manualshive.com logo in svg

Avaya WLAN 8100 Series, Reference, Page: 110 / 382

Share
Download
Avaya WLAN 8100 Series Reference Download Page 110

5. Verify threat mitigation configuration using the following command.

Show wireless security wids-wips mitigation

Sample Output:

WCP8180#show wireless security wids-wips mitigation 

ap-threat-mitigation:       enabled

client-threat-mitigation:   disabled

6. Verify AP deauthentication attacks using the following command.

Show wireless security wids-wips ap-deauth-attacks

Sample Output:

WCP8180#show wireless security wids-wips ap-deauth-attacks 

Target BSSID      Channel    Classify Since       Last RFScan 

----------------- ---------- -------------------- ------------

5C:E2:86:0F:F7:70 3          2:02:57:19           0d:00:00:00 

70:38:EE:89:C4:10 11         1:18:33:49           0d:00:09:37 

5C:E2:86:0F:F2:10 10         1:18:33:19           0d:00:00:07 

70:38:EE:89:C3:F0 11         1:18:27:48           0d:00:00:07 

00:1B:4F:6A:59:B0 11         1:03:01:11           0d:00:00:07 

00:1B:4F:6A:64:F0 6          0d:22:57:41          0d:22:57:41 

7. Verify Ageout configuration using the following command.

Show wireless security wids-wips ageout

Sample Output:

WCP8180#show wireless security wids-wips ageout 

adhoc-clients         :1440 minutes

ap-failure            :1440 minutes

detected-client       :300 minutes

rf-scan               :1440 minutes

Configuring a MAC filter blacklist

Use this procedure to configure a MAC filter blacklist.

In prior releases of the WLAN 8100, to filter out a client MAC, you would need to add it the
Blacklist database and enable MAC validation on the network profile. This also required all
valid clients to be added to the Whitelist database. From release 2.1 onwards, you can blacklist
a client MAC independent of a Whitelist or RADIUS based MAC validation, by configuring the
client in a MAC filter blacklist.

Procedure

1. Enter wireless security configuration mode of the CLI.

WCP8180#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

WCP8180(config)#wireless

WCP8180(config-wireless)#security

ACLI reference for Wireless LAN (WLAN) 8100

110     Avaya WLAN 8100 CLI Reference

August 2013

Comments? [email protected]

Summary of Contents for WLAN 8100 Series

Page 1: ...Avaya WLAN 8100 CLI Reference Release 2 1 0 NN47251 107 Issue 05 02 August 2013 ...

Page 2: ...hich the scope of the license is detailed below Where the order documentation does not expressly identify a license type the applicable license will be a Designated System License The applicable number of licenses and units of capacity for which the license is granted will be one 1 unless a different number of licenses or units of capacity is specified in the documentation or other materials avail...

Page 3: ...demarks logos and service marks Marks displayed in this site the Documentation and Product s provided by Avaya are the registered or unregistered Marks of Avaya its affiliates or other third parties Users are not permitted to use such Marks without prior written consent from Avaya or such third party which may own the Mark Nothing contained in this site the Documentation and Product s should be co...

Page 4: ...4 Avaya WLAN 8100 CLI Reference August 2013 Comments infodev avaya com ...

Page 5: ...Configuring and viewing the Tunnel Path MTU 62 DiffServ 63 AeroScout 73 Station Isolation 75 Ekahau RTLS support 77 Wi Fi Zoning 80 Domain AP configuration 87 Wireless security WIDS WIPS configuration and management 99 Configuring a MAC filter blacklist 110 Wireless Security Client MAC validation 111 Load Balancing of APs and WSPs 119 Commonly used configuration procedures 129 Chapter 5 ACLI Refer...

Page 6: ...6 Avaya WLAN 8100 CLI Reference August 2013 ...

Page 7: ...nd management ACLI reference for wired networks This chapter describes typical ACLI commands for wired network configuration For further information on the features of the Wireless LAN 8100 solution see Avaya WLAN 8100 Fundamentals NN47251 102 Related Resources Documentation For a list of the documentation for this product see Avaya WLAN 8100 Documentation Roadmap NN47251 100 Training Ongoing prod...

Page 8: ...r key words in the Search Channel to search for a specific product or topic Scroll down Playlists and click the name of a topic to see the available list of videos posted on the site Support Visit the Avaya Support website at http support avaya com for the most up to date documentation product notices and knowledge articles You can also search for release notes downloads and resolutions to issues ...

Page 9: ...r release 2 1 0 Auto RF AeroScout RTLS support Ekahau RTLS support Station Isolation EAP SIM and EAP AKA support Tunnel Path MTU MAC based RADIUS authentication Wi Fi Zoning LED management on a domain AP database Additionally the following are supported in this release Domain AP configuration such as enabling or disabling individual AP radios saving AP radio or power configuration to the AP databa...

Page 10: ... the following areas in the WMS Monitoring capabilities enhanced user experience with the provision to perform domain wide actions and a consistent look and feel Troubleshooting or diagnostics Reporting capabilities The current release supports additional country codes For the entire list of country codes supported in this release see Supported country codes on page 377 This document does not cont...

Page 11: ...ed Access deployment the wireless controller deploys in the control plane mode of operation of the 8180 platform This device then hosts only the wireless control function and is called a wireless control point WCP A switch such as the Avaya ERS 8600 8800 introduced into the network tunnels traffic data and is known as the wireless switching point WSP The APs and WSPs tunnel traffic between each ot...

Page 12: ...Overview of WLAN deployment solutions 12 Avaya WLAN 8100 CLI Reference August 2013 Comments infodev avaya com ...

Page 13: ...ging RADIUS on page 41 Auto RF on page 53 Configuring and viewing the Tunnel Path MTU on page 62 DiffServ on page 63 AeroScout on page 73 Station Isolation on page 75 Ekahau RTLS support on page 77 Wi Fi Zoning on page 80 Domain AP configuration on page 87 Wireless security WIDS WIPS configuration and management on page 99 Configuring a MAC filter blacklist on page 110 Wireless Security Client MAC...

Page 14: ...adio Profile and Captive Portal profile configuration Wireless RADIUS server configuration License download Before you begin Remove the WC 8180 device from its packaging Ensure you have the following hardware components and materials Wireless Controller WC 8180 device console cable Procedure 1 Power on the WC 8180 2 When the WC 8180 is up connect the console cable 3 Verify that the baud rate and o...

Page 15: ... on page 15 Verifying controller configuration Use this procedure to verify the configuration after running the WC 8180 Quick Configuration utility Procedure 1 Verify controller configuration WC8180 show wireless Operation Mode WC Status Enabled Interface IP 192 168 34 4 TCP UDP base port 61000 Base MAC Address 58 16 26 FD FE 00 Tunnel Path MTU 1492 ACLI reference for the Wireless LAN WLAN 8100 Av...

Page 16: ...00 system configuration Only configuration that is different from the default configuration is displayed Command options of the show running config command WC8180 show running config module Display configuration of an application verbose Display entire configuration defaults and non defaults Command options of the show running config module command WC8180 show running config module 802 1ab Display...

Page 17: ...uration stp Display STP configuration unicast storm control Display Unicast Storm Control configuration vlacp Display VLACP configuration vlan Display VLAN configuration wireless Display wireless configuration cr 2 Use one of the following command options to view the current wireless configuration WC8180 show running config module wireless ap profile Display wireless ap profile configs auto rf Dis...

Page 18: ...cannot be started when the configuration profiles are not synchronized in the mobility domain A capture instance that is not active can be restarted using a restart action A capture instance that is active can be stopped using a stop action Before starting the capture instance you must install Wireshark on the observer host to capture frames on the observer host IP of the capture instance Wireshar...

Page 19: ... Linux machine execute the command nc l u port number Launch Wireshark to capture frames In Wireshark ensure that you configure the CAPWAP UDP data port correctly To decode the information packets correctly this port must be the same as that opened for listening on the observer host PC On Wireshark navigate to Edit Preferences CAPWAP Update the field CAPWAP data UDP port Also ensure that you desel...

Page 20: ...ecified length in bytes Configure the direction of the capture WC8180 config capture profile direction both Transmit and receive downlink Transmit only uplink Receive only Configure the duration of the capture WC8180 config capture profile duration 0 86400 Enter capture duration in seconds Configure filters for the capture WC8180 config capture profile filters Set filters for the packet capture pr...

Page 21: ... wireless capture profile To view details of a selected capture profile use WC8180 show wireless capture profile 1 4 detail A sample output is as follows WC8180 config capture profile show wireless capture profile 1 detail Capture Profile ID 1 Name Default Observer IP Address Observer UDP Port 37008 Filter Promiscous mode Disabled Filter Interfaces All Radios Filter Flow direction Transmit and Rec...

Page 22: ... profile WC8180 wireless capture instance restart profile profile id Delete packet capture instances WCP8180 wireless capture instance stop all All instances ap AP MAC Address profile Capture profile Delete all capture instances WC8180 wireless capture instance delete all Delete all capture instance s for a specific AP WCP8180 wireless capture instance delete ap ap mac Delete all capture instance ...

Page 23: ...ed Scenario 2 include probe ssid Observation The probe request packets are observed but with a different ssid the ssid filter did not work Reason When the probe request has a broadcast bssid the comparison does not happen Hence all probe requests are captured with a different ssid The following section describes configuration settings and the corresponding output no promisc mode include beacon you...

Page 24: ...dicates transmit for the AP both Specifies both transmit and receive downlink Specifies transmit only uplink Specifies receive only duration 0 86400 Range is 0 to 86400 seconds Specifies the duration for which capture should continue Packet capture stops after the time duration elapses Use a default value of 5 minutes A value of 0 means infinite duration end End wireless capture configuration mode...

Page 25: ...l Specifies all radio interfaces b radio Specifies 2 4 GHz radio interface only no Disables capture profile parameters observer ip ipaddr IP address of the observer host to which to send the captured traffic observer port 1 65535 Specifies the destination UDP port for sending the captured traffic This is the L4 port that observer PC is listens on Important Ensure the observer host on the UDP port ...

Page 26: ...length in the capture profile the captured packets show as Malformed The default value of the snap length is 128 and the value can be modified between 32 and 1024 Commands to configure Capture Instances Configure capture instance Command Parameters Description start ap ap mac Specifies the AP MAC address to start the wireless capture instance profile profile id Specifies the capture profile stop a...

Page 27: ... stations to use the 5GHz radio instead of the 2 4GHz radio leaving the 2 4GHz radio for stations that only support 2 4GHz As part of Client load balancing configuration you enable disable the Load balancing After you enable load balancing you configure the following parameters utilization start Utilization level at which client association load balancing begins utilization cutoff Client associati...

Page 28: ... load balance utilization cutoff 60 WC8180 config wireless radio profile 4 Entering radio profile id 3 configuration mode WC8180 config radio profile band steering enable WC8180 config radio profile load balance enable WC8180 config radio profile load balance utilization start 30 WC8180 config radio profile load balance utilization cutoff 60 Configuring and managing Captive Portals The following s...

Page 29: ... the command captive portal enable to enable Captive Portal service 3 Use the command captive portal auth timeout 60 600 to set the authentication timeout value in seconds 4 Use the command captive portal http port 0 65535 to configure the Captive Portal HTTP port 5 Use the command captive portal https portal 0 65535 to configure the Captive Portal HTTPS port 6 Use the command captive portal stats...

Page 30: ...IP must exist physically in one of the domain controllers Note The current release of WLAN 8100 allows you to configure up to 8 Captive Portal IP addresses for a single Captive Portal profile Avaya recommends that you configure as many Captive Portal IP addresses for a Captive Portal profile as there are controllers in the domain For example if there are 8 controllers in the domain configure up to...

Page 31: ...ofile profile_number block to block profile traffic 5 Use the command captive portal profile profile_number color to set the Captive Portal color scheme Command options WCP8180 config cp profile color background Set background color foreground Set foreground color separator Set separator color 6 Use the command captive portal profile profile_number default to set Captive Portal profile parameters ...

Page 32: ...file profile_number redirect enable HTTP redirect mode after authentication 15 Use the command captive portal profile profile_number redirect url to configure the redirect URL For more information see Redirecting the URL for captive portals on page 34 16 Use the command captive portal profile profile_number session timeout to set the session timeout value Enter a time in seconds The range is 0 to ...

Page 33: ...den hostname 10 1 1 2 type ip addr IP address type Example Use the following command to configure a Walled Garden host IP address WC8180 config cp profile walled garden hostname 10 1 1 2 type ip addr Verify the configuration WC8180 show wireless captive portal profile 1 detail Captive Portal Profile ID 1 Web Hostname xyz com Foreground Color 6F7B82 Background Color 6F7B82 Separator Color CC0000 Wa...

Page 34: ...guest user request to after authentication For this you must first enable redirect on the Captive Portal The behavior of the Captive Portal redirect command is as follows If redirect is enabled but no redirect url is configured user requests are redirected to the previously requested URL If redirect is enabled and a redirect url is configured user requests are redirected to the specified Web page ...

Page 35: ...edirect to disable redirection 6 Use the command default redirect url to reset the redirect url to the default value Configuring the Web hostname in Captive Portals You can configure a Web host name to mask a Captive Portal IP address from guest users A Web host name helps restrict exposure of the WLAN 8100 system IP addresses to a guest user Note The default Web host name is random string cp logi...

Page 36: ... do not accept strings as is WCP8180 config cp profile locale WCP8180 config cp locale Captive Portal Locale Configuration Commands code Set locale code browser preferred language custom Enable Captive Portal customization mode custom file Configure Captive Portal Customization package filename default Set captive portal parameters to default settings end End configuration mode error msg Configure...

Page 37: ... UTF 16 equivalent of the word test Customizing Captive Portal using static HTML pages Use this procedure to customize the Captive Portal user login experience using static HTML pages Captive Portal customization using static HTML pages helps you update only those Web pages that are displayed during the Captive Portal user login process that is during user authentication After successful authentic...

Page 38: ... graphics files in the zipped file Important Ensure the following rules when you create a zip file The package file must be a zipped file with an extension of zip The length of package filename must not exceed 31 characters The number of files in the package must not exceed 32 The filenames of the files included in the package file must not exceed 31 characters Total package file size does must no...

Page 39: ...e action command Peer controller IP address Profile Id and locale Id File type account brand logo background logout background and package file Action flag After the customization package file is uploaded to your controller it is not removed in the flash unless you run the default command or perform another upload You can also use the default command to reset the configuration and to remove the co...

Page 40: ...portal profile ID AMDC wireless captive portal tftp get address Controller IP address About this task Use the following commands to manage Captive Portals Procedure 1 Enter the wireless configuration mode of the CLI 2 Use the command wireless captive portal client deauthenticate all to revoke authentication on all clients 3 Use the command wireless captive portal client deauthenticate captive port...

Page 41: ... view the Captive Portal network status show wireless captive portal network status Viewing current Captive Portal configuration View the current Captive Portal configuration Procedure Enter the following command to view the current Captive Portal configuration of the WLAN 8100 system This command only displays configuration that is different from the default configuration WC8180 show running conf...

Page 42: ...uration mode of the ACLI 2 Configure a RADIUS server using the command radius server host IP Address where host IP address is the IP address of the primary RADIUS server you want to configure 3 Configure a RADIUS profile using the command radius profile profile name type A RADIUS profile can be one of two types authentication or accounting WC8180 security radius profile profile name type acct auth...

Page 43: ...S server Enter a number in the range 0 100 Specifying a time interval of 0 disables the health check health check user Specifies the user name for the RADIUS health check This user name must be configured in the Active Directory health check password Specifies the user password for RADIUS health check The password for the health check user must be configured in the Active Directory priority Specif...

Page 44: ...feature waits for a reply from a RADIUS server It is also the time when the check on the next server happens The default duration is 3 seconds The retries specifies the maximum number of health check messages sent to check the health status of a RADIUS server before marking a server as dead Health check interval value is configured during Radius servers configuration RADIUS servers are grouped int...

Page 45: ... the command radius server retries 1 5 to configure radius server retries Use the command radius server timeout 1 30 to configure the radius server timeout in seconds Use the command default radius server retries to set the radius server retries to the default value Use the command default radius server timeout to set the radius server timeout to the default value 7 Configure the RADIUS server hea...

Page 46: ...on mode of the ACLI 2 By default RADIUS offload is disabled Use this command to enable RADIUS offload in network profile WC8180 config network profile radius offload 3 To disable RADIUS offload use one of the following commands WC8180 config network profile no radius offload OR WC8180 config network profile default radius offload Note Radius Offload is applicable only for WPA enterprise security m...

