sent for analysis. The deafult value for <detect-window> is 10 seconds.


anomaly-detect [mode|filter-ageout]

Configures the anomaly detection mode.• mode <violation-type> <mode> – Enables or disables anomaly detection for each

violation type <violation-type>. <mode> can be enable or disable.• <violation-type> can be one of the following:

• all - all the anomalies.• null-dst - NULL destination MAC anomaly• same-src-dst - Same source and destination IP anomaly• mcas-src - Multicast source MAC anomaly• weak-wep-iv - Weak WEP initialization vector anomaly• tkip-cntr-meas - TKIP Countermeasures anomaly• invalid-frame-len - Invalid frame length anomaly

• filter-ageout <type> <filter-ageout> – Sets the number of seconds a mobile unit is filtered out.• <type> is the violation type and can be one of:


• <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds. 0 disables this option.


Exampleadmin(network.wids)> set mode enableadmin(network.wids)> set detect-window 25admin(network.wids)> set anomaly-detect mode all enableadmin(network.wids)> set anomaly-detect filter-ageout all 120admin(network.wids)> set excess-op threshold mu all 80admin(network.wids)> set excess-op filter-ageout all 80admin(network.wids)> show wids

WIDS feature is : Enabled Detect Window : 10 (Secs)

Excessive Operations :: Threshold (0 == disabled) Filter-Ageout (Secs) -------------------- mu radio switch probe-req : 80 0 0 80 auth-assoc-req : 80 0 0 80 deauth-disassoc-req : 80 0 0 80 auth-fails : 80 0 0 80

excess-op [threshold|filter-ageout]

Sets the threshold of events allowed in the detection window per MU.• threshold [mu|radio|switch] <type> <threshold> – Sets the threshold values for mu,

radio, or switch. • <type> is the violation type and can be one of:

• all - all types of excessive operations• probe-req - Probe Request frames• auth-assoc-req - 802.11 Authentication and Association Request• deauth-disassoc-req - Disassociation and Deauthentication frames• auth-fails - Failures reported by Authentication servers• crypto-replay-fails - TKIP/CCMP IV replay check failure• 80211-replay-fails - 802.11 replay check failure• decrypt-fails - decryption failures• unassoc-frames - frames from unassociated stations• eap-starts - EAP (802.1x) Start frames

• <threshold> (0-65535) is the threshold value in seconds, 0 disables this option• filter-ageout <type> <filter-ageout> – Sets the number of seconds a mobile unit is

filtered out.• <type> is the violation type and can be one of:


• <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds. 0 disables this option.


crypto-replay-fails : 80 0 0 80 80211-replay-fails : 80 0 0 80 decrypt-fails : 80 0 0 80 unassoc-frames : 80 0 0 80 eap-starts : 80 0 0 80

Anomaly Analysis :: Status Filter-Ageout (Secs) ---------------- null-dst : enabled 120 same-src-dst : enabled 120 mcast-src : enabled 120 weak-wep-iv : enabled 120 tkip-cntr-meas : enabled 120 invalid-frame-len : enabled 120


3.48.3 Network WIDS show Command

showNetwork WIDS Commands

Displays the default WIDS configuration settings

Syntaxshow [wids|filter]

Parameters

Exampleadmin(network.wids)> show wids

WIDS feature is : Enabled Detect Window : 10 (Secs)

Excessive Operations :: Threshold (0 == disabled) Filter-Ageout (Secs) -------------------- mu radio switch probe-req : 80 0 0 80 auth-assoc-req : 80 0 0 80 deauth-disassoc-req : 80 0 0 80 auth-fails : 80 0 0 80 crypto-replay-fails : 80 0 0 80 80211-replay-fails : 80 0 0 80 decrypt-fails : 80 0 0 80 unassoc-frames : 80 0 0 80 eap-starts : 80 0 0 80

Anomaly Analysis :: Status Filter-Ageout (Secs) ---------------- null-dst : enabled 120 same-src-dst : enabled 120 mcast-src : enabled 120 weak-wep-iv : enabled 120 tkip-cntr-meas : enabled 120 invalid-frame-len : enabled 120

show [wids|filter] • wids – Displays the default WIDS configuration values.• filter – Displays the filter configuration values.


3.49 Network URL Filter Commands

urlfilternetwork

Displays the URL Filter commands

Syntaxadmin(network)> urlfilteradmin(network.urlfilter)>



keyword Goes to the Keyword submenu page 3-258whitelist Goes to the Whitelist submenu page 3-263blacklist Goes to the Blacklist submenu page 3-267trustip Goes to the Trusted IP submenu page 3-271set Sets the URL Filter configuration information page 3-256show Displays URL Filter configuration information page 3-257quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.49.1 Network URL Filter set Command

setNetwork URL Filter Commands

Sets URL FIlter parameters.

Syntaxset [mode|tcp-port|error-msg|action]

set mode <mode>set tcp-port <tcp-port>set error-msg <error-msg>set action <action>

Parameters

Exampleadmin(network.urlfilter)> show

URL Filter Mode : Disable TCP Port Number : 0 Error Message :

admin(network.urlfilter)>admin(network.urlfilter)>set mode enableadmin(network.urlfilter)>set tcp-port 100admin(network.urlfilter)>set error-msg "Error message"admin(network.urlfilter)>set action denyadmin(network.urlfilter)>show

URL Filter Mode : Disable TCP Port Number : 80 Error Message : policies of your service provider Action on DNSRD reply failure : deny

mode <mode> Sets the URL Filter mode. <mode> can be enable or disable.set tcp-port <tcp-port> Sets the TCP Port for URL Filtering to <tcp-port>.set error-msg <error-msg> Sets the error message to the string <error-msg> for URL Filtering. This error

message is displayed when there is an error while accessing the page the user had requested.

set action <action> Sets the default action for URL Filtering when reverse DNS look-up fails. <action> can be one of allow or deny.


3.49.2 Network URL Filter show Command

showNetwork URL Filter Commands

Displays URL Filter configuration information.

Syntaxshow

ParametersNone

Exampleadmin(network.urlfilter)>show

URL Filter Mode : Disable TCP Port Number : 80 Error Message : policies of your service provider Action on DNSRD reply failure : deny


3.50 Network URL Filter Keyword Commands

keywordNetwork URL Filter Commands

Displays the URL Filter Keyword commands.

Syntaxadmin(network.urlfilter)> keywordadmin(network.urlfilter.keyword)>



add Adds a new keyword and action to the keyword filter table page 3-259delete Deletes keyword from the keyword filter table page 3-260removeall Removes all keywords in the keyword filter table page 3-261show Displays the URL Filter Keyword table entries page 3-262quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.50.1 Network URL Filter Keyword add Command

addNetwork URL Filter Keyword Commands

Adds a new keyword and action to the keyword filter table.

Syntaxadd <keyword> <action>

Parameters

Exampleadmin(network.urlfilter.keyword)>add share denyadmin(network.urlfilter.keyword)>show--------URL FILTERING KEYWORD DETAILS---------KeyWord Actionshare deny

admin(network.urlfilter.keyword)>add trading denyadmin(network.urlfilter.keyword)>show--------URL FILTERING KEYWORD DETAILS---------KeyWord Actionshare denytrading deny

admin(network.urlfilter.keyword)>

add <keyword> <action>

Adds a filter to the keyword filter table.<keyword> – The keyword to be searched<action> – allow or deny. The action to be performed when the <keyword> is found.


3.50.2 Network URL Filter Keyword delete Command

deleteNetwork URL Filter Keyword Commands

Deletes a keyword from the keyword table.

Syntaxdelete <keyword>

Parameters

Exampleadmin(network.urlfilter.keyword)>show--------URL FILTERING KEYWORD DETAILS---------KeyWord Actionshare denytrading deny

admin(network.urlfilter.keyword)>delete shareadmin(network.urlfilter.keyword)>show--------URL FILTERING KEYWORD DETAILS---------KeyWord Actiontrading Deny

admin(network.urlfilter.keyword)>

delete <keyword> Deletes the keyword <keyword> from the URL Filter keyword table.


3.50.3 Network URL Filter Keyword removeall Command

removeallNetwork URL Filter Keyword Commands

Removes all entries from the Keyword Table.

Syntaxremoveall

ParametersNone

Exampleadmin(network.urlfilter.keyword)>show--------URL FILTERING KEYWORD DETAILS---------KeyWord Actionshare Denytrading Denystocks Denystock Deny

admin(network.urlfilter.keyword)>removealladmin(network.urlfilter.keyword)>show--------URL FILTERING KEYWORD DETAILS---------KeyWord Action


3.50.4 Network URL Filter Keyword show Command

showNetwork URL Filter Keyword Commands

Displays the URL filter keyword table entries.

Syntaxshow

ParametersNone

Exampleadmin(network.urlfilter.keyword)>show--------URL FILTERING KEYWORD DETAILS---------KeyWord Actionshare Denytrading Deny


3.51 Network URL Filter White list Commands

whitelistNetwork URL Filter Commands

Displays the whitelist URLs commands.

Syntaxadmin(network.urlfilter)> whitelistadmin(network.urlfilter.whitelist)>



add Adds a whitelist entry to the URL whitelist table. page 3-264delete Deletes a whitelist entry from the URL whitelist table. page 3-265show Displays the URL whitelist table entries. page 3-266quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.51.1 Network URL Filter White List add Command

addNetwork URL Filter White list Commands

Adds a new whitelist entry to the whitelist table.

Syntaxadd <whitelist>

Parameters

Exampleadmin(network.urlfilter.whitelist)>show--------URL FILTERING WHITE LIST DETAILS---------mot.com

admin(network.urlfilter.whitelist)>add moto.comadmin(network.urlfilter.whitelist)>show--------URL FILTERING WHITE LIST DETAILS---------mot.commoto.com

admin(network.urlfilter.whitelist)>

add <whitelist> Adds a whitelist entry into the whitelist table. <whitelist> is an URL to be added.


3.51.2 Network URL Filter White List delete Command

deleteNetwork URL Filter White list Commands

Deletes a whitelist entry from the whitelist table.

Syntaxdelete [<whitelist>|all]

Parameters

Exampleadmin(network.urlfilter.whitelist)>show--------URL FILTERING WHITE LIST DETAILS---------mot.commoto.commotoo.com

admin(network.urlfilter.whitelist)>delete motoo.comadmin(network.urlfilter.whitelist)>show--------URL FILTERING WHITE LIST DETAILS---------mot.commoto.com

admin(network.urlfilter.whitelist)>delete alladmin(network.urlfilter.whitelist)>show--------URL FILTERING WHITE LIST DETAILS---------

delete [<whitelist>|all]

Deletes the entries from the URL whitelist table.<whitelist> – deletes the specified URL from the URL whitelist tableall – deletes all URLs from the URL whitelist table


3.51.3 Network URL Filter White List show Command

showNetwork URL Filter White list Commands

Displays the URL filter whitelist table entries.

Syntaxshow

ParametersNone

Exampleadmin(network.urlfilter.whitelist)>show--------URL FILTERING WHITE LIST DETAILS---------mot.commoto.com

admin(network.urlfilter.whitelist)>


3.52 Network URL Filter Black List Commands

blacklistNetwork URL Filter Commands

Displays the URL Filter black list URLs commands.

Syntaxadmin(network.urlfilter)> blacklistadmin(network.urlfilter.blacklist)>



add Adds an URL to the blacklist table page 3-268delete Deletes a URL from the blacklist table page 3-269show Displays the URL blacklist table entries page 3-270quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.52.1 Network URL Filter Black List add Command

addNetwork URL Filter Black List Commands

Adds a new blacklist entry to the blacklist table.

Syntaxadd <blacklist>

Parameters

Exampleadmin(network.urlfilter.blacklist)>show--------URL Filtering BLACK LIST DETAILS---------shares.com

admin(network.urlfilter.blacklist)>add trading.comadmin(network.urlfilter.blacklist)>show--------URL Filtering BLACK LIST DETAILS---------shares.comtrading.com

admin(network.urlfilter.blacklist)>

add <blacklist> Adds a blacklist entry into the blacklist table. <blacklist> is an URL.


3.52.2 Network URL Filter Black List delete Command

deleteNetwork URL Filter Black List Commands

Deletes a blacklist entry from the blacklist table.

Syntaxdelete [<blacklist>|all]

Parameters

Exampleadmin(network.urlfilter.blacklist)>show--------URL Filtering BLACK LIST DETAILS---------shares.comtrading.comdipmail.com

admin(network.urlfilter.blacklist)>delete dipmail.comadmin(network.urlfilter.blacklist)>show--------URL Filtering BLACK LIST DETAILS---------shares.comtrading.com

admin(network.urlfilter.blacklist)>delete alladmin(network.urlfilter.blacklist)>show--------URL Filtering BLACK LIST DETAILS---------

del [<blacklist>|all]

Deletes the entries from the URL blacklist table.<blacklist> – The URL to be removed from the blacklist table.all – Removes all URLs from the URL blacklist table.


3.52.3 Network URL Filter Black List show Command

showNetwork URL Filter Black List Commands

Displays the URL filter blacklist table entries.

Syntaxshow

ParametersNone

Exampleadmin(network.urlfilter.blacklist)>show--------URL Filtering BLACK LIST DETAILS---------shares.comtrading.com

admin(network.urlfilter.blacklist)>


3.53 Network URL Filter Trusted IP Commands

trustipNetwork URL Filter Commands

Displays the URL Trusted IP commands.

