- DL manuals
- 3Com
- Switch
- 3CRWX120695A
- Command Reference Manual
3Com 3CRWX120695A Command Reference Manual
Summary of 3CRWX120695A
Page 1
Http://www.3com.Com/ part no. 10015409 rev. Aa published august 2006 wireless lan mobility system wireless lan switch and controller command reference wx4400 3crwx440095a wx1200 3crwx120695a wxr100 3crwxr10095a wx2200 3crwx220095a.
Page 2
3com corporation 350 campus drive marlborough, ma usa 01752-3064 copyright © 2006, 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without writt...
Page 3: Ontents
C ontents a bout t his g uide conventions 21 documentation 22 documentation comments 23 1 u sing the c ommand -l ine i nterface overview 25 cli conventions 26 command prompts 26 syntax notation 26 text entry conventions and allowed characters 27 mac address notation 27 ip address and mask notation 2...
Page 4
3 s ystem s ervice c ommands commands by usage 39 clear banner motd 40 clear history 41 clear prompt 41 clear system 42 display banner motd 43 display base-information 43 display license 44 display load 45 display system 45 help 48 history 49 quickstart 50 set auto-config 50 set banner motd 52 set c...
Page 5: Vlan C
Display port counters 73 display port-group 74 display port mirror 75 display port poe 76 display port status 77 display port media-type 79 monitor port counters 80 reset port 85 set dap 85 set port 87 set port-group 88 set port media-type 89 set port mirror 90 set port name 91 set port negotiation ...
Page 6: Ip S
Set security l2-restrict 118 set vlan name 120 set vlan port 121 set vlan tunnel-affinity 122 6 q uality of s ervice c ommands commands by usage 123 clear qos 124 set qos cos-to-dscp-map 125 set qos dscp-to-cos-map 126 display qos 127 display qos dscp-table 128 7 ip s ervices c ommands commands by u...
Page 7
Display ip route 150 display ip telnet 152 display ntp 153 display snmp community 155 display snmp counters 156 display snmp notify profile 156 display snmp notify target 156 display snmp status 157 display snmp usm 158 display summertime 158 display timedate 159 display timezone 159 ping 160 set ar...
Page 8: Aaa C
Snmpv2c with informs 187 snmpv2c with traps 188 snmpv1 with traps 188 set snmp protocol 190 set snmp security 191 set snmp usm 192 set summertime 195 set system ip-address 196 set timedate 197 set timezone 198 telnet 199 traceroute 201 8 aaa c ommands commands by usage 205 clear accounting 207 clear...
Page 11
342 c hapter 11: m anaged a ccess p oint c ommands set dap auto radiotype sets the radio type for single-map radios that use the map configuration profile. Syntax — set dap auto [radiotype {11a
Page 12
Set service-profile auth-psk 395 set service-profile beacon 396 set service-profile cac-mode 397 set service-profile cac-session 398 set service-profile cipher-ccmp 399 set service-profile cipher-tkip 400 set service-profile cipher-wep40 401 set service-profile cipher-wep104 402 set service-profile ...
Page 13: Stp C
12 stp c ommands stp commands by usage 435 clear spantree portcost 436 clear spantree portpri 437 clear spantree portvlancost 437 clear spantree portvlanpri 438 clear spantree statistics 439 display spantree 440 display spantree backbonefast 443 display spantree blockedports 444 display spantree por...
Page 14: Acl C
Set igmp mrouter 479 set igmp mrsol 480 set igmp mrsol mrsi 480 set igmp oqi 481 set igmp proxy-report 482 set igmp qi 483 set igmp qri 484 set igmp querier 485 set igmp receiver 485 set igmp rv 486 14 s ecurity acl c ommands security acl commands by usage 489 clear security acl 490 clear security a...
Page 15: Radius
Display crypto certificate 526 display crypto key ssh 528 16 radius and s erver g roup c ommands commands by usage 529 clear radius 530 clear radius client system-ip 531 clear radius proxy client 532 clear radius proxy port 532 clear radius server 533 clear server group 533 set radius 534 set radius...
Page 16: Rf D
Set dot1x reauth 559 set dot1x reauth-max 560 set dot1x reauth-period 561 set dot1x timeout auth-server 561 set dot1x timeout supplicant 562 set dot1x tx-period 562 set dot1x wep-rekey 563 set dot1x wep-rekey-period 564 18 s ession m anagement c ommands commands by usage 565 clear sessions 565 clear...
Page 17
Set rf detect countermeasures 602 set rfdetect countermeasures mac 603 set rfdetect ignore 604 set rfdetect log 605 set rfdetect signature 606 set rfdetect ssid-list 607 set rfdetect vendor-list 608 test rflink 609 20 f ile m anagement c ommands commands by usage 611 backup 612 clear boot backup-con...
Page 18
Display trace 641 save trace 642 set trace authentication 642 set trace authorization 643 set trace dot1x 644 set trace sm 645 22 s noop c ommands commands by usage 647 clear snoop 648 clear snoop map 648 set snoop 649 set snoop map 652 set snoop mode 653 display snoop 654 display snoop info 654 dis...
Page 19
Diag 677 dir 677 display 678 fver 680 help 681 ls 682 next 683 reset 684 test 685 version 686 a o btaining s upport for y our 3c om p roducts register your product to gain service benefits 687 solve problems online 687 purchase extended warranty and professional services 688 access software download...
Page 21: Bout
Conventions 21 a bout t his g uide this command reference explains mobility system software (mss™) command line interface (cli) that you enter on a 3com wxr100 or wx1200 wireless switch or wx4400 or wx2200 wireless lan controller to configure and manage the mobility system™ wireless lan (wlan). Read...
Page 22
22 a bout t his g uide this manual uses the following text and syntax conventions: documentation the mss documentation set includes the following documents. Wireless lan switch manager (3wxm) release notes these notes provide information about the 3wxm software release, including new features and bu...
Page 23
Documentation comments 23 wireless lan switch manager reference manual this manual shows you how to plan, configure, deploy, and manage a mobility system wireless lan (wlan) using the 3com wireless lan switch manager (3wxm). Wireless lan switch manager user’s guide this manual shows you how to plan,...
Page 24
24 a bout t his g uide please note that we can only respond to comments and questions about 3com product documentation at this e-mail address. Questions related to technical support or sales should be directed in the first instance to your network supplier..
Page 25: Sing
1 u sing the c ommand -l ine i nterface this chapter discusses the 3com wireless switch manager (3wxm) command-line interface (cli). Described are: cli conventions (see “cli conventions” on page 26) editing on the command line (see “command-line editing” on page 31) using the cli help feature (see “...
Page 26
26 c hapter 1: u sing the c ommand -l ine i nterface cli conventions be aware of the following mss cli conventions for command entry: “command prompts” on page 26 “syntax notation” on page 26 “text entry conventions and allowed characters” on page 27 “user globs, mac address globs, and vlan globs” o...
Page 28
28 c hapter 1: u sing the c ommand -l ine i nterface ip address and mask notation mss displays ip addresses in dotted decimal notation — for example, 192.168.1.111. Mss makes use of both subnet masks and wildcard masks. Subnet masks unless otherwise noted, use classless interdomain routing (cidr) fo...
Page 29
Cli conventions 29 table 3 gives examples of user globs. Mac address globs a media access control (mac) address glob is a similar method for matching some authentication, authorization, and accounting (aaa) and forwarding database (fdb) commands to one or more 6-byte mac addresses. In a mac address ...
Page 30
30 c hapter 1: u sing the c ommand -l ine i nterface vlan globs a vlan glob is a method for matching one of a set of local rules on an wireless lan switch, known as the location policy, to one or more users. Mss compares the vlan glob, which can optionally contain wildcard characters, against the vl...
Page 31
Command-line editing 31 a hyphen-separated range of port numbers, with no spaces. For example: wx1200# reset port 1-3 any combination of single numbers, lists, and ranges. Hyphens take precedence over commas. For example: wx1200# display port status 1-3,6 virtual lan identification the names of virt...
Page 32
32 c hapter 1: u sing the c ommand -l ine i nterface history buffer the history buffer stores the last 63 commands you entered during a terminal session. You can use the up arrow and down arrow keys to select a command that you want to repeat from the history buffer. Tabs the mss cli uses the tab ke...
Page 33
Using cli help 33 using cli help the cli provides online help. To see the full range of commands available at your access level, type the help command. For example: wx1200# help commands: ------------------------------------------------------------------------- clear clear, use 'clear help' for more...
Page 34
34 c hapter 1: u sing the c ommand -l ine i nterface to see all the variations, type one of the commands followed by a question mark (?). For example: wx1200# display ip ? Alias display ip aliases dns display dns status https display ip https route display ip route table telnet display ip telnet to ...
Page 35: Ccess
2 a ccess c ommands this chapter describes access commands used to control access to the mobility software system (mss) command-line interface (cli). Commands by usage this chapter presents access services commands alphabetically. Use table 5 to located commands in this chapter based on their use. D...
Page 36
36 c hapter 2: a ccess c ommands enable places the cli session in enabled mode, which provides access to all commands required for configuring and monitoring the system. Syntax — enable access — all. History — introduced in mss version 3.0. Usage — mss displays a password prompt to challenge you wit...
Page 37
Set enablepass 37 set enablepass sets the password that provides enabled access (for configuration and monitoring) to the wx switch. Syntax — set enablepass defaults — none. Access — enabled. History — introduced in mss version 3.0. Usage — after typing the set enablepass command, press enter. If yo...
Page 38
38 c hapter 2: a ccess c ommands.
Page 39: Ystem
3 s ystem s ervice c ommands use system services commands to configure and monitor system information for a wx switch. Commands by usage this chapter presents system service commands alphabetically. Use table 6 to locate commands in this chapter based on their use. Table 6 system services commands b...
Page 40
40 c hapter 3: s ystem s ervice c ommands clear banner motd deletes the message-of-the-day (motd) banner that is displayed before the login prompt for each cli session on the wireless lan switch. Syntax — clear banner motd defaults — none. Access — enabled. History — introduced in mss version 3.0. E...
Page 41
Clear history 41 clear history deletes the command history buffer for the current cli session. Syntax — clear history defaults — none. Access — all. History — introduced in mss version 3.0. Examples — to clear the history buffer, type the following command: wx4400# clear history success: command buf...
Page 43
Display banner motd 43 display banner motd shows the banner that was configured with the set banner motd command. Syntax — display banner motd defaults — none. Access — enabled. History — introduced in mss version 3.0. Examples — to show the banner with the message of the day, type the following com...
Page 44
44 c hapter 3: s ystem s ervice c ommands see also display boot on page 622 display config on page 623 display license on page 44 display system on page 45 display version on page 625 display license displays information about the license currently installed on the wx switch. Syntax — display licens...
Page 45
Display load 45 display load displays cpu usage on a wx switch. Syntax — display load defaults — none. Access — enabled. History — introduced in mss version 4.1. Examples — to display the cpu load recorded from the time the wx switch was booted, as well as from the previous time the display load com...
Page 46
46 c hapter 3: s ystem s ervice c ommands examples — to show system information, type the following command: wx4400# display system =============================================================================== product name: wx4400 system name: wx-bldg3 system countrycode: us system location: first...
Page 47
Display system 47 system idle timeout number of seconds mss allows a cli management session (console, telnet, or ssh) to remain idle before terminating the session. (the system idle timeout can be configured using the set system idle-timeout command.) system mac wx switch’s media access control (mac...
Page 48
48 c hapter 3: s ystem s ervice c ommands see also clear system on page 42 set system contact on page 57 set system countrycode on page 58 set system idle-timeout on page 62 set system location on page 64 set system name on page 65 help displays a list of commands that can be used to configure and m...
Page 49
History 49 crypto crypto, use 'crypto help' for more information delete delete url dir show list of files on flash device disable disable privileged mode display display, use 'display help' for more information disp tech support display technical support information exit exit from the admin session ...
Page 50
50 c hapter 3: s ystem s ervice c ommands see also clear history on page 41 quickstart runs a script that interactively helps you configure a new switch. (for more information, see the “cli quickstart command” section of the “wx setup methods” chapter in the wireless lan switch and controller config...
Page 51
Set auto-config 51 when the 3wxm server in the corporate network receives the configuration request, the server looks in the currently open network plan for a switch configuration with the same model and serial number as the one in the configuration request. If the network plan contains a configurat...
Page 52
52 c hapter 3: s ystem s ervice c ommands examples — the following commands stage a wx switch to use the auto-config option. The network where the switch is installed has a dhcp server, so the switch is configured to use the mss dhcp client to obtain an ip address, default gateway address, dns domai...
Page 53
Set confirm 53 access — enabled. History — introduced in mss version 3.0. Usage — type a caret (^), then the message, then another caret. Do not use the following characters with commands in which you set text to be displayed on the wx switch, such as message-of-the-day (motd) banners: ampersand (&)...
Page 54
54 c hapter 3: s ystem s ervice c ommands usage — this command remains in effect for the duration of the session, until you enter a quit command, or until you enter another set confirm command. Mss displays a message requiring confirmation when you enter certain commands that can have a potentially ...
Page 55
Set license 55 set license installs an upgrade license, for managing more maps. Syntax — set license license-key activation-key license-key — license key, starting with wxl. You can enter the key with or without the hyphens. Activation-key — activation key, starting with wxa. You can enter the key w...
Page 56
56 c hapter 3: s ystem s ervice c ommands set prompt changes the cli prompt for the wx switch to a string you specify. Syntax — set prompt string string — alphanumeric string up to 32 characters long. To include spaces in the prompt, you must enclose the string in double quotation marks (“”). Defaul...
Page 57
Set system contact 57 set system contact stores a contact name for the wx switch. Syntax — set system contact string string — alphanumeric string up to 256 characters long, with no blank spaces. Defaults — none. Access — enabled. History — introduced in mss version 3.0. To view the system contact st...
Page 58
58 c hapter 3: s ystem s ervice c ommands set system countrycode defines the country-specific ieee 802.11 regulations to enforce on the wx switch. Syntax — set system countrycode code code — two-letter code for the country of operation for the wx switch. You can specify one of the codes listed in ta...
Page 59
Set system countrycode 59 france fr germany de greece gr guatemala gt honduras hn hong kong hk hungary hu iceland is india in indonesia id ireland ie israel il italy it jamaica jm japan jp jordan jo kazakhstan kz kenya ke kuwait kw latvia lv lebanon lb liechtenstein li lithuania lt luxembourg lu mal...
Page 60
60 c hapter 3: s ystem s ervice c ommands nigeria ng norway no oman om pakistan pk panama pa paraguay py peru pe philippines ph poland pl portugal pt puerto rico pr romania ro russia ru saudi arabia sa serbia cs singapore sg slovakia sk slovenia si south africa za south korea kr spain es sri lanka l...
Page 61
Set system countrycode 61 defaults — the factory default country code is none. Access — enabled. History — introduced in mss version 3.0. Usage — you must set the system county code to a valid value before using any set ap commands to configure a map. Examples — to set the country code to canada, ty...
Page 62
62 c hapter 3: s ystem s ervice c ommands set system idle-timeout specifies the maximum number of seconds a cli management session with the switch can remain idle before mss terminates the session. Syntax — set system idle-timeout seconds seconds — number of seconds a cli management session can rema...
Page 63
Set system ip-address 63 set system ip-address sets the system ip address so that it can be used by various services in the wx switch. Caution: any currently configured mobility domain operations cease if you change the ip address. If you change the address, you must reset the mobility domain. Synta...
Page 64
64 c hapter 3: s ystem s ervice c ommands set system location stores location information for the wx switch. Syntax — set system location string string — alphanumeric string up to 256 characters long, with no blank spaces. Defaults — none. Access — enabled. History — introduced in mss version 3.0. U...
Page 65
Set system name 65 set system name changes the name of the wx switch from the default system name and also provides content for the cli prompt, if you do not specify a prompt. Syntax — set system name string string — alphanumeric string up to 256 characters long, with no blank spaces. Use a unique n...
Page 66
66 c hapter 3: s ystem s ervice c ommands.
Page 67: Ort
4 p ort c ommands use port commands to configure and manage individual ports and load-sharing port groups. Commands by usage this chapter presents port commands alphabetically. Use table 9 to locate commands in this chapter based on their use. Table 9 port commands by usage type command port type se...
Page 68
68 c hapter 4: p ort c ommands clear dap removes a distributed map. Caution: when you clear a distributed map, mss ends user sessions that are using the map. Syntax — clear dap dap-num dap-num — number of the distributed map(s) you want to remove. Defaults — none. Access — enabled. History — introdu...
Page 69
Clear port counters 69 clear port counters clears port statistics counters and resets them to 0. Syntax — clear port counters defaults — none. Access — enabled. History — introduced in mss version 3.0. Examples — the following command clears all port statistics counters and resets them to 0: wx4400#...
Page 70
70 c hapter 4: p ort c ommands clear port media-type disables the copper interface and reenables the fiber interface on an wx4400 gigabit ethernet port. Syntax — clear port media-type port-list port-list— list of physical ports. Mss disables the copper interface and reenables the fiber interface on ...
Page 71
Clear port mirror 71 examples — the following command clears the names of ports 1 through 3: wx4400# clear port 1-3 name see also display port status on page 77 set port name on page 91 clear port mirror removes a port mirroring configuration. Syntax — clear port mirror defaults — none. Access — ena...
Page 72
72 c hapter 4: p ort c ommands history — introduced in mss version 3.0. Usage — this command applies only to the wx4400. This command does not affect a link that is already active on the port. Examples — the following command clears the preference set on port 2 on a wx4400 switch: wx4400# clear port...
Page 73
Display port counters 73 examples — the following command clears port 5: wx1200# clear port type 5 this may disrupt currently authenticated users. Are you sure? (y/n) [n]y success: change accepted. See also set port type ap on page 95 set port type wired-auth on page 98 display port counters display...
Page 74
74 c hapter 4: p ort c ommands receive-etherstats — shows ethernet statistics for received packets. Transmit-etherstats — shows ethernet statistics for transmitted packets. Port port-list — list of physical ports. If you do not specify a port list, mss shows statistics for all ports. Defaults — none...
Page 75
Display port mirror 75 examples — the following command displays the configuration of port group server2: wx1200# display port-group name server2 port group: server2 is up ports: 5, 7 table 11 describes the fields in the display port-group output. See also clear port-group on page 69 set port-group ...
Page 76
76 c hapter 4: p ort c ommands see also display port mirror on page 75 set port mirror on page 90 display port poe displays status information for ports on which power over ethernet (poe) is enabled. Syntax — display port poe [port-list] port-list — list of physical ports. If you do not specify a po...
Page 77
Display port status 77 see also set port poe on page 92 display port status displays configuration and status information for ports. Syntax — display port status [port-list] port-list — list of physical ports. If you do not specify a port list, information is displayed for all ports. Defaults — none...
Page 78
78 c hapter 4: p ort c ommands examples — the following command displays information for all ports on a wx1200 switch: wx1200# display port status port name admin oper config actual type media =============================================================================== 1 1 up up auto 100/full net...