Page 47: ... to create a self signed certificate WLAN crypto configurations certificate Certificate generation and mapping commands end End wireless crytpo configuration mode exit Exit from wireless crypto configuration mode no Delete crypto configurations WC8180 config crypto certificate Certificate generation and mapping commands generate Generate a self signed X 509 certificate import Import a certificate ...

Page 48: ...sphrase The certificate Pkcs12 type must only be imported Note Certificates when generated or imported successfully are synchronized automatically to peer controllers in a cluster without the need to execute the command wireless controller config sync on the AMDC Certificates that failed to import are displayed on the AMDC with the failure status reason About this task Use the following commands t...

Page 49: ... peer controllers by executing the command wireless controller config sync Important Certificate mapping or un mapping must be synchronized across controllers in a cluster by executing the wireless controller config sync command on AMDC controller About this task Use the following command to map an application to an X 509 certificate Note The current release of WLAN 8100 supports certificate mappi...

Page 50: ...he certificate Use the command no certificate map Captive Portal radius to delete the mapping and to un map a certificate Use the command no certificate certificate index to remove or delete a certificate Viewing generated certificates and their mapping Use the following command to view generated certificates and their mapping Procedure Use the following commands to view the generated and imported...

Page 51: ...e server load due to multiple simultaneous authentications requests RADIUS server load balancing applies only to radius profiles of type authentication not for RADIUS accounting profiles Ensure that you synchronize the server load balancing profile among controllers in a mobility domain Note If RADIUS AAA offloading is enabled on the network external RADIUS servers perform only MSCHAPv2 authentica...

Page 52: ...f the CLI 2 Configure RADIUS accounting on a RADIUS profile WC8180 radius profile profile name type acct auth wc8180 radius server radius accounting server ip radius accounting profile name type acct encrypted secret encrypted radius secret health check encrypted password Radius health check password encrypted health check interval Radius health check interval health check password User password f...

Page 53: ...f power plan settings WCP8180 config wireless auto rf Auto RF channel plan configuration Configure the Auto RF channel plan for the a n and the bg n radio frequency bands WC8180 config wireless auto rf channel plan a n 802 11 a n radio frequency band bg n 802 11 bg n radio frequency band WC8180 config wireless auto rf channel plan a n history depth Set channel plan history depth interval Set inter...

Page 54: ...erval manual Adjusting channels manually time Adjusting channels at a scheduled time Auto RF power plan configuration Configure Auto RF power plan at the domain level WC8180 config wireless auto rf power plan mode Set power plan mode threshold strength Configure the threshold strength in dBm to be used for the power adjustements Configure the Auto RF power plan mode Note Auto RF power plan has the...

Page 55: ...nel by the regulatory domain or the hardware capability Note The APA runs continuously collecting neighbor AP data for up to 20 minutes making power adjustments and starting the data collection again The ACA runs on a set interval The default interval is 1 hour and can be configured For a first time installation of the WLAN 8100 a lower interval is recommended to speed up convergence to an accepta...

Page 56: ...Depth 10 10 Operational True True Last Iteration Status 3 10 Manual Status None None Max Consecutive Change Iterations 0 6 Max Consecutive No Change Iterations 3 3 Select the auto mode on the Radio Profile WC8180 config radio profile power policy auto WC8180 config radio profile channel policy auto Verify the configuration AMDC show wireless radio profile 1 detail Radio Profile Id 1 Name Default 5...

Page 57: ...ecific neighbor relations detected by APs WC8180 show wireless rrm neighbors all Managing Auto RF operations CLI reference WC8180 wireless auto rf Auto rf actions channel plan Perform auto rf channel plan actions power plan Perform auto rf power plan actions WC8180 wireless auto rf channel plan a n 802 11 a n radio frequency band bg n 802 11 b g n radio frequency band WC8180 wireless auto rf power...

Page 58: ...s auto rf Display auto rf infomation channel plan Display auto rf channel plan settings power plan Display auto rf power plan settings View Auto RF channel plan settings WC8180 show wireless auto rf channel plan Parameters a n 802 11 a n radio frequency band bg n 802 11 bg n radio frequency band cr Sub Commands Groups history Display auto rf channel plan history proposed Display auto rf proposed c...

Page 59: ...ount 0 Number of Operational Radios 30 Time since last Power Plan Iteration 0d 00 08 42 2 Use the command show wireless ap radio power plan status AP MAC addresss radio index to view the AP radio power plan status for a particular AP MAC address and radio index Example AP radio power plan status for radio index 1 and AP MAC address 00 1B 4F 6A 18 E0 WC8180 show wireless ap radio power plan status ...

Page 60: ...or Signal 0 Strongest Detector AP Mac Address 00 00 00 00 00 00 Strongest Detector AP Signal 0 Last Power Adjustment Status Unchanged Last Power Adjustment Reason Code Power Plan Disabled Power Increase Count 0 Power Decrease Count 0 4 Use the command show wireless ap radio power status AP MAC address to view the AP radio power status for an AP In the following example 00 1B 4F 6A 18 E0 is a sampl...

Page 61: ...n Status 7 Manual Status None Max Consecutive Change Iterations 2 Max Consecutive No Change Iterations 3 6 Use the command show wireless auto rf channel plan history to view the Auto RF channel plan history Sample output WC8180 show wireless auto rf channel plan history Phy Mode AP Mac Address Radio AP Location AP AP Intf Iter Ch 802 11 b g n 58 16 26 ac 75 60 2 1 1 802 11 b g n 58 16 26 ac bf e0 ...

Page 62: ...orted only in Overlay deployments The following sections describe configuration of the Tunnel Path MTU using the Avaya CLI CLI reference WC8180 config wireless tunnel path mtu 1250 2372 Range of the Tunnel Path MTU Procedure 1 Enter the wireless configuration mode of the CLI Use the following commands WC8180 conf t WC8180 config wireless WC8180 config wireless 2 Use the following command to set th...

Page 63: ...no jumbo frames enable Warning Tunnel path MTU configuration exceeds desired local port MTU The tunnel path MTU would be modified by this change to 1492 Proceed with the change y n Enter y to disable Jumbo frames Verify local MTU configuration WC8180 show wireless Operation Mode WC Status Enabled Interface IP 134 177 252 65 TCP UDP base port 61000 Base MAC Address 00 24 B5 1F 96 00 Tunnel Path MTU...

Page 64: ...ng subnet mask Replace these values with those appropriate to your network WCP8180 config wireless DiffServ classifierblock classsifier1 WCP8180 config DiffServ classifierelement match src mac 01 02 03 04 05 06 mask ff ff ff ff ff ff 2 Configure Classifier Block options elements CLI reference to configure classifier block elements WCP8180 config diffserv classifierelement Configure Classifier Elem...

Page 65: ... set the EthType parameter to 0x0800 hex you can configure other classifier block parameters such as protocol dest ip src ip ipDscp IpPrescedence IpTos src port and dst port Use one of the following commands to configure the classifier block elements WCP8180 config diffserv classifierelement match cos 0 7 WCP8180 config diffserv classifierelement match ds field 0 63 WCP8180 config diffserv classif...

Page 66: ...Serv policy named policy1 and associate the configured classifier block classifier1 with this policy Use the following command In this example allow is a sample action associated with the classifier block classifier1 The allow action allows packets or traffic that match the criteria specified in the classifier block configured in Step 1 WCP8180 config DiffServ classifierelement DiffServ policy pol...

Page 67: ...ark precedence Remark IP Precedence WCP8180 config diffserv policy WC8180 config diffserv policy classifierblock c1 remark cos 0 7 WC8180 config diffserv policy classifierblock c1 remark dscp 0 63 WC8180 config diffserv policy classifierblock c1 remark precedence 0 7 7 Configure a network profile In this example you configure a network profile named AVAYA Demo associated with a mobility VLAN Mobil...

Page 68: ...8 Enable client QoS and Domain AP client QoS and map the created Diffserv policy to the AVAYA Demo network profile to prioritize WMM Wireless Multi Media traffic in the network By default in WMM voice traffic has a higher priority over video traffic You can for example configure DiffServ policies to reverse this traffic priority in the network For example to enable client QOS and configure the Dif...

Page 69: ...ample Output WCP8180 show wireless diffserv statistics Client MAC Direction Policy Name 00 05 03 01 00 01 Uplink p1 00 05 03 01 00 01 Downlink p1 00 05 03 02 00 01 Uplink p1 00 05 03 02 00 01 Downlink p1 Use the following command to view the DiffServ statistics for a specific client MAC address In the following example 00 05 03 01 00 01 is a sample client MAC address WCP8180 show wireless diffserv...

Page 70: ...use the AP rounds off the value down to the nearest 64000 bps This is independent of the type of client authentication For example if the configured bandwidth rate for the client is 4294967295 bps configured in either the network profile or as part of RADIUS authentication the actual value displayed when you execute show wireless client qos status is 4294912000 bps which is the nearest multiple of...

Page 71: ...et s source port IP address as the match condition for the rule The address you enter is compared with the packet s source IP Address You must also specify a source IP Mask with the Source IP Address Source IP Mask Specifies the source IP address wildcard mask The wild card masks determines which bits are used and which bits are ignored A wild card mask of 255 255 255 255 indicates that no bit is ...

Page 72: ...Precedence value as the match condition for the rule The IP Precedence field in a packet is defined as the high order three bits of the Service Type octet in the IP header Enter the IP Precedence value as an integer in the range 0 7 Either the DSCP value or the IP Precedence value or IP Tos value is used to match packets to ACLs IP TOS Bits Optional Specifies the packet s IP Tos value as the match...

Page 73: ...Ps It is not supported on the AP 8120 O which is an outdoor AP The following sections describe AeroScout enablement using the Avaya CLI ACLI reference WC8180 config wireless ap profile 1 32 AP Profile ID WC8180 config wireless ap profile 2 Entering ap profile id 2 configuration mode WC8180 config ap profile AP Profile Configuration Commands aeroscout Configure AE protocol support mode ap model Con...

Page 74: ...rify creation of the AP profile WC8180 show wireless ap profile 2 detail Sample Output AP Profile Id 2 Name AP Profile 1 Country Code IN AP Model Avaya APs AP8120 AP8120 E Is Default Profile No AE Protocol Support Disable Status Associated 3 Enable AeroScout on the AP profile WC8180 config wireless ap profile 2 Entering ap profile id 2 configuration mode WC8180 config ap profile aeroscout enable W...

Page 75: ...le on page 75 Enabling Station Isolation on a network profile Before you begin Ensure that you are in the wireless configuration mode of the Avaya CLI Use the following commands WC8180 conf t WC8180 config wireless WC8180 config wireless Note From release 2 1 0 onwards station isolation configuration is not supported on a Radio profile You can configure and enable only on a network profile About t...

Page 76: ...ddressed to the client VAP MAC address and Multicast packets WC8180 config wireless network profile 2 Entering network profile id 2 configuration mode WC8180 config network profile gateway mac 00 19 69 91 00 43 5 Verify network profile configuration in detail Sample Output WC8180 show wireless network profile 2 detail Network Profile ID 2 Name NP2 SSID Corportate Network Station Isolation Mode Ena...

Page 77: ...sfully dynamically determined WC8180 show wireless client statistics detail Client MAC CC 52 AF 0E C6 FA Packets Rx Tx 445 49 Bytes Rx Tx 50204 462 Station Isolation stats Unknown GW Pkts dropped 0 Non GW Dst Pkts dropped 47 WC8180 Ekahau RTLS support The Ekahau Real Time Location System RTLS is a fully automated tracking solution that continually monitors the location of assets and people in a wi...

Page 78: ...4 to 65535 Related topics Enabling Ekahau RTLS support on an AP profile on page 78 Enabling Ekahau RTLS support on an AP profile Use this procedure to create a sample AP profile and enable Ekahau on that profile Note Ekahau is disabled on an AP profile by default Before you begin Ensure that you are in the wireless configuration mode of the Avaya CLI Use the following commands WC8180 config wirele...

Page 79: ...Enable Ekahau Server IP 0 0 0 0 Ekahau Server UDP Port 8569 Status Associated modified 5 Use the following command to configure the Ekahau server IP address In the following example 10 11 2 31 is a sample Ekahau server IP address WC8180 config ap profile ekahau server ip 10 11 2 31 The following command resets the Ekahau server IP address to the default value 0 0 0 0 WC8180 config ap profile defau...

Page 80: ...sociation Zone and a Wi Fi Roaming Zone The Wi Fi association zone of an AP is the physical region around the AP within which clients can associate to the wireless networks advertised by the AP This zone is configured by specifying an RSSI authentication threshold for the 802 11 authentication frames received from the clients If the authentication frames received from the clients are below the con...

Page 81: ...alue depending on the physical distance between the APs and also the AP transmission power When you configure the Wi Fi association zone and roaming zone thresholds for an AP always ensure that the Wi Fi association zone thresholds is greater than or equal to the Wi Fi roaming zone thresholds For example if Wi Fi association zone thresholds value is 65 dBm then configure Wi Fi roaming zone with th...

Page 82: ...on zone and roaming zone thresholds on the AP The values are tabulated based on sample client distances from the AP Table 1 Sample client RSSI values with respect to distance from the AP Operating frequency 5 GHz The following sample values are based on an FCC domain AP model AP 8120 operating at 5 0 GHz and on channel 44 The values are sampled in a 90 empty office floor for an AP in a 10 feet hig...

Page 83: ... the roaming zones of the APs overlap by about 60 to 80 Configure the Roaming Zone threshold using the tables in Step 4 Important Ensure that you configure the roaming zone threshold to be at least 15 dBm below the association zone threshold Also ensure that the roaming zone for an AP overlaps the association zone of its neighboring AP 5 Verify the roaming behavior of the clients within the associ...

Page 84: ... wireless About this task Use this procedure to create a sample radio profile and enable Wi Fi association zone and roaming zone thresholds on that profile Procedure 1 Create a radio profile named rp_WiFiZone with profile ID 20 WC8180 config wireless radio profile 20 access wids Create a radio profile with access wids operation mode ap model Hardware model country code Create a radio profile with ...

Page 85: ...c zone 50 WC8180 config radio profile roam zone 100 0 Enter the RSSI value in dBM 0 Disabled 1 to 99 100 Auto WC8180 config radio profile roam zone 70 4 Verify Wi Fi Association Zone and Roaming Zone thresholds configuration on the radio profile in detail WC8180 show wireless radio profile 20 detail Sample Output Radio Profile Id 20 Name rp_WifiZone Configuration Model AP8120 E Country Code US Ope...

Page 86: ...nds for AP MAC address 5C E2 86 0F 52 C0 WC8180 config wireless domain ap 5C E2 86 0F 52 C0 Entering domain AP mac 5C E2 86 0F 52 C0 configuration mode WC8180 config domain ap About this task The following procedure lists the commands to view Wi Fi Zoning configuration in further detail with sample outputs Procedure 1 Configure domain AP radio profile parameter WC8180 config domain ap radio 1 2 Ra...

Page 87: ...troller 0 0 0 0 Alternate Controller 0 0 0 0 Location Campus Building Floor Sector Radio 1 Channel Automatic Adjustment Power Automatic Adjustment External Antenna N A Extension Cable N A Assoc zone 50 dBm Roam zone 65 dBm Admin Enable True Radio 2 Channel Automatic Adjustment Power Automatic Adjustment External Antenna N A Extension Cable N A Assoc zone Auto Roam zone Auto Admin Enable True Domai...

Page 88: ...Radio 2 Preferred AP MAC Country Channel Channel WC 00 1B 4F 69 E7 80 4 IN Auto Auto 0 0 0 0 00 1B 4F 6A 18 E0 7 IN 44 11 0 0 0 0 WC8180 config wireless 3 Enter the domain AP configuration mode for the AP whose parameters you want to modify using the following command In the following example 00 1B 4F 69 E7 80 is the MAC address of the domain AP whose parameters you want to modify WC8180 config wi...

Page 89: ...AP8120 ap8120 E Avaya AP8120 E with external antennas Configure the preferred controller IP address WC8180 config domain ap preferred controller A B C D Controller IP Address Configure an AP profile WC8180 config domain ap profile id 1 32 AP Profile ID Configure the domain AP radio Select the radio interface WC8180 config domain ap radio 1 2 Radio Interface Configure the following parameters on th...