Syntaxadmin(network.urlfilter)> trustipadmin(network.urlfilter.trustip)>



add Adds an IP to the trusted IP list page 3-272delete Deletes an IP from the trusted IP list page 3-273show Displays the list of trusted IPs page 3-274quit Quits the CLI. page 3-1save Saves the configuration to system flash. page 3-1.. Goes to the parent menu. page 3-1/ Goes to the root menu. page 3-1


3.53.1 Network URL Filter Trusted IP add Command

addNetwork URL Filter Trusted IP Commands

Adds a new IP into the trusted IP table.

add <trustip>

Parameters

Exampleadmin(network.urlfilter.trustip)>show--------URL FILTERING TRUST IP---------192.168.10.20

admin(network.urlfilter.trustip)>add 192.168.10.10admin(network.urlfilter.trustip)>show--------URL FILTERING TRUST IP---------192.168.10.20192.168.10.10

admin(network.urlfilter.trustip)>

add <trustip> Adds an IP address <trustip> into the trusted IPs list.


3.53.2 Network URL Filter Trusted IP delete Command

deleteNetwork URL Filter Black List Commands

Deletes an entry from the trusted IPs list.

Syntaxdelete [<trustip>|all]

Parameters

Exampleadmin(network.urlfilter.trustip)>show--------URL FILTERING TRUST IP---------192.168.10.20192.168.10.10192.168.11.9

admin(network.urlfilter.trustip)>del 192.168.11.9admin(network.urlfilter.trustip)>show--------URL FILTERING TRUST IP---------192.168.10.20192.168.10.10


del [<trustip>|all] Deletes trusted IP entries from the trusted IP list.<trustedip> – Deletes the IP <trustedip> from the trusted IP listall – Deletes all trusted IPs from the trusted IP list.


3.53.3 Network URL Filter Trusted IP show Command

showNetwork URL Filter Trusted IP Commands

Displays the trusted IPs list

Syntaxshow

ParametersNone

Exampleadmin(network.urlfilter.trustip)>show--------URL FILTERING TRUST IP---------192.168.10.20192.168.10.10


System CLI Commands Reference

System commands are used to set the system parameters for the WS 2000 Wireless Switch.

4.1 systemAdmin Menu Commands

Use the system command to go to the System menu.

admin> systemadmin(system)>

The following commands are available under the System menu:


lastpw Displays the last debug password. page 4-2exec Execute a linux command. page 4-3config Goes to the config submenu. page 4-10logs Goes to the logs submenu. page 4-22ntp Goes to the NTP submenu. page 4-28snmp Goes to the SNMP submenu. page 4-70userdb Goes to the userdb submenu. page 4-92radius Goes to the RADIUS submenu. page 4-33test Goes to the test submenu. page 4-127WS2000 Goes to the WS2000 submenu. page 4-113authentication Goes to the authentication submenu. page 4-4ssh Goes to the SSH submenu. page 4-89redundancy Goes to the redundancy submenu. page 4-66cf Goes to the CF submenu. page 4-122http Goes to the HTTP submenu page 4-124save Saves the configuration to system flash page 2-6quit Quits the CLI page 2-5.. Goes to the parent menu page 2-7/ Goes to the root menu page 2-8


4.1.1 System lastpw Command

lastpw system

This command displays the MAC address for the switch, the previous admin password for the switch, and the number of times the current admin password has been used along with how many more times it will be valid.

Syntaxlastpw

ParametersNone

Exampleadmin(system)>lastpw

WS2000 MAC Address is 00:a0:f8:6f:d8:fc Last Password was symbol12 Current password used 0 times, valid 4 more time(s)

System CLI Commands Reference 4-3

4.1.2 System exec Command

execsystem

Executes a linux command

Syntaxexec <command>

Parameters

Exampleadmin(system)> exec df -h /mntFilesystem Size Used Avail Use% Mounted onautomount(pid153) 0 0 0 - /mnt

exec <command> Executes a linux command <command>.


4.2 System Authentication Commands

authenticationsystem

Displays the authentication submenu.

Syntaxadmin(system)> authenticationadmin(system.authentication)>



radius Goes to the RADIUS submenu. page 4-7set Sets the mode. page 4-5show Shows the authentication parameters. page 4-6save Saves the configuration to system flash. page 4-1.. Goes to the parent menu. page 4-1/ Goes to the root menu. page 4-1


4.2.1 System Authentication set Command

setSystem Authentication Commands

Sets the parameter that specifies how user authentication is taking place.

Syntaxset [mode|auth-loc] [local|radius]

Syntax:

Exampleadmin(system.authentication)>set mode localadmin(system.authentication)>show all authentication mode : localadmin(system.authentication)>

Related Commands

set mode [local|radius] Sets the authentication mode. If set to local, the internal User Database will serve as the data source. If set to radius, the switch will use an external LDAP server for the information. If radius is the mode, then the parameters under the radius submenu must to be set.

set auth-loc [local|radius] Sets the Airbeam user authentication to either the local database or the RADIUS server. If set to radius, the switch will use an external LDAP server for the authentication. If radius is the authentication location, then the RADIUS server is used for authentication.

set Sets the parameters to specify that the external RADIUS server is used for user authentication.


4.2.2 System Authentication show Command

showSystem Authentication Commands

Shows the main user authentication parameters.

Syntaxshow all

ParametersNone

Exampleadmin(system.authentication)>set mode localadmin(system.authentication)>show all authentication mode : local radius user location and type : radiusadmin(system.authentication)>

Related Commands

set Sets the authentication parameters.


4.3 System Authentication RADIUS Commands

radiusSystem Authentication Commands

Displays the RADIUS submenu.

Syntaxadmin(system.authentication)> radiusadmin(system.authentication.radius)>



set Sets the RADIUS authentication parameters. page 4-8show Shows the RADIUS authentication parameters. page 4-9save Saves the configuration to system flash. page 4-1.. Goes to the parent menu. page 4-1/ Goes to the root menu. page 4-1


4.3.1 System Authentication RADIUS set Command

setSystem Authentication RADIUS Commands

Sets the RADIUS proxy server authentication parameters.

Syntaxset [auth-server-ip|auth-server-port|shared-secret]

set auth-server-ip <IP>set auth-server-port <port>set shared-secret <password>

Parameters

Exampleadmin(system.authentication.radius)>set auth-server-ip 192.168.0.4admin(system.authentication.radius)>set auth-server-port 1812admin(system.authentication.radius)>set shared mysecretadmin(system.authentication.radius)>admin(system.authentication.radius)>show all radius server ip : 192.168.0.4 radius server port : 1812 radius server shared secret : ********

set auth-server-ip <IP> Sets the IP address for the RADIUS authentication proxy server to the IP address <IP>.

auth-server-port <port> Specifies the TCP/IP port number <port> for the RADIUS server that will act as a proxy server. The default port is 1812.

shared-secret <password> Sets a shared secret <password> for each suffix that is used for authentication with the RADIUS proxy server.


4.3.2 System Authentication RADIUS show Command

showSystem Authentication RADIUS Commands

Shows the RADIUS authentication parameters.

Syntaxshow all

ParametersNone

Exampleadmin(system.authentication.radius)> set auth-server-ip 192.168.0.4admin(system.authentication.radius)> set auth-server-port 1812admin(system.authentication.radius)> set shared mysecret

admin(system.authentication.radius)>show all radius server ip : 192.168.0.4 radius server port : 1812 radius server shared secret : ********

Related Commands

set Sets the RADIUS authentication parameters.


4.4 System Configuration Commands

config system

Displays the config submenu.

Syntaxadmin(system)> configadmin(system.config)>



default Restores default configuration page 4-11export Exports configuration from the system page 4-12import Imports configuration to the system page 4-14partial Restores partial default configuration page 4-15set Sets import/export parameters page 4-16show Shows import/export parameters page 4-18update Performs firmware update page 4-19sensor-fw-update Performs firmware update for the sensors page 4-20loadtocf Loads the current firmware to a CF card page 4-21save Saves the configuration to system flash page 2-6quit Quits the CLI page 2-5.. Goes to the parent menu page 2-7/ Goes to the root menu page 2-8


4.4.1 System Config default Command

defaultSystem Configuration Commands

Restores the switch to the factory default configuration.

Syntaxdefault

ParametersNone

Exampleadmin(system.config)>default

Are you sure you want to default the configuration? (yes/no):yes

*************************************************************************System will now restore default configuration. You will need to set thecountry code for correct operation.*************************************************************************

Restoring default configuration : [ In progress ]


4.4.2 System Config export Command

exportSystem Configuration Commands

Exports the configuration from the system.

Syntaxexport [ftp|tftp|terminal|sftp]

Syntax:

Example

Export FTP Example:

admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd

admin(system.config)>export ftp

Export operation : [ Started ] Building configuration file : [ Done ] File transfer : [ In progress ] File transfer : [ Done ] Export operation : [ Done ]

Export TFTP Example:

admin(system.config)>set server 192.168.0.101 admin(system.config)>export tftp

Export operation : [ Started ] Building configuration file : [ Done ] File transfer : [ In progress ] File transfer : [ Done ] Export operation : [ Done ]

Export Terminal Example:

admin(system.config)>export terminal // // WS2000 Configuration Command Script // System Firmware Version: 1.5.0.0-160b // system ws2000

export [ftp|tftp|terminalsftp]

Exports the system configuration.• ftp – Exports the configuration to the FTP server. Use the set command to set the

server, user, password, and file name before using this command. • tftp – Exports the configuration to the TFTP server. Use the set command to set the IP

address for the TFTP server before using the command.• terminal – Exports the configuration to the terminal.• sftp – Exports the configuration to the sftp server.


// WS2000 menu set name WS2000 set loc Extra\20office set email [email protected] set cc us set airbeam mode disable set airbeam enc-passwd a11e00942773 set applet lan enable set applet wan enable set applet slan enable set applet swan enable set cli lan enable set cli wan enable set snmp lan enable set snmp wan enable / system config --More--

. . . <several pages of settings>

/ // Router configuration network router set type off set dir both set auth none set enc-passwd 8e57 set id 1 1 set enc-key 1 e2565fc57c2a766fb0d55160d6f92952 set id 2 1 set enc-key 2 e2565fc57c2a766fb0d55160d6f92952 delete all / save


4.4.3 System Config import Command

importSystem Configuration Commands

Imports the configuration to the system.

Syntaximport [ftp|tftp|sftp] {default-and-apply}

Parameters

Example

Import FTP Example

admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd mysecret admin(system.config)>import ftp Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ]

admin(system.config)>import ftp default-and-applyImport operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ]

Import TFTP Example

admin(system.config)>set server 192.168.0.101 admin(system.config)>import tftp Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ]

admin(system.config)>import tftp default-and-applyImport operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ]

import [ftp|tftp] {default-and-apply}

Imports configuration from external devices.• ftp – Imports the configuration from the FTP server. Use the set command to set

the server, user, password, and file.• tftp – Imports the configuration from the TFTP server. Use the set command to set

the server and file.• default-and-apply – Import the configuration from the FTP or TFTP server. Use this

command to first set the device to factory defaults before applying the imported configuration. This command is optional.

• sftp – Imports the comfiguration from the SFTP server.


4.4.4 System Config partial Command

partialSystem Configuration Commands

Resets the switch's configuration to the factory default settings for all settings except the WAN and some SNMP related settings. The following settings will remain intact when using Restore Partial Default Configuration:

• All settings on the WAN page

• SNMP access to the WS 2000 on the WS 2000 Access page

• All settings on the SNMP Access page

Before using this feature, consider exporting the current configuration for safekeeping.

Syntaxpartial

ParametersNone

Exampleadmin(system.config)>partial

Are you sure you want to partially default WS 2000? (yes/no):yes

*************************************************************************System will now restore default configuration. You will need to set thecountry code for correct operation.*************************************************************************

Restoring default configuration : [ In progress ]

Related Commands

export Exports system configuration settings.


4.4.5 System Config set Command

setSystem Configuration Commands

Sets the import/export parameters.

Syntaxset [server|user|passwd|file|cfgpath|fw|sensor-fw|import-enc-password|bind-interface|ap300]

set server <IP>set user <username>set passwd <password>set file <filename>set cfgpath <filepath>

set fw [file|path|boot|active-partition]set fw file <filename>set fw path <path>set fw boot [on-board-flash|compact-flash]set fw active-partition [primary|secondary]

set sensor-fw [file|path|max-size]set sensor-fw file <filename>set sensor-fw path <path>set sensor-fw max-size <size>

set import-enc-password <mode>set bind-interface <bind-interface>

set ap300 [file|path|max-size|legacy-mode]

Parameters

server <ipaddress> Sets the FTP/TFTP server IP address to <ipaddress> in the format a.b.c.d.user <username> Sets the FTP user name to <username> (up to 47 characters).passwd <password> Sets the FTP password to <password> (up to 39 characters).file <filename> Sets the configuration file name to <filename> (up to 39 characters).cfgpath <path> Sets the configuration file path to <path> (up to 31 characters)fw [file <filename>|path <path>|boot [on-board-flash|compact-flash]|active-partition [primary|secondary]

Sets the firmware information for the device.• file <filename> – Sets the firmware filename to <filename> (up to 39

characters).• path <path> – Sets the firmware file path to <path> (up to 39 characters).• boot [on-board-flash|compact-flash] – Sets the firmware boot device to either

the on board flash (on-board-flash) or the compact flash card (compact-flash) attached to the WS 2000 Wireless Switch.