Page 79
Display port media-type 79 see also clear port type on page 72 set port on page 87 set port name on page 91 set port negotiation on page 91 set port speed on page 93 set port type ap on page 95 set port type wired-auth on page 98 display port media-type displays the enabled interface types on a wx44...
Page 80
80 c hapter 4: p ort c ommands examples — the following command displays the enabled interface types on all four ports of a wx4400 switch: wx4400# display port media-type port media type =========================================================== 1 gbic 2 rj45 3 gbic 4 gbic table 14 describes the fi...
Page 81
Monitor port counters 81 transmit-etherstats — displays ethernet statistics for transmitted packets first. Defaults — all types of statistics are displayed for all ports. Mss refreshes the statistics every 5 seconds. This interval cannot be configured. Statistics types are displayed in the following...
Page 82
82 c hapter 4: p ort c ommands for error reporting, the cyclic redundancy check (crc) errors include misalignment errors. Jumbo packets with valid crcs are not counted. A short packet can be reported as a short packet, a crc error, or an overrun. In some circumstances, the transmitted octets counter...
Page 83
Monitor port counters 83 packets rx unicast number of unicast packets received. This number does not include packets that contain errors. Rx nonunicast number of broadcast and multicast packets received. This number does not include packets that contain errors. Tx unicast number of unicast packets t...
Page 84
84 c hapter 4: p ort c ommands see also display port counters on page 73 collisions single coll total number of frames transmitted that experienced one collision before 64 bytes of the frame were transmitted on the network. Multiple coll total number of frames transmitted that experienced more than ...
Page 85
Reset port 85 reset port resets a port by toggling its link state and power over ethernet (poe) state. Syntax — reset port port-list port-list — list of physical ports. Mss resets all the specified ports. Defaults — none. Access — enabled. History — introduced in mss version 3.0. Usage — the reset c...
Page 86
86 c hapter 4: p ort c ommands dap-num — number for the distributed map. The range of valid connection numbers depends on the wx switch model: for a wx4400, you can specify a number from 1 to 256. For a wx1200, you can specify a number from 1 to 30. Serial-id serial-id — map access point serial id. ...
Page 89
Set port media-type 89 see also clear port-group on page 69 display port-group on page 74 set port media-type disables the fiber interface and enables the copper interface on an wx4400 gigabit ethernet port. Syntax — set port media-type port-list rj45 port-list —list of physical ports. Mss sets the ...
Page 90
90 c hapter 4: p ort c ommands set port mirror configures port mirroring. Port mirroring is a troubleshooting feature that copies (mirrors) traffic sent or received by a wx port (the source port) to another port (the observer) on the same wx. You can attach a protocol analyzer to the observer port t...
Page 91
Set port name 91 set port name assigns a name to a port. After naming a port, you can use the port name or number in other cli commands. Syntax — set port port name name port — number of a physical port. You can specify only one port. Name name — alphanumeric string of up to 16 characters, with no s...
Page 92
92 c hapter 4: p ort c ommands access — enabled. History — introduced in mss version 3.0. Usage — wx1200 10/100 ethernet ports support half-duplex and full-duplex operation. 3com recommends that you do not configure the mode of an wx port so that one side of the link is set to autonegotiation while ...
Page 93
Set port speed 93 access — enabled. History — introduced in mss version 3.0. Usage — this command does not apply to any gigabit ethernet ports or to ports 7 and 8 on the wx1200 switch. Examples — the following command disables poe on ports 4 and 5, which are connected to a map access point: wx1200# ...
Page 94
94 c hapter 4: p ort c ommands history — introduced in mss version 3.0. Usage — 3com recommends that you do not configure the mode of a wx port so that one side of the link is set to autonegotiation while the other side is set to full-duplex. Although mss allows this configuration, it can result in ...
Page 95
Set port type ap 95 see also set ip snmp server on page 173 set snmp community on page 179 set port type ap configures an wx switch port for a map access point. Caution: when you set the port type for map use, you must specify the poe state (enable or disable) of the port. Use the wx switch’s poe to...
Page 96
96 c hapter 4: p ort c ommands this option does not apply to single-radio models. Defaults — all wx ports are network ports by default. Map access point models ap2750, map-241, and map-341 have a single radio that can be configured for 802.11a or 802.11b/g. Other map models have two radios. On two-r...
Page 97
Set port type ap 97 this command does not apply to any gigabit ethernet ports or to ports 7 and 8 on the wx1200 switch. To manage a map access point on a switch model that does not have 10/100 ethernet ports, use the set dap command to configure a distributed map connection on the switch. Examples —...
Page 99
Set port type wired-auth 99 access — enabled. History—introduced in mss version 3.0. Option for webaaa fallthru authentication type changed from web-auth to web-portal in mss version 4.0. Usage — you cannot set a port’s type if the port is a member of a port vlan. To remove a port from a vlan, use t...
Page 100
100 c hapter 4: p ort c ommands for non-802.1x clients, who use mac authentication, webaaa, or last-resort authentication, wired authentication works if the clients are directly attached or indirectly attached. Examples — the following command sets port 2 for a wired authentication user: wx1200# set...
Page 101: Vlan C
5 vlan c ommands use virtual lan (vlan) commands to configure and manage parameters for individual port vlans on network ports, and to display information about clients roaming within a mobility domain. Commands by usage this chapter presents vlan commands alphabetically. Use table 19 to locate comm...
Page 103
Clear security 12-restrict 103 the following command clears all dynamic forwarding database entries that match all vlans: wx4400# clear fdb dynamic success: change accepted. The following command clears all dynamic forwarding database entries that match ports 3 and 5: wx4400# clear fdb port 3,5 succ...
Page 104
104 c hapter 5: vlan c ommands examples — the following command removes mac address aa:bb:cc:dd:ee:ff from the list of addresses to which clients in vlan abc_air are allowed to send traffic at layer 2: wx4400# clear security 12-restrict vlan abc_air permit-mac aa:bb:cc:dd:ee:ff success: change accep...
Page 105
Clear vlan 105 clear vlan removes physical or virtual ports from a vlan or removes a vlan entirely. Caution: when you remove a vlan, mss completely removes the vlan from the configuration and also removes all configuration information that uses the vlan. If you want to remove only a specific port fr...
Page 106
106 c hapter 5: vlan c ommands the following command completely removes vlan marigold: wx4400# clear vlan marigold this may disrupt user connectivity. Do you wish to continue? (y/n) [n]y success: change accepted. See also set vlan port on page 121 display vlan config on page 115 display fdb displays...
Page 107
Display fdb 107 access — all. History —introduced in mss version 3.0. Usage — to display the entire forwarding database, enter the display fdb command without options. To display only a portion of the database, use optional parameters to specify the types of entries you want to display. Examples — t...
Page 108
108 c hapter 5: vlan c ommands see also clear fdb on page 102 set fdb on page 117 display fdb agingtime displays the aging timeout period for forwarding database entries. Syntax — display fdb agingtime [vlan vlan-id] vlan vlan-id — vlan name or number. If you do not specify a vlan, the aging timeout...
Page 110
110 c hapter 5: vlan c ommands display roaming station shows a list of the stations roaming to the wireless lan switch through a vlan tunnel. Syntax — display roaming station [vlan vlan-id] [peer ip-addr ] vlan vlan-id — output is restricted to stations using this vlan. Peer ip-addr — output is rest...
Page 111
Display roaming station 111 see also display roaming vlan on page 112 state state of the session: setup — station is attempting to roam to this wx switch. This switch has asked the wx from which the station is roaming for the station’s session information and is waiting for a reply. Up — mss has est...
Page 112
112 c hapter 5: vlan c ommands display roaming vlan shows all vlans in the mobility domain, the wx switches servicing the vlans, and their tunnel affinity values configured on each switch for the vlans. Syntax — display roaming vlan defaults — none. Access — enabled. History —introduced in mss versi...
Page 114
114 c hapter 5: vlan c ommands see also clear security 12-restrict on page 103 clear security 12-restrict counters on page 104 set security l2-restrict on page 118 display tunnel shows the tunnels from the wireless lan switch where you type the command. Syntax — display tunnel defaults — none. Acces...
Page 115
Display vlan config 115 see also display vlan config on page 115 display vlan config shows vlan information. Syntax — display vlan config [vlan-id] vlan-id — vlan name or number. If you do not specify a vlan, information for all vlans is displayed. Defaults — none. Access — all. History —introduced ...
Page 116
116 c hapter 5: vlan c ommands table 25 describes the fields in this display. See also clear security 12-restrict on page 103 set security l2-restrict on page 118 set vlan port on page 121 set vlan tunnel-affinity on page 122 table 25 output for display vlan config field description vlan vlan number...
Page 118
118 c hapter 5: vlan c ommands see also clear fdb on page 102 display fdb on page 106 set fdb agingtime changes the aging timeout period for dynamic entries in the forwarding database. Syntax — set fdb agingtime vlan-id age seconds vlan-id — vlan name or number. The timeout period change applies onl...
Page 120
120 c hapter 5: vlan c ommands set vlan name creates a vlan and assigns a number and name to it. Syntax — set vlan vlan-num name name vlan-num — vlan number. You can specify a number from 2 through 4093. Name — string up to 16 alphabetic characters long. Defaults — vlan 1 is named default by default...
Page 121
Set vlan port 121 set vlan port assigns one or more network ports to a vlan. You also can add a virtual port to each network port by adding a tag value to the network port. Syntax — set vlan vlan-id port port-list [tag tag-value] vlan-id — vlan name or number. Port port-list — list of physical ports...
Page 122
122 c hapter 5: vlan c ommands set vlan tunnel-affinity changes a wireless lan switch’s preferability within a mobility domain for tunneling user traffic for a vlan. When a user roams to a wx switch that is not a member of the user’s vlan, the wx can forward the user traffic by tunneling to another ...
Page 123: Uality
6 q uality of s ervice c ommands use quality of service (qos) commands to configure packet prioritization in mss. Packet prioritization ensures that wx switches and map access points give preferential treatment to high-priority traffic such as voice and video. (to override the prioritization for spe...
Page 124
124 c hapter 6: q uality of s ervice c ommands clear qos resets the switch’s mapping of differentiated services code point (dscp) values to internal qos values. The switch’s internal qos map ensures that prioritized traffic remains prioritized while transiting through the wx switch. A wx switch uses...
Page 125
Set qos cos-to-dscp-map 125 set qos cos-to-dscp-map changes the value to which mss maps an internal qos value when marking outbound packets. Syntax — set qos cos-to-dscp-map level dscp dscp-value level — internal cos value. You can specify a number from 0 to 7. Dscp dscp-value — dscp value. You can ...
Page 126
126 c hapter 6: q uality of s ervice c ommands set qos dscp-to-cos-map changes the internal qos value to which mss maps a packet’s dscp value when classifying inbound packets. Syntax — set qos dscp-to-cos-map dscp-range cos level dscp-range — you can specify the values as decimal numbers. Valid deci...
Page 127
Display qos 127 display qos displays the switch’s qos settings. Syntax — display qos [default] default — displays the default mappings. Defaults — none. Access — enabled. History —introduced in mss version 4.1. Examples — the following command displays the default qos settings: wx1200# display qos d...
Page 128
128 c hapter 6: q uality of s ervice c ommands display qos dscp-table displays a table that maps differentiated services code point (dscp) values to their equivalent combinations of ip precedence values and ip tos values. Syntax — display qos dscp-table defaults — none. Access — enabled. History —in...
Page 129: Ip S
7 ip s ervices c ommands use ip services commands to configure and manage ip interfaces, management services, the domain name service (dns), network time protocol (ntp), and aliases, and to ping a host or trace a route. Commands by usage this chapter presents ip services commands alphabetically. Use...
Page 130
130 c hapter 7: ip s ervices c ommands https management set ip https server on page 171 display ip https on page 149 dns set ip dns on page 168 set ip dns domain on page 169 set ip dns server on page 170 display ip dns on page 148 clear ip dns domain on page 133 clear ip dns server on page 133 ip al...
Page 131
Clear interface 131 clear interface removes an ip interface. Syntax — clear interface vlan-id ip vlan-id — vlan name or number defaults — none. Access — enabled. History — introduced in mss version 3.0. Usage — if the interface you want to remove is configured as the system ip address, removing the ...
Page 132
132 c hapter 7: ip s ervices c ommands topology reporting for dual-homed map access points default source ip address used in unsolicited communications such as aaa accounting reports and snmp traps examples — the following command removes the ip interface configured on vlan mauve: wx1200# clear inte...
Page 133
Clear ip dns domain 133 clear ip dns domain removes the default dns domain name. Syntax — clear ip dns domain defaults — none. Access — enabled. History — introduced in mss version 3.0. Examples — the following command removes the default dns domain name from a wx switch: wx1200# clear ip dns domain...
Page 135
Clear ip telnet 135 clear ip telnet resets the telnet server’s tcp port number to its default value. A wx switch listens for telnet management traffic on the telnet server port. Syntax — clear ip telnet defaults — the default telnet port number is 23. Access — enabled. History — introduced in mss ve...
Page 136
136 c hapter 7: ip s ervices c ommands examples — the following command removes ntp server 192.168.40.240 from a wx switch configuration: wx4400# clear ntp server 192.168.40.240 success: change accepted. See also clear ntp update-interval on page 136 display ntp on page 153 set ntp on page 177 set n...
Page 137
Clear snmp community 137 clear snmp community clears an snmp community string. Syntax — clear snmp community name comm-string comm-string — name of the snmp community you want to clear. Defaults — none. Access — enabled. History —introduced in mss version 4.0. Examples — the following command clears...
Page 138
138 c hapter 7: ip s ervices c ommands see also set snmp notify profile on page 181 display snmp notify profile on page 156 clear snmp notify target clears an snmp notification target. Syntax — clear snmp notify target target-num target-num — id of the target. Defaults — none. Access — enabled. Hist...
Page 139
Clear summertime 139 examples — the following command clears snmpv3 user snmpmgr1: wx1200# clear snmp usm snmpmgr1 success: change accepted. See also set snmp usm on page 192 display snmp usm on page 158 clear summertime clears the summertime setting from a wireless lan switch. Syntax — clear summer...
Page 140
140 c hapter 7: ip s ervices c ommands clear system ip-address clears the system ip address. Caution: clearing the system ip address disrupts the system tasks that use the address. Syntax — clear system ip-address defaults — none. Access — enabled. History — introduced in mss version 3.0. Usage — cl...
Page 141
Display arp 141 history — introduced in mss version 3.0. Examples — to return the wx switch’s real-time clock to utc, type the following command: wx4400# clear timezone success: change accepted. See also clear summertime on page 139 set summertime on page 195 set timedate on page 197 set timezone on...
Page 142
142 c hapter 7: ip s ervices c ommands table 28 describes the fields in this display. See also set arp on page 162 set arp agingtime on page 163 display dhcp-client displays dhcp client information for all vlans. Syntax — display dhcp-client defaults — none. Access — all. History — introduced in mss...
Page 143
Display dhcp-client 143 examples — the following command displays dhcp client information: wx1200# display dhcp-client interface: corpvlan(4) configuration status: enabled dhcp state: if_up lease allocation: 65535 seconds lease remaining: 65532 seconds ip address: 10.3.1.110 subnet mask: 255.255.255...
Page 144
144 c hapter 7: ip s ervices c ommands display dhcp-server displays mss dhcp server information. Syntax — display dhcp-server [interface vlan-id] [verbose] interface vlan-id — displays the ip addresses leased by the specified vlan. Verbose — displays configuration and status information for the mss ...
Page 145
Display dhcp-server 145 default gateway: 10.10.20.1 dns servers: 10.10.20.4 10.10.20.5 dns domain name: mycorp.Com table 30 and table 31 describe the fields in these displays. Table 30 output for display dhcp-server field description vlan vlan number name vlan name address ip address leased by the s...
Page 146
146 c hapter 7: ip s ervices c ommands see also set interface dhcp-server on page 166 display interface shows the ip interfaces configured on the wireless lan switch. Syntax — display interface [vlan-id] vlan-id — vlan name or number. Defaults — if you do not specify a vlan id, interfaces for all vl...
Page 147
Display ip alias 147 see also clear interface on page 131 set interface on page 164 set interface dhcp-client on page 165 display ip alias shows the ip aliases configured on the wireless lan switch. Syntax — display ip alias [name] name — alias string. Defaults — if you do not specify an alias name,...
Page 148
148 c hapter 7: ip s ervices c ommands table 33 describes the fields in this display. See also clear ip alias on page 132 set ip alias on page 168 display ip dns shows the dns servers the wireless lan switch is configured to use. Syntax — display ip dns defaults — none. Access — all. History —introd...
Page 149
Display ip https 149 see also clear ip dns domain on page 133 clear ip dns server on page 133 set ip dns on page 168 set ip dns domain on page 169 set ip dns server on page 170 display ip https shows information about the https management port. Syntax — display ip https defaults — none. Access — all...
Page 150
150 c hapter 7: ip s ervices c ommands see also clear ip telnet on page 135 display ip telnet on page 152 set ip https server on page 171 set ip telnet on page 175 set ip telnet server on page 176 display ip route shows the ip route table. Syntax — display ip route [destination] destination — route ...
Page 151
Display ip route 151 usage — when you add an ip interface to a vlan that is up, mss adds direct and local routes for the interface to the route table. If the vlan is down, mss does not add the routes. If you add an interface to a vlan but the routes for that interface do not appear in the route tabl...
Page 152
152 c hapter 7: ip s ervices c ommands see also clear ip route on page 134 display interface on page 146 display vlan config on page 115 set interface on page 164 set ip route on page 171 display ip telnet shows information about the telnet management port. Syntax — display ip telnet defaults — none...
Page 153
Display ntp 153 examples — the following command shows the status and port number for the telnet management interface to the wx switch: wx4400> display ip telnet server status port ---------------------------------- enabled 23 table 37 describes the fields in this display. See also clear ip telnet o...
Page 154
154 c hapter 7: ip s ervices c ommands examples — to display ntp information for a wx switch, type the following command: wx4400> display ntp ntp client: enabled current update-interval: 20(secs) current time: fri feb 06 2004, 12:02:57 timezone is set to 'pst', offset from utc is -8:0 hours. Summert...
Page 155
Display snmp community 155 see also clear ntp server on page 135 clear summertime on page 139 clear timezone on page 140 display timezone on page 159 set ntp on page 177 set ntp server on page 178 set summertime on page 195 set timezone on page 198 display snmp community displays the configured snmp...
Page 156
156 c hapter 7: ip s ervices c ommands see also clear snmp community on page 137 set snmp community on page 179 display snmp counters displays snmp statistics counters. Syntax — display snmp counters defaults — none. Access — enabled. History —introduced in mss version 4.0. Display snmp notify profi...
Page 157
Display snmp status 157 see also clear snmp notify target on page 138 set snmp notify target on page 185 display snmp status displays snmp version and status information. Syntax — display snmp status defaults — none. Access — enabled. History —introduced in mss version 4.0. See also set snmp communi...