Page 90: ...r the AP WC8180 show wireless domain ap database 00 1B 4F 6A 05 00 Profile Radio 1 Radio 2 Preferred AP MAC Country Channel Channel WC 00 1B 4F 6A 05 00 1 IN 44 Auto 192 168 14 11 Total number of entries in AP database 1 View the AP configuration in detail Note that the Admin Enable is set to False on both Radio 1 and Radio 2 WC8180 show wireless domain ap database 00 1B 4F 6A 05 00 detail AP MAC ...

Page 91: ...0 config domain ap radio 1 admin enable 4 Perform a controller configuration synchronization to apply changes to the AP Important In earlier releases of the WLAN 8100 configuration changes made to the domain AP database required a manual AP reset for the changes to take effect From release 2 1 onwards the wireless controller config sync operation synchronizes configuration changes across the domai...

Page 92: ...tuning mechanisms Procedure 1 View the managed APs in the domain WC8180 show wireless domain ap database Total number of entries in AP database 2 Profile Radio 1 Radio 2 Preferred AP MAC Country Channel Channel WC 00 1B 4F 69 F4 20 1 IN Auto Auto 192 168 14 11 00 1B 4F 6A 05 00 2 IN Auto Auto 192 168 14 13 2 Execute the following commands to save AP channel configuration to the domain AP database ...

Page 93: ...nment Policy Fixed Current Power 99 Manual Adjustment None Radio Resource Measurement Enabled Total Neighbors 5 Authenticated Clients 0 WLAN Utilization 5 Antenna None Extension Cable None Radio Oper Down Reason None Radio 2 mac 00 1B 4F 6A 05 00 Operation On Operation Mode Access WIDS 802 11 Mode 802 11b g n Channel Assignment Policy Fixed Bandwidth 20MHz Current Channel Auto Manual Adjustment Co...

Page 94: ...0 wireless ap power 00 1B 4F 6A 05 00 1 save to db WC8180 wireless ap power 00 1B 4F 6A 05 00 2 save to db d Perform a configuration synchronization to apply changes to the AP WC8180 wireless controller config sync Note Prior releases of WLAN 8100 required a reset of the AP when domain AP changes were made From release 2 1 onwards you do not need to perform an AP reset Instead perform controller s...

Page 95: ... Execute the following commands to save channel and power configuration to all APs in the domain Save channel configuration to all APs in the domain WC8180 wireless domain ap save to db channel WARNING All APs in the domain will be programmed to operate on fixed channel and Auto RF will not tune the channel in future Do you want to continue y n y Save power configuration to all APs in the domain W...

Page 96: ...LEDs state on a domain AP to be turned off or on and verify the configuration Note By default the LED state on a domain AP is set to Normal On that is the LED lights are turned on Procedure 1 Enter the domain AP configuration mode of the AP with MAC address 58 16 26 AC 75 60 WC8180 config wireless WC8180 config wireless domain ap 58 16 26 AC 75 60 Entering domain AP mac 58 16 26 AC 75 60 configura...

Page 97: ...ile ID 13 Preferred Controller 192 168 11 3 Alternate Controller 0 0 0 0 LED State off Location Campus Building Floor Sector Radio 1 Channel 36 Power 60 External Antenna WL81AT070E6 Extension Cable 3 ft Assoc zone Auto Roam zone Auto Admin Enable True Radio 2 Channel 11 Power 60 External Antenna WL81AT070E6 Extension Cable 3 ft Assoc zone Auto Roam zone Auto Admin Enable True Total number of entri...

Page 98: ...al to turn on the LEDs WC8180 config domain ap led state normal WC8180 config domain ap end 7 Perform a configuration synchronization to apply changes to the AP WC8180 wireless controller config sync 8 Verify that the LED State on the AP is set to Normal on WC8180 show wireless domain ap database 58 16 26 AC 75 60 detail Sample Output AP MAC 58 16 26 AC 75 60 Label Model AP8120 E Country Code VE S...

Page 99: ...e Id 13 Profile Name VE Configuration Apply Status Success Authenticated Clients 0 Configuration Failure Error Reset status Not Started Code Download Status Not Started Image Upgrade Needed No Ap Techdump Status Not Started Hardware Version R01 AP port speed and duplex mode FullDuplex1000 AP LED Status LED ON Wireless security WIDS WIPS configuration and management Wireless intrusion detection WID...

Page 100: ...S access wids bg n profile name access bgn exit Create a WIDS 5 GHz radio profile radio profile 5 country code US wids wips 5 profile name wips 5 exit Create a WIDS 2 4 GHz radio profile radio profile 6 country code US wids wips 2 4 profile name wips 24 exit Create a WIDS both radio profile radio profile 7 country code US wids wips both profile name wips both exit 2 In the following configuration ...

Page 101: ...ss clients but detects and mitigates rogues ap profile 3 country code US profile name wids 2 5 radio 1 enable radio 2 enable radio 1 profile id 5 radio 2 profile id 6 exit 4 In the following configuration one of the radios is configured to provide data service for clients in either the 5GHz band e g 802 11n and 802 11a or the 2 4GHz band e g 802 11n and 802 11b g and the other dual band radio excl...

Page 102: ...ess radio profile 1 Entering radio profile id 1 configuration mode WC8180 config radio profile Procedure 1 Enable detection of Rogue AP threats Use one of the following command options to enable detection of specific Rogue AP threats WCP8180 config security wids rogue ap threat fake ap on invalid channel Fake AP operating on illegal channel illegal channel AP operating on illegal channel invalid s...

Page 103: ...failure Configure authentication failure test auth req rate Configure authenticaion request rate test deauth req rate Configure deauthentication request rate test not in db Enable client check in known database test probe req rate Configure probe request rate test cr Use the following commands to configure options within the auth failure threat WCP8180 config security wids rogue client threat auth...

Page 104: ...ult wips mitigation WCP8180 config security default wips mitigation ap threat WCP8180 config security default wips mitigation client threat Use the following commands to disable WIPS mitigation WCP8180 config security no wips mitigation ap threat WCP8180 config security no wips mitigation client threat 4 Use the following commands to configure Known APs An AP that is not managed by the WLAN switch...

Page 105: ...P is known from outside local enterprise The AP is in local database other Others Use the following command options to configure the WDS mode for a known AP WCP8180 config security wids known ap 00 88 99 66 66 88 wds mode any Operation as a bridge or in normal mode bridge Operation as a bridge only normal Operation in normal mode only Use the following command options to configure the Wired mode f...

Page 106: ...e wired detection interval of a rogue AP WCP8180 config security wids rogue ap wired detection interval 1 3600 Interval in seconds Use the following command to set the default interval WCP8180 config security default wids rogue ap wired detection interval 9 Acknowledge Rogue clients Rogue APs Acknowledge a specific Rogue AP by specifying its MAC address or all Rogue APs WCP8180 config security wid...

Page 107: ...to enable other channel scan and set the scan interval in a radio profile WCP8180 config radio profile scan other channel WCP8180 config radio profile scan other channel interval Note To disable a scan option prefix the command with no Verifying configuration of WIDS WIPS Use the following commands to verify WIDS WIPS configuration Procedure 1 Verify RF scan configuration using the following comma...

Page 108: ... Auto Any 4 Verify configuration for the detection of Rogue APs and Rogue clients using the following commands Show wireless security wids wips rogue ap control Sample Output WCP8180 show wireless security wids wips rogue ap controls Rogue detected trap interval 180 seconds Wired network detection interval 60 seconds Rogue State Administrator configured rogue AP Enabled Managed SSID received from ...

Page 109: ... 56 12 0d 00 00 08 3 00 00 00 00 00 00 0 False Enable 0d 00 00 00 0d 00 00 00 4 00 00 00 00 00 00 0 False Enable 0d 00 00 00 0d 00 00 00 5 00 00 00 00 00 00 0 False Enable 0d 00 00 00 0d 00 00 00 6 00 00 00 00 00 00 0 False Enable 0d 00 00 00 0d 00 00 00 7 00 00 00 00 00 00 0 False Enable 0d 00 00 00 0d 00 00 00 8 00 00 00 00 00 00 0 False Enable 0d 00 00 00 0d 00 00 00 9 00 00 00 00 00 00 0 False...

Page 110: ...Show wireless security wids wips ageout Sample Output WCP8180 show wireless security wids wips ageout adhoc clients 1440 minutes ap failure 1440 minutes detected client 300 minutes rf scan 1440 minutes Configuring a MAC filter blacklist Use this procedure to configure a MAC filter blacklist In prior releases of the WLAN 8100 to filter out a client MAC you would need to add it the Blacklist databas...

Page 111: ...t you do not configure names that have similar characters or letters but are different only in their case WC8180 config security mac db blacklist AC 81 BB BB 11 11 Blacklist1 Verify blacklist configuration WCP8180 config security show wireless security mac db blacklist Total blacklisted users 1 MAC Address User Name AC 81 BB BB 11 11 Blacklist1 WCP8180 config security Wireless Security Client MAC ...

Page 112: ...g blacklists and whitelists on page 114 Validating client MAC addresses against a RADIUS server on page 115 Configuring the client MAC validation mode in a network profile Use this procedure to configure the client MAC validation mode the mode of client authentication using client MAC addresses in a network profile The supported client MAC validation modes are validation against a local whitelist ...

Page 113: ...ault RADIUS Authentication Profile Name RADIUS Accounting Profile Name RADIUS Accounting Mode Disabled Security Mode open MAC Validation Enabled MAC Validation mode Local Whitelist Wireless ARP Suppression Disabled Radius offload Disabled Station Isolation Mode Disabled Gateway MAC address 00 00 00 00 00 00 4 Optional Use the following commands to disable MAC validation on a network profile WCP818...

Page 114: ...N Probe Response Enabled Captive Portal Mode Disabled User Validation open Captive Portal Profile Id 0 Local User Group Default RADIUS Authentication Profile Name RADIUS Accounting Profile Name RADIUS Accounting Mode Disabled Security Mode open MAC Validation Enabled MAC Validation mode local whitelist Wireless ARP Suppression Disabled Radius offload Disabled Station Isolation Mode Disabled Gatewa...

Page 115: ... validate client MAC addresses against a RADIUS server The following configuration requirements must be satisfied for this mode of authentication The RADIUS server is properly configured and is enabled to support the PAP protocol Appropriate RADIUS profiles are configured on the network to associate with the network profile The MAC addresses of wireless client devices to be validated against the R...

Page 116: ...cation of users and devices connected to the wireless network In the following example you configure a RADIUS server with IP address 10 1 1 104 and associate it with the RADIUS profile rad srvr profile WC8180 config security radius server 10 1 1 104 rad srvr profile secret Enter server secret Verify server secret Verify the status of controller communication with the RADIUS server is Up by using t...

Page 117: ... CLI reference WC8180 config network profile radius accounting Enable RADIUS accouting function accounting profile Configure accounting radius profile authentication profile Configure authentication RADIUS profile offload Enable radius offloading WC8180 config network profile radius authentication profile rad srvr profile 4 Verify network profile configuration WC8180 config wireless show wireless ...

Page 118: ...5535 minutes 3 View the known client ageout configuration WC8180 config security show wireless security radius Radius server timeout 2 sec Radius server retries 3 Radius known client db ageout 30 min Configuring a trap for authentication failure Use the following procedure to configure a trap for authentication failure This trap is useful to detect the problem when MAC validation against a RADIUS ...

Page 119: ...r WSP When an AP or WSP joins the domain it is assigned to the preferred controller if available and not loaded to its maximum capacity If the controller is not available or is loaded to its maximum capacity the alternate controller is assigned to the AP or WSP If both the preferred and alternate controllers are loaded to their maximum capacity or are unavailable the AP or WSP is assigned to the c...

Page 120: ...ent of AP or WSP to WC When multiple WCs match the AP or WSP location the least loaded WC is selected for assignment The WC location is a mobility domain configuration that must be synchronized with all domain member WC devices using the config sync action AP or WSP location is configured in the domain AP WSP database for each AP WSP and must also be synchronized with all domain member WC devices ...

Page 121: ...ric least load or location for APs and WSPs Note Wireless Switching Point WSP load balancing is applicable only in Unified Access deployments Choose the load balancing metric WCP8180 config wireless lb lb metric least load Load balance to the least loaded device location Load balance to the device in the nearest location C B F S 4 Use following commands to configure the C B F S parameters for an A...

Page 122: ...et load balance parameters to default controller Default controller load balance configuration commands lb metric Set default parameters for lb metric a Use the command default controller to set the default controller load balance configuration commands b Use the command default lb metric to set the default parameters for lb metric 6 Use the following command to run the Load Balancing algorithm on...

Page 123: ...etric location AP MAC Address AP IP WC IP WC Status 00 1B 4F 6C 1B A0 172 16 7 11 192 171 0 56 Connected 5C E2 86 0F 51 40 172 16 7 15 192 171 0 56 Connected 00 1B 4F 69 EA C0 172 16 7 24 192 171 0 60 Disconnected 3 Verify controller DB load balancing information WC8180 show wireless domain load balance controller db Sample output WC8180 show wireless domain load balance controller db Controller L...

Page 124: ...he following procedure to configure and verify load balancing on APs The following example demonstrates the distribution of 4 APs amongst 2 controllers in a cluster based on the configured load balancing metric Table 3 Controller location parameters Controll er MAC address Controller IP address Campus Buildin g Floor Sector WC1 00 24 B5 1F 81 01 192 168 18 12 Avaya LeftWi ng FirstFlo or Lab1 WC2 0...

Page 125: ...Load Also manual load balancing is not configured preferred and alternate controllers are not configured Load balance status on WC1 WC8180 show wireless domain load balance status Mobility Domain AP License 4096 Mobility Domain AP License In Use 4 Configured Load Balancing Metric none Domain Load Balance Status per Method Preferred Alternate LeastLoad Location Unknown APs load balanced to WC 0 0 4...

Page 126: ...ters for AP1 and AP2 WC8180 config wireless domain ap 00 1B 4F 6A 18 E1 Entering domain AP mac 00 1B 4F 6A 18 E1 configuration mode WC8180 config domain ap location Avaya LeftWing FirstFloor Lab1 WC8180 config wireless domain ap 00 1B 4F 6A 18 E2 Entering domain AP mac 00 1B 4F 6A 18 E2 configuration mode WC8180 config domain ap location Avaya LeftWing FirstFloor Lab1 Configure the C B F S paramet...

Page 127: ...the controller or APs Otherwise the system load balances the APs using only the location based metric by default even if the load balancing metric is configured as least load a View the current load balance status on the controllers WC1 and WC2 as follows The system displays the current load balancing metric as Location Load balance status on WC1 WC8180 show wireless domain load balance status Mob...

Page 128: ...d balance status Mobility Domain AP License 4096 Mobility Domain AP License In Use 4 Configured Load Balancing Metric none Domain Load Balance Status per Method Preferred Alternate LeastLoad Location Unknown APs load balanced to WC 4 0 4 0 0 d Perform an AP load balance WC8180 wireless domain load balance ap e Verify the result of load balancing using the least load metric View the load balance st...

Page 129: ...d Access on page 132 Configuring wireless profiles on page 135 Configuring domain options Overlay CLI reference WC8180 config wireless domain Parameters ap client qos Enable AP QoS operation for clients ap reconnection timeout AP WCP failover timeout auto promote discovered ap Enable auto promote of discovered APs to AP database client roam agetime Configure timeout for client roaming country code...

Page 130: ... the CLI 2 Use the command domain ap client qos to enable access point QoS operations for clients 3 Use the command domain ap reconnection timeout to configure the AP controller failover timeout 4 Use the command domain auto promote discovered ap to enable auto promotion of discovered access points 5 Use the command domain client roam agetime 1 120 to configure the client roaming timeout value in ...

Page 131: ... command domain ap reset group size 1 100 to configure the percentage of access points in the domain that will be reset 17 Use the command domain auto promoted aps approve to approve all discovered APs 18 Use the command domain ap model ap8120 ap8120 E ap8120 O to configure the AP model 19 Use these commands for configuring domain options for a specific AP a Use the command domain ap ap_mac altern...

Page 132: ...nts to load balance to the least loaded device d Use the command lb metric location to load balance to the device in the nearest location Configuring domain options Unified Access CLI reference WCP8180 config wireless domain Parameters ap client qos Enable AP QoS operation for clients ap reconnection timeout AP WCP failover timeout auto promote discovered ap Enable auto promote of discovered APs t...

Page 133: ...his task Use this procedure to configure domain options Procedure 1 Enter Wireless Configuration mode of the CLI 2 Use the command domain ap client qos to enable access point QoS operations for clients 3 Use the command domain ap reconnection timeout to configure the AP WCP failover timeout 4 Use the command domain auto promote discovered ap to enable auto promotion of discovered access points 5 U...