• active-partition [primary|secondary] – Sets the active partition on the compact flash card to either of primary or secondary.


Example

FTP Set Example

admin(system.config)>set server 192.168.22.12admin(system.config)>set user myadminadmin(system.config)>set passwd

admin(system.config)>export ftp

Export operation : [ Started ]Building configuration file : [ Done ]File transfer : [ In progress ]File transfer : [ Done ]Export operation : [ Done ]

Firmware Example

admin(system.config)>set fw file mf_01050000160B.binadmin(system.config)>set fw path /tftp/myadmin/admin(system.config)>update tftp s1

sensor-fw [file <filename>|path <path|max-size <size>]

Sets sensor firmware information.• file <filename> – Sets the sensor firmware file name to <filename> (up to 39

characters).• path <path> – Sets the firmware file path for the sensor to <path> (up to 39

characters).• max-size <size> – Sets the maximum file size of the sensor firmware file to

<size>. import-enc-password <mode>

Enables or disables the import of encrypted passwords for the admin and manager logins. <mode> can be one of enable or disable.

bind-interface <bind-interface>

Sets the interface to bind <bind-interface> (s1-s6, w, none where s1-Subnet 1, s2-Subnet 2,..., s6-Subnet 6, w-WAN) during ftp.

ap300 [file|path|max-size|legacy-mode]

Sets AP300 firmware update parameters.• file <filename> – Sets AP300 firmware file name

• filename – Sets the file name. The range is 1 to 39 characters.• path – Sets firmware file path• max-size – Sets maximum size for AP300 firmware file• legacy-mode – Sets AP300 fw legacy mode


4.4.6 System Config show Command

showSystem Configuration Commands

Shows the import/export parameters.

Syntaxshow all

ParametersNone

Exampleadmin(system.config)> show allftp/tftp server ip address : 157.235.208.196ftp user name : adminftp password : ********cfg filename : v23.26b.binconfig filepath : /home/ftp/admin/2k/firmware filepath : /home/ftp/admin/2k/firmware filename : v23.26b.binsensor firmware filepath : /home/ftp/admin/2k/sensor firmware filename : leo_sensor.binmax size of sensor firmware file : 512000import enc admin password mode : disableboot source device : on-board-flashactive partition of Compact Flash : primary

ftp/sftp/tftp server ip address : 192.168.0.11ftp/sftp user name : guestftp/sftp password : ********cfg filename : cfg.txtconfig filepath :firmware filepath : /home/guest/firmware filename : mf_02040300010B.binsensor firmware filepath :sensor firmware filename : leo_sensor.binmax size of sensor firmware file : 512000ap300 firmware filepath :ap300 firmware filename : wiap.binmax size of ap300 firmware file : 512000AP300 firmware legacy mode : disableimport enc admin password mode : disableboot source device : on-board-flashactive partition of Compact Flash : primarybind interface : none


4.4.7 System Config update Command

updateSystem Configuration Commands

Performs a firmware update.

Syntaxupdate <mode> {<interface>}

update [tftp|ftp|sftp] <interface>update cf

Parameters

Exampleadmin(system.config)>set fw file mf_01050000200B.bin admin(system.config)>set fw path /tftp/myadmin/admin(system.config)>update tftp s1

update [tftp|ftp|sftp] <iface>

Sets how firmware updates will occur. Select between ftp, sftp and tftp. <iface> specifies the interface (location), as follows: • s1 = subnet1 • s2 = subnet2 • s3 = subnet3 • s4 = subnet4 • s5 = subnet5• s6 = subnet6• w = wan Before using this command, use set server to set the IP address for the FTP/TFTP server. If using the ftp mode, also use set user and set passwd to allow login to the FTP server.Note: When update mode is sftp,then the parameter ‘iface’ is not required.

update cf Indicates that firmware updates will occur from the switch’s compact flash slot. (Undoes an ftp/tftp/sftp setting.)


4.4.8 System Config sensor-fw-update Command

sensor-fw-updateSystem Configuration Commands

Performs firmware update for the sensors. When sensor firmware update is done,

• No restart is required.

• New sensors receive the updated firmware.

• Existing sensors must be reverted and then reassigned for them to get the new sensor firmware image.

Syntaxsensor-fw-update [ftp|tftp|sftp]

Parameters

Exampleadmin(system.config)>sensor-fw-update tftp

File transfer : [Successful]

admin(system.config)>

sensor-fw-update [ftp|tftp]

Updates the sensor firmware.• ftp – Updates the sensor firmware from the specified FTP server.• tftp – Updates the sensor firmware from the specified TFTP server.• sftp – Updates the sensor firmware from the specified SFTP server.


4.4.9 System Config loadtocf Command

loadtocfSystem Configuration Commands

This command loads and updates the firmware to the CF card. This is used for dual boot.

Syntaxloadtocf [cf|ftp|tftp|sftp] <image-type>

Syntax:

Exampleadmin(system.config)> loadtocf cf primaryadmin(system.config)>

cf <image-type> Loads the image to the CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. In this case, the image source is the CF card and the destination is also the CF card.

ftp <image-type> Loads the image to a CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using FTP and stores it on the target partition.

tftp <image-type> Loads the image to a CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using TFTP and stores it on the target partition.

sftp <image-type> Loads binary image to cf using sftp.The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using SFTP and stores it on the target partition.


4.5 System Logs Commands

logssystem

Displays the logs submenu.

Syntaxadmin(system)> logsadmin(system.logs)>



delete Deletes core files. page 4-23set Sets log options and parameters. page 4-25send Sends log and core files. page 4-24show Shows logging options. page 4-26view Views system log. page 4-27quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.5.1 System Logs delete Command

deleteSystem Logs Commands

Deletes the core log files.

Syntaxdelete

ParametersNone

Exampleadmin(system.logs)>delete


4.5.2 System Logs send Command

sendSystem Logs Commands

Sends log and core files through FTP to a location specified with the set command. Use the set command to set the FTP login and site information first.

Syntaxsend

ParametersNone

Exampleadmin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness admin(system.logs)>show all

log level : L6 Info ext syslog server logging : disable ext syslog server ip address : 0.0.0.0 ftp/tftp server ip address : 192.168.0.10 ftp user name : fred ftp password : ********

admin(system.logs)>send

File transfer : [ In progress ]

File transfer : [ Done ]

admin(system.logs)>

Related Commands

set Sets the parameters associated with log operations, such as send. show all Displays the log related settings.


4.5.3 System Logs set Command

setSystem Logs Commands

Sets log options and parameters.

Syntaxset [ipadr|level|mode|cf_logging_mode|server|user|passwd]

set ipadr <ip>set level <level>set mode <mode>set cf_logging_mode <mode>set server <ip>set user <username>set passwd <password>

Parameters

Exampleadmin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness admin(system.logs)>show all

log level : L6 Info ext syslog server logging : disable ext syslog server ip address : 0.0.0.0 ftp/tftp server ip address : 192.168.0.10 ftp user name : fred ftp password : ********

ipadr <ip> Sets the external syslog server IP address to <ip> (a.b.c.d).level <level> Sets the level of the events that will be logged. All event with a level at or

above <level> (L0–L7) will be saved in the system log. • L0:Emergency • L1:Alert • L2:Critical • L3:Errors • L4:Warning • L5:Notice • L6:Info • L7:Debug

mode <mode> Enables or disables ext syslog server logging. <mode> is either enable or disable.

cf_logging_mode <mode> Enables or disables logging to CF card if connection to the Syslog server fails. <mode> is either enable or disable.

server <ip> Sets the FTP server IP address to <ip> (a.b.c.d).user <username> Sets the FTP user name to <username> (1–47 characters).passwd <password> Sets the FTP password to <password> (1–39 characters).


4.5.4 System Logs Show Command

showSystem Logs Commands

Shows logging options.

Syntaxshow all

ParametersNone

Exampleadmin(system.logs)>set user user1 admin(system.logs)>set passwd helloadmin(system.logs)>show all

log level : L4 Warningext syslog server logging : enablesyslog server logging on CF : disableext syslog server ip address : 0.0.0.0ftp/tftp server ip address : 196.168.10.1ftp user name : adminftp password : ********

Related Commands

set Sets logging parameters to be used with send.


4.5.5 System Logs View Command

viewSystem Logs Commands

Views the system log file.

Syntaxview

ParametersNone

Exampleadmin(system.logs)>view

Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). Jan 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:15:43 (none) last message repeated 2 times Jan 7 16:16:01 (none) CC: 4:16pm up 6 days, 16:16, load average: 0.00, 0.01, 0.00 Jan 7 16:16:01 (none) CC: Mem: 62384 32520 29864

0 0 Jan 7 16:16:01 (none) CC: 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf7 000034dc 00000000 00000000 00000000 Jan 7 16:16:13 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:16:44 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance

. . .


4.6 System NTP Commands

ntpsystem

Displays the NTP submenu.

Syntaxadmin(system)> ntpadmin(system.ntp)>



show Shows NTP parameters settings. page 4-30set Sets NTP parameters. page 4-29date-zone Shows the date, time and time zone page 4-31zone-list Shows the list of time zones page 4-32quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.6.1 System NTP Set Command

setSystem NTP Commands

Sets NTP parameters.

Syntaxset [mode|intrvl|server|port|time|zone]

set mode <mode>set intrvl <interval>set server <idx> <ip/hostname>set port <idx> <port>set time <yyyy> <MM> <dd> <hh> <mm> <ss>set zone <zone-index>

Syntax:

Exampleadmin(system.ntp)>set mode enable admin(system.ntp)>set server 1 203.21.37.18 admin(system.ntp)>set port 1 345 admin(system.ntp)>show all

ntp mode : enable server ip 1 : 203.21.37.18 server ip 2 : 0.0.0.0 server ip 3 : 0.0.0.0 server port 1 : 345 server port 2 : 123 server port 3 : 123 current time : 1970-01-07 23:29:05

admin(system.ntp)>

mode <mode> Enables or disables NTP. <mode> is either enable or disable.intrvl <interval> Sets the length of time to <interval> (in minutes) for the switch to synchronize its

time with an NTP server.server <idx> <ip/hostname>

Sets the NTP server IP address <ip/hostname> (a.b.c.d or host url); specify one of the three NTP servers with <idx> (1, 2, or 3). This value can also be a host name of the NTP server. When the value is a host name, the domain name IP should be set under the (system.ws2000) menu on the CLI.

port <idx> <port> Sets the NTP port for the indicated server <idx> to <port> (1–65535).time <yyyy> <MM> <dd> <hh> <mm> <ss>

Sets the WS2000 system time manually. Time is in the format YYYY MM DD hh mm ss (Example: 2008 02 24 11 25 32)

zone <zone-idx> Sets the time zone to the <zone-idx> value. This value can be found by using the (system.ntp)>zone-list command.


4.6.2 System NTP Show Command

showSystem NTP Commands

Shows all NTP server settings.

Syntaxshow all

ParametersNone

Exampleadmin(system.ntp)>show all

ntp mode : enable server ip 1 : 114.233.112.4 server ip 2 : 0.0.0.0 server ip 3 : 0.0.0.0 server port 1 : 123 server port 2 : 123 server port 3 : 123 current time : 2004-10-07 22:58:24

Related Commands

set Sets NTP parameters.


4.6.3 System NTP Date-zone Command

date-zoneSystem NTP Commands

Shows the WS2000 date, time and time zone.

Syntaxdate-zone

ParametersNone

Exampleadmin(system.ntp)> date-zone Date/Time : Thu 1970-Jan-01 05:53:25 +0530 IST Time Zone : Asia/Calcutta

admin(system.ntp)>


4.7 System RADIUS Commands

radiussystem

Displays the RADIUS submenu.

Syntaxadmin(system)> radiusadmin(system.radius)>



eap Goes to the EAP submenu. page 4-41policy Goes to the access policy submenu. page 4-57ldap Goes to the LDAP submenu. page 4-51proxy Goes to the proxy submenu. page 4-60client Goes to the client submenu. page 4-37generate-dh-param Generates the DH Param file required for EAP-TLS/TTLS page 4-34set Sets the RADIUS parameters. page 4-35show Shows the RADIUS parameters. page 4-36quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.7.1 System RADIUS generate-dh-param Command

generate-dh-paramSystem RADIUS Commands

Generates the DH Params file for supporting Cipher Suit v 0x13 (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) for EAP-TLS./TTLS protocols. If this file does not exist when the WS2000 is booted, it is created. This command provides a facility to create the DH Params file as required.

Syntaxgenerate-dh-param

ParametersNone

Exampleadmin(system.radius)>generate-dh-paramThis will take several minutes.Please wait until the operation is complete.DH Parameter file will not get created if interrupted...

admin(system.radius)>


4.7.2 System RADIUS set Command

setSystem RADIUS Commands

Sets the RADIUS database to either the local database or an LDAP server.

Syntaxset database [local|ldap|ldaps]

Parameters

Exampleadmin(system.radius)>set database ldapadmin(system.radius)>show allDatabase : ldap

Related Commands

set database [local|ldap|ldaps]

Sets the RADIUS server to the local database (local) or an LDAP server (ldap) or a secured LDAP server (ldaps).

show all Shows the top-level RADIUS parameters.


4.7.3 System RADIUS show Command

showSystem RADIUS Commands

Shows the RADIUS parameters.

Syntaxshow all

ParametersNone

Exampleadmin(system.radius)>set database ldapadmin(system.radius)>show allDatabase : ldap

Related Commands

set Sets the RADIUS database source.