Page 158
158 c hapter 7: ip s ervices c ommands display snmp usm displays information about snmpv3 users. Defaults — none. Access — enabled. History —introduced in mss version 4.0. See also clear snmp usm on page 138 display snmp usm on page 158 display summertime shows a wireless lan switch’s offset from it...
Page 159
Display timedate 159 set timedate on page 197 set timezone on page 198 display timedate shows the date and time of day currently set on a wireless lan switch’s real-time clock. Syntax — display timedate defaults — none. Access — all. History —introduced in mss version 3.0. Examples — to display the ...
Page 160
160 c hapter 7: ip s ervices c ommands examples — to display the offset from utc, type the following command: wx4400# display timezone timezone set to 'pst', offset from utc is -8 hours see also clear summertime on page 139 clear timezone on page 140 display summertime on page 158 display timedate o...
Page 161
Ping 161 because the wx switch adds header information, the icmp packet size is 8 bytes larger than the size you specify. Source-ip ip-addr — ip address, in dotted decimal notation, to use as the source ip address in the ping packets. Source-ip vlan-name — vlan name to use as the ping source. Mss us...
Page 163
Set arp agingtime 163 set arp agingtime changes the aging timeout for dynamic arp entries. Syntax — set arp agingtime seconds seconds — number of seconds an entry can remain unused before mss removes the entry. You can specify from 0 through 1,000,000. To disable aging, specify 0. Defaults — none. A...
Page 165
Set interface dhcp-client 165 see also clear interface on page 131 display interface on page 146 set interface dhcp-client on page 165 set interface dhcp-client configures the dhcp client on a vlan, to allow the vlan to obtain its ip interface from a dhcp server. Syntax — set interface vlan-id ip dh...
Page 166
166 c hapter 7: ip s ervices c ommands see also clear interface on page 131 display dhcp-client on page 142 display interface on page 146 set interface dhcp-server configures the mss dhcp server. Use of the mss dhcp server to allocate client addresses is intended for temporary, demonstration deploym...
Page 167
Set interface status 167 examples — the following command enables the dhcp server on vlan red-vlan to serve addresses from the 192.168.1.5 to 192.168.1.25 range: wx1200# set interface red-vlan ip dhcp-server enable start 192.168.1.5 stop 192.168.1.25 success: change accepted. See also display dhcp-s...
Page 168
168 c hapter 7: ip s ervices c ommands set ip alias configures an alias, which maps a name to an ip address. You can use aliases as shortcuts in cli commands. Syntax — set ip alias name ip-addr name — string of up to 32 alphanumeric characters, with no spaces. Ip-addr — ip address in dotted decimal ...
Page 169
Set ip dns domain 169 see also clear ip dns domain on page 133 clear ip dns server on page 133 display ip dns on page 148 set ip dns domain on page 169 set ip dns server on page 170 set ip dns domain configures a default domain name for dns queries. The wireless lan switch appends the default domain...
Page 172
172 c hapter 7: ip s ervices c ommands ip-addr mask — ip address and subnet mask for the route destination, in dotted decimal notation (for example, 10.10.10.10 255.255.255.0). Ip-addr/mask-length — ip address and subnet mask length in cidr format (for example, 10.10.10.10/24). Gateway — ip address,...
Page 173
Set ip snmp server 173 examples — the following command adds a default route that uses gateway 10.5.4.1 and gives the route a cost of 1: wx4400# set ip route default 10.5.4.1 1 success: change accepted. The following commands add two default routes, and configure mss to always use the route through ...
Page 174
174 c hapter 7: ip s ervices c ommands history — introduced in mss version 3.0. Examples — the following command enables the snmp server on a wx switch: wx4400# set ip snmp server enable success: change accepted. See also set port trap on page 94 set snmp community on page 179 set ip ssh changes the...
Page 176
176 c hapter 7: ip s ervices c ommands history —introduced in mss version 3.0. Examples — the following command changes the telnet port number on a wx switch to 5000: wx4400# set ip telnet 5000 success: change accepted. See also clear ip telnet on page 135 display ip https on page 149 display ip tel...
Page 178
178 c hapter 7: ip s ervices c ommands set ntp server configures a wireless lan switch to use an ntp server. Syntax — set ntp server ip-addr ip-addr — ip address of the ntp server, in dotted decimal notation. Defaults — none. Access — enabled. History —introduced in mss version 3.0. Usage — you can ...
Page 179
Set ntp update-interval 179 set ntp update-interval changes how often mss sends queries to the ntp servers for updates. Syntax — set ntp update-interval seconds seconds — number of seconds between queries. You can specify from 16 through 1,024 seconds. Defaults — the default ntp update interval is 6...
Page 180
180 c hapter 7: ip s ervices c ommands read-notify — allows an snmp management application using the string to get object values on the switch but not to set them. The switch can use the string to send notifications. Notify-only — allows the switch to use the string to send notifications. Read-write...
Page 181
Set snmp notify profile 181 set ip snmp server on page 173 set snmp notify target on page 185 set snmp notify profile on page 181 set snmp protocol on page 190 set snmp security on page 191 set snmp usm on page 192 display snmp community on page 155 set snmp notify profile configures an snmp notific...
Page 182
182 c hapter 7: ip s ervices c ommands autotuneradiopowerchangetraps—generated when the rf auto-tuning feature changes the power setting on a radio. Clientassociationfailuretraps—generated when a client’s attempt to associate with a radio fails. Clientauthorizationsuccesstraps—generated when a clien...
Page 183
Set snmp notify profile 183 mobilitydomaintimeouttraps—generated when a timeout occurs after a wx switch has unsuccessfully tried to communicate with a seed member. Poefailtraps—generated when a serious poe problem, such as a short circuit, occurs. Rfdetectadhocusertraps—generated when mss detects a...
Page 184
184 c hapter 7: ip s ervices c ommands defaults — a default notification profile (named default) is already configured in mss. All notifications in the default profile are dropped by default. Access — enabled. History — introduced in mss version 4.0. Examples — the following command changes the acti...
Page 185
Set snmp notify target 185 wx1200# set snmp notify profile snmpprof_rfdetect send rfdetectspoofedssidaptraps success: change accepted. Wx1200# set snmp notify profile snmpprof_rfdetect send rfdetectunauthorizedaptraps success: change accepted. Wx1200# set snmp notify profile snmpprof_rfdetect send r...
Page 188
188 c hapter 7: ip s ervices c ommands ip-addr[:udp-port-number] — ip address of the server. You also can specify the udp port number to send notifications to. Community-string — community string. Profile profile-name — notification profile this snmp user will use to specify the notification types t...
Page 189
Set snmp notify target 189 community-string — community string. Profile profile-name — notification profile this snmp user will use to specify the notification types to send or drop. Defaults — the default udp port number on the target is 162. The default minimum required security level is unsecured...
Page 192
192 c hapter 7: ip s ervices c ommands see also set ip snmp server on page 173 set snmp community on page 179 set snmp notify target on page 185 set snmp notify profile on page 181 set snmp protocol on page 190 set snmp usm on page 192 display snmp status on page 157 set snmp usm creates a usm user ...
Page 194
194 c hapter 7: ip s ervices c ommands if the encryption type is des, 3des, or aes, you can specify a passphrase or a hexadecimal key. To specify a passphrase, use the encrypt-pass-phrase string option. The string can be from 8 to 32 alphanumeric characters long, with no spaces. To specify a key, us...
Page 195
Set summertime 195 set summertime offsets the real-time clock of a wireless lan switch by +1 hour and returns it to standard time for daylight savings time or a similar summertime period that you set. Syntax — set summertime summer-name [start week weekday month hour min end week weekday month hour ...
Page 196
196 c hapter 7: ip s ervices c ommands examples — to enable summertime and set the summertime time zone to pdt (pacific daylight time), type the following command: wx1200# set summertime pdt success: change accepted see also clear summertime on page 139 clear timezone on page 140 display summertime ...
Page 197
Set timedate 197 examples — the following commands configure an ip interface on vlan taupe and configure the interface to be the system ip address: wx4400# set interface taupe ip 10.10.20.20/24 success: set ip address 10.10.20.20 netmask 255.255.255.0 on vlan taupe wx4400# set system ip-address 10.1...
Page 198
198 c hapter 7: ip s ervices c ommands examples — the following command sets the date to march 13, 2003 and time to 11:11:12: wx4400# set timedate date feb 29 2004 time 23:58:00 time now is: sun feb 29 2004, 23:58:02 pst see also clear summertime on page 139 clear timezone on page 140 display summer...
Page 199
Telnet 199 examples — to set the time zone for pacific standard time (pst), type the following command: wx1200# set timezone pst -8 timezone is set to 'pst', offset from utc is -8:0 hours. See also clear summertime on page 139 clear timezone on page 140 display summertime on page 158 display timedat...
Page 200
200 c hapter 7: ip s ervices c ommands examples — in the following example, an administrator establishes a telnet session with another device and enters a command on the remote device: wx4400# telnet 10.10.10.90 session 0 pty tty2.D trying 10.10.10.90... Connected to 10.10.10.90 disconnect character...
Page 201
Traceroute 201 traceroute traces the route to an ip host. Syntax — traceroute host [dnf] [no-dns] [port port-num] [queries num] [size size] [ttl hops] [wait ms] host — ip address, hostname, or alias of the destination host. Specify the ip address in dotted decimal notation. Dnf — sets the do not fra...
Page 202
202 c hapter 7: ip s ervices c ommands examples — the following example traces the route to host server1: wx4400# traceroute server1 traceroute to server1.Example.Com (192.168.22.7), 30 hops max, 38 byte packets 1 engineering-1.Example.Com (192.168.192.206) 2 ms 1 ms 1 ms 2 engineering-2.Example.Com...
Page 203
Traceroute 203 see also ping on page 160 !F fragmentation needed but do not fragment (dnf) bit was set. !S source route failed. !A communication administratively prohibited. ? Unknown error occurred. Table 39 error messages for traceroute (continued) field description.
Page 204
204 c hapter 7: ip s ervices c ommands.
Page 205: Aaa C
8 aaa c ommands use authentication, authorization, and accounting (aaa) commands to provide a secure network connection and a record of user activity. Location policy commands override any virtual lan (vlan) or security acl assignment by aaa or the local wx database to help you control access locall...
Page 206
206 c hapter 8: aaa c ommands local authorization for password users set user on page 262 clear user on page 219 set user attr on page 263 clear user attr on page 220 set usergroup on page 265 clear usergroup on page 221 set user group on page 264 clear user group on page 221 clear usergroup attr on...
Page 208
208 c hapter 8: aaa c ommands clear authentication admin removes an authentication rule for administrative access through telnet or web manager. Syntax — clear authentication admin user-glob user-glob — a single user or set of users. Specify a username, use the double-asterisk wildcard character (**...
Page 209
Clear authentication console 209 clear authentication console removes an authentication rule for administrative access through the console. Syntax — clear authentication console user-glob user-glob — a single user or set of users. Specify a username, use the double-asterisk wildcard character (**) t...
Page 213
Clear authentication proxy 213 clear authentication proxy removes a proxy rule for third-party ap users. Syntax — clear authentication proxy ssid ssid-name user-glob ssid ssid-name — ssid name to which this authentication rule applies. User-glob — user-glob associated with the rule you are removing....
Page 214
214 c hapter 8: aaa c ommands examples — the following command removes webaaa for ssid research and userglob temp*@thiscorp.Com: wx4400# clear authentication web ssid research temp*@thiscorp.Com see also clear authentication admin on page 208 clear authentication console on page 209 clear authentica...
Page 215
Clear mac-user 215 see also display location policy on page 228 set location policy on page 248 clear mac-user removes a user profile from the local database on the wx switch, for a user who is authenticated by a mac address. (to remove a user profile in radius, see the documentation for your radius...
Page 216
216 c hapter 8: aaa c ommands clear mac-user attr removes an authorization attribute from the user profile in the local database on the wx switch, for a user who is authenticated by a mac address. (to remove an authorization attribute in radius, see the documentation for your radius server.) syntax ...
Page 217
Clear mac-usergroup 217 access — enabled. History —introduced in mss version 3.0. Usage — removing a mac user from a mac user group removes the group name from the user’s profile, but does not delete the user group from the local wx database. To remove the group, use clear mac-usergroup. Examples — ...
Page 218
218 c hapter 8: aaa c ommands see also clear mac-usergroup attr on page 218 display aaa on page 223 set mac-usergroup attr on page 258 clear mac-usergroup attr removes an authorization attribute from a mac user group in the local database on the wx switch, for a group of users who are authenticated ...
Page 219
Clear mobility-profile 219 clear mobility-profile removes a mobility profile entirely. Syntax — clear mobility-profile name name — name of an existing mobility profile. Defaults — none. Access — enabled. History —introduced in mss version 3.0. Examples — the following command removes the mobility pr...
Page 220
220 c hapter 8: aaa c ommands examples — the following command deletes the user profile for user nin: wx4400# clear user nin success: change accepted. See also display aaa on page 223 set user on page 262 clear user attr removes an authorization attribute from the user profile in the local database ...
Page 221
Clear user group 221 clear user group removes a user with a password from membership in a user group in the local database on the wx switch. (to remove a user from a user group in radius, see the documentation for your radius server.) syntax — clear user username group username — username of a user ...
Page 222
222 c hapter 8: aaa c ommands defaults — none. Access — enabled. History —introduced in mss version 3.0. Usage — removing a user group from the local wx database does not remove the user profiles of the group’s members from the database. Examples — the following command deletes the cardiology user g...
Page 223
Display aaa 223 examples — the following command removes the members of the user group cardiology from a network access time restriction by deleting the time-of-day attribute from the group: wx4400# clear usergroup cardiology attr time-of-day success: change accepted. See also clear usergroup on pag...
Page 224
224 c hapter 8: aaa c ommands set authentication admin jose sg3 set authentication console * none set authentication mac ssid mycorp * local set authentication dot1x ssid mycorp geetha eap-tls set authentication dot1x ssid mycorp * peap-mschapv2 sg1 sg2 sg3 set authentication dot1x ssid any ** peap-...
Page 226
226 c hapter 8: aaa c ommands set authentication last-resort on page 240 set authentication mac on page 243 set authentication web on page 246 display accounting statistics displays the aaa accounting records for wireless users. The records are stored in the local database on the wx switch. (to disp...
Page 227
Display accounting statistics 227 acct-status-type=start acct-authentic=0 user-name=vineet acct-multi-session-id=sess-4-01f82f-520793-bd779517 acct-session-id=sess-4-01f82f-520793-bd779517 event-timestamp=1134520793 aaa_acct_svc_attr=2 aaa_vlan_name_attr=default calling-station-id=00-06-25-12-06-38 ...
Page 229
Display mobility-profile 229 display mobility-profile displays the named mobility profile. If you do not specify a mobility profile name, this command shows all mobility profile names and port lists on the wx. Syntax — display mobility-profile [name] name — name of an existing mobility profile. Defa...
Page 230
230 c hapter 8: aaa c ommands specify a username, use the double-asterisk wildcard character (**) to specify all usernames, or use the single-asterisk wildcard character (*) to specify a set of usernames up to or following the first delimiter character—either an at sign (@) or a period (.). (for det...
Page 232
232 c hapter 8: aaa c ommands start-stop — sends accounting records at the start and end of a network session. Stop-only — sends accounting records only at the end of a network session. Method1, method2, method3, method4 — at least one of up to four methods that mss uses to process accounting record...
Page 233
Set authentication admin 233 set authentication admin configures authentication and defines where it is performed for specified users with administrative access through telnet or web manager. Syntax — set authentication admin user-glob method1 [method2] [method3] [method4] user-glob — single user or...
Page 234
234 c hapter 8: aaa c ommands history —introduced in mss version 3.0. The syntax descriptions for the set authentication commands have been separated for clarity. However, the options and behavior for the set authentication admin command are the same as in previous releases. Usage — you can configur...
Page 235
Set authentication console 235 set authentication mac on page 243 set authentication web on page 246 set authentication console configures authentication and defines where it is performed for specified users with administrative access through a console connection. Syntax — set authentication console...
Page 236
236 c hapter 8: aaa c ommands defaults — by default, authentication is deactivated for all console users, and the default authentication method in a console authentication rule is none. Mss requires no username or password, by default. These users can press enter at the prompts for administrative ac...
Page 237
Set authentication dot1x 237 set authentication mac on page 243 set authentication web on page 246 set authentication dot1x configures authentication and defines how and where it is performed for specified wireless or wired authentication clients who use an ieee 802.1x authentication protocol to acc...
Page 238
238 c hapter 8: aaa c ommands provides encryption and integrity checking for the connection cannot be used with radius server authentication (requires user information to be in the switch’s local database) peap-mschapv2 — protected eap (peap) with microsoft challenge handshake authentication protoco...
Page 239
Set authentication dot1x 239 access — enabled. History —introduced in mss version 3.0. Usage — you can configure different authentication methods for different groups of users by “globbing.” (for details, see “user globs” on page 28.) you can configure a rule either for wireless access to an ssid, o...
Page 240
240 c hapter 8: aaa c ommands examples — the following command configures eap-tls authentication in the local wx database for ssid mycorp and 802.1x client geetha: wx4400# set authentication dot1x ssid mycorp geetha eap-tls local success: change accepted. The following command configures peap-ms-cha...
Page 241
Set authentication last-resort 241 method1, method2, method3, method4 — at least one of up to four methods that mss uses to handle authentication. Specify one or more of the following methods in priority order. Mss applies multiple methods in the order you enter them. A method can be one of the foll...
Page 242
242 c hapter 8: aaa c ommands however, if local appears first, followed by a radius server group, mss overrides any failed searches in the local wx database and sends an authentication request to the server group. Mss uses a last-resort authentication rule under the following conditions: the client ...
Page 244
244 c hapter 8: aaa c ommands usage — you can configure different authentication methods for different groups of mac addresses by “globbing.” (for details, see “user globs, mac address globs, and vlan globs” on page 28.) if you specify multiple authentication methods in the set authentication mac co...
Page 245
Set authentication proxy 245 set authentication proxy configures a proxy authentication rule for a third-party ap’s wireless users. Syntax — set authentication proxy ssid ssid-name user-glob radius-server-group ssid ssid-name — ssid name to which this authentication rule applies. User-glob — a singl...
Page 246
246 c hapter 8: aaa c ommands set authentication web configures an authentication rule to allow a user to log in to the network using a web page served by the wx switch. The rule can be activated if the user is not otherwise granted or denied access by 802.1x, or granted access by mac authentication...
Page 247
Set authentication web 247 usage — you can configure different authentication methods for different groups of users by “globbing.” (for details, see “user globs” on page 28.) you can configure a rule either for wireless access to an ssid, or for wired access through a wx switch’s wired authenticatio...