Page 134: ... path server ip address and server port number 16 Use the command domain ap reset group size 1 100 to configure the percentage of access points in the domain that will be reset 17 Use the command domain auto promoted aps approve to approve all discovered APs 18 Use the command domain ap model ap8120 ap8120 E ap8120 O to configure the AP model 19 Use these commands for configuring domain options fo...

Page 135: ...nce to enter the load balancing command mode Use the following commands to configure load balancing a Use the command controller for controller load balance configuration commands b Use the command default to set load balance parameters to default c Use the command lb metric least load to configure APs and WSPs in Unified Access deployments to load balance to the least loaded device d Use the comm...

Page 136: ... do not configure SSIDs avaya demo and AVAYA DEMO within the same network About this task Use this procedure to configure wireless profiles Procedure 1 Enter Wireless Configuration mode of the CLI 2 Use the command network profile 1 64 to create a network profile This command has the options listed in the following table Command Option Description network profile 1 64 arp suppression Enable wirele...

Page 137: ...e portal is enabled wep Configure WEP related parameters wmm2cos CoS mapping for WMM wpa2 Configure WPA2 settings 3 Use the command radio profile 1 64 to create a radio profile a Ensure you use the command ap model to select an AP model b Ensure you use the command country code to select a country code These commands have the options listed in the following table Command Options Description radio ...

Page 138: ...le No Ack for incorrectly received frames on radio load balance Configure load balancing parameters max clients Configure the maximum number of simultaneous clients multicast tx rate Configure the multicast transfer rate no Disable the radio profile power Configure the radio power settings profile name Set the radio profile name qos Configure radio QoS queues rate limit Configure the broadcast and...

Page 139: ...Configure AP Model Avaya outdoor AP AP 8120 O Avaya indoor AP 8120 and external antenna AP 8120 E Note If you do not choose an ap model the default is ap8120 country code Enter a country code Create an AP profile with a country code Note When creating an AP profile specify a country code or use the default primary country code of the domain To change a country code after a profile has been created...

Page 140: ...ault values default profile Set current profile as the default profile for an AP dscp2cos DSCP to CoS QoS Mapping end End configure mode exit Exit from AP profile configuration mode network 1 64 1 64 Network Profile ID Configure Network Profile mapping on a radio no Disable AP profile parameters profile name Set an AP profile name radio Configure Radio Profile mapping on a radio ap model ap8120 O ...

Page 141: ...5 Use the command domain ap mac address to create a domain ap profile This command has the options listed in the following table Command Option Description domain ap mac address alternate controller Configure alternate wireless controller default Set a command to its default values end End configuration mode exit mode Exit from domain AP configuration label Configure AP Label location Configure AP...

Page 142: ... radio channel power antenna cable settings radio 1 2 Radio Interface antenna WL81AT070E6 AP8120 E external antenna 70 degree WL81AT180E6 AP8120 E external antenna 180 degree channel 1 216 Fixed channel number Use show wireless radar detection to display valid channels auto Automatic channel selection ext cable 3 ft AP8120 E 3 feet extension cable 10 ft AP8120 E 10 feet extension cable power 1 100...

Page 143: ...omatic power level adjustment serial WORD Enter AP serial number 6 Use the command captive portal profile 1 10 to create a captive portal profile ACLI reference for the Wireless LAN WLAN 8100 Avaya WLAN 8100 CLI Reference August 2013 143 ...

Page 144: ...ACLI reference for Wireless LAN WLAN 8100 144 Avaya WLAN 8100 CLI Reference August 2013 Comments infodev avaya com ...

Page 145: ... Quality of Service on page 316 Configuring Serviceability on page 351 Configuring diagnostics and graphing on page 361 Configuring system options This section describes the system configuration procedures for the WLAN Controller 8180 WC 8180 Related topics General switch administration on page 146 Configuring Energy Saver Options on page 160 Using Simple Network Time Protocol on page 160 Real tim...

Page 146: ...6 Displaying the default TFTP server with CLI on page 187 Displaying complete GBIC information on page 187 Displaying hardware information on page 188 Configuring Auto Unit Replacement on page 188 Configuring the UI button on page 188 Configuring USB Host Port on page 189 Enabling Autosave on page 189 Setting the server for Web based management with CLI on page 189 Setting the read only and read w...

Page 147: ...r the controller joins a domain Do the following if a change is required after the controller joins a domain 1 Remove the controller from the mobility domain 2 Disable wireless operations 3 Change the IP address 4 Join the controller to the domain ip address command The ip address command sets the IP address and subnet mask for the switch This command is executed in the Global Configuration comman...

Page 148: ...meter Description bootp always Always use the bootp server bootp last address Use the last bootp server bootp when needed Use bootp server when needed dhcp always Always use the DHCP server dhcp last address Use the last DHCP server dhcp when needed Use DHCP client when needed no ip address command The no ip address command clears the IP address and subnet mask for a switch This command sets the I...

Page 149: ...P related configuration information CLI reference WCP8180 config show ip Parameters address IP address of switch stack bootp Show bootp settings default gateway IP address of default gateway cr Sub Commands Groups arp proxy Display Proxy ARP status default ttl Display default TTL dhcp Display DHCP settings dhcp relay Display DHCP relay information directed broadcast Display directed broadcast forw...

Page 150: ... address Disabled BootP always BootP when needed BootP or last address Displaying interfaces The status of all interfaces on the switch can be viewed including Multi Link Trunk membership link status autonegotiation and speed using the following command show interfaces command The show interfaces command displays the current configuration and status of all interfaces The syntax for the show interf...

Page 151: ... set the list of ports to support Fast Ethernet 4 Use the command interface vlan 1 4094 to assign the Layer 3 IP VLAN ID Enabling Jumbo Frames About this task Use the following procedure to enable Jumbo Frames Procedure 1 Enter Privileged mode of the CLI 2 Enter Configuration mode by entering the config command 3 Use the command jumbo frames enable to enable Jumbo Frames Configuring the EDM Help F...

Page 152: ...on page 153 default duplex command on page 154 speed command The speed command sets the speed of the port The syntax for the speed command is speed port portlist 10 100 1000 auto The speed command is executed in the Interface Configuration command mode The following table describes the parameters for the speed command Table 9 speed command parameters Parameters Description port portlist Specifies ...

Page 153: ...ort numbers to set the speed to factory default Enter the port numbers you want to set Note If you omit this parameter the system uses the port number you specified in the interface command duplex command The duplex command specifies the duplex operation for a port The syntax for the duplex command is duplex port portlist full half auto The duplex command is executed in the Interface Configuration...

Page 154: ...t this parameter the system uses the ports you specified in the interface command Testing cables with the Time Domain Reflectometer The WC 8180 is equipped with a Time Domain Reflectometer TDR The TDR provides a diagnostic capability to test connected cables for defects such as short pin and pin open You can obtain TDR test results from CLI or Device Manager The cable diagnostic tests only apply t...

Page 155: ...r this command is show tdr portlist where portlist specifies the ports for which to display the test results The show tdr command is in the privExec command mode Enabling Autotopology About this task The Optivity Autotopology protocol can be configured using the CLI Use the following commands to enable autotopology using the CLI Related topics autotopology command on page 155 no autotopology comma...

Page 156: ...ings The show autotopology settings command is executed in the Privileged EXEC command mode show autotopology nmm table command The show autotopology nmm table command displays the Autotopology network management module NMM table The syntax for the show autotopology nmm table command is show autotopology nmm table The show autotopology nmm table command is executed in the Privileged EXEC command m...

Page 157: ...to disable Sets the mode for flow control asymmetric PAUSE frames can only flow in one direction symmetric PAUSE frames con flow in either direction auto sets the port to automatically determine the flow control mode default disable disables flow control no flowcontrol command The no flowcontrol command is used only on Gigabit Ethernet ports and disables flow control The syntax for the no flowcont...

Page 158: ...he default rate limit command restores the rate limiting value for the specified port to the default setting The syntax for the default rate limit command is default rate limit port portlist The default rate limit command is executed in the Interface Configuration command mode The following table describes the parameters for this command Table 12 default rate limit command parameters Parameters De...

Page 159: ...e The following table describes the parameters for this command Table 13 rate limit command parameters Parameters Description multicast broadcast both Applies rate limiting to the type of traffic multicast applies rate limiting to multicast packets broadcast applies rate limiting to broadcast packets both applies rate limiting to both multicast and broadcast packets percent 0 10 Specifies the mode...

Page 160: ...ig command 3 Use the command energy saver enable to enable energy saver mode 4 Use the command energy saver efficiency mode to enable efficiency mode 5 Use the command energy saver poe power saving to enable Power Over Ethernet power saving mode Using Simple Network Time Protocol The Simple Network Time Protocol SNTP feature synchronizes the Universal Coordinated Time UCT to an accuracy within 1 s...

Page 161: ...ss command on page 162 no SNTP server command on page 162 SNTP sync now command on page 163 SNTP sync interval command on page 163 show SNTP command The show SNTP command displays the SNTP information as well as the configured NTP servers The syntax for the show SNTP command is show sntp The show SNTP command is executed in the Privileged EXEC command mode show sys info command The show sys info c...

Page 162: ...ver in dotted decimal notation SNTP server secondary address command The SNTP server secondary address command specifies the IP addresses of the secondary NTP server The syntax for the SNTP server secondary address command is sntp server secondary address A B C D The SNTP server secondary address command is executed in the Global Configuration command mode The following table describes the paramet...

Page 163: ...ndary NTP server in hours relative to initial synchronization The syntax for the SNTP sync interval command is sntp sync interval 0 168 The SNTP sync interval command is executed in the Global Configuration command mode The following table describes the parameters for this command Table 18 sntp sync interval command parameters Parameters Descriptions 0 168 Enter the number of hours for periodic sy...

Page 164: ...nd enables the synching of the RTC with the SNTP clock when the SNTP clock synchronizes The syntax for this command is clock sync rtc with sntp enable This command is executed in the Global Configuration command mode no clock sync rtc with SNTP enable command This command disables the synching of the RTC with the SNTP clock when the SNTP clock synchronizes The syntax for this command is no clock s...

Page 165: ...tisements on page 165 Setting default auto negotiation advertisements on page 165 no auto negotiation advertisements command on page 166 Configuring CANA About this task Use the auto negotiation advertisements command to configure CANA To configure port 5 to advertise the operational mode of 10 Mb s and full duplex enter the following command line auto negotiation advertisements port 5 10 full Vie...

Page 166: ...ction This is accomplished with the familiar ping and telnet commands Related topics ping command on page 166 telnet command on page 167 ping command Use the ping command to determine if communication with another switch can be established The syntax for this command is ping dns_host_name datasize 64 4096 count 1 999 continuous timeout t 1 120 interval 1 60 debug Substitute dns_host_name with the ...

Page 167: ...dditional output information such as the ICMP sequence number and the trip time telnet command Use the telnet command to establish communications with another switch during the current CLI session Communication can be established to only one external switch at a time using the telnet command The syntax for this command is telnet dns_host_name Substitute dns_host_name with the DNS hostname of the u...

Page 168: ...domain name domain_name Substitute domain_name with the default domain name to be used A domain name is determined to be valid if it contains alphanumeric characters and contains at least one period This command is executed in the Global Configuration command mode no ip domain name command The no ip domain name command is used to clear a previously configured default DNS domain name for the switch...

Page 169: ...st of servers used by the switch This command is executed in the Global Configuration command mode no ip name server command The no ip name server command is used to remove domain name servers from the list of servers used by the switch to resolve domain names to an IP address The syntax for this command is no ip name server ip_address_1 no ip name server ip_address_2 no ip name server ip_address_...

Page 170: ...le Table 22 Software download message output Download Image Saving Image Finishing Upgrading Image Note Before upgrading to the latest software image Avaya recommends to take the backup of the binary ASCII configuration on the controller and save it During the download process the switch is not operational The progress of the download process can be tracked by observing the front panel LEDs To cha...

Page 171: ...py tftp config command on page 172 copy usb config command on page 173 Saving the current configuration on page 173 Automatically downloading a configuration file with CLI on page 173 Importing action commands The import and export of action commands in ASCII configuration files is not supported in this release This includes commands such as radius secret and mdc join Action commands that are part...

Page 172: ... The syntax for the copy running config command is copy running config tftp usb u2 address A B C D filename name The following table outlines the parameters for this command Table 24 copy running config parameters Parameters Description tftp usb This parameter specifies the general location in which the configuration file is saved address A B C D If a TFTP server is to be used this parameter signi...

Page 173: ...lly saved to the flash memory Automatically downloading a configuration file with CLI This feature is enabled through CLI by using the configure network command This command enables a script to be loaded and executed immediately as well as configure parameters to automatically download a configuration file when the switch is booted The syntax for the configure network command is configure network ...

Page 174: ...dure to enable Quickconfig Procedure 1 Enter Privileged mode of the CLI 2 Enter Configuration mode by entering the config command 3 Use the command quickconfig enable to enable Quickconfig Terminal setup Switch terminal settings can be customized to suit the preferences of a switch administrator This operation must be performed in CLI The terminal command configures terminal settings These setting...

Page 175: ...is selection is stored in NVRAM When the system is started the banner displays and prompts the user to enter Ctrl Y After these characters are entered the system displays either a menu or the command line interface prompt depending on previously configured defaults When using the console port you must log out for the new mode to display When using Telnet all subsequent Telnet sessions display the ...

Page 176: ...telnet access command is executed through the console serial connection The syntax for the telnet access command is telnet access enable disable login timeout 1 10 retry 1 100 inactive timeout 0 60 logging none access failures all source ip 1 50 A B C D WORD mask A B C D Execute the telnet access command in the Global Configuration command mode The following table describes the parameters for the ...

Page 177: ...owed enter IP mask in dotted decimal notation default telnet access command The default telnet access command sets the Telnet settings to the default values The syntax for the default telnet access command is default telnet access The default telnet access command is executed in the Global Configuration command mode Setting boot parameters The command outlined in this section is used for booting t...

Page 178: ...ge to BootP disabled is not stored and the BootP reverts to the default value of BootP when needed after rebooting the device When the system is upgraded the switch retains the previous BootP value When the switch is defaulted after an upgrade the system moves to the default value of BootP when needed See the following CLI commands to configure BootP parameters Related topics ip bootp server comma...

Page 179: ...ult ip bootp server command is default ip bootp server The default ip bootp server command is executed in the Global Configuration command mode shutdown command About this task The shutdown command proves a mechanism for safely shutting down a switch without interfering with device processes or corrupting the software image After this command is issued the configuration is saved auto save function...

Page 180: ...tion is not explicitly saved after the command is issued This means that any configuration changes must be explicitly saved before the switch reloads The reload command does temporarily disable auto save functionality until the reload occurs Cancelling the reload returns auto save functionality to any previous setting The reload command has the following syntax reload force minutes to wait 1 60 ca...

Page 181: ... the low watermark in packets per second d Use the poll interval 5 300 sub command to set the poll interval in seconds e Use the trap send interval 0 1000 sub command to set the trap send interval in poll cycles CLI Help About this task To obtain help on the navigation and use of Command Line Interface CLI use the following command help commands modes Use help commands to obtain information about ...

Page 182: ...his command is tftp server A B C D To complete the command replace A B C D with the IP address of the default TFTP server This command must be executed in the Privileged EXEC command mode Configuring default clock source About this task This command sets the default clock source for the switch The syntax for this command is clock source rtp sntp sysUpTime Substitute rtp sntp sysUpTime with the clo...

Page 183: ... savings time day Date to end daylight savings time month Month to end daylight savings time year Year to end daylight savings time hh mm Hour and minute to end daylight savings time offset Number of minutes to add subtract during the summer time WORD Set time zone acronym containing at most 4 chars for example PDT for Pacific Daylight Time to be displayed when summer time is in effect Configuring...

Page 184: ... name Download the specified image image if newer image name Only download the image if the version is newer than the installed version diag image name Download the specified diagnostic image no reset Do not reset the switch after downloading usb Download the image from the USB drive Note Dual Agent supports the WLAN switches NBUs through AAUR toggle next boot image command You can use CLI command...

Page 185: ...me in your local time zone you need to use the clock commands to set the local time zone You must enable SNTP before you set the time zone If SNTP is not enabled this command has no effect If you enable SNTP and do not specify a time zone UTC is shown by default Use the following procedure to configure your switch for your local time zone with CLI Procedure 1 In CLI set the Global Configuration co...