4.8 System RADIUS Client Commands

clientSystem RADIUS Commands

Displays the client submenu.

Syntaxadmin(system.radius)>clientadmin(system.radius.client)>



add Adds a RADIUS client. page 4-38del Deletes a RADIUS client. page 4-39show Displays a list of configured clients. page 4-40quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.8.1 System RADIUS Client add Command

addSystem RADIUS Client Commands

Adds a RADIUS client.

Syntaxadd <ip> <mask> <secret>

Parameters

Exampleadmin(system.radius.client)>add 192.168.46.4 225.225.225.0 mysecretadmin(system.radius.client)>showList of Radius Clients :

-------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret------------------------------------------------------------------------

1 192.168.46.4 225.225.225.0 ******admin(system.radius.client)>

Related Commands

add <ip> <mask> <secret> Adds a RADIUS client with IP address <ip>, netmask <mask>, and shared secret <secret>.

del Deletes a RADIUS client.show Shows a list of RADIUS clients.


4.8.2 System RADIUS Client del Command

delSystem RADIUS Client Commands

Deletes a RADIUS client with the provided IP address.

Syntaxdel <ip>

Parameters

Exampleadmin(system.radius.client)>showList of Radius Clients :

-------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret-------------------------------------------------------------------------1 192.168.46.4 225.225.225.0 ******2 192.168.101.43 225.225.225.0 ******

admin(system.radius.client)>del 192.168.46.4admin(system.radius.client)>showList of Radius Clients :

-------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret-------------------------------------------------------------------------1 192.168.101.43 225.225.225.0 ******admin(system.radius.client)>

Related Commands

del <ip> Deletes the RADIUS client with IP address <ip>.

add Adds a RADIUS client to the list.show Displays the list of RADIUS clients.


4.8.3 System RADIUS Client show Command

showSystem RADIUS Client Commands

Displays a list of configured RADIUS clients.

Syntaxshow

ParametersNone

Exampleadmin(system.radius.client)>showList of Radius Clients :

-------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret-------------------------------------------------------------------------1 192.168.46.4 225.225.225.0 ******2 192.168.101.43 225.225.225.0 ******

admin(system.radius.client)>

Related Commands

add Adds a RADIUS client to the list.del Deletes a RADIUS client from the list.


4.9 System RADIUS EAP Commands

eapSystem RADIUS Commands

Displays the EAP submenu.

Syntaxadmin(system.radius)> eapadmin(system.radius.eap)>



peap Goes to the PEAP submenu. page 4-45ttls Goes to the TTLS submenu. page 4-48import Imports the EAP certificates. page 4-42set Sets the EAP parameters. page 4-43show Shows the EAP parameters. page 4-44quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.9.1 System RADIUS EAP import Command

importSystem RADIUS EAP Commands

Imports the EAP certificates.

Syntaximport [server|cacert] <cert ID>

Parameters

Exampleadmin(system.radius.eap)>import server mycertadmin(system.radius.eap)>import cacert NETE3443

Related Commands

server <cert id> Imports a server certificate with the certificate ID <cert id>.cacert <cert id> Imports a Trusted Certificate with certificate ID <cert id>.

show cert Show the list of certificates.


4.9.2 System RADIUS EAP set Command

setSystem RADIUS EAP Commands

Sets the EAP parameters. To configure each of the selected authentication types, go to the submenu associated with each type.

Syntaxset auth [peap|ttls|both]

Parameters

Exampleadmin(system.radius.eap)>set auth peapadmin(system.radius.eap)>show allDefault EAP Type : peap

Related Commands

auth [peap|ttls|both] Sets the default authorization type to one of PEAP or TTLS or both. When selected, go to the submenu associated with the selection to finish the setup.

show all Shows the EAP settings.


4.9.3 System RADIUS EAP show Command

showSystem RADIUS EAP Commands

Displays the EAP parameters.

Syntaxshow [all|cert]

Parameters

Exampleadmin(system.radius.eap)>set auth peapadmin(system.radius.eap)>show allDefault EAP Type : peap

Example

show [all|cert] Displays EAP parameters• all – Displays the default EAP authentication settings.• cert - Displays a list of certificates.

set Sets the EAP parameters.


4.10 System RADIUS EAP PEAP Commands

peapSystem RADIUS EAP Commands

Displays the PEAP submenu.

Syntaxadmin(system.radius.eap)> peapadmin(system.radius.eap.peap)>



set Sets the PEAP authentication type. page 4-46show Shows the PEAP authentication type. page 4-47quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.10.1 System RADIUS EAP PEAP set Command

setSystem RADIUS EAP PEAP Commands

Sets the PEAP authentication type.

Syntaxset auth <peap type>

Parameters

Exampleadmin(system.radius.eap.peap)>set auth gtcadmin(system.radius.eap.peap)>showPEAP Auth Type : gtc

Related Commands

set auth <peap type> Sets the authentication type for PEAP to <peap type> (GTC or MTCHAPv2).

show Displays the PEAP authentication type.


4.10.2 System RADIUS EAP PEAP show Command

showSystem RADIUS EAP PEAP Commands

Displays the PEAP authentication type.

Syntaxshow

ParametersNone

Exampleadmin(system.radius.eap.peap)>set auth gtcadmin(system.radius.eap.peap)>showPEAP Auth Type : gtc

Related Commands

set Sets the PEAP authentication type.


4.11 System RADIUS EAP TTLS Commands

ttlsSystem RADIUS EAP Commands

Displays the TTLS submenu.

Syntaxadmin(system.radius.eap)> ttlsadmin(system.radius.eap.ttls)>



set Sets the TTLS authentication type. page 4-49show Shows the TTLS authentication type. page 4-50quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.11.1 System RADIUS EAP TTLS set Command

setSystem RADIUS EAP TTLS Commands

Sets the TTLS authentication type.

Syntaxset auth <ttls type>

Parameters

Exampleadmin(system.radius.eap.ttls)>set auth md5admin(system.radius.eap.ttls)>showTTLS Auth Type : md5

Related Commands

set auth <auth type> Sets the authentication type for TTLS to <auth type> (PAP, MD5, or MSCHAPv2).

show Show the TTLS authentication type.


4.11.2 System RADIUS EAP TTLS show Command

showSystem RADIUS EAP TTLS Commands

Shows the TTLS authentication type.

Syntaxshow

ParametersNone

Exampleadmin(system.radius.eap.ttls)>set auth md5admin(system.radius.eap.ttls)>showTTLS Auth Type : md5

Related Commands

set Sets the TTLS authentication type.


4.12 System RADIUS LDAP Commands

ldapSystem RADIUS Commands

Displays the LDAP submenu.

Syntaxadmin(system.radius)> ldapadmin(system.radius.ldap)>



set Sets the LDAP parameters. page 4-52show Shows the LDAP parameters. page 4-54import Imports Secured LDAP certificates. page 4-55join Joins the A D domain. page 4-56quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.12.1 System RADIUS LDAP set Command

setSystem RADIUS LDAP Commands

Sets the LDAP parameters.

Syntaxset [ipadr|domain|port|binddn|basedn|passwd|login|pass_attr|groupname|filter|membership|adagent|pri-domain|admin-uname|admin-pass]

set ipadr <ip>set domain <domain>set port <port>set binddn <binddn>set basedn <basedn>set passwd <password>set login <login attr>set pass_attr <password attr>set groupname <groupname attr>set filterset membership <group attr>set adagent <mode>set pri-domain <mode>set admin-uname <username>set admin-pass <password>

Parameters

ipadr <ip> Sets LDAP server IP address to <ip>.domain <domain> Sets LDAP domain name to a fully qualified domain name <domain>. Use

when using LDAPS or AD agentport <port> Sets LDAP server port to <port>.binddn <binddn> Sets LDAP bind distinguished name to <binddn> (a string of characters).basedn <basedn> Sets LDAP Base distinguished name to <basedn> (a string of characters).passwd <password> Sets LDAP server password to <password> (a string of characters).login <login attr> Sets LDAP login attribute to <login attr> (a string of characters).pass_attr <password attr> Sets LDAP password attribute to <password attr> (a string of characters).groupname <groupname attr>

Sets LDAP group name attribute to <groupname attr> (a string of characters).

filter Sets LDAP membership filter with appropriate settingsmembership <group attr> Sets LDAP membership attribute to <group attr> (a string of characters).adagent <mode> Enables or disables the A D agent feature. <mode> is either enable or

disable.pri-domain <mode> Enables or disables setting primary domain for A D agent. <mode> is either

enable or disable.admin-uname <username> Sets the administrator user name to <username> for the LDAP domainadmin-pass <password> Sets the administrator password to <password> for the LDAP domain


Exampleadmin(system.radius.ldap)>set ipadr 192.168.42.23admin(system.radius.ldap)>set port 356admin(system.radius.ldap)>show allLDAP Server IP : 192.168.42.23LDAP Server Port : 56LDAP Bind DN : dfkjkkjLDAP Base DN : o=mobionLDAP Login Attribute : (uid=%{Stripped-User-Name:-%{User-Name}})LDAP Password Attribute : userPasswordLDAP Group Name Attribute : cnLDAP Group Membership Filter :LDAP Group Membership Attribute : mygroupadmin(system.radius.ldap)>

Related Commands

show Displays the set of LDAP server settings.


4.12.2 System RADIUS LDAP show Command

showSystem RADIUS LDAP Commands

Description:

Displays the LDAP parameters.

Syntaxshow all

ParametersNone

Exampleadmin(system.radius.ldap)>set ipadr 192.168.42.23admin(system.radius.ldap)>set port 356admin(system.radius.ldap)>show allLDAP Server IP : 192.168.42.23LDAP Server Port : 56LDAP Bind DN : dfkjkkjLDAP Base DN : o=mobionLDAP Login Attribute : (uid=%{Stripped-User-Name:-%{User-Name}})LDAP Password Attribute : userPasswordLDAP Group Name Attribute : cnLDAP Group Membership Filter :LDAP Group Membership Attribute : mygroupadmin(system.radius.ldap)>

Related Commands

set Sets the LDAP parameters.


4.12.3 System RADIUS LDAP import Command

importSystem RADIUS LDAP Commands

Imports Secure LDAP certificates.

Syntaximport [client|cacert] <cert-id>

Parameters

Exampleadmin(system.radius.ldap)> import client LdapClientadmin(system.radius.ldap)> import cacert LdapTrusted

import [client|cacert] <cert-id>

Import Secure LDAP certificates.• client – Imports self certificate <cert-id> • ca-cert – Imports the trusted certificate authority certificate <cert-id>


4.12.4 System RADIUS LDAP join Command

joinSystem RADIUS LDAP Commands

Joins the device to the A D domain.

Syntaxjoin

ParametersNone

Exampleadmin(system.radius.ldap)> join


4.13 System RADIUS Policy Commands

policySystem RADIUS Commands

Displays the policy submenu.

Syntaxadmin(system.radius)> policyadmin(system.radius.policy)>



set Sets the group’s access policy. page 4-58show Shows the group’s access policy. page 4-59quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.13.1 System RADIUS Policy set Command

setSystem RADIUS Policy Commands

Sets a group’s access to WLANs.

Syntaxset <group> <idx>

Parameters

Exampleadmin(system.radius.policy)>set g1 2 3 4admin(system.radius.policy)>showList of Access Policies :g1 : 2 3 4g2 : No Wlans

Related Commands

set <group> <idx> Gives the group <group> access to WLAN with a list of indexes <idx>. The list <idx> can either be a single index or several indexes separated by spaces. The group <group> must be already defined. See System User Database Group Commands for information about defining groups.

show Displays the group’s access policies.


4.13.2 System RADIUS Policy show Command

showSystem RADIUS Policy Commands

Displays the access policy details for all groups.

Syntaxshow

ParametersNone

Exampleadmin(system.radius.policy)>set g1 2 3 4admin(system.radius.policy)>showList of Access Policies :g1 : 2 3 4g2 : No Wlans

Related Commands

set Sets the group WLAN access settings.


4.14 System RADIUS Proxy Commands

proxySystem RADIUS Commands

Displays the proxy submenu.

Syntaxadmin(system.radius)> proxyadmin(system.radius.proxy)>



add Adds a proxy realm. page 4-61del Deletes a proxy realm. page 4-62clearall Removes all proxy server records. page 4-63set Sets the proxy server parameters. page 4-64show Shows the proxy server parameters. page 4-65quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.14.1 System RADIUS Proxy add Command

addSystem RADIUS Proxy Commands

Adds a proxy realm.

Syntaxadd <name> <ip> <port> <secret>

Parameters

Exampleadmin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpassadmin(system.radius.proxy)>show realmProxy Realms :

-------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret-------------------------------------------------------------------------1 realm1 192.168.102.42 225 ******

Related Commands

add <realm> <ip> <port> <secret>

Add a proxy realm with realm name <realm>, RADIUS server IP address <ip>, port <port>, and shared secret <secret>.

show realm Displays this list of defined proxy servers.del Deletes a proxy server from the list.


4.14.2 System RADIUS Proxy del Command

delSystem RADIUS Proxy Commands

Deletes a proxy realm.

Syntaxdel <realm>

Parameters


-------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret-------------------------------------------------------------------------1 realm1 192.168.102.42 225 ******admin(system.radius.proxy)>del realm1admin(system.radius.proxy)>show realmProxy Realms :

-------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret-------------------------------------------------------------------------

Related Commands

del <realm> Deletes a proxy server realm with name <realm>.

add Adds a proxy server realm.show Displays the list of proxy servers.