Page 248
248 c hapter 8: aaa c ommands display aaa on page 223 set authentication admin on page 233 set authentication console on page 235 set authentication dot1x on page 237 set authentication last-resort on page 240 set location policy creates and enables a location policy on an wx switch. The location po...
Page 249
Set location policy 249 optionally, you can add the suffix .Out to the name. Condition options — mss takes the action specified by the rule if all conditions in the rule are met. You can specify one or more of the following conditions: ssid operator ssid-name — ssid with which the user is associated...
Page 250
250 c hapter 8: aaa c ommands modify rule-number — replaces the rule in the location policy with the new rule. Specify the number of the existing location policy rule. (to determine the number, use the display location policy command.) port port-list — list of physical port(s) by which to determine ...
Page 251
Set location policy 251 you can optionally add the suffixes .In and .Out to inacl-name and outacl-name so that they match the names of security acls stored in the local wx database. Examples — the following command denies network access to all users at *.Theirfirm.Com, causing them to fail authoriza...
Page 252
252 c hapter 8: aaa c ommands set mac-user configures a user profile in the local database on the wx switch for a user who can be authenticated by a mac address, and optionally adds the user to a mac user group. (to configure a mac user profile in radius, see the documentation for your radius server...
Page 253
Set mac-user attr 253 set mac-user attr assigns an authorization attribute in the local database on the wx switch to a user who is authenticated by a mac address. (to assign authorization attributes through radius, see the documentation for your radius server.) syntax — set mac-user mac-addr attr at...
Page 254
254 c hapter 8: aaa c ommands end-date date and time after which the user is no longer allowed to be on the network. Date and time, in the following format: yy/mm/dd-hh:mm you can use end-date alone or with start-date. You also can use start-date, end-date, or both in conjunction with time-of-day. F...
Page 255
Set mac-user attr 255 service-type type of access the user is requesting. One of the following numbers: 2—framed; for network user access 6—administrative; for administrative access to the wx switch, with authorization to access the enabled (configuration) mode. The user must enter the enable comman...
Page 256
256 c hapter 8: aaa c ommands time-of-day (network access mode only) day(s) and time(s) during which the user is permitted to log into the network. After authorization, the user’s session can last until either the time-of-day range or the session-timeout duration (if set) expires, whichever is short...
Page 257
Set mac-user attr 257 defaults — none. Access — enabled. History —introduced in mss version 3.0. Usage — to change the value of an attribute, enter set mac-user attr with the new value. To delete an attribute, use clear mac-user attr. You can assign attributes to individual mac users and to mac user...
Page 258
258 c hapter 8: aaa c ommands examples — the following command assigns input access control list (acl) acl-03 to filter the packets from a user at mac address 01:02:03:04:05:06: wx4400# set mac-user 01:02:03:04:05:06 attr filter-id acl-03.In success: change accepted. The following command restricts ...
Page 259
Set mobility-profile 259 usage — to change the value of an attribute, enter set mac-usergroup attr with the new value. To delete an attribute, use clear mac-usergroup attr. You can assign attributes to individual mac users and to mac user groups. If attributes are configured for a mac user and also ...
Page 260
260 c hapter 8: aaa c ommands dap-num — list of distributed map connections through which any user assigned this profile is allowed access. The same distributed map can be used in multiple mobility profile port lists. Defaults — no default mobility profile exists on the wx switch. If you do not assi...
Page 261
Set mobility-profile mode 261 the following command adds port 3 to the magnolia mobility profile (which is already assigned to port 2): wx1200# set mobility-profile name magnolia port 3 success: change accepted. See also clear mobility-profile on page 219 display mobility-profile on page 229 set mac...
Page 262
262 c hapter 8: aaa c ommands see also clear mobility-profile on page 219 display mobility-profile on page 229 set mobility-profile on page 259 set user configures a user profile in the local database on the wx switch for a user with a password. (to configure a user profile in radius, see the docume...
Page 263
Set user attr 263 the following command assigns the password chey3nne to the admin user: wx4400# set user admin password chey3nne success: user admin created the following command changes nin’s password from goody to 29jan04: wx4400# set user nin password 29jan04 see also clear user on page 219 disp...
Page 264
264 c hapter 8: aaa c ommands you can assign attributes to individual users and to user groups. If attributes are configured for a user and also for the group the user is in, the attributes assigned to the individual user take precedence for that user. For example, if the start-date attribute config...
Page 265
Set usergroup 265 access — enabled. History —introduced in mss version 3.0. Usage — mss does not require users to belong to user groups. To create a user group, user the command set usergroup. Examples — the following command adds user hosni to the cardiology user group: wx4400# set user hosni group...
Page 266
266 c hapter 8: aaa c ommands you can assign attributes to individual users and to user groups. If attributes are configured for a user and also for the group the user is in, the attributes assigned to the individual user take precedence for that user. For example, if the start-date attribute config...
Page 267
Set web-portal 267 see also clear authentication proxy on page 213 set service-profile auth-fallthru on page 394 set user on page 262.
Page 268
268 c hapter 8: aaa c ommands.
Page 269: Obility
9 m obility d omain c ommands use mobility domain commands to configure and manage mobility domain groups. A mobility domain is a system of wx switches and map access points working together to support a roaming user (client). One wx switch acts as a seed switch, which maintains and distributes a li...
Page 270
270 c hapter 9: m obility d omain c ommands clear mobility-domain clears all mobility domain configuration and information from a wx switch, regardless of whether the wx switch is a seed or a member of a mobility domain. Syntax — clear mobility-domain defaults — none. Access — enabled. History —intr...
Page 271
Display mobility-domain config 271 usage — this command has no effect if the wx switch member is not configured as part of a mobility domain or the current wx switch is not the seed. Examples — the following command clears a mobility domain member with the ip address 192.168.0.1: wx1200# clear mobil...
Page 272
272 c hapter 9: m obility d omain c ommands display mobility-domain status on the seed wx, displays the mobility domain status and members. Syntax — display mobility-domain status defaults — none. Access — enabled. History —introduced in mss version 3.0. Examples — to display mobility domain status,...
Page 273
Set mobility-domain member 273 set mobility-domain member on the seed wx switch, adds a member to the list of mobility domain members. If the current wx switch is not configured as a seed, this command is rejected. Syntax — set mobility-domain member ip-addr ip-addr — ip address of the mobility doma...
Page 274
274 c hapter 9: m obility d omain c ommands set mobility-domain mode member seed-ip on a nonseed wx switch, sets the ip address of the seed wx switch. This command is used on a member wx to configure it as a member. If the wx switch is currently part of another mobility domain or using another seed,...
Page 275
Set mobility-domain mode seed domain-name 275 set mobility-domain mode seed domain-name creates a mobility domain by setting the current wx switch as the seed device and naming the mobility domain. Syntax — set mobility-domain mode seed domain-name mob-domain-name mob-domain-name — name of the mobil...
Page 276
276 c hapter 9: m obility d omain c ommands.
Page 277: Etwork
10 n etwork d omain c ommands use network domain commands to configure and manage network domain groups. A network domain is a group of geographically dispersed mobility domains that share information among themselves over a wan link. This shared information allows a user configured on a wx switch i...
Page 278
278 c hapter 10: n etwork d omain c ommands clear network-domain clears all network domain configuration and information from a wx switch, regardless of whether the wx switch is a seed or a member of a network domain. Syntax — clear network-domain defaults — none. Access — enabled. History —introduc...
Page 281
Clear network-domain seed-ip 281 clear network-domain seed-ip removes the specified network domain seed from the wx switch’s configuration. When you enter this command, the network domain tcp connections between the wx switch and the specified network domain seed are closed. Syntax — clear network-d...
Page 282
282 c hapter 10: n etwork d omain c ommands display network-domain displays the status of network domain seeds and members. Syntax — display network-domain defaults — none. Access — enabled. History —introduced in mss 4.1. Examples — to display network domain status, type the following command. The ...
Page 283
Display network-domain 283 table 47 describes the fields in the display. See also clear network-domain on page 278 set network-domain mode member seed-ip on page 284 set network-domain mode seed domain-name on page 286 set network-domain peer on page 285 table 47 radio-specific parameters parameter ...
Page 284
284 c hapter 10: n etwork d omain c ommands set network-domain mode member seed-ip sets the ip address of a network domain seed. This command is used for configuring a wx switch as a member of a network domain. You can specify multiple network domain seeds and configure one as the primary seed. Synt...
Page 285
Set network-domain peer 285 wx1200# set network-domain mode member seed-ip 192.168.9.254 affinity 7 success: change accepted. See also clear network-domain on page 278 display network-domain on page 282 set network-domain peer on a network domain seed, configures one or more wx switches as redundant...
Page 286
286 c hapter 10: n etwork d omain c ommands set network-domain mode seed domain-name creates a network domain by setting the current wx switch as a seed device and naming the network domain. Syntax — set network-domain mode seed domain-name net-domain-name net-domain-name — name of the network domai...
Page 287: Anaged
11 m anaged a ccess p oint c ommands use map access point commands to configure and manage map access points. Be sure to do the following before using the commands: define the country-specific ieee 802.11 regulations on the wx switch. (see set system countrycode on page 58.) install the map access p...
Page 289
Map access point commands by usage 289 authentication and encryption set service-profile attr on page 391 set service-profile auth-dot1x on page 393 set service-profile auth-fallthru on page 394 set service-profile auth-psk on page 395 set service-profile web-portal-form on page 427 set service-prof...
Page 292
292 c hapter 11: m anaged a ccess p oint c ommands access — enabled history —introduced in mss version 3.0. Usage — when you clear a radio, mss performs the following actions: clears the transmit power, channel, and external antenna setting from the radio. Removes the radio from its radio profile an...
Page 293
Clear dap boot-configuration 293 clear dap boot-configuration removes the static ip address configuration for a distributed map. Syntax — clear dap boot-configuration dap-num dap d ap-num — number of the distributed map for which you are clearing static ip information. Defaults — none. Access — enab...
Page 294
294 c hapter 11: m anaged a ccess p oint c ommands max-rx-lifetime max-tx-lifetime preamble-length rts-threshold service-profile for information about these parameters, see the set radio-profile commands that use them. Defaults — if you reset an individual parameter, the parameter is returned to the...
Page 296
296 c hapter 11: m anaged a ccess p oint c ommands examples — the following commands disable the radios that are using radio profile rp6, remove service-profile svcprof6 from rp6, then clear svcprof6 from the configuration. Wx4400# set radio-profile rp6 mode disable wx4400# clear radio-profile rp6 s...
Page 298
298 c hapter 11: m anaged a ccess p oint c ommands name map access point name. Boot-download- enable state of the firmware upgrade option: yes (automatic upgrades are enabled) no (automatic upgrades are disabled) load balancing group names of the map load-balancing groups to which the map access poi...
Page 302
302 c hapter 11: m anaged a ccess p oint c ommands table 51 describes the fields in this display. Table 51 output for display ap counters field description dap distributed map number. Port wx port number (if the map is directly connected to the wx and the wx port is configured as a map access point)...
Page 304
304 c hapter 11: m anaged a ccess p oint c ommands user sessions number of clients currently associated with the radio. Generally, this counter is equal to the number of sessions listed for the radio in display sessions output. However, the counter can differ from the counter in display sessions out...
Page 308
308 c hapter 11: m anaged a ccess p oint c ommands examples — the following command displays ethernet statistics for the ethernet ports on distributed map 1: wx4400# display dap etherstats 1 dap: 1 ether: 1 ================================= rxunicast: 75432 txgoodframes: 55210 rxmulticast: 18789 txs...
Page 312
312 c hapter 11: m anaged a ccess p oint c ommands the following command displays the status of a directly connected map: wx1200# display ap status 1 port: 1, ap model: ap2750, manufacturer 3com, name: map01 ==================================================== state: operational cpu info: ibm:ppc sp...
Page 314
314 c hapter 11: m anaged a ccess p oint c ommands state state of the map: init — the map has been recognized by the wx but has not yet begun booting. Booting — the map has asked the wx for a boot image. Image downloading — the map is receiving a boot image from the wx. Image downloaded — the map ha...
Page 316
316 c hapter 11: m anaged a ccess p oint c ommands radio 1 type radio 2 type (cont.) the following information appears for external antennas: external antenna detected, configured as antenna-model—indicates that an external antenna has been detected, and lists the antenna model configured on the rad...
Page 320
320 c hapter 11: m anaged a ccess p oint c ommands examples — the following command displays neighbor information for radio 1 on the directly connected map access point on port 2: wx1200# display auto-tune neighbors ap 2 radio 1 total number of entries for port 2 radio 1: 5 channel neighbor bss/mac ...
Page 321
Display dap boot-configuration 321 display dap boot-configuration displays information about the static ip address configuration (if any) on a distributed map. Syntax — display dap boot-configuration dap-num dap-num — number of a distributed map for which to display static ip configuration informati...
Page 323
Display dap connection 323 if a distributed map is configured on this wx switch (or another wx switch in the same mobility domain) but does not have an active connection, the command does not display information for the map. To show connection information for distributed maps, use the display dap gl...
Page 326
326 c hapter 11: m anaged a ccess p oint c ommands if a distributed map is configured on a wx switch in another mobility domain, the map can appear in the output until the map is able to establish a connection with a wx switch in its mobility domain. After the map establishes a connection, the entry...
Page 328
328 c hapter 11: m anaged a ccess p oint c ommands table 63 describes the fields in this display. Table 63 output for display radio-profile field description beacon interval rate (in milliseconds) at which each map radio in the profile advertises the beaconed ssid. Dtim interval number of times afte...
Page 329
Display radio-profile 329 see also set radio-profile active-scan on page 366 set radio-profile auto-tune channel-config on page 367 set radio-profile auto-tune channel-holddown on page 368 power backoff timer interval, in minutes, at which radios in a radio profile reduce power after temporarily inc...
Page 330
330 c hapter 11: m anaged a ccess p oint c ommands set radio-profile auto-tune channel-interval on page 369 set radio-profile auto-tune power-backoff- timer on page 370 set radio-profile auto-tune power-config on page 371 set radio-profile auto-tune power-interval on page 372 set radio-profile beaco...
Page 331
Display service-profile 331 long retry limit (moved from display radio-profile output) sygate on-demand (soda) enforce soda checks: soda remediation acl custom success web-page custom failure web-page custom logout web-page custom agent-directory static cos cos cac mode cac sessions user idle timeou...
Page 332
332 c hapter 11: m anaged a ccess p oint c ommands cac mode: none cac sessions: 14 user idle timeout: 180 idle client probing: yes web portal session timeout: 5 wep key 1 value: wep key 2 value: wep key 3 value: wep key 4 value: wep unicast index: 1 wep multicast index: 1 shared key auth: no wpa ena...
Page 333
Display service-profile 333 no broadcast indicates whether broadcast restriction is enabled. When this feature is enabled, mss sends arp requests and dhcp offers and acks as unicasts to their target clients instead of forwarding them as broadcasts. Short retry limit number of times a radio serving t...
Page 334
334 c hapter 11: m anaged a ccess p oint c ommands custom failure web-page the name of the user-specified page that the client loads if it fails soda agent checks. If no page is specified, then the failure page is generated dynamically. Custom logout web-page the name of the user-specified page that...
Page 335
Display service-profile 335 wep key 1 value state of static wep key number 1. Radios can use this key to encrypt traffic with static wired-equivalent privacy (wep): none —t he key is not configured. Preset — the key is configured. Note: the wep parameters apply to traffic only on the encrypted ssid....
Page 336
336 c hapter 11: m anaged a ccess p oint c ommands see also set service-profile auth-dot1x on page 393 set service-profile auth-fallthru on page 394 set service-profile auth-psk on page 395 set service-profile auth-psk on page 395 set service-profile beacon on page 396 set service-profile cac-mode o...
Page 337
Display service-profile 337 set service-profile cipher-wep40 on page 401 set service-profile cos on page 403 set service-profile dhcp-restrict on page 404 set service-profile idle-client-probing on page 405 set service-profile long-retry-count on page 406 set service-profile no-broadcast on page 407...
Page 339
Set dap auto 339 set dap auto creates a profile for automatic configuration of distributed maps. Syntax — set dap auto defaults — none. Access — enabled. History —introduced in mss 4.0. Usage — table 65 lists the configurable profile parameters and their defaults. The only parameter that requires co...
Page 340
340 c hapter 11: m anaged a ccess p oint c ommands examples — the following command creates a profile for automatic distributed map configuration: wx1200# set dap auto success: change accepted. See also set dap auto mode on page 342 set dap auto persistent on page 341 set dap auto radiotype on page ...
Page 344
344 c hapter 11: m anaged a ccess p oint c ommands dap auto — configures bias for the map configuration profile. (see set dap auto on page 339.) high — high bias. Low — low bias. Defaults — the default bias is high. Access — enabled. History —introduced in mss version 3.0. Option auto added for conf...
Page 346
346 c hapter 11: m anaged a ccess p oint c ommands usage — changing the led blink mode does not alter operation of the map access point. Only the behavior of the leds is affected. Examples — the following command enables led blink mode on the map access points connected to ports 3 and 4: wx1200# set...
Page 347
Set dap boot-switch 347 examples — the following command configures distributed map 1 to use ip address 172.16.0.42 with a 24-bit netmask, and use 172.16.0.20 as its default gateway: wx4400# set dap 1 boot-ip ip 172.16.0.42 netmask 255.255.255.0 gateway 172.16.0.20 mode en success: change accepted. ...
Page 348
348 c hapter 11: m anaged a ccess p oint c ommands history —introduced in mss 4.2. Usage — when you specify a boot switch for a distributed map to boot from, it boots using the process described in “map boot process using static ip configuration”, in the wireless lan switch and controller configurat...
Page 350
350 c hapter 11: m anaged a ccess p oint c ommands set dap fingerprint verifies a map’s fingerprint on a wx switch. If map-wx security is required by a wx switch, a map can establish a management session with the switch only if you have verified the map’s identity by verifying its fingerprint on the...
Page 352
352 c hapter 11: m anaged a ccess p oint c ommands examples — the following command configures a map access point group named loadbalance1 that contains the map access points on ports 1, 3, and 5: wx1200# set ap 1,3,5 group loadbalance1 success: change accepted. The following command removes the map...
Page 354
354 c hapter 11: m anaged a ccess p oint c ommands ant5060-out — 60° 802.11a antenna ant5120-out — 120° 802.11a antenna internal — uses the internal antenna instead defaults — all radios use the internal antenna by default, if the map model has an internal antenna. The mp-620 802.11b/g radio uses mo...
Page 360
360 c hapter 11: m anaged a ccess p oint c ommands usage — if the data rate for traffic sent by a radio to an associated client falls below the default minimum rate, the radio increases power, in 1 dbm increments, until all clients are at or above the minimum rate. After all clients are at or above ...
Page 364
364 c hapter 11: m anaged a ccess p oint c ommands examples — the following command configures the transmit power on the 802.11a radio on the map access point connected to port 5: wx1200# set ap 5 radio 1 tx-power 10 success: change accepted. The following command configures the channel and transmit...