Page 186: ...ommand is executed in the Privileged EXEC command mode The following table outlines the parameters for this command Table 36 show banner command parameters Parameters Description static custom Displays which banner is currently set to display static custom banner command The banner command specifies the banner displayed at startup either static or custom The syntax for the banner command is banner...

Page 187: ...ing the default TFTP server with CLI About this task The default TFTP server configured for the switch can be displayed in CLI at any time by using the folowing command show tftp server command This command has no parameters and is executed in the Privileged EXEC mode Displaying complete GBIC information About this task Complete information can obtained for a GBIC port using the following command ...

Page 188: ...additional information Configuring Auto Unit Replacement About this task Use the following procedure to configure auto unit replacement Procedure 1 Enter Privileged mode of the CLI 2 Enter Configuration mode by entering the config command 3 Use the command stack auto unit replacement config restore unit 1 8 restore the configuration of a unit from the saved configuration on the saved unit Configur...

Page 189: ...is it will automatically be saved to NVRAM While autosave is enabled the AUR feature should perform normally Use the following command to enable the autosave feature autosave enable command The autosave enable command is used to enable the autosave feature The syntax for this command is autosave enable The autosave enable command is executed in Global Configuration command mode Setting the server ...

Page 190: ...web server command is no web server The no web server command is executed in the Global Configuration command mode Setting the read only and read write passwords About this task The first step to requiring password authentication when the user logs in to the switch is to edit the password settings To set the read only and read write passwords perform the following procedure Procedure 1 Access CLI ...

Page 191: ...or disabled for the various switch access methods When enabled password security prompts you for a password and the value is hidden To enable or disable passwords perform the following procedure Procedure 1 Access CLI through the Telnet protocol or a Console connection 2 From the command prompt use the cli password command to enable or disable the desired password cli password telnet serial none l...

Page 192: ...sing the show radius server command Use the following commands to create a primary TACACS server and shared secret tacacs server host IP address tacacs server key shared secret Verify using show tacacs server command 3 Click Enter Configuring RADIUS Configure RADIUS to perform authentication services for system users For specific configuration procedures see the vendor documentation In particular ...

Page 193: ...the RADIUS password fallback feature by using one of the following commands in Global or Interface Configuration mode no radius server default radius server The command erases settings for the RADIUS primary and secondary servers and secret key and restores default RADIUS settings Configuring RADIUS authentication About this task Remote Authentication Dial In User Service RADIUS is a client server...

Page 194: ...hentication secondary host address The secondary host address address parameter is optional If a backup RADIUS server is to be specified include this parameter with the IPv6 or IPv4 address of the backup server port num This parameter is the UDP port number the RADIUS server uses to listen for requests key This parameter prompts you to supply a secret text string or password that is shared between...

Page 195: ...k The following sections describe the methods and procedures necessary to configure system security Depending on the scope and usage of the commands you can use different command modes to execute them Related topics Configuring RADIUS on page 192 Configuring MAC address based security using CLI on page 196 SNMP configuration using CLI on page 206 Configuring TACACS using CLI on page 222 Configurin...

Page 196: ...mand The show mac security command displays configuration information for the MAC security application CLI reference WCP8180 config show mac security config Display the stack switch MAC security configuration mac address table Display the accessible MAC addresses on each port mac da filter Display MAC DA filtering addresses port Display ports MAC security status security lists Display port members...

Page 197: ...ecurity auto learning Configure MAC Auto Learning disable Disable MAC Address Security enable Enable MAC Address Security filtering Enable disable DA filtering intrusion detect Enable disable partitioning on intrusion detection intrusion timer Set temporary partition time for intrusion detection learning Enable disable MAC address learning learning ports Modify ports participation in MAC address l...

Page 198: ...rts snmp lock enable disable Enables or disables a lock on SNMP write access to the BaySecure MIBs snmp trap enable disable Enables or disables trap generation upon intrusion detection mac security mac address table address command The mac security mac address table address command assigns either a specific port or a security list to the MAC address This removes the previous assignment to the spec...

Page 199: ...ing table outlines the parameters for this command Table 45 mac security security list parameters Parameter Description 1 32 Enter the number of the security list you want to use portlist Enter the port number The mac security security list command executes in the Global Configuration mode no mac security security list command The no mac security security list command clears the port membership of...

Page 200: ...curity command for specific ports executes in the Interface Configuration mode show mac security command The show mac security command displays the current MAC Address security table for the ports entered The syntax for this command is show mac security port portlist Substitute portlist with the ports to be displayed This command executes in the Privileged EXEC command mode mac security mac da fil...

Page 201: ...s An aging time of 0 means that the learned addresses never age out The default is 60 minutes The mac security auto learning aging time command executes in the Global Configuration mode no mac security auto learning aging time command The no mac security auto learning aging time command sets the aging time for the auto learned addresses in the MAC Security Table to 0 In this way it disables the re...

Page 202: ...he Interface Configuration mode no mac security auto learning command This command disables MAC security auto learning for the specified ports on the switch The syntax for this command is no mac security auto learning port portlist The no mac security auto learning command executes in the Interface Configuration mode default mac security auto learning command The default mac security auto learning...

Page 203: ...g RADIUS password fallback on page 193 Viewing RADIUS information on page 206 Configuring a RADIUS server In WLAN 8100 RADIUS servers are grouped into a profile called the radius profile Multiple Radius profiles up to 32 can be configured on a controller In each radius profile up to 32 RADIUS servers IPs can be configured A RADIUS server IP in two different radius profiles count as 2 servers A tot...

Page 204: ...adius health check password encrypted health check interval Radius health check interval health check password User password for radius health check health check user User name used for radius healtcheck priority server priority secret server shared secret udp port server UDP port The following table describes the parameters for this command Parameter Description encrypted secret Specifies the enc...

Page 205: ...assword health check user health check encrypted password to restore default RADIUS server settings 10 Use the command default radius profile radius profile name server selection to delete a RADIUS profile Enabling RADIUS password fallback About this task Enable the RADIUS password fallback feature by using the following command in Global or Interface Configuration mode radius server password fall...

Page 206: ...e 208 show snmp server command on page 208 snmp server community for read or write command on page 209 snmp server community command on page 209 no snmp server community command on page 210 default snmp server community command on page 211 no snmp server contact command on page 211 default snmp server contact command on page 211 snmp server command on page 211 no snmp server command on page 212 sn...

Page 207: ...nities users groups views and trap destinations Important You must configure views and users using CLI before SNMPv3 can be used Important You must have the secure version of the software image installed on your switch before you can configure SNMPv3 The WLAN 8100 Series also supports the previous proprietary SNMP configuration methods for backward compatibility All the configuration data configur...

Page 208: ...snmpCommunityTable 20 vacmViewTreeFamilyTable 60 vacmSecurityToGroupTable 40 vacmAccessTable 40 usmUserTable 20 snmpNotifyTable 20 snmpTargetAddrTabel 20 snmpTargetParamsTable 20 show snmp server command The show snmp server command displays SNMP configuration The syntax for the show snmp server command is show snmp server host user view notification control notify filter The show snmp server comm...

Page 209: ...cts and stations with rw access can retrieve and modify MIB objects If ro nor rw are not specified ro is assumed default snmp server community command The snmp server community command allows you to create community strings with varying levels of read write and notification access based on SNMPv3 views These community strings are separate from those created using the snmp server community for read...

Page 210: ...ro rw community string The no snmp server community command is executed in the Global Configuration mode If you do not specify a read only or read write community parameter all community strings are removed including all the communities controlled by the snmp server community command and the snmp server community for read write command If you specify read only or read write then just the read only...

Page 211: ...iption ro rw Restores the read only community to Public or the read write community to Private no snmp server contact command The no snmp server contact command clears the sysContact value The syntax for the no snmp server contact command is no snmp server contact The no snmp server contact command executes in the Global Configuration mode default snmp server contact command The default snmp serve...

Page 212: ...of the s5AgTrpRcvrTable which is the set of trap destinations controlled by the SNMP Configuration screen in the console interface The proprietary method syntax for the snmp server host for command is snmp server host host ip community string Using the new standards based SNMP method you can create several entries in SNMPv3 MIBs Each can generate v1 v2c or v3 traps Important Before using the desir...

Page 213: ...ted v3 auth no auth auth priv To configure the new standards based tables using v3 creates trap receivers in the SNMPv3 MIBs Multiple trap receivers with varying access levels can be created Enter the following variables auth auth specifies SNMPv3 traps are sent using authentication and no privacy no auth no auth specifies SNMPv3 traps are sent using with no authentication and no privacy auth priv...

Page 214: ...es the parameters for this command Table 56 no snmp server host command parameters Parameter Description host ip community string In the proprietary method enter the following variables host ip the IP address of a trap destination host community string the community string that works as a password and permits access to the SNMP protocol If both parameters are omitted all hosts are cleared propriet...

Page 215: ...ing table describes the parameters for this command Table 57 snmp server location command parameters Parameter Description text Specify the SNMP sysLocation value enter an alphanumeric string of up to 255 characters no snmp server location command The no snmp server location command clears the SNMP sysLocation value The syntax for the no snmp server location command is no snmp server location The ...

Page 216: ...l Configuration mode default snmp server name command The default snmp server name command restores sysName to the default value The syntax for the default snmp server name command is default snmp server name The default snmp server name command is executed in the Global Configuration mode snmp server user command The snmp server user command creates an SNMPv3 user For each user you can create thr...

Page 217: ...ccess to the views specified for unauthenticated access If you do not specify view parameters for encrypted access the user will have access to the views specified for authenticated access or if no authenticated views were specified the user will have access to the views specified for unauthenticated access The following table describes the parameters for this command Table 59 snmp server user com...

Page 218: ...er user command deletes the specified user The syntax for the no snmp server user command is no snmp server user engine id engine ID username The no snmp server user command is executed in the Global Configuration mode Important If you do not specify any parameters this command deletes all snmpv3 users from the SNMPv3 tables The following table describes the parameters for this command Table 60 no...

Page 219: ... an asterisk indicating a wildcard Here are some examples of valid OID parameters sysName sysName sysName sysName 0 ifIndex 1 ifEntry 1 this matches all objects in the ifTable with an instance of 1 that is the entry for interface 1 1 3 6 1 2 1 1 1 0 the dotted form of sysDescr The or indicates whether the specified OID is included in or excluded from the set of MIB objects accessible using this vi...

Page 220: ...lowing table describes the parameters for this command Table 63 snmp server bootstrap command parameters Parameters Description minimum secure Specifies a minimum security configuration that allows read access and notify access to all processes view restricted with noAuth noPriv and read write and notify access to all processes internet view using Auth noPriv and Auth Priv Important In this config...

Page 221: ... notification control command executes in Global Configuration mode The following table describes the parameters for this command Table 64 snmp server notification control command parameters Parameter Description WORD 1 128 Can either be the English description or the OID of a supported notification type no snmp server notification control The no snmp server notification control command disables t...

Page 222: ...arameters Parameter Description WORD 1 128 Can either be the English description or the OID of a supported notification type Configuring TACACS using CLI About this task To configure TACACS to perform AAA services for system users do the following 1 Configure the TACACS server itself For more information see the vendor documentation for your server for specific configuration procedures 2 Configure...

Page 223: ...ncryption key used for all communications between the NAS and the TACACS server The key also referred to as the shared secret must be the same as the one defined on the server You are prompted to confirm the key when you enter it Important The key parameter is a required parameter when you create a new server entry The parameter is optional when you are modifying an existing entry secondary host I...

Page 224: ...ration mode tacacs authorization enable To disable TACACS authorization globally on the switch use the following command in Global or Interface Configuration mode tacacs authorization disable The default is disabled Setting authorization privilege levels The preconfigured privilege levels control which commands can be executed If a user has been assigned a privilege level for which authorization h...

Page 225: ...ode show tacacs Configuring IP Manager using CLI About this task To configure the IP Manager to control management access to the switch do the following Enable IP Manager Configure the IP Manager list Use the following commands to configure the IP Manager Related topics Enabling IP Manager on page 225 Configuring the IP Manager list on page 226 Removing IP Manager list entries on page 226 Viewing ...

Page 226: ...ng table describes the parameters for this command Table 70 ipmgr source ip command parameters Parameter Description list ID An integer in the range 1 50 for Ipv4 entries and 51 100 for Ipv6 entries that uniquely identifies the entry in the IP Manager list Ipv4addr Specifies the source IP address from which access is allowed Enter the IP address either as an integer or in dotted decimal notation m...

Page 227: ...assword security features These commands can be used in the Global Configuration and Interface Configuration command modes Related topics Enabling password security on page 227 Disabling password security on page 227 Creating user names and passwords on page 228 Configuring password retry attempts on page 228 Configuring password history on page 228 Defaulting password history on page 228 Displayi...

Page 228: ...rd use the following command in Global or Interface Configuration mode telnet access retry number Where number is an integer in the range 1 to 100 that specifies the allowed number of failed log on attempts The default is 3 Configuring password history About this task Use the password password history command to configure the number of passwords stored in the password history table This command ha...

Page 229: ...cess fail open 4 Use the command nsnas subnet address to set the secure network access subnet 5 Use the command nsnas phone signature WORD to assign a secure network access phone signature 6 Use the command nsnas vlan 1 4094 to set the secure network access vlan ID Displaying CLI Audit log using CLI About this task The CLI audit provides a means for tracking CLI commands The show audit log command...

Page 230: ...s task The following table lists CLI commands available for working with Secure Socket Layer SSL Table 72 SSL commands Command Description no ssl Enables or disables SSL The Web server operates in a secure mode when SSL is enabled and in nonsecure mode when the SSL server is disabled no ssl certificate Creates or deletes a certificate The new certificate is used only on the next system reset or SS...

Page 231: ...initialized The server is not running Certificate Initialization The server is generating a certificate during its initialization phase Active The server is initialized and running SSL Certificate Generation in progress Shows whether SSL is in the process of generating a certificate The SSL server generates a certificate during server startup initialization or CLI user can regenerate a new certifi...

Page 232: ...ommand on page 236 default ssh timeout command on page 236 show ssh command This command displays information about all active SSH sessions and on other general SSH settings The syntax for the show ssh command is show ssh global session download auth key The following table describes the parameters for this command Table 74 show ssh command parameters Parameter Description download auth key Displa...

Page 233: ...r from the USB stick if available The syntax for the ssh download auth key command is ssh download auth key address key name usb The following table describes the parameters for this command Table 75 ssh download auth key command parameters Parameter Description address Specify the TFTP server IP address key name Specify the TFTP USB file name usb Specify whether download SSH auth key from the USB...

Page 234: ...Delete SSH DSA host key pass auth Disable SSH password authentication The no ssh command is executed in the Global Configuration mode ssh secure command The ssh secure command disables web SNMP and Telnet management interfaces permanently The no ssh command does NOT turn them back on they must be re enabled manually A warning message is issued to the user to enable one of the other interfaces befo...

Page 235: ...The ssh pass auth command enables user log on using the password authentication method The syntax for the ssh pass auth command is ssh pass auth The ssh pass auth command is executed in the Global Configuration mode no ssh pass auth command The no ssh pass auth command disables user log on using password authentication The syntax for the no ssh pass auth command is no ssh pass auth The no ssh pass...

Page 236: ...tion timeout in seconds The syntax of the ssh timeout command is ssh timeout 1 120 Substitute 1 120 with the desired number of seconds The ssh timeout command is executed in the Global Configuration mode default ssh timeout command The default ssh timeout command sets the default authentication timeout to 60 seconds The syntax for the default ssh timeout command is default ssh timeout The default ...

Page 237: ...default on page 239 Creating a VLAN on page 240 Variable definitions on page 240 Deleting a VLAN on page 241 Modifying VLAN MAC address flooding on page 241 Configuring VLAN name on page 241 Enabling automatic PVID on page 241 Configuring VLAN port settings on page 242 Configuring VLAN members on page 243 Configuring VLAN Configuration Control on page 243 Managing the MAC address forwarding databa...

Page 238: ...initions The following table describes the variables for this command Variable Value vid 1 4094 Enter the number of the VLAN to display type Enter the type of VLAN to display port port based protocol protocol based see following list protocol ipEther2 Specifies an ipEther2 protocol based VLAN protocol ipx802 3 Specifies an ipx802 3 protocol based VLAN protocol ipx802 2 Specifies an ipx802 2 protoc...

Page 239: ...w vlan interface info portlist Displaying VLAN port membership About this task Use the following procedure to display port memberships in VLANs Procedure To display VLAN port memberships use the following command from Privileged EXEC mode show vlan interface vids portlist Setting the management VLAN About this task Use the following procedure to set a VLAN as the management VLAN Procedure To set t...