4.14.3 System RADIUS Proxy clearall Command

clearallSystem RADIUS Proxy Commands

Clears all the proxy server records.

Syntaxclearall

ParametersNone

Exampleadmin(system.radius.proxy)> clearall


4.14.4 System RADIUS Proxy set Command

setSystem RADIUS Proxy Commands

Sets the proxy server parameters.

Syntaxset delay <delay>set count <count>

Syntax:

Exampleadmin(system.radius.proxy)>set delay 7admin(system.radius.proxy)>set count 4admin(system.radius.proxy)>show proxyProxy Server Retry Count : 4Proxy Server Retry Delay : 7admin(system.radius.proxy)>

Example

delay <delay> Sets the retry delay of the proxy server to <delay> minute (5–10).count <count> Sets the retry count of the proxy server to <count> (3–6).

show proxy Shows the proxy server retry settings.


4.14.5 System RADIUS Proxy show Command

showSystem RADIUS Proxy Commands

Shows the proxy server parameters.

Syntaxshow [proxy|realm]

Parameters


-------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret-------------------------------------------------------------------------1 realm1 192.168.102.42 225 ******

admin(system.radius.proxy)>set delay 7admin(system.radius.proxy)>set count 4admin(system.radius.proxy)>show proxyProxy Server Retry Count : 4Proxy Server Retry Delay : 7admin(system.radius.proxy)>

Related Commands

show [proxy|realm] Displays proxy server parameters.• proxy – Displays the proxy server parameters. • realm – Displays proxy server realm information.

set Sets the proxy server retry parameters.add Adds a proxy server realm to the list.


4.15 System Redundancy Commands

redundancysystem

Displays the redundancy submenu.

Syntaxadmin(system)> redundancyadmin(system.redundancy)>



set Sets redundancy parameters. page 4-67show Shows redundancy settings. page 4-69quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.15.1 System Redundancy set Command

setSystem Redundancy Commands

Sets the parameters for redundant switch mode.

Syntaxset [op_state|mode|heartbeat|revertdelay|redundancy|preempt|virtualip]

set mode <mode>set op_state <state>set heartbeat <interval>set revertdelay <delay>set redundancy <subnet> <state>set preempt <mode>set virtualip <subnet> <ip>

Parameters

Exampleadmin(system.redundancy)>set mode standby

can not set the value when the op_state is either upgrade or standalone

admin(system.redundancy)>set op-state redundancyadmin(system.redundancy)>set mode standbyadmin(system.redundancy)>

mode <mode> Sets the switch to the <mode> (primary or secondary). Indicates that the switch is either the primary or secondary (standby) switch when redundancy is enabled. This parameter can only be set if the op_state parameter is set to redundancy.

op-state <state> Sets the redundancy operation state of the switch to one of the following <state>:• standalone—The switch has no redundancy capabilities and operates

independently of any other WS 2000 switches on the network. This is the default setting.

• redundancy—Two WS 2000 switches are connected, with one set as a primary and the other as a standby.

• upgrade—The primary and standby switches must run the same version of the switch firmware for redundancy to work correctly. If the firmware on only one of the switches is updated, redundancy is disabled and the Operational State is automatically set to Upgrade.

heartbeat <interval> Sets the heartbeat interval for the switch to <interval> (1–60) seconds.revertdelay <delay> Specifies the amount of time <delay> (1–20 minutes) after not receiving a

heartbeat packet before the secondary (standby) switch will take over. redundancy <subnet> <state>

Sets the redundancy state <state> (enable or disable) for the subnet <subnet> (s1, s2. s3, s4, s5, s6).

preempt <mode> Enables to prevent system stand-by on redundant switches. <mode> can be enable or disable.

virtualip <subnet> <ip>

Sets the virtual IP address to <ip> for each redundant subnet <subnet>.


Related Commands

show Displays the redundancy settings.


4.15.2 System Redundancy show Command

showSystem Redundancy Commands

Displays the switch redundancy settings.

Syntaxshow all

ParametersNone

Exampleadmin(system.redundancy)>show all

redundancy configured mode : primaryredundancy operational mode : VRRP daemon not runningredundancy operational state : standaloneheart beat interval : 3 secondsrevert delay : 5 minutesheart beat interface : 1

Related Commands

set Sets the redundancy settings.


4.16 System SNMP Commands

snmpsystem

Displays the SNMP submenu.

Syntaxadmin(system)> snmpadmin(system.snmp)>



access Goes to the SNMP access submenu. page 4-71traps Goes to the SNMP traps submenu. page 4-78quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.17 System SNMP Access Commands

accessSystem SNMP Commands

Displays the SNMP access menu.

Syntaxadmin(system.snmp)> accessadmin(system.snmp.access)>



add Adds SNMP access entries. page 4-72delete Deletes SNMP access entries. page 4-74list Lists SNMP access entries. page 4-76show Shows SNMP v3 engine ID. page 4-77quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.17.1 System SNMP Access add Command

addSystem SNMP Access Commands

Adds SNMP access list entries.

Syntaxadd [acl|v1v2c|v3]

add acl <ip1> <ip2>add v1v2c <comm> <access> [<oid>|all]add v3 <user> <access> [<oid>|all] <sec> <auth> <pass1> <priv> <pass2>

Parameters

Exampleadmin(system.snmp.access)>add acl 209.236.24.1 209.236.24.46 admin(system.snmp.access)>list acl ---------------------------------------------------------------- index start ip end ip ---------------------------------------------------------------- 1 209.236.24.1 209.236.24.46

admin(system.snmp.access)>add v3 fred rw 1.3.6.6 none admin(system.snmp.access)>list v3 all

add acl <ip1> <ip2> Adds an entry to the SNMP access control list with <ip1> as the starting IP address and <ip2> and the ending IP address.

v1v2c <comm> <access> [<oid>|all]

Adds an SNMP v1/v2c configuration.• <comm> – The community (1–31 characters)• <access> – The read/write access set to (ro (read only) or rw (read/write)• <oid> – The Object Identifier. <oid> is a string of 1–127 numbers in dot

notation, such as 2.3.4.5.6 or all for all objects. v3 <user> <access> [<oid> / all] <sec> <auth> <pass1> <priv> <pass2>

Adds an SNMP v3 user definition.• <user> – The username (1–31 characters).• <access> – The read/write access set to ro (read only) or rw (read/write)• <oid> – The Object Identifier. <oid> is a string of 1–127 numbers in dot

notation, such as 1.3.6.1 or all for all objects)• <sec> – The security type. <sec> is set to one of none, auth, or auth/priv.

The following parameters must be specified if <sec> is set to auth/priv: • <auth> – The authentication algorithm. Can be one of md5 or sha1. Must

be set if <sec> is set to auth or auth/priv.• <pass1> – The password (8–31 characters) for authentication. Must be

provided if <sec> is set to auth or auth/priv.• <priv> – The privacy algorithm. Set to des or aes. Must be set if <sec> is

set to auth/priv.• <pass2> – Privacy password (8–31 characters). Must be provided if <sec>

is set to auth/priv.


index : 1 username : fred access permission : read/write object identifier : 1.3.6.6 security level : none auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ********

admin(system.snmp.access)>add v3 judy rw 1.3.6.1 auth/priv md5 changeme des changemetoo

admin(system.snmp.access)>list v3 2

index : 2 username : judy access permission : read/write object identifier : 1.3.6.1 security level : auth/priv auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : *******


4.17.2 System SNMP Access delete Command

deleteSystem SNMP Access Commands

Deletes SNMP access entries.

Syntaxdelete [acl|v1v2c|v3] [<idx>|all]

Parameters

Exampleadmin(system.snmp.access)>list acl -------------------------------------------------------------------------index start ip end ip -------------------------------------------------------------------------1 209.236.24.1 209.236.24.46

admin(system.snmp.access)>delete acl all admin(system.snmp.access)>list acl -------------------------------------------------------------------------index start ip end ip -------------------------------------------------------------------------

admin(system.snmp.access)>list v3 all


index : 2 username : judy access permission : read/write object identifier : 1.3.6.1 security level : auth/priv auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ********

delete [acl|v1v2c|v3] [<idx>|all]

Deletes SNMP access entries.• acl – Deletes SNMP access list entries• v1v2c – Deletes entries from the SNMP v1/v2 configuration list• v3 – Deletes entries from the SNMP v3 configuration list.

• <idx> – Deletes entry with index <idx>• all – Deletes all entries.


admin(system.snmp.access)>delete v3 2 admin(system.snmp.access)>list v3 all


admin(system.snmp.access)>


4.17.3 System SNMP Access list Command

listSystem SNMP Access Commands

Lists SNMP access entries.

Syntaxlist [acl|v1v2c]list v3 [<idx>|all]

Parameters

Exampleadmin(system.snmp.access)>list acl ---------------------------------------------------------------- index start ip end ip ---------------------------------------------------------------- 1 209.236.24.1 209.236.24.46

admin(system.snmp.access)>list v3 all


admin(system.snmp.access)>list v3 2

index : 2 username : judy access permission : read/write object identifier : 1.3.6.1 security level : auth/priv auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : *******

list [acl|v1v2c] • acl – Lists SNMP access control list entries.• v1v2c – Lists SNMP v1/v2c configuration entries.

list v3 [<idx>|all] Lists SNMP v3 user definition with index <idx>. all lists all SNMP v3 user definitions.


4.17.4 System SNMP Access show Command

showSystem SNMP Access Commands

Displays the SNMP v3 engine ID.

Syntaxshow eid

ParametersNone

Exampleadmin(system.snmp.access)>show eid

WS2000 snmp v3 engine id : 0000018457D71CDFF86FD8FC

admin(system.snmp.access)>


4.18 System SNMP Traps Commands

trapsSystem SNMP Commands

Displays the SNMP traps submenu.

Syntaxadmin(system.snmp)> trapsadmin(system.snmp.traps)>



add Adds SNMP trap entries. page 4-79delete Deletes SNMP trap entries. page 4-81list Lists SNMP trap entries. page 4-82set Sets SNMP trap parameters. page 4-83show Shows SNMP trap parameters. page 4-87quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.18.1 System SNMP Traps add Command

addSystem SNMP Traps Commands

Adds SNMP traps.

Syntaxadd [v1v2c|v3]

add v1v2c <ip> <port> <comm> <ver>add v3 <ip> <port> <user> <sec> <auth> <pass1> <priv> <pass2>

Parameters

Exampleadmin(system.snmp.traps)>add v1v2 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------- index dest ip dest port community version ---------------------------------------------------------------------- 1 203.223.24.2 333 mycomm v1

admin(system.snmp.traps)>add v1v2 209.255.32.1 334 jumbo v2 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------- index dest ip dest port community version ---------------------------------------------------------------------- 1 203.223.24.2 333 mycomm v1 2 209.255.32.1 334 jumbo v2

v1v2c <ip> <port> <comm> <ver>

Adds an SNMP v1/v2c trap entry.• <ip> – The destination IP address• <port> – The destination UDP port number.• <comm> – The community (1–31 characters)• <ver> – The SNMP version number. (v1 or v2)

v3 <ip> <port> <user> <sec> <auth> <pass1> <priv> <pass2>

Adds an SNMP v3 trap entry.• <ip> – The destination IP address• <port> – The destination UDP port number.• <user> – The username (1–31 characters).• <sec> – The security type. <sec> is set to one of none, auth, or auth/priv.

The following parameters must be specified if <sec> is set to auth/priv: • <auth> – The authentication algorithm. Can be one of md5 or sha1. Must

be set if <sec> is set to auth or auth/priv.• <pass1> – The password (8–31 characters) for authentication. Must be

provided if <sec> is set to auth or auth/priv.• <priv> – The privacy algorithm. Set to des or aes. Must be set if <sec> is

set to auth/priv.• <pass2> – Privacy password (8–31 characters). Must be provided if <sec>

is set to auth/priv.


admin(system.snmp.traps)>add v3 192.168.103.3 80 bomuser auth md5 bomuser1admin(system.snmp.traps)>add v3 182.168.103.4 80 blistuser auth/priv md5 blistuser des listuseradmin(system.snmp.traps)>list v3 all

index : 1destination ip : 192.168.103.3destination port : 80username : bomusersecurity level : authauth algorithm : md5auth password : ********privacy algorithm : desprivacy password : ********

index : 2destination ip : 182.168.103.4destination port : 80username : blistusersecurity level : auth/privauth algorithm : md5auth password : ********privacy algorithm : desprivacy password : ********


4.18.2 System SNMP Traps delete Command

deleteSystem SNMP Traps Commands

Deletes SNMP trap entries.

Syntaxdelete [v1v2c|v3] [<idx>|all]

Parameters

Exampleadmin(system.snmp.traps)>list v3 all

index : 1destination ip : 192.168.103.3destination port : 80username : bomusersecurity level : authauth algorithm : md5auth password : ********privacy algorithm : desprivacy password : ********


admin(system.snmp.traps)>delete v3 1admin(system.snmp.traps)>list v3 all


delete [acl|v1v2c|v3] [<idx>|all]

Deletes SNMP access entries.• acl – Deletes SNMP access list entries• v1v2c – Deletes entries from the SNMP v1/v2 configuration list• v3 – Deletes entries from the SNMP v3 configuration list.

• <idx> – Deletes entry with index <idx>• all – Deletes all entries.


4.18.3 System SNMP Traps list Command

listSystem SNMP Traps Commands

Lists SNMP trap entries.