Page 366
366 c hapter 11: m anaged a ccess p oint c ommands defaults — automatic firmware upgrades of map access points are enabled by default. Access — enabled. History —introduced in mss version 3.0. Option auto added for configuration of the map configuration profile. Usage — when the feature is enabled o...
Page 367
Set radio-profile auto-tune channel-config 367 defaults — active scanning is enabled by default. Access — enabled. History —introduced in mss version 4.0. Usage — you can enter this command on any wx switch in the mobility domain. The command takes effect only on that switch. Examples — the followin...
Page 368
368 c hapter 11: m anaged a ccess p oint c ommands rf auto-tuning of channels on 802.11a radios uses only the bottom eight channels in the band (36, 40, 44, 48, 52, 56, 60, and 64). To use a higher channel number, you must disable rf auto-tuning of channels on the radio profile the radio is in, and ...
Page 369
Set radio-profile auto-tune channel-interval 369 usage — the channel holddown applies even if rf anomalies occur that normally cause an immediate channel change. Examples — the following command changes the channel holddown for radios in radio profile rp2 to 600 seconds: wx4400# set radio-profile rp...
Page 370
370 c hapter 11: m anaged a ccess p oint c ommands if you set the interval to 0, rf auto-tuning does not reevaluate the channel at regular intervals. However, rf auto-tuning can still change the channel in response to rf anomalies. Examples — the following command sets the channel interval for radio...
Page 371
Set radio-profile auto-tune power-config 371 examples — the following command changes the power-backoff interval for radios in radio profile rp2 to 15 seconds: wx4400# set radio-profile rp2 auto-tune power-backoff-timer 15 success: change accepted. See also display radio-profile on page 327 set {ap ...
Page 374
374 c hapter 11: m anaged a ccess p oint c ommands set radio-profile countermeasures enables or disables countermeasures on the map radios managed by a radio profile. Countermeasures are packets sent by a radio to prevent clients from being able to use rogue access points. Caution: countermeasures a...
Page 375
Set radio-profile dtim-interval 375 the following command disables countermeasures in radio profile radprof3: wx1200# clear radio-profile radprof3 countermeasures success: change accepted. The following command causes radios managed by radio profile radprof3 to issue countermeasures against devices ...
Page 376
376 c hapter 11: m anaged a ccess p oint c ommands usage — you must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. The dtim interval does not apply to unicast frames. Examples — the following command changes ...
Page 377
Set radio-profile long-retry 377 usage — you must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. The frag-threshold does not specify the maximum length a frame is allowed to be without being broken into multi...
Page 378
378 c hapter 11: m anaged a ccess p oint c ommands set radio-profile max-rx-lifetime changes the maximum receive threshold for the map radios in a radio profile. The maximum receive threshold specifies the number of milliseconds that a frame received by a radio can remain in buffer memory. Syntax — ...
Page 379
Set radio-profile max-tx-lifetime 379 set radio-profile max-tx-lifetime changes the maximum transmit threshold for the map radios in a radio profile. The maximum transmit threshold specifies the number of milliseconds that a frame scheduled to be transmitted by a radio can remain in buffer memory. S...
Page 381
Set radio-profile mode 381 access — enabled. History —introduced in mss version 3.0. Version 4.2 made the following changes: removed the following parameters that no longer apply: 11g-only long-retry short-retry the wmm parameter name changed to qos-mode. Usage — use the command without any optional...
Page 382
382 c hapter 11: m anaged a ccess p oint c ommands to enable or disable specific radios without disabling all of them, use the set ap radio command. Examples — the following command configures a new radio profile named rp1: wx4400# set radio-profile rp1 success: change accepted. The following comman...
Page 383
Set radio-profile qos-mode 383 access — enabled. History —introduced in mss version 3.0. Usage — changing the preamble length value affects only the support advertised by the radio. Regardless of the preamble length setting (short or long), an 802.11b/g radio accepts and can generate 802.11b/g frame...
Page 384
384 c hapter 11: m anaged a ccess p oint c ommands access — enabled. History —introduced in mss version 4.2. Usage — when svp is enabled, map forwarding prioritization is optimized for spectralink voice priority (svp) instead of wmm, and the map does not tag packets it sends to the wx. Otherwise, cl...
Page 385
Set radio-profile service-profile 385 access — enabled. History —introduced in mss version 3.0. Usage — you must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples — the following command changes the rts...
Page 386
386 c hapter 11: m anaged a ccess p oint c ommands table 67 defaults for service profile parameters parameter default value radio behavior when parameter set to default value attr no attributes configured does not assign the ssid’s authorization attribute values to ssid users, even if attributes are...
Page 387
Set radio-profile service-profile 387 long-retry-count 5 sends a long unicast frame up to five times without acknowledgment. No-broadcast disable does not reduce wireless broadcast traffic by sending unicasts to clients for arp requests, dhcp offers, and acks instead of forwarding them as multicasts...
Page 388
388 c hapter 11: m anaged a ccess p oint c ommands transmit-rates 802.11a: mandatory: 6.0,12.0,24.0 beacon-rate: 6.0 multicast-rate: auto disabled: none 802.11b: mandatory: 1.0,2.0 beacon-rate: 2.0 multicast-rate: auto disabled: none 802.11g: mandatory: 1.0,2.0,5.5,11. 0 beacon-rate: 2.0 multicast-r...
Page 389
Set radio-profile service-profile 389 access — enabled. History —introduced in mss version 3.0. Usage — you must configure the service profile before you can map it to a radio profile. You can map the same service profile to more than one radio profile. You must disable all radios that use a radio p...
Page 390
390 c hapter 11: m anaged a ccess p oint c ommands set service-profile cac-mode on page 397 set service-profile cac-session on page 398 set service-profile cipher-ccmp on page 399 set service-profile cipher-tkip on page 400 set service-profile cipher-wep104 on page 402 set service-profile cipher-wep...
Page 391
Set radio-profile short-retry 391 set radio-profile short-retry deprecated in mss version 4.2. In 4.2, this parameter is associated with service profiles instead of radio profiles. See set service-profile short-retry-count on page 412. Set radio-profile wmm deprecated in mss version 4.2. To enable o...
Page 392
392 c hapter 11: m anaged a ccess p oint c ommands the ssid default attributes are applied in addition to any attributes supplied for the user by the radius server or the local database. When the same attribute is specified both as an ssid default attribute and through aaa, then the attribute suppli...
Page 393
Set service-profile auth-dot1x 393 see also display service-profile on page 330 display sessions network on page 571 set service-profile auth-dot1x disables or reenables 802.1x authentication of wi-fi protected access (wpa) clients by map radios, when the wpa information element (ie) is enabled in t...
Page 394
394 c hapter 11: m anaged a ccess p oint c ommands see also display service-profile on page 330 set service-profile auth-psk on page 395 set service-profile psk-phrase on page 409 set service-profile wpa-ie on page 433 set service-profile auth-fallthru specifies the authentication type for users who...
Page 395
Set service-profile auth-psk 395 access — enabled. History —introduced in mss version 3.0. Option for webaaa fallthru authentication type changed from web-auth to web-portal in mss version 4.1. Usage — the last-resort fallthru authentication type allows any user to access any ssid managed by the ser...
Page 396
396 c hapter 11: m anaged a ccess p oint c ommands access — enabled. History —introduced in mss version 3.0. Usage — this command affects authentication of wpa clients only. To use psk authentication, you also must configure a passphrase or key. In addition, you must enable the wpa ie. The webaaa fa...
Page 397
Set service-profile cac-mode 397 enable —enables beaconing of the ssid managed by the service profile. Disable —disables beaconing of the ssid managed by the service profile. Defaults — beaconing is enabled by default. Access — enabled. History —introduced in mss version 3.0. Examples — the followin...
Page 398
398 c hapter 11: m anaged a ccess p oint c ommands see also set service-profile cac-session on page 398 display service-profile on page 330 set service-profile cac-session specifies the maximum number of active sessions a radio can have when session-based cac is enabled. When a map radio has reached...
Page 402
402 c hapter 11: m anaged a ccess p oint c ommands set service-profile cipher-tkip on page 400 set service-profile cipher-wep104 on page 402 set service-profile wep key-index on page 432 set service-profile wpa-ie on page 433 set service-profile cipher-wep104 enables dynamic wired equivalent privacy...
Page 403
Set service-profile cos 403 examples — the following command configures service profile sp2 to use 104-bit wep encryption: wx4400# set service-profile sp2 cipher-wep104 enable success: change accepted. See also display service-profile on page 330 set service-profile cipher-ccmp on page 399 set servi...
Page 404
404 c hapter 11: m anaged a ccess p oint c ommands see also set service-profile static-cos on page 423 display service-profile on page 330 set service-profile dhcp-restrict enables or disables dhcp restrict on a service profile. Dhcp restrict filters a newly associated client’s traffic to allow dhcp...
Page 405
Set service-profile idle-client-probing 405 set service-profile idle-client-probing disables or reenables periodic keepalives from map radios to clients on a service profile’s ssid. When idle-client probing is enabled, the map radio sends a unicast null-data frame to each client every 10 seconds. No...
Page 406
406 c hapter 11: m anaged a ccess p oint c ommands set service-profile long-retry-count changes the long retry threshold for a service profile. The long retry threshold specifies the number of times a radio can send a long unicast frame without receiving an acknowledgment. A long unicast frame is a ...
Page 407
Set service-profile no-broadcast 407 set service-profile no-broadcast disables or reenables the no-broadcast mode. The no-broadcast mode helps reduce traffic overhead on an ssid by leaving more of an ssid’s bandwidth available for unicast traffic. The no-broadcast mode also helps voip handsets conse...
Page 408
408 c hapter 11: m anaged a ccess p oint c ommands examples — the following command enables the no-broadcast mode on service profile sp1: wx4400# set service-profile sp1 no-broadcast enable success: change accepted. See also set service-profile dhcp-restrict on page 404 set service-profile proxy-arp...
Page 409
Set service-profile psk-phrase 409 examples — the following command enables proxy arp on service profile sp1: wx4400# set service-profile sp1 proxy-arp enable success: change accepted. See also set service-profile dhcp-restrict on page 404 set service-profile no-broadcast on page 407 display service...
Page 410
410 c hapter 11: m anaged a ccess p oint c ommands examples — the following command configures service profile sp3 to use passphrase “1234567890123?=+&% the quick brown fox jumps over the lazy sl”: wx4400# set service-profile sp3 psk-phrase "1234567890123 ?=+&% the quick brown fox jumps over the laz...
Page 411
Set service-profile rsn-ie 411 examples — the following command configures service profile sp3 to use a raw psk with psk clients: wx4400# set service-profile sp3 psk-raw c25d3fe4483e867 d1df96eaacdf8b02451fa0836162e758100f5f6b87965e59d success: change accepted. See also display service-profile on pa...
Page 412
412 c hapter 11: m anaged a ccess p oint c ommands set service-profile shared-key-auth enables shared-key authentication, in a service profile. Use this command only if advised to do so by 3com. This command does not enable preshared key (psk) authentication for wi-fi protected access (wpa). To enab...
Page 413
Set service-profile soda agent-directory 413 defaults — the default short unicast retry threshold is 5 attempts. Examples — enabled. History —introduced in mss version 4.2. Examples — the following command changes the short retry threshold for service profile sp1 to 3: wx4400# set service-profile sp...
Page 414
414 c hapter 11: m anaged a ccess p oint c ommands examples — the following command specifies soda-agent as the location for soda agent files for service profile sp1: wx4400# set service-profile sp1 soda agent-directory soda-agent success: change accepted. See also display service-profile on page 33...
Page 415
Set service-profile soda failure-page 415 when the enforce checks option is enabled, upon successful completion of the soda agent checks, the client performs an http get operation to load the success page. Upon loading the success page, the client is granted access to the network. In order for the c...
Page 416
416 c hapter 11: m anaged a ccess p oint c ommands usage — use this command to specify a custom page that is loaded by the client when the soda agent checks fail. After this page is loaded, the specified remediation acl takes effect, or if there is no remediation acl configured, then the client is d...
Page 417
Set service-profile soda logout-page 417 access — enabled. History —introduced in mss version 4.2. Usage — when a client closes the soda virtual desktop, the client is automatically disconnected from the network. You can use this command to specify a page that is loaded when the client closes the so...
Page 419
Set service-profile soda remediation-acl 419 set service-profile soda remediation-acl specifies an acl to be applied to a client if it fails the checks performed by the soda agent. Syntax — set service-profile name soda remediation-acl acl-name name — service profile name. Acl-name — name of an exis...
Page 420
420 c hapter 11: m anaged a ccess p oint c ommands set service-profile soda success-page specifies a page on the wx switch that is loaded when a client passes the security checks performed by the soda agent. Syntax — set service-profile name soda success-page page name — service profile name. Page —...
Page 421
Set service-profile ssid-name 421 see also display service-profile on page 330 set service-profile soda enforce-checks on page 414 set service-profile soda mode on page 418 set service-profile ssid-name configures the ssid name in a service profile. Syntax — set service-profile name ssid-name ssid-n...
Page 423
Set service-profile static-cos 423 history —introduced in mss version 3.0. Usage — countermeasures apply only to tkip and wep clients. This includes wpa wep clients and non-wpa wep clients. Ccmp clients are not affected. The tkip cipher suite must be enabled. The wpa ie also must be enabled. Example...
Page 424
424 c hapter 11: m anaged a ccess p oint c ommands defaults — static cos is disabled by default. Access — enabled. History —introduced in mss version 4.2. Usage — the cos level is specified by the set service-profile cos command. Examples — the following command enables static cos on service profile...
Page 425
Set service-profile transmit-rates 425 the valid rates depend on the radio type: 11a—6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0 11b—1.0, 2.0, 5.5, 11.0 11g—1.0, 2.0, 5.5, 6.0, 9.0, 11.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0 use a comma to separate multiple rates; for example: 6.0,9.0,12.0 disabled r...
Page 426
426 c hapter 11: m anaged a ccess p oint c ommands beacon-rate: 11a—6.0 11b—2.0 11g—2.0 multicast-rate—auto for all radio types. Access — enabled. History —introduced in mss version 4.2. Usage — if you disable a rate, you cannot use the rate as a mandatory rate or the beacon or multicast rate. All r...
Page 427
Set service-profile web-portal-form 427 to disable the timer, specify 0. Defaults — the default user idle timeout is 180 seconds (3 minutes). Access — enabled. History —introduced in mss version 4.2. Examples — the following command increases the user idle timeout to 360 seconds (6 minutes): wx4400#...
Page 428
428 c hapter 11: m anaged a ccess p oint c ommands if the custom login page includes gif or jpg images, their path names are interpreted relative to the directory from which the page is served. To use webaaa, the fallthru authentication type in the service profile that manages the ssid must be set t...
Page 429
Set service-profile web-portal-session-timeout 429 set service-profile web-portal-session- timeout changes the number of seconds mss allows web portal webaaa sessions to remain in the deassociated state before being terminated automatically. Syntax — set service-profile name web-portal-session-timeo...
Page 430
430 c hapter 11: m anaged a ccess p oint c ommands see also display service-profile on page 330 set service-profile user-idle-timeout on page 426 set service-profile wep active-multicast- index specifies the static wired-equivalent privacy (wep) key (one of four) to use for encrypting multicast fram...
Page 431
Set service-profile wep active-unicast- index 431 set service-profile wep active-unicast- index specifies the static wired-equivalent privacy (wep) key (one of four) to use for encrypting unicast frames. Syntax — set service-profile name wep active-unicast-index num name — service profile name. Num ...
Page 432
432 c hapter 11: m anaged a ccess p oint c ommands set service-profile wep key-index sets the value of one of four static wired-equivalent privacy (wep) keys for static wep encryption. Syntax — set service-profile name wep key-index num key value name — service profile name. Key-index num — wep key ...
Page 433
Set service-profile wpa-ie 433 set service-profile wpa-ie enables the wpa information element (ie) in wireless frames. The wpa ie advertises the wpa authentication methods and cipher suites supported by radios in the radio profile mapped to the service profile. Syntax — set service-profile name wpa-...
Page 434
434 c hapter 11: m anaged a ccess p oint c ommands.
Page 435: Stp C
12 stp c ommands use spanning tree protocol (stp) commands to configure and manage spanning trees on the virtual lans (vlans) configured on a wireless lan switch or controller, to maintain a loop-free network. Stp commands by usage this chapter presents stp commands alphabetically. Use the following...
Page 436
436 c hapter 12: stp c ommands clear spantree portcost resets to the default value the cost of a network port or ports on paths to the stp root bridge in all vlans on a wx switch. Syntax — clear spantree portcost port-list port-list — list of ports. The port cost is reset on the specified ports. Def...
Page 437
Clear spantree portpri 437 clear spantree portpri resets to the default value the priority of a network port or ports for selection as part of the path to the stp root bridge in all vlans on a wireless lan switch or controller. Syntax — clear spantree portpri port-list port-list — list of ports. The...
Page 438
438 c hapter 12: stp c ommands vlan vlan-id — vlan name or number. Mss resets the cost for only the specified vlan. Defaults — none. Access — enabled. History —introduced in mss version 3.0. Usage — mss does not change a port’s cost for vlans other than the one(s) you specify. Examples — the followi...
Page 439
Clear spantree statistics 439 history —introduced in mss version 3.0. Usage — mss does not change a port’s priority for vlans other than the one(s) you specify. Examples — the following command resets the stp priority for port 2 in vlan avocado: wx4400# clear spantree portvlanpri 2 vlan avocado succ...
Page 441
Display spantree 441 7 1 forwarding 19 128 disabled 8 1 disabled 19 128 disabled 9 1 disabled 19 128 disabled 17 1 stp off 19 128 disabled 18 1 stp off 19 128 disabled table 69 describes the fields in this display. Table 69 output for display spantree field description vlan vlan number. Spanning tre...
Page 442
442 c hapter 12: stp c ommands port port number. Only network ports are listed. Stp does not apply to 3com wireless lan managed access point ap2750 ports or wired authentication ports. Vlan vlan id. Stp-state or port-state stp state of the port: blocking—the port is not forwarding layer 2 traffic bu...
Page 443
Display spantree backbonefast 443 see also display spantree blockedports on page 444 display spantree backbonefast indicates whether the stp backbone fast convergence feature is enabled or disabled. Syntax — display spantree backbonefast defaults — none. Access — all. History —introduced in mss vers...
Page 444
444 c hapter 12: stp c ommands examples — the following example shows the command output on a wx switch with backbone fast convergence enabled: wx4400# display spantree backbonefast backbonefast is enabled see also set spantree backbonefast on page 454 display spantree blockedports lists information...
Page 445
Display spantree portfast 445 display spantree portfast displays stp uplink fast convergence information for all network ports or for one or more network ports. Syntax — display spantree portfast [port-list] port-list — list of ports. If you do not specify any ports, mss displays uplink fast converg...