Page 240: ...finitions Variable Value 1 4094 Enter the number of the VLAN to create name line Enter the name of the VLAN to create type Enter the type of VLAN to create port port based protocol protocol based see following list protocol ipEther2 Specifies an ipEther2 protocol based VLAN protocol ipx802 3 Specifies an ipx802 3 protocol based VLAN protocol ipx802 2 Specifies an ipx802 2 protocol based VLAN proto...

Page 241: ...st of addresses for which flooding is allowed This procedure can also be used as an alternate method of deleting a VLAN Procedure To modify VLAN MAC address flooding or to delete a VLAN use the following command from Global Configuration mode no vlan 2 4094 igmp unknown mcast allow flood H H H Configuring VLAN name About this task Use the following procedure to configure or modify the name of an e...

Page 242: ... tagging enable disable tagAll untagAll tagPvidOnly untagPvidOnly Enables or disables the port as a tagged VLAN member for egressing packet pvid 1 4094 Sets the PVID of the port to the specified VLAN filter untagged frame enable disable Enables or disables the port to filter received untagged packets filter unregistered frames enable disable Enables or disables the port to filter received unregist...

Page 243: ...ation Control About this task VLAN Configuration Control VCC allows a switch administrator to control how VLANs are modified VLAN Configuration Control is a superset of the existing AutoPVID functionality and incorporates this functionality for backwards compatibility VLAN Configuration Control is globally applied to all VLANs on the switch VLAN Configuration Control offers four options for contro...

Page 244: ...on to use on the switch The valid values are automatic Changes the VCC option to Automatic autopvid Changes the VCC option to AutoPVID flexible Changes the VCC option to Flexible strict Changes the VCC option to Strict This is the default VCC value Managing the MAC address forwarding database table This section shows you how to view the contents of the MAC address forwarding database table as well...

Page 245: ... Displaying MAC address forwarding table About this task Use the following procedure to display the current contents of the MAC address forwarding database table You can filter the MAC Address table by port number The MAC address table can store up to 16000 addresses Procedure To displaying the MAC address forwarding table use the following command from Privileged EXEC mode show mac address table ...

Page 246: ...e in seconds that you want for MAC addresses before they expire Setting MAC address retention time to default About this task Use the following procedure to set the retention time for unseen MAC addresses to 300 seconds Procedure To set the MAC address retention time to default use the following command from Global Configuration mode default mac address table aging time Clearing the MAC address ta...

Page 247: ... table on a trunk About this task Use the following procedure to flush the MAC addresses for the specified trunk This command flushes only addresses that are learned on the trunk Procedure To flush a single MAC address use the following command from Privileged EXEC mode clear mac address table address H H H IP Directed Broadcasting About this task IP directed broadcasting takes the incoming unicas...

Page 248: ...using the CLI on page 248 Configuring STP BPDU Filtering using the CLI on page 248 Creating and Managing STGs using the CLI on page 249 Setting the STP mode using the CLI About this task Use the following procedure to set the STP operational mode Procedure To set the STP mode use the following command from Global Configuration mode spanning tree op mode stpg rstp Configuring STP BPDU Filtering usi...

Page 249: ...s disabled if this value is set to 0 The default value is 120 seconds Creating and Managing STGs using the CLI To create and manage Spanning Tree Groups you can refer to the Command Line Interface commands listed in this section Depending on the type of Spanning Tree Group that you want to create or manage the command mode needed to execute these commands can differ In the following commands the o...

Page 250: ...ree cost calc mode dot1d dot1t Configuring STG port membership mode About this task Use the following procedure to set the STG port membership mode for all Spanning Tree Groups on the switch Procedure To configure STG port membership mode use the following command from Privileged EXEC mode spanning tree port mode auto normal Displaying STP configuration information About this task Use the followin...

Page 251: ...Group About this task Use the following procedure to create a Spanning Tree Group Procedure To create a Spanning Tree Group use the following command from Global Configuration mode spanning tree stp 1 8 create Deleting a Spanning Tree Group About this task Use the following procedure to delete a Spanning Tree Group Procedure To delete a Spanning Tree Group use the following command from Global Con...

Page 252: ...ues use the following command from Global Configuration mode spanning tree stp 1 8 forward time 4 30 hello time 1 10 max age 6 40 priority 0 0000 0 1000 0 2000 0 3000 0 E000 0 F000 tagged bpdu enable disable tagged bpdu vid 1 4094 multicast address H H H add vlan remove vlan Variable Definitions Variable Value stp 1 8 Specifies the Spanning Tree Group enter the STG ID forward time 4 30 Enter the f...

Page 253: ...Adds a VLAN to the Spanning Tree Group remove vlan Removes a VLAN from the Spanning Tree Group Restoring default Spanning Tree values About this task Use the following procedure to restore default spanning tree values for the Spanning Tree Group Procedure To restore Spanning Tree values to default use the following command from Global Configuration mode default spanning tree stp 1 8 forward time h...

Page 254: ... 4094 Removing a VLAN from a STG About this task Use the following procedure to remove a VLAN from a specified Spanning Tree Group Procedure To remove a VLAN from a STG use the following command from Global Configuration mode spanning tree stp 1 8 remove vlan 1 4094 Configuring STP and MSTG participation About this task Use the following procedure to set the Spanning Tree Protocol STP and multiple...

Page 255: ... learning mode fast enables FastLearn mode cost 1 65535 Enter the path cost of the spanning tree range is 1 65535 priority Sets the spanning tree priority for a port as a hexadecimal value If the Spanning Tree Group is 802 1T compliant this value must be a multiple of 0x10 Resetting Spanning Tree values for ports to default About this task Use the following procedure to set the spanning tree value...

Page 256: ... type of port priority Sets the priority to the factory default value The default value for the priority is 0x8000 Managing RSTP using the CLI About this task Use the following command to configure RSTP Configuring RSTP parameters on page 256 Configuring RSTP on a port on page 258 Displaying RSTP configuration on page 258 Displaying RSTP port configuration on page 257 Configuring RSTP parameters A...

Page 257: ...unt Sets the RSTP Transmit Hold Count the default is 3 version stp compatible rstp Sets the RSTP version the default is rstp Displaying RSTP port configuration About this task Use the following procedure to display the Rapid Spanning Tree Protocol RSTP related port level configuration details Procedure To display RSTP port configuration use the following command from Privileged EXEC mode show span...

Page 258: ... or multiple ports are assumed to be edge ports This parameter sets the Admin value of edge port status the default is false learning disable enable Enables or disables RSTP on the single or multiple ports the default is enable p2p auto force false force true Indicates whether the single or multiple ports are to be treated as point to point links This command sets the Admin value of P2P Status the...

Page 259: ...ed to execute these commands can differ Related topics Displaying MLT configuration and utilization on page 259 Configuring a Multi Link trunk on page 259 Disabling a MLT on page 260 Displaying MLT properties on page 260 Configuring STP participation for MLTs on page 261 Displaying MLT configuration and utilization About this task Use the following procedure to display Multi Link Trunking MLT conf...

Page 260: ...mal Sets STP learning mode bpdu all ports single port Sets trunk to send and receive BPDUs on either all ports or a single port loadbalance basic advance Sets the MLT load balancing mode basic MAC based load balancing advance IP based load balancing Disabling a MLT About this task Use the following procedure to disable a Multi Link trunk MLT clearing all the port members Procedure To disable a MLT...

Page 261: ...initions Variable Value 1 32 Specifies the ID of the MLT to associate with the STG stp 1 8 Specifies the spanning tree group learning disable normal fast Specifies the STP learning mode disable disables learning normal sets the learning mode to normal fast sets the learning mode to fast Configuring LACP and VLACP using the CLI Related topics Configuring Link Aggregation using CLI on page 261 Confi...

Page 262: ... page 266 Displaying LACP port mode About this task Use the following procedure to display the current port mode default or advanced Procedure To display the port mode use the following command from Privileged EXEC mode show lacp port mode Displaying LACP system settings About this task Use the following procedure to display system wide LACP settings Procedure To display system settings use the fo...

Page 263: ...eged EXEC mode show lacp stats portList aggr 1 65535 Variable Definitions Variable Value portList Enter the specific ports for which to display LACP information aggr 1 65535 Enter the aggregator value to display ports that are members of it Clearing LACP port statistics About this task Use the following procedure to clear existing LACP port statistics Procedure To clear statistics use the followin...

Page 264: ...factory default priority value is 32768 Procedure To configure system priority use the following command from Global Configuration mode lacp system priority 0 65535 Enabling LACP port aggregation mode About this task Use the following procedure to enable the port aggregation mode Procedure To enable the port aggregation mode use the following command from Interface Configuration mode no lacp aggre...

Page 265: ...port portList active passive off Variable Definitions Variable Value port portList The ports for which the LACP mode is to be set active passive off The type of LACP mode to set for the port The LACP modes are active The port will participate as an active Link Aggregation port Ports in active mode send LACPDUs periodically to the other end to negotiate for link aggregation passive The port will pa...

Page 266: ...ng LACP periodic transmission timeout interval About this task Use the following procedure to configure the LACP periodic transmission timeout interval for a set of ports Procedure To configure the interval use the following command from Interface Configuration mode lacp timeout time port portList long short Variable Definitions Variable Value port portList The ports for which to configure the tim...

Page 267: ... Enabling VLACP globally About this task Use the following procedure to globally enable VLACP for the device Procedure To enable VLACP use the following command from Global Configuration mode no vlacp enable Use the no form of this command to disable Configuring VLACP port parameters About this task Use the following procedure to configure VLACP parameters on a port Procedure To configure paramete...

Page 268: ...uts The range is 400 20000 milliseconds Default is 500 slow periodic time integer Specifies the number of milliseconds between periodic VLACPDU transmissions using long timeouts The range is 10000 30000 milliseconds Default is 30000 timeout scale integer Sets a timeout scale for the port where timeout periodic time timeout scale The range is 1 10 Default is 3 Note With VLACP a short interval exist...

Page 269: ...ify a multicast MAC address but instead specifies the MAC address of the switch to which this port is sending VLACPDUs You are not always required to configure funcmac addr If not configured the first VLACP enabled switch that receives the PDUs from a unit assumes that it is the intended recipient and processes the PDUs accordingly If you want an intermediate switch to drop VLACP packets configure...

Page 270: ...d displays a column called HAVE PARTNER with possible values of yes or no If HAVE PARTNER is yes when ADMIN ENABLED and OPER ENABLED are true then that port has received VLACPDUs from a port and those PDUs were recognized as valid according to the interface settings If HAVE PARTNER is no when ADMIN ENABLED is true and OPER ENABLED is FALSE then the partner for that port is down that port received ...

Page 271: ...mes a routable L3 VLAN if an IP address and MAC address are attached to the VLAN When routing is enabled in L3 mode every L3 VLAN is capable of routing as well as carrying the management traffic You can use any L3 VLAN instead of the Management VLAN to manage the switch The following sections describe the procedures you can use to configure routable VLANs using the CLI Related topics IP routing co...

Page 272: ...ng the IP address configuration and routing status for a VLAN Displaying IP routes Performing a traceroute Entering Router Configuration mode Configuring global IP routing status About this task Use this procedure to enable and disable global routing at the switch level By default routing is disabled Procedure To configure the status of IP routing on the switch enter the following from the Global ...

Page 273: ...addr Specifies the IP address to attach to the VLAN mask Specifies the subnet mask to attach to the VLAN MAC offset Specifies the value used to calculate the VLAN MAC address which is offset from the switch MAC address The valid range is 1 256 Specify the value 1 for the Management VLAN only If no MAC offset is specified the switch applies one automatically Configuring IP routing status on a VLAN ...

Page 274: ...cifies the VLAN ID of the VLAN to be displayed Range is 1 4094 Job aid The following table shows the field descriptions for the show vlan ip command Field Description Vid Specifies the VLAN ID ifindex Specifies an index entry for the interface Address Specifies the IP address associated with the VLAN Mask Specifies the mask MacAddress Specifies the MAC address associated with the VLAN Offset Speci...

Page 275: ...ummary Displays a summary of IP route information Performing a traceroute About this task Use this procedure to display the route taken by IP packets to a specified host Procedure 1 To perform a traceroute enter the following from the Global Configuration mode traceroute Hostname A B C D m p q v w 1 1464 2 Type CTRL C to interrupt the command Variable Definitions Variable Value Hostname Specifies ...

Page 276: ...e 10 3 2 134 w 60 Static route configuration using CLI The following sections describe procedures you can use to configure static routes using the CLI Related topics Configuring a static route on page 276 Displaying static routes on page 277 Configuring a management route on page 279 Displaying the management routes on page 279 Job aid on page 280 Configuring a static route About this task Use thi...

Page 277: ...bles the specified static route weight cost Changes the weight or cost of an existing static route Range is 1 65535 Displaying static routes About this task Use this procedure to display all static routes whether these routes are active or inactive Procedure 1 To display a static route enter the following command from the User EXEC mode show ip route static 2 To display an IP route enter the follo...

Page 278: ...s to display s subnet mask Specifies the destination subnet of the routes to display Job aid The following table shows the field descriptions for the show ip route static command Field Description DEST Identifies the static route destination MASK Identifies the static route mask NEXT Identifies the next hop in the static route COST Identifies the route cost PREF Identifies the next preference for ...

Page 279: ...e configured on the switch Prerequisites Enable IP routing globally Enable IP routing and configure an IP address on the management VLAN interface Procedure To configure a static management route enter the following from the Global Configuration command mode no ip mgmt route dest ip mask next hop Variable Definitions Variable Value no Removes the specified management route dest ip Specifies the de...

Page 280: ...nsure that a route to the destination DHCP server is available on the switch About this task The following sections describe procedures you can use to configure DHCP relay using the CLI Important DHCP relay uses a hardware resource that is shared by the switch Quality of Service applications When DHCP relay is enabled globally the Quality of Service filter manager will not be able to use precedenc...

Page 281: ...relay agent and the remote DHCP server as the destination 3 Enable DHCP for the specific VLAN Configuring global DHCP relay status About this task Use this procedure to configure the global DHCP relay status DHCP relay is enabled by default Procedure To configure the global DHCP relay status enter the following from the Global Configuration mode no ip dhcp relay Variable Definitions Variable Value...

Page 282: ...onfigure as a DHCP relay agent Procedure To configure a VLAN as a DHCP relay agent enter the following from the Global Configuration mode no ip dhcp relay fwd path relay agent ip DHCP server enable disable mode bootp bootp dhcp dhcp Variable Definitions Variable Value no Removes the specified DHCP forwarding path relay agent ip Specifies the IP address of the VLAN that serves as the local DHCP rel...

Page 283: ...ld Description INTERFACE Specifies the interface IP address of the DHCP relay agent SERVER Specifies the IP address of the DHCP server ENABLE Specifies whether DHCP is enabled MODE Specifies the DHCP mode Configuring DHCP relay status and parameters on a VLAN About this task Use this procedure to configure the DHCP relay parameters on a VLAN To enable DHCP relay on the VLAN enter the command with ...

Page 284: ... DHCP relay configuration for a VLAN About this task Use this procedure to display the current DHCP relay parameters configured for a VLAN Procedure To display the DHCP relay VLAN parameters enter the following from the Privileged EXEC command mode show vlan dhcp relay vid Variable definitions Variable Value vid Specifies the VLAN ID of the VLAN to be displayed Range is 1 4094 Job aid The followin...

Page 285: ...r of requests and the number of replies Procedure To display the DHCP relay counters enter the following from the User EXEC command mode show ip dhcp relay counters Job aid The following table shows the field descriptions for the show ip dhcp relay counters command Field Description INTERFACE Indicates the interface IP address of the DHCP relay agent REQUESTS Indicates the number of DHCP requests ...

Page 286: ...ble IP routing and configure an IP address on the VLAN to be configured as a broadcast interface Ensure that a route local or static to the destination address is available on the switch Procedure To enable directed broadcasts enter the following from the Global Configuration mode ip directed broadcast enable Displaying the directed broadcast configuration About this task Use this procedure to dis...

Page 287: ...g globally Enable IP routing and configure an IP address on the target VLAN Procedure To configure a static ARP entry enter the following from the Global Configuration mode no ip arp A B C D aa bb cc dd ee ff port vid 1 4094 Variable Definitions Variable Value no Removes the specified ARP entry A B C D Specifies the IP address of the device being set as a static ARP entry aa bb cc dd ee ff Specifi...