Syntaxlist v1v2clist v3 [<idx>|all]

Parameters

Exampleadmin(system.snmp.traps)>list v1-------------------------------------------------------------------------index dest ip dest port community version-------------------------------------------------------------------------1 197.168.10.1 80 HTTPUser v22 197.168.10.2 1056 AllUsers v2

admin(system.snmp.traps)>list v3 all


list v1v2c Lists SNMP v1/v2c traps entries.list v3 [<idx>|all] Lists SNMP v3 traps definition with index <idx>. all lists all SNMP v3 traps definitions.


• admin-passwd-change – Admin password change trap• dyndns-update – Dynamic DNS update trap• wids-mu – WIDS MU event trap• wids-radio – WIDS radio event trap• wids-switch – WIDS switch event trap• cf-thresh – Compact Flash memory trap• min-pkt – Packets required for rate traps to fire

cf-thresh <memory_kb>

Sets the low memory on compact flash trap to the value <memory_kb> (0 – 2147483647 kilobytes).

min-pkt <pkt> Sets the minimum number of packets <pkt> required for the rate traps to fire. <pkt> can be a value in the range 0 – 65535.

dos-rate-limit <seconds>

Sets the rate limit to <seconds> ((0 – 2147483647 seconds) for DOS traps.

rate <rate> <scope> <value>

Sets the rate value for rate and scope combination for DOS traps.• <rate> – The rate value to monitor. Can be one of

• pkts – packets greater than <value> (0 – 9999.99).• mbps – throughput greater than <value> (0 – 108.00) MBPS.• avg-bps – bit speed less than <value> (0 – 108.00) MBPS.• pct-nu – non unicast packets percentage greater than <value> (0 – 100.00)• avg-signal – negative average signal worse than <value> (0 – 100.00)• avg-retries – average retries greater than <value> (0 – 16.00)• pct–dropped – dropped packet percentage greater than <value> (0 – 100.00)• pct-undecrypted – undecryptable packet percentage greater than <value>

(0 – 100.00)• assoc-mus – number of associated MUs greater than <value> (0 – 32.00 when

scope is AP, 200.00 otherwise.) • <scope> – The scope where the rate applies to. <scope> can be one of switch,

wlan, ap, mu)• <value> – The value in the range as specified for each <rate>.

<rate> Choices Interpretation Allowed Range for

<value> Allowed <scope>

pkts Packets/second > <value> 0-9999.99 switch,wlan,ap,mu mbps Throughput > <value> 0-108.00 switch,wlan,ap,mu avg-bps Average bit speed in mbps < <value> 0-108.00 wlan,ap,mu pct-nu % not UNICAST > <value> 0-100.00 wlan,ap,mu avg-signal Negative average signal < <value> 0-100.00 wlan,ap,mu avg-retries Average retries > <value> 0-16.00 wlan,ap,mu pct-dropped % dropped packets > <value> 0-100.00 wlan,ap,mu pct-undecrypt % undecryptable > <value> 0-100.00 wlan,ap,mu assoc-mus Number of associated MUs >

<value> 0-200 switch,wlan,ap


Exampleadmin(system.snmp.traps)>show trap

SNMP System Traps

snmp cold start : disable snmp config changed : disable low compact flash memory : disable

SNMP Network Traps

physical port status change : disable denial of service : disable

SNMP Traps

snmp auth failure : disable snmp acl violation : disable

SNMP MU Traps

mu associated : disable mu unassociated : disable mu denied association : disable mu denied authentication : disable

SNMP AP Traps

ap adopted : disable ap unadopted : disable ap denied adoption : disable ap radar detection : disable

SNMP Trap Threshold

compact flash memory threshold : 1024 min packets required for rate trap: 800 denial of service trap rate limit : 10

admin(system.snmp.traps)>set cold enable admin(system.snmp.traps)>set port enable admin(system.snmp.traps)>set dos-attack enable admin(system.snmp.traps)>set mu-unassoc enable admin(system.snmp.traps)>set ap-radar enable admin(system.snmp.traps)>set min-pkt 1000 admin(system.snmp.traps)>show trap

SNMP System Traps

snmp cold start : enable snmp config changed : disable low compact flash memory : disable

NOTE: <value> can be a number with up to two decimal places, except for assoc_mus, which must be an integer.


SNMP Network Traps

physical port status change : enable denial of service : enable

SNMP Traps

snmp auth failure : disable snmp acl violation : disable

SNMP MU Traps

mu associated : disable mu unassociated : enable mu denied association : disable mu denied authentication : disable

SNMP AP Traps

ap adopted : disable ap unadopted : disable ap denied adoption : disable ap radar detection : enable

SNMP Trap Threshold

compact flash memory threshold : 1024 min packets required for rate trap: 1000 denial of service trap rate limit : 10

admin(system.snmp.traps)>


4.18.5 System SNMP Traps show Command

showSystem SNMP Traps Commands

Shows SNMP trap parameters.

Syntaxshow [trap|rate-trap]

Parameters

Exampleadmin(system.snmp.traps)>show trap

SNMP System Traps

snmp cold start : enablesnmp config changed : disablelow compact flash memory : disable

SNMP Network Traps

physical port status change : enabledenial of service : enable

SNMP Traps

snmp auth failure : disablesnmp acl violation : disable

SNMP MU Traps

mu associated : disablemu unassociated : enablemu denied association : disablemu denied authentication : disable

SNMP AP Traps

ap adopted : disableap unadopted : disableap denied adoption : disableap radar detection : enable

SNMP Trap Threshold

compact flash memory threshold : 1024min packets required for rate trap: 1000denial of service trap rate limit : 10

show [trap|rate-trap] Displays trap settings.• trap – Displays SNMP trap parameter settings.• rate-trap – Shows SNMP rate-trap parameter settings.


admin(system.snmp.traps)>show rate-trap

SNMP Switch Rate Traps

pkts/s greater than : disablethroughput(Mbps) greater than : disablenum of associated mu greater than : disable

SNMP Wlan Rate Traps

pkts/s greater than : disablethroughput(Mbps) greater than : disableavg bit speed(Mbps) less than : disablepct non-unicast greater than : disable-average signal worse than : disableaverage retry greater than : disablepct dropped greater than : disablepct undecryptable greater than : disablenum of associated mu greater than : disable

SNMP Portal Rate Traps

pkts/s greater than : disablethroughput(Mbps) greater than : disableavg bit speed(Mbps) less than : disablepct non-unicast greater than : disable-average signal worse than : disableaverage retry greater than : disablepct dropped greater than : disablepct undecryptable greater than : disablenum of associated mu greater than : disable

SNMP Mu Rate Traps

pkts/s greater than : disablethroughput(Mbps) greater than : disableavg bit speed(Mbps) less than : disablepct non-unicast greater than : disable-average signal worse than : disableaverage retry greater than : disablepct dropped greater than : disablepct undecryptable greater than : disable

admin(system.snmp.traps)>


4.19 System SSH Commands

sshsystem

Displays the secure shell (SSH) submenu.

Syntaxadmin(system)> sshadmin(system.ssh)>



set Sets SSH parameters page 4-90show Shows SSH parameters. page 4-91save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.19.1 System SSH set Command

setSystem SSH Commands

Sets secure shell parameters for system access.

Syntaxset auth-timeout <authentication timeout>set inactive-timeout <inactive timeout>

Parameters

Exampleadmin(system.ssh)>set auth-timeout 60admin(system.ssh)>set inactiv 2000admin(system.ssh)>show all Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000admin(system.ssh)>

Related Commands

auth-timeout <authentication timeout>

Sets the maximum time <authentication timeout> (0–65535 seconds) allowed for SSH authentication to occur before executing a timeout.

inactive-timeout<inactive timeout>

Sets the maximum amount of inactive time <inactive timeout> (0–65535 seconds) for an SSH connection before a timeout occurs and the user is dropped.

show all Shows the SSH parameter values.


4.19.2 System SSH show Command

showSystem SSH Commands

Shows secure shell timeout parameters.

Syntaxshow all

ParametersNone

Exampleadmin(system.ssh)>set auth-timeout 60admin(system.ssh)>set inactiv 2000admin(system.ssh)>show all Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000admin(system.ssh)>

Related Commands

set Sets the values for the secure shell timeout parameters.


4.20 System User Database Commands

userdbsystem

Displays the userdb submenu.

Syntaxadmin(system)> userdbadmin(system.userdb)>



user Goes to the user submenu. page 4-103group Goes to the group submenu. page 4-93quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.21 System User Database Group Commands

groupSystem User Database Commands

Displays the group submenu.

Syntaxadmin(system.userdb)> groupadmin(system.userdb.group)>



create Creates a new group. page 4-95delete Deletes a group. page 4-96clearall Deletes all the listed groups page 4-98add Adds a user to a group. page 4-94remove Removes a user from a group. page 4-99set Sets group parameters. page 4-100show Shows the existing groups. page 4-102quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.21.1 System Userdb Group add Command

addSystem User Database Group Commands

Adds a user to a group.

Syntaxadd <userid> <group>

Parameters

Exampleadmin(system.userdb.group)>add fred g1admin(system.userdb.group)>add joe g1admin(system.userdb.group)>add joe g2admin(system.userdb.group)>show user g1List of Users of Group : fred joeadmin(system.userdb.group)>show user g2List of Users of Group : joe

Related Commands

add <userID> <groupID>

Adds the user specified by <userID> to the group <groupID>. <userID> must already be defined in the database. User the add command from the (system.userdb.users) menu to add a new user.

show users Displays a list of users in a group.


4.21.2 System Userdb Group create Command

createSystem User Database Group Commands

Creates a new group.

Syntaxcreate <group> <vlan-id>

Parameters

Example: admin(system.userdb.group)>create g1 10admin(system.userdb.group)>show groupsList of Group Names :

Groupname : g1 Guest Group : NO VanId : 10 Start Time : 0000 Expiry Time : 2359 Access on Days : All

admin(system.userdb.group)>

Related Commands

create <group> <vlan-id> Creates a new group with the ID <group>. <group> can be an alphanumeric string. Users in the group are automatically assigned the vlan-id as specified by <vlan-id>.

delete Deletes a group.show groups Displays a list of groups in the database.


4.21.3 System Userdb Group delete Command

deleteSystem User Database Group Commands

Deletes a group from the database.

Syntaxdelete <group>

Parameters

Exampleadmin(system.userdb.group)>show groupsList of Group Names :




admin(system.userdb.group)>delete g2admin(system.userdb.group)>show groupsList of Group Names :


Groupname : g3 Guest Group : NO

delete <groupID> Deletes the group <group> from the database. A warning occurs if there are still users assigned to that group.


VanId : 1 Start Time : 0000 Expiry Time : 2359 Access on Days : All

Related Commands

add Adds users to a group.show user Displays a list of users in a group.


4.21.4 System Userdb Group clearall Command

clearallSystem User Database Group Commands

Clears all the groups in the Groups list. Before clearing all the groups, ensure that no user account is associated to the groups.

Syntaxclearall

ParametersNone

Exampleadmin(system.userdb.group)>show groupsList of Group Names :




admin(system.userdb.group)>clearalladmin(system.userdb.group)>show groupsList of Group Names : No Groups

admin(system.userdb.group)>


4.21.5 System Userdb Group remove Command

removeSystem User Database Group Commands

Removes a user from a group.

Syntaxremove <userid> <group>

Parameters

Exampleadmin(system.userdb.group)>show users g1List of Users of Group : John Janeadmin(system.userdb.group)>remove Jane g1admin(system.userdb.group)>show users g1List of Users of Group : Johnadmin(system.userdb.group)>

Related Commands

remove <userid> <group>

Removes the user <userid> from the group <group>.

add Adds a user to a group.show users Shows a list of users in a group.


4.21.6 System Userdb Group set Command

setSystem User Database Group Commands

Sets the different group parameters.

Syntaxset [vlan|day-access|guest-group|start-time|end-time]

set [start-time|end-time} <time>set vlan <group> <vlan>set day-access <group> [all|weekdays|<days>]set guest-group <group>

Parameters

Exampleadmin(system.userdb.group)> set vlan Group1 1admin(system.userdb.group)> set start-time Group1 0730admin(system.userdb.group)> set end-time Group1 2230admin(system.userdb.group)> set day-access Group1 mo tu we fr sa suadmin(system.userdb.group)> show groupsList of Group Names :

Groupname : GroupOfAdmins Guest Group : NO VanId : 1 Start Time : 0000 Expiry Time : 2359 Access on Days : All

Groupname : GroupOfLevel1Users Guest Group : NO VanId : 1 Start Time : 0730 Expiry Time : 2230 Access on Days : Mo Tu We Fr Sa Su

vlan <group> <vlan> Sets the vlan id of a group <group> to <vlan> (1 – 4094).start-time <group><time>

Sets the time when a user belonging to a group <group> can start authenticating (login) with the WS2000. Start-time is in 24hr format.

end-time <group> <time>

Sets the time after which a user belonging to a group <group> cannot authenticate (login) with the WS2000. End-time is in 24hr format.

day-access <group> [all|weekdays|<days>

Sets the access days for a group <group>.• all – Sets the access days to all days of the week including Saturdays and

Sundays.• weekday – Sets the access days to all week days excluding Saturdays and

Sunday.• <days> – Sets the access days as specified. Each item in this list is to be

separated by a space. <days> can be mo, tu, we, th, fr, sa, su.guest-group <group> Sets the group identified by <group> as a guest group.


admin(system.userdb.group)> set guest-group Group1admin(system.userdb.group)>set guest-group guestsadmin(system.userdb.group)>show groupsList of Group Names :


Groupname : g2 Guest Group : NO VanId : 6 Start Time : 0600 Expiry Time : 2000 Access on Days : Weekdays

Groupname : guests Guest Group : YES VanId : 9 Start Time : 0000 Expiry Time : 2359 Access on Days : All


4.21.7 System Userdb Groups show Command

showSystem User Database Group Commands

Shows the existing groups.