Page 446
446 c hapter 12: stp c ommands display spantree portvlancost shows the cost of a port on a path to the stp root bridge, for each of the port’s vlans. Syntax — display spantree portvlancost port-list port-list — list of ports. Defaults — none. Access — all. History —introduced in mss version 3.0. Exa...
Page 447
Display spantree statistics 447 usage — the command displays statistics separately for each port. Examples — the following command shows stp statistics for port 1: wx4400# display spantree statistics 1 bpdu related parameters port 1 vlan 1 spanning tree enabled for vlan = 1 port spanning tree enable...
Page 448
448 c hapter 12: stp c ommands topology change timer value 0 hold timer inactive hold timer value 0 delay root port timer inactive delay root port timer value 0 delay root port timer restarted is false vlan based information & statistics spanning tree type ieee spanning tree multicast address 01-00-...
Page 449
Display spantree statistics 449 table 71 output for display spantree statistics field description port port number. Vlan vlan id. Spanning tree enabled for vlan state of the stp feature on the vlan. Port spanning tree state of the stp feature on the port. State stp state of the port: blocking — the ...
Page 450
450 c hapter 12: stp c ommands config_pending indicates whether a configured bpdu is to be transmitted on expiration of the hold timer for the port. Port_inconsistency indicates whether the port is in an inconsistent state. Config bpdu’s xmitted number of bpdus transmitted from the port. A number in...
Page 451
Display spantree statistics 451 hold timer status of the hold timer. This timer ensures that configured bpdus are not transmitted too frequently through any bridge port. Hold timer value current value of the hold timer, in seconds. Delay root port timer status of the delay root port timer, which ena...
Page 452
452 c hapter 12: stp c ommands see also clear spantree statistics on page 439 display spantree uplinkfast shows uplink fast convergence information for one vlan or all vlans. Syntax — display spantree uplinkfast [vlan vlan-id] vlan vlan-id — vlan name or number. If you do not specify a vlan, mss dis...
Page 454
454 c hapter 12: stp c ommands see also display spantree on page 440 set spantree backbonefast enables or disables stp backbone fast convergence on a wireless lan switch. This feature accelerates a port’s recovery following the failure of an indirect link. Caution: the backbone fast convergence feat...
Page 455
Set spantree fwddelay 455 set spantree fwddelay changes the period of time after a topology change that a wx switch which is not the root bridge waits to begin forwarding layer 2 traffic on one or all of its configured vlans. (the root bridge always forwards traffic.) syntax — set spantree fwddelay ...
Page 456
456 c hapter 12: stp c ommands access — enabled. History —introduced in mss version 3.0. Examples — the following command changes the hello interval for all vlans to 4 seconds: wx4400# set spantree hello 4 all success: change accepted. See also display spantree on page 440 set spantree maxage change...
Page 457
Set spantree portcost 457 set spantree portcost changes the cost that transmission through a network port or ports in the default vlan on a wireless lan switch adds to the total cost of a path to the stp root bridge. Syntax — set spantree portcost port-list cost cost port-list — list of ports. Mss a...
Page 458
458 c hapter 12: stp c ommands see also clear spantree portcost on page 436 clear spantree portvlancost on page 437 display spantree on page 440 display spantree portvlancost on page 446 set spantree portvlancost on page 460 set spantree portfast enables or disables stp port fast convergence on one ...
Page 459
Set spantree portpri 459 set spantree portpri changes the stp priority of a network port or ports for selection as part of the path to the stp root bridge in the default vlan on a wireless lan switch. Syntax — set spantree portpri port-list priority value port-list — list of ports. Mss changes the p...
Page 463
Set spantree uplinkfast 463 history —introduced in mss version 3.0. Usage — the uplink fast convergence feature is applicable to bridges that are acting as access switches to the network core (distribution layer) but are not in the core themselves. Do not enable the feature on wx switches that are i...
Page 464
464 c hapter 12: stp c ommands.
Page 465: Igmp S
13 igmp s nooping c ommands use internet group management protocol (igmp) snooping commands to configure and manage multicast traffic reduction on a wx. Commands by usage this chapter presents igmp snooping commands alphabetically. Use the following table to locate commands in this chapter based on ...
Page 466
466 c hapter 13: igmp s nooping c ommands clear igmp statistics clears igmp statistics counters on one vlan or all vlans on a wireless lan switch and resets them to 0. Syntax — clear igmp statistics [vlan vlan-id] vlan vlan-id — vlan name or number. If you do not specify a vlan, igmp statistics are ...
Page 467
Display igmp 467 examples — the following command displays igmp information for vlan orange: wx1200# display igmp vlan orange vlan: orange igmp is enabled proxy reporting is on mrouter solicitation is on querier functionality is off configuration values: qi: 125 oqi: 300 qri: 100 lmqi: 10 rvalue: 2 ...
Page 468
468 c hapter 13: igmp s nooping c ommands table 75 describes the fields in this display. Table 75 output for display igmp field description vlan vlan name. Mss displays information separately for each vlan. Igmp is enabled (disabled) igmp state. Proxy reporting proxy reporting state. Mrouter solicit...
Page 469
Display igmp 469 ttl number of seconds before this entry ages out if not refreshed. For static multicast router entries, the time-to-live (ttl) value is undef. Static multicast router entries do not age out. Group ip address of a multicast group. The display igmp receiver-table command shows the sam...
Page 470
470 c hapter 13: igmp s nooping c ommands see also display igmp mrouter on page 470 display igmp querier on page 471 display igmp receiver-table on page 473 display igmp statistics on page 475 display igmp mrouter displays the multicast routers in a wx’s subnet, on one vlan or all vlans. Routers are...
Page 471
Display igmp querier 471 see also display igmp mrouter on page 470 set igmp mrouter on page 479 display igmp querier shows information about the active multicast querier, on one vlan or all vlans. Queriers are listed separately for each vlan. Each vlan can have only one querier. Syntax — display igm...
Page 472
472 c hapter 13: igmp s nooping c ommands history — introduced in mss version 3.0. Examples — the following command displays querier information for vlan orange: wx1200# display igmp querier vlan orange querier for vlan orange port querier-ip querier-mac ttl ---- --------------- ----------------- --...
Page 473
Display igmp receiver-table 473 see also set igmp querier on page 485 display igmp receiver-table displays the receivers to which a wx forwards multicast traffic. You can display receivers for all vlans, a single vlan, or a group or groups identified by group address and network mask. Syntax — displ...
Page 474
474 c hapter 13: igmp s nooping c ommands the following command lists all receivers for multicast groups 237.255.255.1 through 237.255.255.255, in all vlans: wx1200# display igmp receiver-table group 237.255.255.0/24 vlan: red session port receiver-ip receiver-mac ttl --------------- ---- ----------...
Page 475
Display igmp statistics 475 display igmp statistics shows igmp statistics. Syntax — display igmp statistics [vlan vlan-id] vlan vlan-id — vlan name or number. If you do not specify a vlan, mss displays igmp statistics for all vlans. Defaults — none. Access — all. History — introduced in mss version ...
Page 476
476 c hapter 13: igmp s nooping c ommands table 79 output of display igmp statistics field description igmp statistics for vlan vlan name. Statistics are listed separately for each vlan. Igmp message type type of igmp message: general-queries — general group membership queries sent by the multicast ...
Page 478
478 c hapter 13: igmp s nooping c ommands set igmp lmqi changes the igmp last member query interval timer on one vlan or all vlans on a wireless lan switch. Syntax — set igmp lmqi tenth-seconds[vlan vlan-id] lmqi tenth-seconds —amount of time (in tenths of a second) that the wx waits for a response ...
Page 481
Set igmp oqi 481 usage — you cannot add map access ports or wired authentication ports as static multicast ports. However, mss can dynamically add these port types to the list of multicast ports based on multicast traffic. Examples — the following example changes the multicast router solicitation in...
Page 482
482 c hapter 13: igmp s nooping c ommands see also set igmp lmqi on page 478 set igmp qi on page 483 set igmp qri on page 484 set igmp querier on page 485 set igmp mrouter on page 479 set igmp rv on page 486 set igmp proxy-report disables or reenables proxy reporting by a wx on one vlan or all vlans...
Page 483
Set igmp qi 483 set igmp qi changes the igmp query interval timer on one vlan or all vlans on a wx. Syntax — set igmp qi seconds[vlan vlan-id] qi seconds — number of seconds that elapse between general queries sent by the wx when the wx switch is the querier for the subnet. You can specify a value f...
Page 484
484 c hapter 13: igmp s nooping c ommands set igmp qri changes the igmp query response interval timer on one vlan or all vlans on a wx. Syntax — set igmp qri tenth-seconds[vlan vlan-id] qri tenth-seconds — amount of time (in tenths of a second) that the wx waits for a receiver to respond to a group-...
Page 486
486 c hapter 13: igmp s nooping c ommands defaults — by default, no ports are static multicast receiver ports. Access — enabled. History — introduced in mss version 3.0. Usage — you cannot add map access ports or wired authentication ports as static multicast ports. However, mss can dynamically add ...
Page 487
Set igmp rv 487 see also set igmp oqi on page 481 set igmp qi on page 483 set igmp qri on page 484.
Page 488
488 c hapter 13: igmp s nooping c ommands.
Page 489: Ecurity
14 s ecurity acl c ommands use security acl commands to configure and monitor security access control lists (acls). Security acls filter packets to restrict or permit network usage by certain users or traffic types, and can assign to packets a class of service (cos) to define the priority of treatme...
Page 490
490 c hapter 14: s ecurity acl c ommands clear security acl clears a specified security acl, an access control entry (ace), or all security acls, from the edit buffer. When used with the command commit security acl, clears the ace from the running configuration. Syntax — clear security acl {acl-name...
Page 491
Clear security acl map 491 wx4400# display security acl info all acl information for all set security acl ip acl_133 (hits #1 0) --------------------------------------------------------- 1. Deny ip source ip 192.168.1.6 0.0.0.0 destination ip any set security acl ip acl_134 (hits #3 0) -------------...
Page 493
Commit security acl 493 to clear all physical ports, virtual ports, and vlans on a wx switch of the acls mapped for incoming and outgoing traffic, type the following command: wx4400# clear security acl map all success: change accepted. See also clear security acl on page 490 display security acl map...
Page 494
494 c hapter 14: s ecurity acl c ommands examples — the following commands commit all the security acls in the edit buffer to the configuration, display a summary of the committed acls, and show that the edit buffer has been cleared: wx4400# commit security acl all configuration accepted wx4400# dis...
Page 495
Display security acl editbuffer 495 wx4400# display security acl acl table acl type class mapping ---------------------------- ---- ------ ------- acl_123 ip static port 2 in acl_133 ip static port 4 in acl_124 ip static see also clear security acl on page 490 display security acl info on page 497 d...
Page 496
496 c hapter 14: s ecurity acl c ommands to view details about these uncommitted acls, type the following command. Wx4400# display security acl info all editbuffer acl edit-buffer information for all set security acl ip acl-111 (aces 3, add 3, del 0, modified 2) -------------------------------------...
Page 497
Display security acl info 497 examples — to display the security acl hits on a wx switch, type the following command: wx4400# display security acl hits acl hit-counters index counter acl-name ----- -------------------- -------- 1 0 acl_2 2 0 acl_175 3 916 acl_123 see also set security acl hit-sample...
Page 498
498 c hapter 14: s ecurity acl c ommands examples — to display the contents of all security acls committed on a wx switch, type the following command: wx4400# display security acl info acl information for all set security acl ip acl_123 (hits #5 462) -------------------------------------------------...
Page 499
Display security acl resource-usage 499 access — enabled. History — introduced in mss version 3.0. Examples — the following command displays the port to which security acl acl_111 is mapped: wx4400# display security acl map acl_111 acl acl_111 is mapped to: port 4 in see also clear security acl map ...
Page 500
500 c hapter 14: s ecurity acl c ommands examples — to display security acl resource usage, type the following command: wx4400# display security acl resource-usage acl resources classifier tree counters ------------------------ number of rules : 2 number of leaf nodes : 1 stored rule count : 2 leaf ...
Page 501
Display security acl resource-usage 501 table 81 output of display security acl resource-usage field description number of rules number of security aces currently mapped to ports or vlans. Number of leaf nodes number of security acl data entries stored in the rule tree. Stored rule count number of s...
Page 502
502 c hapter 14: s ecurity acl c ommands ludef in use number of the lookup definition (ludef) table currently in use for packet handling. Default action pointer memory address used for packet handling, from which default action data is obtained when necessary. L4 global security acl mapping on the w...
Page 503
Rollback security acl 503 rollback security acl clears changes made to the security acl edit buffer since it was last saved. The acl is rolled back to its state after the last commit security acl command was entered. All uncommitted acls in the edit buffer are cleared. Syntax — rollback security acl...
Page 504
504 c hapter 14: s ecurity acl c ommands examples — the following commands show the edit buffer before a rollback, clear any changes in the edit buffer to security acl_122, and show the edit buffer after the rollback: wx4400# display security acl info all editbuffer acl edit-buffer information for a...
Page 506
506 c hapter 14: s ecurity acl c ommands 0 or 3—best effort. Packets are queued in map forwarding queue 3. 4 or 5—video. Packets are queued in map forwarding queue 2. Use cos level 4 or 5 for voice over ip (voip) packets other than spectralink voice priority (svp). 6 or 7—voice. Packets are queued i...
Page 507
Set security acl 507 (for a complete list of tcp and udp port numbers, see www.Iana.Org/assignments/port-numbers .) destination-ip-addr mask — ip address and wildcard mask of the network or host to which the packet is being sent. Specify both address and mask in dotted decimal notation. For more inf...
Page 508
508 c hapter 14: s ecurity acl c ommands before editbuffer-index — inserts the new ace in front of another ace in the security acl. Specify the number of the existing ace in the edit buffer. Index numbers start at 1. (to display the edit buffer, use display security acl editbuffer.) modify editbuffe...
Page 509
Set security acl map 509 the following command adds an ace to acl_123 that denies packets from ip address 192.168.2.11: wx4400# set security acl ip acl_123 deny 192.168.2.11 0.0.0.0 the following command creates acl_125 by defining an ace that denies tcp packets from source ip address 192.168.0.1 to...
Page 511
Set security acl hit-sample-rate 511 see also clear security acl map on page 491 commit security acl on page 493 set mac-user attr on page 253 set mac-usergroup attr on page 258 set security acl on page 504 set user attr on page 263 set usergroup on page 265 display security acl map on page 498 set ...
Page 512
512 c hapter 14: s ecurity acl c ommands examples — the first command sets mss to sample acl hits every 15 seconds. The second and third commands display the results. The results show that 916 packets matching security acl_153 were sent since the acl was mapped. Wx4400# set security acl hit-sample-r...
Page 513: Ryptography
15 c ryptography c ommands a digital certificate is a form of electronic identification for computers. The wx switch requires digital certificates to authenticate its communications to 3wxm and web manager, to webaaa clients, and to extensible authentication protocol (eap) clients for which the wx p...
Page 514
514 c hapter 15: c ryptography c ommands commands by usage this chapter presents cryptography commands alphabetically. Use table 82 to locate commands in this chapter based on their use. Crypto ca-certificate installs a certificate authority’s own pkcs #7 certificate into the wx certificate and key ...
Page 515
Crypto ca-certificate 515 pem-formatted certificate — ascii text representation of the certificate authority pkcs #7 certificate, consisting of up to 5120 characters that you have obtained from the certificate authority. Defaults — none. Access — enabled. History —introduced in mss version 3.0. Weba...
Page 516
516 c hapter 15: c ryptography c ommands crypto certificate installs one of the wx switch’s pkcs #7 certificates into the certificate and key storage area on the wx switch. The certificate, which is issued and signed by a certificate authority, authenticates the wx switch either to 3wxm or web manag...
Page 517
Crypto generate key 517 examples — the following command installs a certificate: wx4400# crypto certificate admin enter pem-encoded certificate -----begin certificate----- miibdtcp3wibada2mqswcqydvqqgewjvuzelmakga1uecbmcqoexgjaybgnvbamu exr1y2hwdwjzqhrychouy29tmigfmaogcsqgsib3dqebaqaa4gnadcbiqkbgqc4...
Page 518
518 c hapter 15: c ryptography c ommands usage — you can overwrite a key by generating another key of the same type. Ssh requires an ssh authentication key, but you can allow mss to generate it automatically. The first time an ssh client attempts to access the ssh server on a wx switch, the switch a...
Page 519
Crypto generate request 519 locality name string — (optional) specify the name of the locality, in up to 80 alphanumeric characters with no spaces. Organizational name string — (optional) specify the name of the organization, in up to 80 alphanumeric characters with no spaces. Organizational unit st...
Page 520
520 c hapter 15: c ryptography c ommands examples — to request an administrative certificate from a certificate authority, type the following command: wx4400# crypto generate request admin country name: us state name: ca locality name: pleasanton organizational name: mycorp organizational unit: eng ...
Page 521
Crypto generate self-signed 521 after you type the command, you are prompted for the following variables: country name string — (optional) specify the abbreviation for the country in which the wx switch is operating, in 2 alphanumeric characters with no spaces. State name string — (optional) specify...
Page 522
522 c hapter 15: c ryptography c ommands to generate a self-signed administrative certificate, type the following command: wx4400# crypto generate self-signed admin country name: state name: locality name: organizational name: organizational unit: common name: wx1@example.Com email address: unstruct...
Page 523
Crypto otp 523 note: on an wx switch that handles communications to and from microsoft windows clients, use a one-time password of 31 characters or fewer. The following characters cannot be used as part of the one-time password of a pkcs #12 file: quotation marks (“ ”) question mark (?) ampersand (&...
Page 524
524 c hapter 15: c ryptography c ommands crypto pkcs12 unpacks a pkcs #12 object file into the certificate and key storage area on the wx switch. This object file contains a public-private key pair, an wx certificate signed by a certificate authority, and the certificate authority’s certificate. Syn...
Page 525
Display crypto ca-certificate 525 examples — the following commands copy a pkcs #12 object file for an eap certificate and key pair—and optionally the certificate authority’s own certificate—from a tftp server to nonvolatile storage on the wx switch, create the one-time password hap9in#ss, and unpac...
Page 526
526 c hapter 15: c ryptography c ommands access — enabled. History —introduced in mss version 3.0. Webaaa option renamed to web in mss version 4.1. Examples — to display information about the certificate of a certificate authority, type the following command: wx4400# display crypto ca-certificate ta...
Page 527
Display crypto certificate 527 defaults — none. Access — enabled. History —introduced in mss version 3.0. Webaaa option renamed to web in mss version 4.1. Usage — you must have generated a self-signed certificate or obtained a certificate from a certificate authority before displaying information ab...
Page 528
528 c hapter 15: c ryptography c ommands display crypto key ssh displays ssh authentication key information. This command displays the checksum (also called a fingerprint) of the public ssh authentication key. When you connect to the wx switch with an ssh client, you can compare the ssh key checksum...
Page 529: Radius
16 radius and s erver g roup c ommands use radius commands to set up communication between a wx switch and groups of up to four radius servers for remote authentication, authorization, and accounting (aaa) of administrators and network users. Commands by usage this chapter presents radius commands a...