Page 288: ...tch is not in Layer 3 mode Variable Definitions Variable Value ip addr Specifies the IP address of the ARP entry to be displayed s subnet mask Displays ARP entries for the specified subnet only static Displays all configured static entries including those without a valid route Job aid The following table shows the field descriptions for the show ip arp command Field Description IP Address Specifie...

Page 289: ...e cache of ARP entries Procedure To clear the ARP cache enter the following from the Global Configuration mode clear arp cache Proxy ARP configuration About this task The following sections describe how to configure Proxy ARP using the CLI Configuring proxy ARP status on page 289 Displaying proxy ARP status on a VLAN on page 290 Configuring proxy ARP status About this task Use this procedure to en...

Page 290: ... VLAN enter the following from the User EXEC mode show ip arp proxy interface vlan vid Variable Definitions Variable Value vid Specifies the ID of the VLAN to display Range is 1 4094 Job aid The following table shows the field descriptions for the show ip arp proxy interfaces command Field Description Vlan Identifies a VLAN Proxy ARP status Specifies the status of Proxy ARP on the VLAN IGMP snoopi...

Page 291: ...01 Specifying a multicast MAC address to be allowed to flood all VLANs on page 301 Displaying the multicast MAC addresses for which flooding is allowed on page 301 Job aid on page 302 Displaying IGMP cache information on page 302 Job aid on page 302 Flushing the router table on page 303 Configuring IGMP selective channel block on page 303 Configuring IGMP selective channel block navigation on page...

Page 292: ...nooping on the selected VLAN disable Disables IGMP snooping on the selected VLAN Configuring IGMP send query on a VLAN About this task Use this procedure to enable IGMP send query on a snoop enabled VLAN When IGMP snooping send query is enabled the IGMP snooping querier sends out periodic IGMP queries that trigger IGMP report messages from the switch or host that wants to receive IP multicast traf...

Page 293: ...Variable Definitions Variable Value default Disables IGMP proxy on the selected VLAN no Disables IGMP proxy on the selected VLAN vid Specifies the VLAN ID enable Enables IGMP proxy on the selected VLAN disable Disables IGMP proxy on the selected VLAN Configuring the IGMP version on a VLAN About this task Use this procedure to configure the IGMP version running on the VLAN You can specify the versi...

Page 294: ...LAN Interface Configuration mode default no ip igmp mrouter portlist OR To configure IGMPv1 or IGMPv2 static mrouter ports enter the following from the Global Configuration command mode no vlan igmp vid v1 members v2 members add remove portlist Variable Definitions Variable Value default Removes all static mrouter ports no Removes the specified static mrouter port portlist Specifies the list of po...

Page 295: ...e queries before this time expires it flushes out all group memberships known to the VLAN The Query Max Response Interval obtained from the queries received is used as the timer resolution Configuring IGMP parameters on a VLAN About this task Use this procedure to configure the IGMP parameters on a VLAN Important The query interval robustness and version values must be the same as those configured...

Page 296: ...t query packets are transmitted on the VLAN The range is 1 65535 The default value is 125 seconds query max resp Specifies the maximum response time in 1 10 seconds advertised in IGMPv2 general queries on this interface The range is 0 255 The default value is 100 10 seconds robust val Specifies tuning for the expected packet loss of a network This value is equal to the number of expected query pac...

Page 297: ...ormation About this task Use this procedure to display IGMP interface parameters Procedure To display the IGMP interface information enter show ip igmp interface vlan Vlan ID OR Enter show vlan igmp Vlan ID Job aid The following table shows the field descriptions for the show ip igmp interface command Field Description VLAN Indicates the VLAN on which IGMP is configured Query Intvl Specifies the f...

Page 298: ...tween group specific query messages Use this value to modify the leave latency of the network A reduced value results in reduced time to detect the loss of the last member of a group This does not apply if the interface is configured for IGMPv1 Send Query Indicates whether the ip igmp send query feature is enabled or disabled Values are YES of NO Default is disabled The following table shows the f...

Page 299: ...le shows the field descriptions for the show ip igmp group command Field Description Group Address Indicates the multicast group address VLAN Indicates the VLAN interface on which the group exists Member Address Indicates the IP address of the IGMP receiver host or IGMP reporter The IP address is 0 0 0 0 if the type is static Expiration Indicates the time left before the group report expires This ...

Page 300: ...ticast packet flooding enter the following from the Global Configuration mode no default vlan igmp vid unknown mcast no flood enable disable Variable Definitions Variable Value no Enables the flooding of multicast packets on the VLAN default Enables the flooding of multicast packets on the VLAN enable Prevents the flooding of multicast packets on the VLAN disable Enables the flooding of multicast ...

Page 301: ...ead you must specify IP address 224 1 2 3 For all other types of MAC address you can enter the MAC address directly to allow flooding Procedure To allow particular unknown multicast packets to be flooded enter the following from the Global Configuration mode vlan igmp unknown mcast allow flood H H H mcast_ip_address Variable Definitions Variable Value H H H Specifies the multicast MAC address to b...

Page 302: ...d may not display the expected results in some configurations If the expected results are not displayed use the show ip igmp group command to view the information Procedure To display the IGMP cache information enter show ip igmp cache Job aid The following table shows the field descriptions for the show ip igmp cache command Field Description Group Address Indicates the multicast group address Vl...

Page 303: ...ming from specific group addresses to users connected to certain ports With the IGMP selective channel block feature this type of control can be implemented When configured it will control the IGMP membership of ports by blocking IGMP reports received from users on that port destined for the specific group address addresses The filter can be configured to block a single multicast address or range ...

Page 304: ...l Configuration mode no ip igmp profile profile number 1 65535 Applying the IGMP filter profile on interface About this task Use this procedure to apply the IGMP filter profile on an interface Procedure 1 From Global Configuration mode enter the interface interface id command 2 Enter the ip igmp filter profile number command Removing a profile from an interface About this task Use this procedure t...

Page 305: ...IGMP Multicast end address Port List Specifies the type of port as blocked or static Matched Grps Specifies the matching profile for IGMP group Configuring Access Lists Use the CLI commands in this section to configure and manage Access Lists Related topics Assigning ports to an access list on page 305 Removing an access list assignment on page 306 Creating an IP access list on page 306 Removing a...

Page 306: ... access list assignment by performing this procedure Procedure Remove an access list assignment by using the following command from Global Configuration mode no qos acl assign aclassignid Creating an IP access list About this task Create an IP access list by performing this procedure Procedure Create an access list by using the following procedure from Global Configuration mode qos ip acl name nam...

Page 307: ...es must be specified dst port min port dst port max port Specifies the minimum and maximum destination ports to use with the access list Both values must be specified flow id flowid Specifies the flow ID to use with this access list drop action drop pass Specifies the drop action to use for this access list update dscp 0 63 Specifies the DSCP value to update for this access list update 1p 0 7 Spec...

Page 308: ...le if vlan min 200 then there are 4 possible values for vlan max 11001000 200 11001001 201 11001011 203 11001111 207 The value of vlan max is vlan min 2n 1 where n is the number of consecutive trailing zeros replaced Variable Definitions Variable Value name name Specifies the name assigned to this access list src mac source_mac_address Specifies the source MAC address to use for this access list s...

Page 309: ...sociate with the access list Removing a Layer 2 access list About this task Remove a Layer 2 access list by performing this procedure Procedure Remove an access list by using the following command from Global Configuration mode no qos l2 acl aclid Configuring Elements Classifiers and Classifier Blocks About this task Use the CLI commands in this section to configure elements classifiers and classi...

Page 310: ... cid Specifies the element ID value ranges from 1 55000 addr type addrtype Specifies the address type Use the value ipv4 to indicate an IPv4 address or the value ipv6 to indicate an IPv6 address The default value is ipv4 ds field 0 63 Specifies a 6 bit DSCP value value ranges from 0 63 Default is ignore dst ip dst ip info Specifies the source IP address and mask in the form of a b c d x for IPv4 o...

Page 311: ... tcp flags Specifies the control flags present in an TCP header Viewing IP classifier entries About this task View IP classifier entries by performing this procedure Procedure View IP classifier element entries by using the following commands from the Privileged EXEC Configuration mode show qos ip element 1 65535 all system user Variable definitions Use the data in the following table to use show ...

Page 312: ...al Configuration mode qos l2 element 1 55000 dst mac dst mac dst mac mask dst mac mask ethertype etype ivlan min vid min pkt type etherII llc snap priority ieee1p seq session id session id src mac src mac src mac mask src mac mask vlan min vid min vlan tag vtag Variable Definitions Variable Value 1 55000 Specifies the element ID range is 1 55000 dst mac dst mac Specifies the destination MAC elemen...

Page 313: ...c mac Specifies the source MAC element criteria Enter in the format H H H src mac mask src mac mask Specifies the source MAC mask element criteria Valid format is H H H vlan min vid min Specifies the VLAN ID minimum value element criteria Range is 1 4094 vlan tag format Specifies the packet format element criteria untagged tagged The default is Ignore Viewing Layer 2 elements About this task View ...

Page 314: ...ut this task Use the following procedure to link IP and L2 classifier elements Note A classifier that is referenced in a classifier block or installed policy cannot be deleted Procedure Link elements by using the following command from Global Configuration mode qos classifier 1 55000 set id 1 55000 name WORD element type ip l2 system element id 1 55000 Variable Definitions Variable Value classifie...

Page 315: ...ommand from Global Configuration mode no qos classifier 1 55000 Combining individual classifiers About this task Use the following procedure to combine individual classifiers Note A classifier block that is referenced in an installed policy cannot be deleted Procedure Combine individual classifiers by using the following command from Global Configuration mode qos classifier block 1 55000 block num...

Page 316: ... meter name WORD Specifies the meter name to be linked to the classifier block maximum is 16 alphanumeric characters Removing classifier block entries About this task Use the following procedure to delete classifier block entries Procedure Delete classifier block entries by using the following command from Global Configuration mode no qos classifier block 1 55000 Configuring wired Quality of Servi...

Page 317: ...meters About this task Display QoS parameters by performing this procedure Procedure Display QoS parameters by using the following command from Privileged EXEC mode show qos acl assign 1 65535 action user system all 1 65535 agent details bpdu blocker port capability meter shaper classifier user system all 1 65535 classifier block user system all 1 65535 dhcp snooping port spoofing port diag unit d...

Page 318: ...ssifier 1 65535 all system user Displays the classifier set entries The applicable values are 1 65535 displays a particular entry all displays all user created default and system entries system displays only system entries user displays only user created and default entries Default is all classifier block 1 65535 all system user Displays the classifier block entries The applicable values are 1 655...

Page 319: ...ority to DSCP mapping ip acl 1 65535 Displays the specified IP access list assignment entry 1 65535 displays a particular entry ip element 1 65535 all system user Displays the IP classifier element entries The applicable values are 1 65535 displays a particular entry all displays all user created default and system entries system displays only system entries user displays only user created and def...

Page 320: ...tem displays only system entries user displays only user created and default entries Default is all port Displays QoS port configuration queue set Displays the queue set configuration queue set assignment Displays the association between the 802 1p priority to that of a specific queue statistics 1 65535 Displays the policy and filter statistics values 1 65535 displays a particular entry system ele...

Page 321: ...t Variable Definitions Variable Value meter port Displays granularity for committed rate maximum committed rate and maximum bucket that can be used on ports for meters port specifies list of ports Displays the information for particular ports shaper port Displays granularity for committed rate maximum committed rate and maximum bucket that can be used on ports for shapers port specifies list of po...

Page 322: ...ng commands qos agent oper mode disable OR no qos agent oper mode enable Variable Definitions Variable Value enable Enables QoS Agent functionality for the system disable Disables QoS Agent functionality for the system Configuring a default queue set About this task Use the following procedure to specify the default queue set Note The default qos agent command has the same result as the qos agent ...

Page 323: ...onfig show qos agent QoS Operational Mode Enabled QoS NVRam Commit Delay 10 seconds QoS Queue Set 2 QoS Buffering Large QoS UBP Support Level Low Security Local Data QoS Default Statistics Tracking Aggregate QoS DOS Attack Prevention Disabled Minimum TCP Header Length 20 Maximum IPv4 ICMP Length 512 Maximum IPv6 ICMP Length 512 QoS NT mode Disabled Modifying default queue configuration About this ...

Page 324: ...n by using the following command show qos agent details Example WCP8180 config show qos agent details QoS Operational Mode Enabled QoS NVRam Commit Delay 10 seconds QoS Queue Set 2 QoS Buffering Large QoS UBP Support Level Disabled QoS Default Statistics Tracking Aggregate QoS DoS Attack Prevention Enabled w Status Tracking Minimum TCP Header Length 20 Maximum IPv4 ICMP Length 512 Maximum IPv6 ICM...

Page 325: ...emTable 0 200 ntnQosQueueShapingTable 0 4096 Variable definitions Variable Value buffer Modifies the QoS resource buffer allocation The allowed buffer allocation modes for all QoS interfaces are as follows regular large lossless maximum Note The buffer mode determines the level of resource sharing across interfaces sharing the same port hardware Configuring the CoS to Queue Assignments About this ...

Page 326: ...pecifies the 802 1p priority value for which the queue association is being modified value ranges from 0 7 queue 1 8 Specifies the queue within the identified queue set to assign the 802 1p priority traffic at egress value ranges from 1 8 Configuring QoS Interface Groups Use the CLI commands in this section to add or delete ports to or from an interface group or add or delete the interface groups ...

Page 327: ...rts from an interface group About this task Use the following procedure to delete ports from a defined interface group Note Ports not associated with an interface are considered QoS disabled and may not have QoS operations applied until assigned to an interface group Procedure Delete ports by using the following command from Interface Configuration mode no qos if assign port portlist Creating an i...

Page 328: ...g the following command from Global Configuration mode no qos if group name WORD Configuring DSCP and 802 1p and Queue Associations About this task The following sections contain procedures to configure DSCP 802 1p priority and queue set associations Related topics Configuring DSCP to 802 1p priority on page 328 Restoring egress mapping entries to default on page 330 Configuring 802 1p priority to...

Page 329: ...Drop 9 Standard Service 10 2 Low Drop 10 Bronze Service 11 0 High Drop 11 Standard Service 12 2 High Drop 12 Bronze Service 13 0 High Drop 13 Standard Service 14 2 High Drop 14 Bronze Service 15 0 High Drop 15 Standard Service 16 3 High Drop 16 Silver Service 17 0 High Drop 17 Standard Service 18 3 Low Drop 18 Silver Service 19 0 High Drop 19 Standard Service 20 3 High Drop 20 Silver Service Varia...

Page 330: ...essmap name WORD 1p 0 7 ds 0 63 2 vView the configured ingressmap details by using the following command show qos ingressmap Example WCP8180 config show qos ingressmap 802 1p Priority DSCP Name _______________ ____ ________________ 0 0 Standard Service 1 0 Standard Service 2 10 Bronze Service 3 18 Silver Service 4 26 Gold Service 5 34 Platinum Service 6 46 Premium Service 7 48 Network Service Vari...

Page 331: ...ent parameters that may be used in QoS policies Procedure Configure system classifier element parameters by using the following command from Global Configuration mode qos system element 1 55000 known ip mcast known non ip mcast name non ip pattern data WORD pattern format tagged untagged pattern ip version ipv4 ipv6 non ip pattern l2 format session id unknown ip mcast unknown non ip mcast unknown ...

Page 332: ...lter non ip packets session id Specifies the session ID unknown ip mcast Matches frames containing an unknown IP multicast destination address unknown non ip mcast Matches frames containing an unknown non IP multicast destination address Viewing system classifier elements parameters About this task View system classifier elements parameters by performing this procedure Procedure View system classi...

Page 333: ...the CLI Related topics Creating and updating QoS actions on page 333 Removing QoS actions on page 334 Creating and updating QoS actions About this task Use the following procedure to create and update QoS actions Note Certain options can be restricted based on the policy associated with the specific action An action that is referenced in a meter or an installed policy cannot be deleted Procedure 1...

Page 334: ... Enter the 6 bit DSCP value range is 0 to 63 Default is ignore update 1p 0 7 Specifies whether 802 1p priority value are updated or left unchanged unchanged equals ignore ieee1p enter the value you want range is 0 to 7 use egress uses the egress map to assign value use tos prec uses the type of service precedence to assign value Default is ignore Note Requires specification of update dscp value se...

Page 335: ...that is referenced in an action entry cannot be deleted Procedure 1 Create interface action extension entries by using the following command from Global Configuration mode qos if action extension 1 55000 name WORD egress ucast port egress non ucast port 2 View the interface action extension entries by using the following command show qos if action extension 1 65535 all system user Variable definit...