Syntaxshow [groups|users <group>]

Parameters

Exampleadmin(system.userdb.group)>show groupsadmin(system.userdb.group)>show groupsList of Group Names :


Groupname : g2 Guest Group : NO VanId : 1 Start Time : 0000 Expiry Time : 2359 Access on Days : ALL


admin(system.userdb.group)>show users g1List of Users of Group : Admin L1User

Related Commands

show [groups|users <group>]

Displays user database groups information.• group – Displays a list of the defined groups.• users <group> – Displays a list of users in group <group>.

create Creates a new group.delete Deletes a group.set Sets group parameters


4.22 System User Database User Commands

userSystem User Database Commands

Displays the user submenu.

Syntaxadmin(system.userdb)> useradmin(system.userdb.user)>



add Adds a new user to the database. page 4-104del Deletes a user from the database. page 4-105clearall Removes all User IDs page 4-106set Sets the password for a user. page 4-107show Shows a list of users and group information about a user. page 4-108guest Manages guest users page 4-109quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.22.1 System Userdb User add Command

addSystem User Database User Commands

Adds a new user to the database.

Syntaxadd <userid> <password>

Parameters

Example admin(system.userdb.user)>add fred fredpassadmin(system.userdb.user)>add joe joepassadmin(system.userdb.user)>add sally sallypaadmin(system.userdb.user)>List of User Ids : fred joe

sally

Related Commands

add <userid> <password> Adds a user to the database with the ID <userid> and password <password> (1 – 8 characters).

show users Show a list of the users in the database.del Deletes a user from the database.


4.22.2 System Userdb User del Command

delSystem User Database User Commands

Deletes a user from the database.

Syntaxdel <userid>

Parameters

Exampleadmin(system.userdb.user)>show usersList of User Ids : Guest User : John NO Jane NO Bill NO Amanda NO

admin(system.userdb.user)>del Billadmin(system.userdb.user)>show usersList of User Ids : Guest User : John NO Jane NO Amanda NO

Related Commands

del <userid> Deletes the user with the ID <userid> from the database.

add Adds a user to the database.show users Displays a list of users in the database.


4.22.3 System Userdb User clearall Command

clearallSystem User Database User Commands

Clears all the users from the local database.

Syntaxclearall

ParametersNone

Exampleadmin(system.userdb.user)>show usersList of User Ids : Guest User : John NO Jane NO Bill NO Amanda NO

admin(system.userdb.user)>admin(system.userdb.user)> clearalladmin(system.userdb.user)>admin(system.userdb.user)> show usersentries = 0List of User Ids : Guest User : No Users


4.22.4 System Userdb User set Command

setSystem User Database User Commands

Sets the password for a user.

Syntaxset <userid> <password>

Parameters

Exampleadmin(system.userdb.user)>set fred frednew

Related Commands

set <userID> <password>

Resets the password for user with <userid> to <password>.

add Adds a new user.


4.22.5 System Userdb Users show Command

showSystem User Database User Commands

Shows a list of users and group membership for a particular user.

Syntaxshow [groups <userid>|users]

Parameters

Exampleadmin(system.userdb.user)>show userList of User Ids : Guest User : John NO Jane NO Bill NO Amanda NOadmin(system.userdb.user)>..admin(system.userdb.user)>groupadmin(system.userdb.group)>create g1admin(system.userdb.group)>add John g1admin(system.userdb.group)>..admin(system.userdb.user)>useradmin(system.userdb.user)>show groups JohnList of Groups of user : g1

Related Commands

show [groups <userid>|users]

Displays group membership and user information.• groups <userid> – Displays the list of groups that a user with <userid>

belongs.• users – Displays a list of all defined users in the database.

add Add a user to the database.


4.23 System User Database User Guest commands

guestSystem User Database User Commands

Displays the Guest submenu.

Syntaxadmin(system.userdb.user)> guestadmin(system.userdb.guest)>



set Sets the parameters for guest users. page 4-110show Shows the list of guest users page 4-111clear Clears guest users and guest groups. page 4-112quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.23.1 System Userdb User Guest set Command

setSystem User Database User Commands

Sets the parameters for guest users.

Syntaxset [guest-user|start-date|expiry-date]

set guest-user <guest-user> <guest-group>set start-date <guest-user> <date-time>set expiry-date <guest-user> <date-time>

Parameters

Exampleadmin(system.userdb.user.guest)> set guest-user guest1 GroupOfGuestUsersadmin(system.userdb.user.guest)> show users

Guest Username : guest1 Belongs to Group : GroupOfGuestUsers Start Date Time : 01:16:1970-01:10 Expiry Date Time : 01:17:1970-01:10

admin(system.userdb.user.guest)> set start-date guest1 01:01:2008-00:00admin(system.userdb.user.guest)> set expiry-date guest1 01:31:2008-23:59admin(system.userdb.user.guest)> show users


guest-user <guest-user> <guest-group>

Adds the guest user <guest-user> to the guest user group <guest-group>.

start-date <guest-user> <date-time>

Sets the start date for a guest user <guest-user>. This is the date and time combination from when a guest user can access the resources. <date-time> value must be in the MM:DD:YYYY-hh:mm format (02:24:2008-21:06).

expiry-date <guest-user> <date-time>

Sets the date when the guest user account <guest-user> expires. This is the date and time combination after which the account becomes inactive. <date-time> value must be in the MM:DD:YYYY-hh:mm format (02.24:2008-21:06).


4.23.2 System Userdb User Guest show Command

showSystem User Database User Commands

Displays information for guest users and guest user groups.

Syntaxshow [groups|users]

Parameters

Exampleadmin(system.userdb.user.guest)> show users


admin(system.userdb.user.guest)> show groups

Guest Groupname : GroupOfGuestUsers VanId : 1 Start Time : 0000 Expiry Time : 2359 Access on Days : Weekdays

show [guests|users] Displays guest information.• groups – Displays the list of guest user groups• users – Displays the list of guest users.


4.23.3 System Usredb User Guest clear Command

clearSystem User Database User Commands

Clears all guest user and guest user groups from the local database.

Syntaxclear [guest-group|guest-user]

clear guest-group <guest-group>clear guest-user <guest-user>

Parameters

Exampleadmin(system.userdb.user.guest)> clear guest-group GroupOfGuestUsersadmin(system.userdb.user.guest)> clear guest-user guest1admin(system.userdb.user.guest)> show groups No Guest Groups

guest-group <guest-group>

Clears the guest group indicated by <guest-group>

guest-user <guest-user>

Clears the guest user indicated by <guest-user>


4.24 System WS2000 Commands

WS2000system

Displays the WS 2000 submenu.

Syntaxadmin(system)> ws2000admin(system.ws2000)>



add Adds an administrative user page 4-114delete Removes an administrative user page 4-115restart Restarts the WS 2000 Wireless Switch page 4-116set Sets WS 2000 system parameters. page 4-117show Shows WS 2000 system parameter settings. page 4-121quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.24.1 System WS2000 add Command

addSystem WS2000 Commands

Adds a device that is allowed administrative access to the switch over WLAN.

Syntaxadd administrator <ip>

Parameters

Exampleadmin(system.ws2000)> add administrator 192.168.0.10admin(system.ws2000)>

add administrator <ip>

Adds the device specified by <ip> as an administrator for this device.


4.24.2 System WS2000 delete Command

deleteSystem WS2000 Commands

Removes a device that is allowed administrative access to the switch over WLAN.

Syntaxdelete administrator [<ip>|all]

Parameters

Exampleadmin(system.ws2000)> delete administrator 192.168.0.10admin(system.ws2000)> delete administrator alladmin(system.ws2000)>

delete administrator [<ip>|all]

Removes the specified device that is allowed administrative access of the switch from WLAN .• <ip> – Removes the device specified by <ip>.• all – Removes all devices


4.24.3 System WS2000 restart Command

restartSystem WS2000 Commands

Restarts the WS 2000 Wireless Switch.

Syntaxrestart

ParametersNone

Exampleadmin(system.ws2000)>restart

Restarting system.

WS 2000 Wireless Switch 2.4.0.0-011BCopyright(c) Motorola Inc. 2003-2008. All rights reserved.

Press escape key to run boot firmware ........

Power On Self Test

testing ram : passtesting nor flash : passtesting nand flash : passtesting ethernet : pass

...

Starting iGateway Apps(1)....Starting iGateway Apps(2)....Using switch.oStarting Wireless Switch....Configuring iGateway....Starting SNMP....Using led.oStarting WS2000 CLI....

Login:


4.24.4 System WS2000 set Command

setSystem WS2000 Commands

Sets WS 2000 system parameters.

Syntaxset [airbeam|ftp|ssh|applet|cc|cli|email|loc|name|domain-name|snmp|

timeout|limited-access|dns-ip|sslv2|support-sshv1|dns-relay-mode]

set airbeam [mode|passwd|logging]set airbeam mode <mode>set airbeam passwd <password>set airbeam logging <mode>

set [ftp|ssh|snmp] [lan|wan] [mode <mode>|logging <mode>]

set [applet|cli] [lan|wan|slan|swan] [mode <mode>|logging <mode>]

set email <email>set cc <country-code>set loc <location>set name <device-name>set domain-name <domain>set timeout <timeout>set limited-access <mode>set dns-ip <ip>;

Parameters

airbeam mode <mode> Enables or disables airbeam access. <mode> can be one of enable or disable.airbeam passwd <passwd>

Sets the airbeam password to <passwd> (1–39 characters).

airbeam logging <mode>

Sets the logging mode for airbeam access.<mode> can be one of enable or disable.

applet[lan|wan|slan|swan] [mode <mode>|logging <mode>]

Configures access to the applet.• lan mode <mode> – Enables/disables http applet access from LAN. • wlan mode <mode> – Enables/disables http applet access from WAN. • slan mode <mode> – Enables/disables https applet access from LAN. • swan mode <mode> – Enables/disables https applet access from WAN. <mode> can be one of enable or disable.logging <mode> – Enables/disables logging for each access type.

cc <country-code> Sets the WS2000 two-letter country code to <country-code>.


cli [lan|wan|slan|swan] [mode <mode>|logging <mode>]

Configures access to the Command Line Interface (CLI).• lan mode <mode> – Enables/disables http applet access from LAN. • wlan mode <mode> – Enables/disables http applet access from WAN. • slan mode <mode> – Enables/disables https applet access from LAN. • swan mode <mode> – Enables/disables https applet access from WAN. <mode> can be one of enable or disable.logging <mode> – Enables/disables logging for each access type.

email<email>

Sets the WS2000 admin email address to <email> (1–59 characters).

ftp [lan|wan] [mode <mode>|logging <mode>]

Configures access to FTP• lan mode <mode> – Enables/disables http applet access from LAN. • wlan mode <mode> – Enables/disables http applet access from WAN. <mode> can be one of enable or disable.logging <mode> – Enables/disables logging for each access type.

loc <location> Sets the WS2000 system location to <location> (1–59 characters). name <device-name> Sets the WS2000 system name to <device-name> (1–59 characters). ssh [lan|wan] [mode <mode>|logging <mode>]

Configures secure shell access (SSH) to the device.• lan mode <mode> – Enables/disables http applet access from LAN. • wlan mode <mode> – Enables/disables http applet access from WAN. <mode> can be one of enable or disable.logging <mode> – Enables/disables logging for each access type.

snmp [lan|wan] [mode <mode>|logging <mode>]

Configures SNMP access to the device.• lan mode <mode> – Enables/disables http applet access from LAN. • wlan mode <mode> – Enables/disables http applet access from WAN. <mode> can be one of enable or disable.logging <mode> – Enables/disables logging for each access type.

timeout <time-out> Sets the idle timeout to <time-out> value in minutes (0–1440). Setting the value to 0 indicates not to timeout.

limited-access <mode> Enables/disables management access to the WS2000 across subnets. When enabled, administrative access to the subnet interface is available only from hosts in the same subnet. When disabled, hosts from any subnet can access any subnet’s interface. <mode> can be one of enable or disable.

dns-ip <ip> Sets the IP address of the Domain Name Server to resolve domain names to the IP address <ip>.

domain-name <domain-name>

Sets the name of the domain to <domain-name> for this WS2000.

sslv2 <mode> Sets SSLv2 mode• <mode> – Enables/disables mode for apache

support-sshv1 Sets SSHv1 mode.• <mode> – Enables/disables mode for sshv1

dns-relay-mode Sets DNS relay mode• <mode> – Enables/disables dns relay mode.