Page 531
Clear radius client system-ip 531 wx4400# clear radius timeout success: change accepted. See also set radius on page 534 set radius server on page 539 display aaa on page 223 clear radius client system-ip removes the wx switch’s system ip address from use as the permanent source address in radius cl...
Page 532
532 c hapter 16: radius and s erver g roup c ommands clear radius proxy client removes radius proxy client entries for third-party aps. Syntax — clear radius proxy client all defaults — none. Access — enabled. History —introduced in mss 4.0. Examples — the following command clears all radius proxy c...
Page 533
Clear radius server 533 clear radius server removes the named radius server from the wx configuration. Syntax — clear radius server server-name server-name —name of a radius server configured to perform remote aaa services for the wx switch. Defaults — none. Access — enabled. History —introduced in ...
Page 534
534 c hapter 16: radius and s erver g roup c ommands examples — to remove the server group sg-77 type the following command: wx4400# clear server group sg-77 success: change accepted. To disable load balancing in a server group shorebirds, type the following command: wx4400# set server group shorebi...
Page 535
Set radius 535 mss encrypts the display form of the string in display config and display aaa output. Retransmit number — number of transmission attempts the wx switch makes before declaring an unresponsive radius server unavailable. You can specify from 1 to 100 retries. Timeout seconds — number of ...
Page 536
536 c hapter 16: radius and s erver g roup c ommands see also clear radius server on page 533 display aaa on page 223 set radius server on page 539 set radius client system-ip causes all radius requests to be sourced from the ip address specified by the set system ip-address command, providing a per...
Page 537
Set radius proxy client 537 set radius proxy client adds a radius proxy entry for a third-party ap. The proxy entry specifies the ip address of the ap and the udp ports on which the wx switch listens for radius traffic from the ap. Syntax — set radius proxy client address ip-address [acct-port acct-...
Page 538
538 c hapter 16: radius and s erver g roup c ommands set radius proxy port configures the wx port connected to a third-party ap as a radius proxy for the ssid supported by the ap. Syntax — set radius proxy port port-list [tag tag-value] ssid ssid-name port port-list — wx port(s) connected to the thi...
Page 539
Set radius server 539 set radius server configures radius servers and their parameters. By default, the wx switch automatically sets all these values except the password (key). Syntax — set radius server server-name [address ip-address] [auth-port port-number] [acct-port port-number] [timeout second...
Page 540
540 c hapter 16: radius and s erver g roup c ommands author-password password — password used for authorization to a radius server for mac users. Specify a password of up to 64 alphanumeric characters with no spaces or tabs. Defaults — default values are listed below: auth-port — udp port 1812 acct-...
Page 541
Set server group 541 examples — to set a radius server named rs42 with ip address 198.162.1.1 to use the default accounting and authorization ports with a timeout interval of 30 seconds, two transmit attempts, 5 minutes of dead time, and a key string of keys4u, type the following command: wx1200# se...
Page 542
542 c hapter 16: radius and s erver g roup c ommands do not use the same name for a radius server and a radius server group. Examples — to set server group shorebirds with members heron, egret, and sandpiper, type the following command: wx1200# set server group shorebirds members heron egret sandpip...
Page 543
Set server group load-balance 543 examples — to enable load balancing between the members of server group shorebirds, type the following command: wx1200# set server group shorebirds load-balance enable success: change accepted. To disable load balancing between shorebirds server group members, type ...
Page 544
544 c hapter 16: radius and s erver g roup c ommands.
Page 545: 802.1X M
17 802.1x m anagement c ommands use 802. Ieee x management commands to modify the default settings for ieee 802.1x sessions on an wx switch. For best results, change the settings only if you are aware of a problem with the wx switch’s 802.1x performance. Caution: 802.1x parameter settings are global...
Page 546
546 c hapter 17: 802.1x m anagement c ommands clear dot1x bonded-period resets the bonded auth™ (bonded authentication) period to its default value. The bonded period is the number of seconds mss retains session information for an authenticated machine while waiting for an 802.1x client on the machi...
Page 547
Clear dot1x max-req 547 see also display dot1x on page 551 set dot1x bonded-period on page 555 clear dot1x max-req resets to the default setting the number of extensible authentication protocol (eap) requests that the wx switch retransmits to a supplicant (client). Syntax — clear dot1x max-req defau...
Page 548
548 c hapter 17: 802.1x m anagement c ommands usage — this command is overridden by the set dot1x authcontrol command. The clear dot1x port-control command returns port control to the method configured. This command applies only to wired authentication ports. Examples — type the following command to...
Page 549
Clear dot1x reauth-max 549 clear dot1x reauth-max resets the maximum number of reauthorization attempts to the default setting. Syntax — clear dot1x reauth-max defaults — the default is 2 attempts. Access — enabled. History —introduced in mss version 3.0. Examples — type the following command to res...
Page 550
550 c hapter 17: 802.1x m anagement c ommands clear dot1x timeout auth-server resets to the default setting the number of seconds that must elapse before the wx times out a request to a radius server. Syntax — clear dot1x timeout auth-server defaults — the default is 30 seconds. Access — enabled. Hi...
Page 551
Clear dot1x tx-period 551 clear dot1x tx-period resets to the default setting the number of seconds that must elapse before the wx switch retransmits an eap over lan (eapol) packet. Syntax — clear dot1x tx-period defaults — the default is 5 seconds. Access — enabled. History —introduced in mss versi...
Page 552
552 c hapter 17: 802.1x m anagement c ommands history —introduced in mss version 3.0. Format of 802.1x authentication rule information in display dot1x config output changed in mss version 3.2. The rules are still listed at the top of the display, but more information is shown for each rule. Example...
Page 553
Display dot1x 553 802.1x parameter setting ---------------- ------- supplicant timeout 30 auth-server timeout 30 quiet period 5 transmit period 5 reauthentication period 3600 maximum requests 2 key transmission enabled reauthentication enabled authentication control enabled wep rekey period 1800 wep...
Page 555
Set dot1x bonded-period 555 defaults — by default, authentication control for individual wired authentication is enabled. Access — enabled. History —introduced in mss version 3.0. Usage — this command applies only to wired authentication ports. Examples — to enable per-port 802.1x authentication on ...
Page 556
556 c hapter 17: 802.1x m anagement c ommands usage — normally, the bonded auth period needs to be set only if the network has bonded auth clients that use dynamic wep, or use wep-40 or wep-104 encryption with wpa or rsn. These clients can be affected by the 802.1x reauthentication parameter or the ...
Page 557
Set dot1x max-req 557 examples — type the following command to enable key transmission: wx4400# set dot1x key-tx enable success: dot1x key transmission enabled. See also display dot1x on page 551 set dot1x max-req sets the maximum number of times the wx retransmits an eap request to a supplicant (cl...
Page 559
Set dot1x quiet-period 559 set dot1x quiet-period sets the number of seconds a wx remains quiet and does not respond to a supplicant after a failed authentication. Syntax — set dot1x quiet-period seconds seconds —specify a value between 0 and 65,535. Defaults — the default is 60 seconds. Access — en...
Page 560
560 c hapter 17: 802.1x m anagement c ommands see also display dot1x on page 551 set dot1x reauth-max on page 560 set dot1x reauth-period on page 561 set dot1x reauth-max sets the number of reauthentication attempts that the wx switch makes before the supplicant (client) becomes unauthorized. Syntax...
Page 561
Set dot1x reauth-period 561 set dot1x reauth-period sets the number of seconds that must elapse before the wx switch attempts reauthentication. Syntax — set dot1x reauth-period seconds seconds —specify a value between 60 (1 minute) and 1,641,600 (19 days). Defaults — the default is 3600 seconds (1 h...
Page 562
562 c hapter 17: 802.1x m anagement c ommands see also display dot1x on page 551 clear dot1x timeout auth-server on page 550 set dot1x timeout supplicant sets the number of seconds that must elapse before the wx switch times out an authentication session with a supplicant (client). Syntax — set dot1...
Page 563
Set dot1x wep-rekey 563 examples — type the following command to set the number of seconds before the wx switch retransmits an eapol packet to 300: wx4400# set dot1x tx-period 300 success: dot1x tx-period set to 300. See also display dot1x on page 551 clear dot1x tx-period on page 551 set dot1x wep-...
Page 564
564 c hapter 17: 802.1x m anagement c ommands set dot1x wep-rekey-period sets the interval for rotating the wep broadcast and multicast keys. Syntax — set dot1x wep-rekey-period seconds seconds —specify a value between 30 and 1,641,600 (19 days). Defaults — the default is 1800 seconds (30 minutes). ...
Page 565: Ession
18 s ession m anagement c ommands use session management commands to display and clear administrative and network user sessions. Commands by usage this chapter presents session management commands alphabetically. Use table 88 to locate commands in this chapter based on their use. Clear sessions clea...
Page 568
568 c hapter 18: s ession m anagement c ommands examples — to clear all sessions for mac address 00:01:02:03:04:05, type the following command: wx4400# clear sessions network mac-addr 00:01:02:03:04:05 to clear session 9, type the following command: wx1200# clear sessions network session-id 9 sm apr...
Page 569
Display sessions 569 telnet — displays sessions for all users with administrative access to the wx switch through a telnet connection. Telnet client — displays telnet sessions from the cli to remote devices. Defaults — none. Access — all, except for display sessions telnet client, which has enabled ...
Page 570
570 c hapter 18: s ession m anagement c ommands to view information about telnet client sessions, type the following command: wx4400# display sessions telnet client session server address server port client port ------- -------------- ------------ ----------- 0 192.168.1.81 23 48000 1 10.10.1.22 23 ...
Page 571
Display sessions network 571 display sessions network displays summary or verbose information about all network sessions, or network sessions for a specified username or set of usernames, mac address or set of mac addresses, vlan or set of vlans, or session id. Syntax — display sessions network [use...
Page 572
572 c hapter 18: s ession m anagement c ommands history —introduced in mss version 3.0. Output added to the display network sessions verbose command to indicate the user’s authorization attributes and whether they were supplied through aaa or through configured ssid defaults in a service profile in ...
Page 573
Display sessions network 573 example\singh 12* 10.10.10.30 vlan-eng 3/2 example\havel 13* 10.10.10.40 vlan-eng 1/2 2 sessions match criteria (of 3 total) (table 91 on page 574 describes the summary displays of display sessions network commands.) the following command displays detailed (verbose) sess...
Page 574
574 c hapter 18: s ession m anagement c ommands (table 92 on page 575 describes the additional fields of the verbose output of display sessions network commands.) the following command displays information about network session 27: wx1200# display sessions network session-id 27 global id: sess-27-00...
Page 575
Display sessions network 575 table 92 additional display sessions network verbose output field description client mac mac address of the session user. Gid global session id, a unique session number within a mobility domain. State status of the session: auth, assoc req — client is being associated by...
Page 576
576 c hapter 18: s ession m anagement c ommands table 93 display sessions network session-id output field description global id a unique session identifier within the mobility domain. State status of the session: auth, assoc req — client is being associated by the 802.1x protocol. Auth and assoc — c...
Page 577
Display sessions network 577 see also clear sessions network on page 567 session timeout assigned session timeout in seconds. Authentication method extensible authentication protocol (eap) type used to authenticate the session user, and the ip address of the authentication server. Session statistics...
Page 578
578 c hapter 18: s ession m anagement c ommands.
Page 579: Rf D
19 rf d etection c ommands mss automatically performs rf detection scans on enabled and disabled radios to detect rogue access points. A rogue access point is a bssid (mac address associated with an ssid) that does not belong to a 3com switch and is not a member of the ignore list configured on the ...
Page 580
580 c hapter 19: rf d etection c ommands clear rfdetect attack-list removes a mac address from the attack list. Syntax — clear rfdetect attack-list mac-addr mac-addr — mac address you want to remove from the attack list. Defaults — none. Access — enabled. History —introduced in mss version 4.0. Exam...
Page 581
Clear rfdetect black-list 581 see also clear rfdetect attack-list on page 580 display rfdetect attack-list on page 583 clear rfdetect black-list removes a mac address from the client black list. Syntax — clear rfdetect black-list mac-addr mac-addr — mac address you want to remove from the black list...
Page 582
582 c hapter 19: rf d etection c ommands examples — the following command removes bssid aa:bb:cc:11:22:33 from the ignore list for rf scans: wx1200# clear rfdetect ignore aa:bb:cc:11:22:33 success: aa:bb:cc:11:22:33 is no longer ignored. See also display rfdetect ignore on page 592 set rfdetect igno...
Page 584
584 c hapter 19: rf d etection c ommands examples — the following example shows the attack list on wx switch: wx1200# display rfdetect attack-list total number of entries: 1 attacklist mac port/radio/chan rssi ssid ----------------- ----------------- ------ ------------ 11:22:33:44:55:66 dap 2/1/11 ...
Page 585
Display rfdetect clients 585 display rfdetect clients displays the wireless clients detected by a wx switch. Syntax — display rfdetect clients [mac mac-addr] mac mac-addr — displays detailed information for a specific client. Defaults — none. Access — enabled. History —introduced in mss version 4.0....
Page 586
586 c hapter 19: rf d etection c ommands table 95 display rfdetect clients output field description client mac mac address of the client. Client vendor company that manufactures or sells the client. Ap mac mac address of the radio with which the rogue client is associated. Ap vendor company that man...
Page 587
Display rfdetect countermeasures 587 display rfdetect countermeasures displays the current status of countermeasures against rogues in the mobility domain. Syntax — display rfdetect countermeasures defaults — none. Access — enabled. History —output no longer lists rogues for which countermeasures ha...
Page 588
588 c hapter 19: rf d etection c ommands table 97 describes the fields in this display. See also set radio-profile countermeasures on page 374 display rfdetect counters displays statistics for rogue and intrusion detection system (ids) activity detected by the maps managed by a wx switch. Syntax — d...
Page 589
Display rfdetect counters 589 examples — the following command shows counters for rogue activity detected by a wx switch: wx4400# display rfdetect counters type current total -------------------------------------------------- ------------ ------------ rogue access points 0 0 interfering access point...
Page 590
590 c hapter 19: rf d etection c ommands display rfdetect data displays all the bssids detected by an individual wx switch during an rf detection scan. The data includes bssids transmitted by other 3com radios as well as by third-party access points. Syntax — display rfdetect data defaults — none. A...
Page 591
Display rfdetect data 591 see also display rfdetect mobility-domain on page 592 display rfdetect visible on page 598 table 98 display rfdetect data output field description bssid bssid detected by a map radio on this wx switch. Vendor company that manufactures or sells the rogue device. Type classif...
Page 592
592 c hapter 19: rf d etection c ommands display rfdetect ignore displays the bssids of third-party devices that mss ignores during rf scans. Mss does not generate log messages or traps for the devices in the ignore list. Syntax — display rfdetect ignore defaults — none. Access — enabled. History —i...
Page 593
Display rfdetect mobility-domain 593 usage — this command is valid only on the seed switch of the mobility domain. To display rogue information for an individual switch, use the display rfdetect data command on that switch. Only rogues are listed. To display all devices detected, including 3com radi...
Page 594
594 c hapter 19: rf d etection c ommands wx-ipaddress: 10.8.121.102 port/radio/ch: 3/1/1 mac: 00:0b:0e:00:0a:6a device-type: interfering adhoc: no crypto-types: clear rssi: -75 ssid: 3com-webaaa wx-ipaddress: 10.3.8.103 port/radio/ch: dap 1/1/1 mac: 00:0b:0e:76:56:82 device-type: interfering adhoc: ...
Page 595
Display rfdetect mobility-domain 595 table 99 and table 100 describe the fields in these displays. Table 99 display rfdetect mobility-domain output field description bssid mac address of the ssid used by the detected device. Vendor company that manufactures or sells the rogue device. Type classifica...
Page 596
596 c hapter 19: rf d etection c ommands see also display rfdetect data on page 590 display rfdetect visible on page 598 adhoc indicates whether the rogue is an infrastructure rogue (is using an ap) or is operating in ad-hoc mode. Crypto-types encryption type: clear (no encryption) ccmp tkip wep104 ...
Page 597
Display rfdetect ssid-list 597 display rfdetect ssid-list displays the entries in the permitted ssid list. Syntax — display rfdetect ssid-list defaults — none. Access — enabled. History —introduced in mss version 4.0. Examples — the following example shows the permitted ssid list on wx switch: wx440...
Page 598
598 c hapter 19: rf d etection c ommands examples — the following example shows the permitted vendor list on wx switch: wx1200# display rfdetect vendor-list total number of entries: 1 oui type ----------------- ------ aa:bb:cc:00:00:00 client 11:22:33:00:00:00 ap see also clear rfdetect vendor-list ...
Page 599
Display rfdetect visible 599 history —introduced in mss version 3.0. Usage — if a 3com radio is supporting more than one ssid, each of the corresponding bssids is listed separately. To display rogue information for the entire mobility domain, use the display rfdetect mobility-domain command on the s...
Page 600
600 c hapter 19: rf d etection c ommands see also display rfdetect data on page 590 display rfdetect mobility-domain on page 592 set rfdetect active-scan disables or reenables active rf detection scanning on a wx switch. When active scanning is enabled, the map radios managed by the switch look for ...
Page 601
Set rfdetect attack-list 601 set rfdetect attack-list adds an entry to the attack list. The attack list specifies the mac addresses of devices that mss should issue countermeasures against whenever the devices are detected on the network. The attack list can contain the mac addresses of aps and clie...
Page 602
602 c hapter 19: rf d etection c ommands set rfdetect black-list adds an entry to the client black list. The client black list specifies clients that are not allowed on the network. Mss drops all packets from the clients on the black list. Syntax — set rfdetect black-list mac-addr mac-addr — mac add...
Page 604
604 c hapter 19: rf d etection c ommands you can start countermeasures against more than one bssid by typing additional set rfdetect countermeasures mac commands. After you type the first set rfdetect countermeasures mac command, mss does not issue countermeasures against any devices except the ones...
Page 605
Set rfdetect log 605 usage — use this command to identify third-party aps and other devices you are already aware of and do not want mss to report following rf scans. If you try to initiate countermeasures against a device on the ignore list, the ignore list takes precedence and mss does not issue t...
Page 606
606 c hapter 19: rf d etection c ommands history —introduced in mss version 3.0. Usage — this command is valid only on the seed switch of the mobility domain. The log messages for rogues are generated only on the seed and appear only in the seed’s log message buffer. Use the display log buffer comma...
Page 607
Set rfdetect ssid-list 607 examples — the following command enables map signatures on a wx switch: wx1200# set rfdetect signature enable success: signature is now enabled. Set rfdetect ssid-list adds an ssid to the permitted ssid list.The permitted ssid list specifies the ssids that are allowed on t...
Page 608
608 c hapter 19: rf d etection c ommands set rfdetect vendor-list adds an entry to the permitted vendor list. The permitted vendor list specifies the third-party ap or client vendors that are allowed on the network. Mss does not list a device as a rogue or interfering device if the device’s oui is i...