Page 336: ...he following procedure to create QoS meter entries Procedure Create QoS meter entries by using the following command from Global Configuration mode qos meter 1 55000 name WORD committed rate 64 10230000 burst size burst size max burst rate 64 4294967295 max burst duration 1 4294967295 in profile action 1 55000 in profile action name WORD out profile action 1 9 55000 out profile action name WORD Va...

Page 337: ...burst size Enter the burst duration in ms for in profile traffic range is 1 4294967295 ms in profile action 1 55000 Specifies the in profile action ID range is 1 55000 in profile action name WORD Specifies the in profile action name out profile action 1 9 55000 Specifies the out of profile action ID range is 1 9 to 55000 out profile action name word Specifies the out of profile action name Removin...

Page 338: ...e in kilobits sec range is 64 10230000 kilobits sec max burst rate 64 4294967295 Specifies the largest burst of traffic that can be received a given time for the traffic to be considered in profile Used in calculating the committed burst size Enter the burst size in Kb s for in profile traffic range is 64 to 4294967295 Kbits sec max burst duration 1 4294967295 Specifies the amount of time that the...

Page 339: ...cy 1 55000 enable disable name WORD port port_list if group WORD clfr type classifier block clfr id 1 55000 clfr name WORD in profile action 1 55000 in profile action name WORD meter 1 55000 meter name WORD non match action 1 55000 non match action name WORD precedence 1 15 track statistics individual aggregate Variable Definitions Variable Value 1 55000 Specifies the QoS policy range is 1 55000 e...

Page 340: ...parameter is not applicable to 5600 Series switches non match action name WORD Specifies the action name for non match traffic maximum is 16 alphanumeric characters precedence 1 15 Specifies the precedence of this policy in relation to other policies associated with the same interface group Enter precedence number range is 1 15 Note Policies with a lower precedence value are evaluated after polici...

Page 341: ...op pass enable This command is used in the Global Configuration mode Variable Definitions Variable Value port port Specifies the ports to apply the traffic profile to name name Specifies the name of the traffic profile commited rate 64 10230000 Specifies the committed rate in Kilobits per second drop nm action drop pass Specifies the action to take when the packet is nonmatching This action is app...

Page 342: ...meters for a specific set by using the following command from the Privileged EXEC Configuration mode show qos traffic profile set set name port port 3 View ports and the filter sets assigned to those ports by using the following command from the Privileged EXEC Configuration mode show qos traffic profile interface Example Wc show qos traffic profile classifier name 1 Id 2 Name 1 Block Master No Ev...

Page 343: ...fy an entry in a filter set you must delete the entry and add a new entry with the desired modifications Variable Definitions Variable Value classifier name addr type ipv4 ipv6 block drop action ds field dst ip dst mac dst port min ethertype eval order flow id next header priority protocol set drop prec src ip src mac src port min update 1p update dscp vlan min vlan tag Creates the User Based Poli...

Page 344: ... the IPv4 protocol value set drop prec specifies drop precendence src ip specifies the IP address to match against the source IP address of a packet src mac specifies the MAC source address of incoming packets src port min specifies the minimum value for the Layer 4 source port number in a packet src port max must be terminated prior to configuring this parameter update 1p specifies an 802 1p valu...

Page 345: ... a single transmission burst max burst duration specifies the maximum burst duration in milliseconds update dscp out action specifies an updated DSCP value for an IPv4 packet for out of profile traffic set priority specifies the priority level of this filter set Deleting a classifier classifier block or an entire filter set About this task Use the following procedure to delete a classifier classif...

Page 346: ...ged EXEC configuration mode show qos ubp classifier Maintaining the QoS Agent Use the following CLI commands to maintain the QoS agent Related topics Resetting QoS to factory default state on page 346 Configuring QOS AQ mode on page 347 Configuring QoS UBP support on page 347 Configuring QoS statistics tracking type on page 348 Configuring NVRAM delay on page 348 Resetting NVRAM delay to default o...

Page 347: ...ed on all ports mixed NT application traffic processing enabled on all port with egress DSCP mapping pure NT application traffic processing enabled on all ports without egress DSCP mapping Configuring QoS UBP support About this task Use the following procedure to configure the UBP support level Procedure Configure the UBP support level by using the following command from Global Configuration mode ...

Page 348: ...ue aggregate Allocates a single statistics counter to track data for all classifiers contained in the QoS policy being created disable Disable statistics tracking individual Allocates individual statistics counters to track data for each classifier contained in the QoS policy being created Configuring NVRAM delay About this task Use the following procedure to specify the maximum amount of time in ...

Page 349: ...ode default qos agent Configuring DoS Attack Prevention Package Use the following procedures to configure the DoS Attack Prevention Package DAPP This feature is only applicable to the 8100 Series switch Related topics Enabling DAPP on page 349 Configuring DAPP status tracking on page 350 Configuring DAPP minimum TCP header size on page 350 Configuring DAPP maximum IPv4 ICMP length on page 350 Enab...

Page 350: ...following command from Global Configuration mode qos agent dos attack prevention max ipv6 icmp 0 16383 Configuring DAPP minimum TCP header size About this task This procedure describes how to set the minimum TCP header size used by DAPP Procedure Set the minimum TCP header size by using the following command from Global Configuration mode qos agent dos attack prevention min tcp header 0 255 Config...

Page 351: ...tics on page 353 Setting RMON alarms on page 353 Deleting RMON alarm table entries on page 354 Configuring RMON event log and traps on page 354 Deleting RMON event table entries on page 355 Configuring RMON history on page 355 Deleting RMON history table entries on page 356 Configuring RMON statistics on page 356 Disabling RMON statistics on page 356 Viewing RMON alarms About this task Use the fol...

Page 352: ...Variable Definitions Variable Definition port The specified port number for which RMON history settings is displayed Job aid The following table shows the descriptions for show rmon history port command Field Description Index Indicates the profile index of RMON Port Specifies the valid ethernet port Buckets Requested Indicates the value associated with the number of buckets specified for the RMON...

Page 353: ...ocedure 1 Enter Global Configuration mode 2 Enter the rmon alarm 1 65535 WORD 1 2147483647 absolute delta rising threshold 2147483648 2147483647 1 65535 falling threshold 2147483648 2147483647 1 65535 owner LINE command Variable Definitions Parameter Description 1 65535 Unique index for the alarm entry WORD The MIB object to be monitored This object identifier can be an English name 1 2147483647 T...

Page 354: ...tify the alarm entry Deleting RMON alarm table entries About this task Use the following procedure to delete RMON alarm table entries Procedure 1 Enter Global Configuration mode 2 Enter the no rmon alarm 1 65535 command Variable Definitions Variable Definition 1 65535 The number assigned to the alarm If no number is selected all RMON alarm table entries are deleted Configuring RMON event log and t...

Page 355: ...If not given all table entries are deleted Configuring RMON history About this task Use the following procedure to configure RMON history settings Procedure 1 Enter Global Configuration mode 2 Enter the rmon history 1 65535 LINE 1 65535 1 3600 owner LINE command to configure the RMON history Variable Definitions Parameter Description 1 65535 Unique index for the history entry LINE Specify the port...

Page 356: ...rocedure 1 Enter Global Configuration mode 2 Enter the rmon stats 1 65535 LINE owner LINE command to configure RMON statistics Variable Definitions Parameter Description 1 65535 Unique index for the stats entry owner LINE Specify an owner string to identify the stats entry Disabling RMON statistics About this task Use this procedure to disable RMON statistics If the variable is omitted all entries...

Page 357: ... IPFIX collectors About this task The ip ipfix collector command is used to configure IPFIX collectors IPFIX collectors are used to collect and analyze data exported from an IPFIX compliant switch In WLAN Release 1 1 the only external collector supported is NetQOS At this time up to two collectors can be supported IPFIX data is exported from the switch in Netflow version 9 format Data is exported ...

Page 358: ...X About this task Use the following command to configure unit specific IPFIX parameters Procedure 1 Enter Global Configuration mode 2 Use the ip ipfix slot unit_number aging interval aging_interval export interval export_interval exporter enable template refresh interval template_refresh_interval template refresh packets template_refresh_packets command to enable IPFIX on the switch Variable Defin...

Page 359: ...r Interface Configuration mode 2 Use the ip ipfix enable command to enable IPFIX on the interface Enabling IPFIX export through ports About this task Use the following procedure to enable the ports exporting data through IPFIX Procedure 1 Enter Interface Configuration mode 2 Use the ip ipfix port port_list command to enable IPFIX on the interface Variable Definitions Variable Definition port list ...

Page 360: ...nter Privileged Executive mode 2 Use the show ip ipfix table unit_number sort by sort_by sort order sort_order display num_entries command view the IPFIX data Variable Definitions Variable Definition unit_number The unit number of the collector Currently up to two collectors are supported so the values 1 or 2 are valid sort_by The value on which the data is sorted Valid options are byte count dest...

Page 361: ...statistics using CLI on page 361 Network monitoring configuration using the CLI on page 364 System diagnostics and statistics using CLI About this task Use the following procedures to perform system diagnostics and gather statistics using the CLI Viewing port statistics About this task Use this procedure to view the statistics for the port on both received and transmitted traffic Procedure 1 Enter...

Page 362: ...perational status About this task Use this procedure to display the port operational status Important If you use a terminal with a width of greater than 80 characters the output is displayed in a tabular format Procedure 1 Enter Privileged Executive mode ACLI Reference for wired networks 362 Avaya WLAN 8100 CLI Reference August 2013 Comments infodev avaya com ...

Page 363: ...nit where the command is typed Pull out the link from the other switch VLACP status goes Down STP After switch boots type show interfaces command STP Status is Listening wait a few seconds and try again STP Status becomes Learning After a while 15 seconds is the forward delay default value only if you did not configure another time interval for STP forward delay if you type show interfaces again S...

Page 364: ...Use the following CLI commands to view and configure network monitoring Related topics Viewing CPU utilization on page 365 Viewing memory utilization on page 365 Configuring the system log on page 365 Configuring remote logging on page 368 Configuring port mirroring on page 371 ACLI Reference for wired networks 364 Avaya WLAN 8100 CLI Reference August 2013 Comments infodev avaya com ...

Page 365: ... utilization About this task Use this procedure to view the memory utilization Procedure 1 Enter Privileged Executive mode 2 Enter the show memory utilization command 3 Observe the displayed information Sample CLI output WCP8180 config show memory utilization Memory Utilization in MB Unit Total Used Free Peak Host 1024 203 821 203 WCP 1635 1091 544 1094 WDP 276 36 240 36 WCP8180 config Configuring...

Page 366: ...vent informational Informational message serious Serious event message cr WCP8180 config show logging wireless controller volatile Display log messages in DRAM WCP8180 config show logging wireless controller volatile critical Critical event messages informational Informational messages serious Serious event messages cr Variable Definitions Variable Value config Display configuration of event loggi...

Page 367: ...r disables the event log default is Enabled level critical serious informational none Specifies the level of logging stored in DRAM nv level critical serious none Specifies the level of logging stored in NVRAM Disabling the system log About this task Use this procedure to disable the system event log Procedure Enter the no logging command in global configuration mode Setting the system log to defa...

Page 368: ...isabling remote logging on page 369 Setting the remote logging address on page 369 Clearing the remote server IP address on page 369 Setting the log severity on page 370 Resetting the severity level on page 370 Setting the default remote logging level on page 370 Displaying logging About this task Use this procedure to display the configuration and the current contents of the system event log Proc...

Page 369: ...ocedure to set the address of the remote server for the syslog Procedure 1 Enter Global Configuration mode 2 Enter the logging remote address A B C D command to disable the use of a remote syslog server Variable Definitions Parameters and variables Description A B C D Specifies the IP address of the remote server in dotted decimal notation The default address is 0 0 0 0 Clearing the remote server ...

Page 370: ... informational none Specifies the severity level of the log messages to be sent to the remote server critical informational serious none Resetting the severity level About this task Use this command to remove severity level setting Procedure 1 Enter Global Configuration mode 2 Enter the no logging remote level command to remove the severity level of the logs that will be sent to the server The lev...

Page 371: ...how port mirroring command to display the port mirroring configuration Configure port mirroring About this task Use this procedure to set the port mirroring configuration Procedure 1 Enter Global Configuration mode 2 Enter the port mirroring mode disable Xrx monitor port portlist mirror ports portlist Xtx monitor port portlist mirror ports portlist ManytoOneRx monitor port portlist mirror ports po...

Page 372: ...nytoOneTx Many to one port mirroring on egress packets ManytoOneRxTx Many to one port mirroring on ingress and egress traffic Xrx Mirror packets received on port X Xtx Mirror packets transmitted on port X XrxOrXtx Mirror packets received or transmitted on port X XrxYtx Mirror packets received on port X and transmitted on port Y This mode is not recommended for mirroring broadcast and multicast tra...

Page 373: ...ing About this task Use this procedure to display Many to Many port mirroring settings Procedure 1 Enter Privileged Executive mode 2 Enter the show port mirroring command 3 Observe the displayed information Configuring Many to Many port mirroring About this task Use this procedure to configure Many to Many port mirroring Procedure 1 Enter Global Configuration mode 2 Enter the port mirroring 1 4 mo...

Page 374: ...ts ManyToOneTx Mirror many to one port mirroring on egress packets Xrx Mirror packets received on port X XrxOrXtx Mirror packets received on port X and transmitted on port Y XrxYtx Mirror packets received on port X and transmitted on port Y XrxYtxOrYrxXtx Mirror packets received on port X and transmitted on port Y or packets received on port Y and transmitted on port X Xtx Mirror packets received ...

Page 375: ... the no port mirroring command to disable all instances Variable Definitions Variable Definition 1 4 The port mirroring instance ACLI reference for wired networks Avaya WLAN 8100 CLI Reference August 2013 375 ...

Page 376: ...ACLI Reference for wired networks 376 Avaya WLAN 8100 CLI Reference August 2013 Comments infodev avaya com ...

Page 377: ...nd Barbuda AG Netherlands Antilles AN Argentina AR American Samoa AS Austria AT Australia AU Aruba AW Azerbaijan AZ Bosnia BA Barbados BB Bangladesh BD Belgium BE Bulgaria BG Bahrain BH Bermuda BM Brunei BN Bolivia BO Brazil BR Bahamas BS Bhutan BT Belarus BY Canada CA Switzerland CH Chile CL Avaya WLAN 8100 CLI Reference August 2013 377 ...

Page 378: ...Ecuador EC Estonia EE Egypt EG Spain ES Finland FI Falkland Islands FK Federated States of Micronesia FM France FR United Kingdom GB French Guiana GF Guernsey GG Gibraltar GI Guadeloupe GP Greece GR Guatemala GT Guam GU Hong Kong HK Honduras HN Croatia HR Haiti HT Supported Country Codes 378 Avaya WLAN 8100 CLI Reference August 2013 Comments infodev avaya com ...

Page 379: ...a JM Jordan JO Japan JP Kenya KE Kiribati KI Korea Republic KR Kuwait KW Cayman Islands KY LAO People s Democratic Republic LA Lebanon LB Liechtenstein LI Sri Lanka LK Lesotho LS Lithuania LT Luxembourg LU Latvia LV Morocco MA Monaco MC Macedonia MK Macao MO Northern Mariana Islands MP Avaya WLAN 8100 CLI Reference August 2013 379 ...

Page 380: ...NL Norway NO New Zealand NZ Oman OM Panama PA Peru PE Papua New Guinea PG Philippines PH Pakistan PK Poland PL St Pierre and Miquelon PM Portugal PT Puerto Rico PR Qatar QA Reunion RE Romania RO Serbia RS Russia RU Saudi Arabia SA Sweden SE Singapore SG Supported Country Codes 380 Avaya WLAN 8100 CLI Reference August 2013 Comments infodev avaya com ...

Page 381: ...key TR Trinidad Tobago TT Taiwan TW Tanzania TZ Ukraine UA US Minor Outlying Islands UM United States US Uruguay UY Uzbekistan UZ Holy See Vatican City VA Venezuela VE Virgin Islands British VG US Virgin Isle VI Vietnam VN Yemen YE Mayotte YT South Africa ZA Zambia ZM Avaya WLAN 8100 CLI Reference August 2013 381 ...

Page 382: ...Supported Country Codes 382 Avaya WLAN 8100 CLI Reference August 2013 Comments infodev avaya com ...

Reviews:

No comments