Exampleadmin(system.ws2000)>show all

system name : Atlanta1 system location : Atlanta Field Office system Domain Name : docteam.motorola.comadmin email address : [email protected] system uptime : 0 days 4 hours 33 minutes WS2000 firmware version : 2.3.1.0-004XWS2000 firmware build time : Sat-May-31-00:42:16-IST-2008country code : us applet http access from lan : enableapplet http access from wan : enableapplet https access from lan : enableapplet https access from wan : enablecli telnet access from lan : enablecli telnet access from wan : enablesnmp access from lan : enablesnmp access from wan : enableairbeam/ftp lan access mode : disableairbeam/ftp wan access mode : disablessh wan access mode : enablessh lan access mode : enableairbeam access user name : airbeamairbeam access password : ********http/s timeout interval in minutes: 0limit ws2000 access : disableSystem Wide DNS IP Address : 192.168.0.1

admin(system.ws2000)>set name BldgC admin(system.ws2000)>set email [email protected] admin(system.ws2000)>set applet lan enable admin(system.ws2000)>set airbeam mode enable admin(system.ws2000)>set airbeam passwd changeme admin(system.ws2000)>show all

system name : BldgC system location : Atlanta Field Office system Domain Name : docteam.motorola.comadmin email address : [email protected] system uptime : 0 days 4 hours 41 minutes WS2000 firmware version : 2.3.1.0-004XWS2000 firmware build time : Sat-May-31-00:42:16-IST-2008country code : us applet http access from lan : enableapplet http access from wan : enableapplet https access from lan : enableapplet https access from wan : enablecli telnet access from lan : enablecli telnet access from wan : enablesnmp access from lan : enablesnmp access from wan : enableairbeam/ftp lan access mode : disableairbeam/ftp wan access mode : disablessh wan access mode : enablessh lan access mode : enableairbeam access user name : airbeamairbeam access password : ********


http/s timeout interval in minutes: 0limit ws2000 access : disableSystem Wide DNS IP Address : 192.168.0.1

admin(system.ws2000)>


4.24.5 System WS2000 show Command

showSystem WS2000 Commands

Shows WS 2000 system information.

Syntaxshow all

ParametersNone

Exampleadmin(system.ws2000)>show all

system name : Atlanta1 system location : Atlanta Field Office system Domain Name : docteam.motorola.comadmin email address : [email protected] system uptime : 0 days 4 hours 33 minutes WS2000 firmware version : 2.3.1.0-004XWS2000 firmware build time : Sat-May-31-00:42:16-IST-2008country code : us applet http access from lan : enableapplet http access from wan : enableapplet https access from lan : enableapplet https access from wan : enablecli telnet access from lan : enablecli telnet access from wan : enablesnmp access from lan : enablesnmp access from wan : enableairbeam/ftp lan access mode : disableairbeam/ftp wan access mode : disablessh wan access mode : enablessh lan access mode : enableairbeam access user name : airbeamairbeam access password : ********http/s timeout interval in minutes: 0limit ws2000 access : disableSystem Wide DNS IP Address : 192.168.0.1

admin(system.ws2000)>


4.25 System CF commands

cfsystem

Displays the CF submenu.

Syntaxadmin(system)> cfadmin(system.cf)>



ls Lists the content of the CF card page 4-123quit Quits the CLI page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.25.1 System CF ls Command

lsSystem CF commands

Displays the CF card’s contents.

Syntaxls {<directory-name>}

Parameters

Exampleadmin(system.cf)> ls...mf12.binmf_02020200003R.binadmin(system.cf)>

admin(system.cf)>

ls <directory-name> Lists the contents of the CF card. The <directory-name> parameter is optional.


4.26 System HTTP commands

httpsystem

Displays the http submenu.

Syntaxadmin(system)> httpadmin(system.http)>



import Imports the Secured HTTP self certificate page 4-125show Shows all the Secured HTTP certificates. page 4-126quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.26.1 System HTTP import Command

importSystem HTTP commands

Imports Secured HTTP self certificates.

Syntaximport self <cert-id>

Parameters

Exampleadmin(system.http)> import self 1

import self <cert-id> Imports the Secured HTTP Self Certificate identified by the ID <cert-id>.


4.26.2 System HTTP show Command

showSystem HTTP commands

Displays all Secure HTTP certificates on this device.

Syntaxshow all

ParametersNone

Exampleadmin(system.http)> show all

http self certificate : default

admin(system.http)>


4.27 System Test Commands

testsystem

Displays the test submenu.

Syntaxadmin(system)> testadmin(system.test)>



set Sets the different test parameters page 4-128show Displays the different test parameters and their set values. page 4-129quit Quits the CLI page 4-1save Saves the configuration to system flash page 4-1.. Goes to the parent menu page 4-1/ Goes to the root menu page 4-1


4.27.1 System Test set Command

setSystem Test Commands

Configures the different test parameters.

Syntaxset flowhbtwdpmdrswmepaddingparpsip-portcheckweighted-wmeint1hostsmu_limitint4str1str2str3str4interval


4.27.2 System Test show Command

showSystem Test Commands

Displays the test parameters.

Syntaxshow all

ParametersNone

Exampleadmin(system.test)> show alladmin(system.test)>show all

half fc window for ap100 val : [ 0x0000 ........ .......0 ]broadcasts in psp val : [ 0x0000 ........ ......1. ]drop bc pre wep val : [ 0x0000 ........ .....1.. ]rate scale disable val : [ 0x0000 ........ ....0... ]wireless disable val : [ 0x0000 ........ ...0.... ]psp fix more data val : [ 0x0000 ........ ..0..... ]wpa2 tkip disabled val : [ 0x0000 ........ .0...... ]wpa ie before rsn ie val : [ 0x0000 ........ 0....... ]disable wpa countermeasures val : [ 0x0000 .......0 ........ ]WME enable : [ 0x0000 ......0. ........ ]Wisp alignment padding enable : [ 0x0000 .....1.. ........ ]Proxy arp enable : [ 0x0000 ....1... ........ ]Weighted WME enable : [ 0x0000 ...0.... ........ ]ARP Check enable : [ 0x0000 ..1..... ........ ]SIP src/dst port check : [ 0x0000 .1...... ........ ]

int1 : 00006C06max lan hosts : 200max clients/Portal : 64int4 : 00000000str1 :str2 :str3 :str4 :

Statistics Commands

Statistics commands are used to view the different statistical information of the WS2000 Wireless Switch.

5.1 statsAdmin Menu Commands

Use the stats command to go to the Stats menu

admin>statsadmin(stats)>

The following commands are available under the Stats menu:


show Shows system status and statistics page 5-2

rf Goes to the RF Submenu page 5-5






5.2 Stats Show Command

showstats

Displays the system status and statistics for either the specified subnet or the WAN.

Syntaxshow [leases|subnet|wan|stp|ips]

show leases show subnet <idx>show wanshow stp <idx>show ips [global-stats|category-stats]show ips global-stats show ips category-stats <category-name>

Parameters

Example

show subnet example

admin(stats)>show subnet 1LAN Interface Informationsubnet interface 1 : enableip address 1 : 192.168.0.1network mask : 255.255.255.0ethernet address : 00A0F86FD8FDLAN Rx Informationrx packets : 236530rx bytes : 31581419rx errors : 0rx dropped : 0rx overruns : 0rx frame errors : 0LAN Tx Informationtx packets : 100101tx bytes : 40811508tx errors : 0tx dropped : 0

show leases Show the leases issued by the switch.show subnet <idx> Shows subnet status, where <idx> (1–6) is the index number of the subnet (LAN)

to show. show wan Shows WAN status.show stp <idx> Shows the LAN Spanning Tree Protocol statistics for the subnet <idx> (1-6).show ips global-stats Shows the IPS Global statisticsshow ips category-stats <category>

Show the IPS statistics for a category. Select <category> from:TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS, TCPRPC, UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, TCP, UDP, ICMP, IPTo display stats for all IPS signature categories do not pass any parameter to <category>.

Statistics Commands 5-3

tx overruns : 0tx carrier errors : 0Port 1link status : upspeed : 100 MbpsPort 2link status : upspeed : 100 MbpsPort 3link status : downPort 4link status : downPort 5link status : downPort 6link status : downWLAN Interfaceswlans : wlan1

show wan example

admin(stats)>show wanWAN Interface Informationwan interface 1 : enableip address 1 : 192.168.24.198wan interface 2 : disableip address 2 : 192.168.24.198wan interface 3 : disableip address 3 : 192.168.24.198wan interface 4 : disableip address 4 : 192.168.24.198wan interface 5 : disableip address 5 : 192.168.24.198wan interface 6 : disableip address 6 : 192.168.24.198wan interface 7 : disableip address 7 : 192.168.24.198wan interface 8 : disableip address 8 : 192.168.24.198network mask : 255.255.255.0ethernet address : 00A0F86FD8FClink status : upspeed : 100 MbpsWAN Rx Informationrx packets : 226809rx bytes : 311719105rx errors : 1rx dropped : 0rx overruns : 0rx frame errors : 1WAN Tx Informationtx packets : 5499tx bytes : 559567tx errors : 0tx dropped : 0tx overruns : 0tx carrier errors : 0


show ips global-stats example.

admin(stats)>show ips global-stats IPS GLOBAL STATISTICS================================================Number of Packets Received : 124832934Number of Packets Processsed : 124832899Number of Packets Dropped : 35Number of Connecti ns Disconnected: 6

show ips category-stats example.

admin(stats)>show ips category-stats TCP

Category Name : TCPNumber of rules : 6Number of alerts : 18Number of logs : 9Number of pkts droped : 45Number of disconnection : 1

show stp example:

admin(stats)>show stp 1

LAN1 Spanning Tree Info:Spanning Tree : enableDesignated Root : 8000.00157000C851Bridge ID : 8000.00157000C851Root Port : 0Root Path Cost : 0Bridge Max Msg Age : 20Bridge Hello Time : 2Bridge Forward Delay : 15

Port Interface Table:------------------------------------------------------------------------- Designated Designated Designated Port - State - Cost - Root - Bridge - Port - DesignatedCost-------------------------------------------------------------------------ixp0v0 Fwding 100 8000.00157000C851 8000.00157000C851 8001 0ixp1v0 Fwding 100 8000.00157000C851 8000.00157000C851 8002 0


5.3 Statistics RF Commands

rfstats

Displays the RF statistics submenu.

Syntaxadmin(stats)> rfadmin(stats.rf)>



show Shows RF statistics. page 5-7reset Resets/clears all RF statistics. page 5-6quit Quits the CLI. page 5-1save Saves the configuration to system flash. page 5-1.. Goes to the parent menu. page 5-1/ Goes to the root menu. page 5-1


5.3.1 Stats RF reset Command

resetStatistics RF Commands

Resets/clears all RF statistics.

Syntaxreset

ParametersNone

Exampleadmin(stats.rf)>resetadmin(stats.rf)>


5.3.2 Stats RF show Command

showStatistics RF Commands

Shows radio frequency (RF) statistics.

Syntaxshow [all|wlan|ap|mu|mesh-base|mesh-client|total]

show all [wlan|ap|mu|mesh-base|mesh-client]show wlan <idx>show ap <idx>show mu <mu>show mesh-base <base>show mesh-client <client>show total

Syntax:

Exampleadmin(stats.rf)>show all wlanIndex : 1Name : WLAN1Status : Enabled

Index : 2Name : WLAN2Status : Disabled


Index : 4

show all [wlan|ap|mu|mesh-base|mesh-client]

Shows all statistics for:• wlan – Shows all WLAN status.• ap – Shows all Access Port status.• mu – Shows all mobile unit (MU) status.• mesh-base – Shows all mesh-base statistics• mesh-client – Shows all mesh-client statistics

show wlan <idx> Shows the specified WLAN’s statistics, where <idx> is the index number of the WLAN.

show ap <idx> Shows the specified Access Port’s statistics, where <idx> is the index number of the Access Port (1–12).

show mu <mu> Shows the specified mobile unit’s statistics, where <mu> is the index number of the mobile unit (1–200).

show mesh-base <base> Shows the statistics for the mesh base with index <base> (1-36).show mesh-client <client>

Shows the statistics for the mesh client with index <client> (1-72).

show total Shows total switch statistics.


Name : WLAN4Status : Disabled





admin(stats.rf)>show wlan 1Name : WLAN1ESSID : 101Subnet : Subnet1Adopted APs : 2Number of Associated MUs : 0

Packets per second : 0.00 ppsThroughput : 0.00 MbpsAverage Bit Speed : 0.00 Mbps

Non-Unicast Packets : 0.00 %

Signal : 0.0 dBmNoise : 0.0 dBmSignal-to-Noise : 0.0 dBm

Average Number of Retries : 0.00 RetriesDropped Packets : 0.00 %Undecryptable Packets : 0.00 %

admin(stats.rf)>show all apap index : 1ap status : not connected

ap index : 2ap status : connected

ap index : 3ap status : not connected











admin(stats.rf)>show ap 2Name : AP2Location :Radio Type : 802.11 BCurrent Channel : 1Adopted By : WLAN1Number of Associated Mus : 0

Packets per second : 0.13 ppsThroughput : 0.00 MbpsAverage Bit Speed : 0.00 MbpsApproximate Utilization : 0.00 %Non-Unicast Packets : 100.00 %

Signal : 0.0 dBmNoise : 0.0 dBmSignal-to-Noise : 0.0 dBm

Average Number of Retries : 0.00 RetriesDropped Packets : 0.00 %Undecryptable Packets : 0.00 %

MOTOROLA INC.1303 E. ALGONQUIN ROADSCHAUMBURG, IL 60196http://www.motorola.com

72E-132762-01 Revision ADecember 2009

WS2000 Wireless Switch - OPAL BV€¦ · TOC-4 WS2000 Wireless Switch CLI Reference Guide show ...

Documents

Transcript of WS2000 Wireless Switch - OPAL BV€¦ · TOC-4 WS2000 Wireless Switch CLI Reference Guide show ...