Page 610
610 c hapter 19: rf d etection c ommands see also display rfdetect data on page 590 display rfdetect visible on page 598 snr signal-to-noise ratio (snr), in decibels (db), of the data received from the client. Rtt (micro-secs) the round-trip time, in microseconds, for the client response to the test...
Page 611: Ile
20 f ile m anagement c ommands use file management commands to manage system files and to display software and boot information. Commands by usage this chapter presents file management commands alphabetically. Use table 103 to locate commands in this chapter based on their use. Table 103 file manage...
Page 613
Backup 613 archive files created by the all option are larger than files created by the critical option. The file size depends on the files in the user area, and the file can be quite large if the user area contains image files. The backup command places the boot configuration file into the archive....
Page 614
614 c hapter 20: f ile m anagement c ommands clear boot backup-configuration clears the filename specified as the backup configuration file. In the event that mss cannot read the configuration file at boot time, a backup configuration file is not used. Syntax — clear boot backup-configuration defaul...
Page 615
Copy 615 wx4400# reset system force ...... Rebooting ...... See also display config on page 623 reset system on page 631 copy performs the following copy operations: copies a file from a tftp server to nonvolatile storage. Copies a file from nonvolatile storage or temporary storage to a tftp server....
Page 616
616 c hapter 20: f ile m anagement c ommands defaults — none. Access — enabled. History —introduced in mss version 3.0. Usage — the filename and file:filename urls are equivalent. You can use either url to refer to a file in an wx switch’s nonvolatile memory. The tftp://ip-addr/filename url refers t...
Page 617
Delete 617 the following commands rename test-config to new-config by copying it from one name to the other in the same location, then deleting test-config: wx4400# copy test-config new-config wx4400# delete test-config success: file deleted. The following command copies file corpa-login.Html from a...
Page 618
618 c hapter 20: f ile m anagement c ommands examples — the following commands copy file testconfig to a tftp server and delete the file from nonvolatile storage: wx4400# copy testconfig tftp://10.1.1.1/testconfig success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] wx4400# delete testconfig su...
Page 619
Dir 619 examples — the following command displays the files in the root directory: wx4400# dir =============================================================================== file: filename size created file:configuration 48 kb jul 12 2005, 15:02:32 file:corp2:corp2cnfig 17 kb mar 14 2005, 22:20:04 ...
Page 620
620 c hapter 20: f ile m anagement c ommands the following command limits the output to the contents of the user files area: wx4400# dir file: =============================================================================== file: filename size created file:configuration 48 kb jul 12 2005, 15:02:32 fi...
Page 621
Install soda agent 621 see also copy on page 615 delete on page 617 install soda agent installs sygate on-demand (soda) agent files in a directory on the wx switch. Syntax — install soda agent agent-file agent directory directory agent-file — name of a .Zip file on the wx switch containing soda agen...
Page 622
622 c hapter 20: f ile m anagement c ommands usage — the install soda agent command installs a .Zip file containing soda agent files into a directory on the wx switch. Prior to installing the soda agent files, you must have already copied the .Zip file to the wx switch. This command creates the spec...
Page 623
Display config 623 table 106 describes the fields in the display boot output. See also display version on page 625 reset system on page 631 set boot configuration-file on page 635 display config displays the configuration running on the wx switch. Syntax — display config [area area] [all] area area ...
Page 624
624 c hapter 20: f ile m anagement c ommands ip-config l2acl log mobility-domain network-domain ntp portconfig port-group qos radio-profile rfdetect service-profile sm snmp snoop spantree system trace vlan vlan-fdb if you do not specify a configuration area, nondefault information for all areas is d...
Page 625
Display version 625 usage — if you do not use one of the optional parameters, configuration commands that set nondefault values are displayed for all configuration areas. If you specify an area, commands are displayed for that area only. If you use the all option, the display also includes commands ...
Page 626
626 c hapter 20: f ile m anagement c ommands examples — the following command displays version information for a wx switch: wx1200# display version mobility system software, version: 4.1.0 qa 67 copyright (c) 2002, 2003, 2004, 2005 3com corporation. All rights reserved. Build information: (build#67)...
Page 627
Load config 627 table 107 describes the fields in the display version output. See also display boot on page 622 load config loads configuration commands from a file and replaces the wx switch’s running configuration with the commands in the loaded file. Caution: this command completely removes the r...
Page 628
628 c hapter 20: f ile m anagement c ommands defaults — the default file location is nonvolatile storage. The current version supports loading a configuration file only from the switch’s nonvolatile storage. You cannot load a configuration file directly from a tftp server. If you do not specify a fi...
Page 630
630 c hapter 20: f ile m anagement c ommands examples — the following commands create a subdirectory called corp2 and display the root directory to verify the result: wx4400# mkdir corp2 success: change accepted. Wx4400# dir ===========================================================================...
Page 631
Reset system 631 reset system restarts an wx switch and reboots the software. Syntax — reset system [force] force — immediately restarts the system and reboots, without comparing the running configuration to the configuration file. Defaults — none. Access — enabled. History —introduced in mss versio...
Page 633
Rmdir 633 see also backup on page 612 rmdir removes a subdirectory from nonvolatile storage. Syntax — rmdir [subdirname] subdirname — subdirectory name. Specify between 1 and 32 alphanumeric characters, with no spaces. Defaults — none. Access — enabled. History —introduced in mss version 3.0. Usage ...
Page 634
634 c hapter 20: f ile m anagement c ommands access — enabled. History —introduced in mss version 3.0. Usage — if you do not specify a filename, mss replaces the configuration file loaded during the most recent reboot. To display the filename of the configuration file mss loaded during the most rece...
Page 635
Set boot configuration-file 635 history —introduced in mss version 4.1. Examples — the following command specifies a file called backup.Cfg as the backup configuration file on the wx switch: wx1200# set boot backup-configuration backup.Cfg success: backup boot config filename set. See also clear boo...
Page 637
Uninstall soda agent 637 usage — the uninstall soda command removes the soda agent directory and all of its contents. All files in the specified directory are removed. The command removes the directory and its contents, regardless of whether it contains soda agent files. Examples — the following com...
Page 638
638 c hapter 20: f ile m anagement c ommands.
Page 639: Race
21 t race c ommands use trace commands to perform diagnostic routines. While mss allows you to run many types of traces, this chapter describes commands for those traces you are most likely to use. For a complete listing of the types of traces mss allows, type the set trace ? Command. Caution: using...
Page 640
640 c hapter 21: t race c ommands clear log trace deletes the log messages stored in the trace buffer. Syntax — clear log trace defaults — none. Access — enabled. History —introduced in mss version 3.0. Examples — to delete the trace log, type the following command: wx4400# clear log trace see also ...
Page 641
Display trace 641 to clear the session manager trace, type the following command: wx4400# clear trace sm success: clear trace sm see also display trace on page 641 set trace authentication on page 642 set trace authorization on page 643 set trace dot1x on page 644 set trace sm on page 645 display tr...
Page 642
642 c hapter 21: t race c ommands save trace saves the accumulated trace data for enabled traces to a file in the wx switch’s nonvolatile storage. Syntax — save trace filename filename —name for the trace file. To save the file in a subdirectory, specify the subdirectory name, then a slash. For exam...
Page 643
Set trace authorization 643 examples — the following command starts a trace for information about user jose’s authentication: wx4400# set trace authentication user jose success: change accepted. See also clear trace on page 640 display trace on page 641 set trace authorization traces authorization i...
Page 644
644 c hapter 21: t race c ommands see also clear trace on page 640 display trace on page 641 set trace dot1x traces 802.1x sessions. Syntax — set trace dot1x [ mac-addr mac-address ] [ port port-num ] [ user username ] [ level level ] mac-addr mac-address — traces a mac address. Specify a mac addres...
Page 645
Set trace sm 645 set trace sm traces session manager activity. Syntax — set trace sm [mac-addr mac-address] [port port-num] [user username] [level level] mac-addr mac-address — traces a mac address. Specify a mac address, using colons to separate the octets (for example, 00:11:22:aa:bb:cc). Port por...
Page 646
646 c hapter 21: t race c ommands.
Page 647: Noop
22 s noop c ommands use snoop commands to monitor wireless traffic, by using a distributed map as a sniffing device. The map copies the sniffed 802.11 packets and sends the copies to an observer, which is typically a protocol analyzer such as ethereal or tethereal. (for more information, including s...
Page 648
648 c hapter 22: s noop c ommands clear snoop deletes a snoop filter. Syntax — clear snoop filter-name filter-name — name of the snoop filter. Defaults — none. Access — enabled. History —introduced in mss version 4.0. Examples — the following command deletes snoop filter snoop1: wx1200# clear snoop ...
Page 649
Set snoop 649 wx1200# clear snoop map snoop2 dap 3 radio 2 success: change accepted. The following command removes all snoop filter mappings from all radios: wx1200# clear snoop map all success: change accepted. See also set snoop map on page 652 display snoop on page 654 display snoop map on page 6...
Page 650
650 c hapter 22: s noop c ommands to match on packets to or from a specific mac address, use the dest-mac or src-mac option. To match on both send and receive traffic for a host address, use the host-mac option. To match on a traffic flow (source and destination mac addresses), use the mac-pair opti...
Page 651
Set snoop 651 the map that is running a snoop filter forwards snooped packets directly to the observer. This is a one-way communication, from the map to the observer. If the observer is not present, the map still sends the snoop packets, which use bandwidth. If the observer is present but is not lis...
Page 654
654 c hapter 22: s noop c ommands display snoop displays the map radio mapping for all snoop filters. Syntax — display snoop defaults — none. Access — enabled. History —introduced in mss version 4.0. Usage — to display the mappings for a specific map radio, use the display snoop map command. Example...
Page 655
Display snoop map 655 examples — the following command shows the snoop filters configured in the examples above: wx1200# display snoop info snoop1: observer 10.10.30.2 snap-length 100 all packets snoop2: observer 10.10.30.3 snap-length 100 frame-type eq data mac-pair (aa:bb:cc:dd:ee:ff, 11:22:33:44:...
Page 657
Display snoop stats 657 table 110 describes the fields in this display. Table 110 display snoop stats output field description filter name of the snoop filter. Dap distributed map containing the radio to which the filter is mapped. Radio radio to which the filter is mapped. Rx match number of packet...
Page 658
658 c hapter 22: s noop c ommands.
Page 659: Ystem
23 s ystem l og c ommands use the system log commands to record information for monitoring and troubleshooting. Mss system logs are based on rfc 3164, which defines the log protocol. Commands by usage this chapter present system log commands alphabetically. Use table 111 to locate commands in this c...
Page 660
660 c hapter 23: s ystem l og c ommands access — enabled. History — introduced in mss version 3.0. Examples — to stop sending system logging messages to a server at 192.168.253.11, type the following command: wx4400# clear log server 192.168.253.11 success: change accepted. Type the following comman...
Page 661
Display log buffer 661 severity severity-level —displays messages at a severity level greater than or equal to the level specified. Specify one of the following: emergency — the wx switch is unusable. Alert — action must be taken immediately. Critical — you must resolve the critical conditions. If t...
Page 662
662 c hapter 23: s ystem l og c ommands see also clear log on page 659 display log config on page 662 display log config displays log configuration information. Syntax — display log config defaults — none. Access — enabled. History — introduced in mss version 3.0. Examples — to display how logging i...
Page 664
664 c hapter 23: s ystem l og c ommands defaults — none. Access — enabled. History — introduced in mss version 3.0. Examples — type the following command to see the facilities for which you can view event messages archived in the buffer: wx4400# display log trace facility ? Select one of: kernel, aa...
Page 665
Set log 665 logging state (enabled or disabled) to override the session defaults for an individual session, type the set log command from within the session and use the current option. Trace — sets log parameters for trace files. Port port-number — sets the tcp port for sending messages to the syslo...
Page 666
666 c hapter 23: s ystem l og c ommands if you do not specify a local facility, mss sends the messages with their default mss facilities. For example, aaa messages are sent with facility 4 and boot messages are sent with facility 20 by default. Enable — enables messages to the specified target. Disa...
Page 667
Set log mark 667 set log mark configures mss to generate mark messages at regular intervals. The mark messages indicate the current system time and date. 3com can use the mark messages to determine the approximate time when a system restart or other event causing a system outage occurred. Syntax — s...
Page 668
668 c hapter 23: s ystem l og c ommands.
Page 669: Oot
24 b oot p rompt c ommands boot prompt commands enable you to perform basic tasks, including booting a system image file, from the boot prompt (boot>). A cli session enters the boot prompt if mss does not boot successfully or you intentionally interrupt the boot process. To interrupt the boot proces...
Page 671
Boot 671 boot loads and executes a system image file. Syntax — boot [bt=type] [dev=device] [fn=filename] [ha=ip-addr] [fl=num] [opt=option] [opt+=option] bt=type — boot type: c — compact flash. Boots using nonvolatile storage or a flash card. N — network. Boots using a tftp server. Dev=device — loca...
Page 672
672 c hapter 24: b oot p rompt c ommands usage — if you use an optional parameter, the parameter setting overrides the setting of the same parameter in the currently active boot profile. However, the boot profile itself is not changed. To display the currently active boot profile, use the display co...
Page 673
Change 673 change changes parameters in the currently active boot profile. (for information about boot profiles, see display on page 678.) syntax — change defaults — the default boot type is c (compact flash). The default filename is default. The default flags setting is 0x00000000 (all flags disabl...
Page 674
674 c hapter 24: b oot p rompt c ommands the following command enters the configuration mode for the currently active boot profile and configures the wx switch (in this example, an wxr100) to boot using a tftp server: boot> change changing the default configuration is not recommended. Are you sure t...
Page 675
Delete 675 usage — a wx switch can have up to four boot profiles. The boot profiles are stored in slots, numbered 0 through 3. When you create a new profile, the system uses the next available slot for the profile. If all four slots already contain profiles and you try to create a fifth profile, the...
Page 676
676 c hapter 24: b oot p rompt c ommands usage — when you type the delete command, the next-lower numbered boot profile becomes the active profile. For example, if the currently active profile is number 3, profile number 2 becomes active after you type delete to delete profile 3. You cannot delete b...
Page 677
Diag 677 examples — the following command displays the current setting of the dhcp option: boot> dhcp dhcp is currently enabled. The following command disables the dhcp option: boot> dhcp dhcp is currently disabled. See also boot on page 671 diag accesses the diagnostic mode. Syntax — diag defaults ...
Page 678
678 c hapter 24: b oot p rompt c ommands access — boot prompt. History —introduced in mss version 3.0. Usage — to display the system image software versions, use the fver command. This command does not list the boot code versions. To display the boot code versions, use the version command. Examples ...
Page 679
Display 679 a wx switch can have up to four boot profiles, numbered 0 through 3. Only one boot profile can be active at a time. You can create, change, and delete boot profiles. You also can activate another boot profile in place of the currently active one. Syntax — display defaults — none. Access ...
Page 681
Help 681 access — boot prompt. History —introduced in mss version 3.0. Usage — to display the image filenames, use the dir command. This command does not list the boot code versions. To display the boot code versions, use the version command. Examples — the following command displays the system imag...
Page 683
Next 683 examples — to display a list of the commands available at the boot prompt, type the following command: boot> ls ls display a list of all commands and descriptions. Help display help information for each command. Autoboot display the state of, enable, or disable the autoboot option. Boot loa...
Page 684
684 c hapter 24: b oot p rompt c ommands examples — to activate the boot profile in the next slot and display the profile, type the following command: boot> next boot index: 0 boot type: c device: boot1: filename: testcfg flags: 00000000 options: run=nos;boot=0 see also change on page 673 create on ...
Page 685
Test 685 3com wx-4400 bootstrap/bootloader version 3.0.2 release compiled on wed sep 22 09:18:47 pdt 2004 by bootstrap 0 version: 3.1 active bootloader 0 version: 3.0.2 active bootstrap 1 version: 3.1 bootloader 1 version: 3.0.1 wx-4400 board revision: 2. Wx-4400 controller revision: 5. Wxa30001.Rel...
Page 686
686 c hapter 24: b oot p rompt c ommands examples — the following command displays the current setting of the poweron test flag: boot> test the diagnostic execution flag is not set. See also boot on page 671 version displays version information for a wx switch’s hardware and boot code. Syntax — vers...
Page 687: Btaining
A o btaining s upport for y our 3c om p roducts 3com offers product registration, case management, and repair services through esupport.3com.Com . You must have a user name and password to access these services, which are described in this appendix. Register your product to gain service benefits to ...
Page 688
688 a ppendix a: o btaining s upport for y our 3c om p roducts purchase extended warranty and professional services to enhance response times or extend your warranty benefits, you can purchase value-added services such as 24x7 telephone technical support, software upgrades, onsite assistance, or adv...
Page 689
Contact us 689 telephone technical support and repair to obtain telephone support as part of your warranty and other service benefits, you must first register your product at: http://esupport.3com.Com/ when you contact 3com for assistance, please have the following information ready: ■ product model...
Page 690
690 a ppendix a: o btaining s upport for y our 3c om p roducts pakistan call the u.S. Direct by dialing 00 800 01001, then dialing 800 763 6780 sri lanka call the u.S. Direct by dialing 02 430 430, then dialing 800 763 6780 vietnam call the u.S. Direct by dialing 1 201 0288, then dialing 800 763 678...
Page 691
Contact us 691 us and canada — telephone technical support and repair all locations: network jacks; wired or wireless network interface cards: all other 3com products: 1 847-262-0070 1 800 876 3266 country telephone number country telephone number.
Page 692
692 a ppendix a: o btaining s upport for y our 3c om p roducts.
Page 694
694 i ndex clear snoop 648 clear snoop map 648 clear spantree portcost 436 clear spantree portpri 437 clear spantree portvlancost 437 clear spantree portvlanpri 438 clear spantree statistics 439 clear summertime 139 clear system 42 clear system countrycode 42 clear system ip-address 42, 140 clear sy...
Page 695
I ndex 695 display rfdetect attack-list 583 display rfdetect black-list 584 display rfdetect clients 585 display rfdetect countermeasures 587 display rfdetect counters 588 display rfdetect data 590 display rfdetect ignore 592 display rfdetect mobility-domain 592 display rfdetect ssid-list 597 displa...
Page 697
I ndex 697 set prompt 56 set qos cos-to-dscp-map 125 set qos dscp-to-cos-map 126 set radio-profile auto-tune channel-config 367 set radio-profile auto-tune channel-holddown 368 set radio-profile auto-tune channel-interval 369 set radio-profile auto-tune power-backoff-timer 370 set radio-profile auto...
Page 698
698 i ndex set spantree portvlancost 460 set spantree portvlanpri 461 set spantree priority 462 set spantree uplinkfast 462 set summertime 195 set system contact 57 set system countrycode 58 set system idle-timeout 62 set system ip-address 63, 196 set system location 64 set system name 65 set timeda...