manualshive.com logo in svg

Dell PowerConnect W-7200 Series, Reference Manual

The Dell PowerConnect W-7200 Series brings enhanced networking capabilities to your business. Our Installation Manual provides step-by-step instructions for a hassle-free setup. Download this comprehensive manual for free from our website, ensuring smooth installation and optimal use of your powerful networking equipment.

Share
Download
background image

Usage Guidelines

This command turns the session ACL from a blacklist to a whitelist. A rule must exist that explicitly permits the
session before it is forwarded to the controller and the last rule in the list denies everything else.

Example

The following command creates a whitelist ACL that allows on with the source address as 10.10.10.10 and the
source mask as 2.2.2.2. The protocol is FTP and the the bandwidth contract name is mycontract.

(host) (config-fw-cp) #permit 10.10.10.10 2.2.2.2 proto ftp bandwidth-contract name
mycontract

The following command creates a a whitelist ACL entry that denies traffic using protocol 2 on port 5000 from being
forwarded to the controller:

(host) (config-fw-cp) #deny proto 6 ports 5000 6000

Related Commands

Command

Description

Mode

show firewall-cp

Show Control Processor (CP) whitelist ACL info.

Enable or Config modes

cp-bandwidth-contract

This command configures a bandwidth contract traffic
rate which can then be associated with a whitelist
session ACL.

Enable or Config modes

Command History

Modification

ArubaOS 3.4

Command introduced.

ArubaOS 6.2

The permit <ip-addr><ip-mask> parameter was added.
The deny <ip-addr> parameter was added.
The any parameter was added.
The host parameter was added.
The ftp, http, https, icmp, snmp, ssh, telnet and tftp parameters were added.

Command Information

Platform

License

Command Mode

Available on all platforms

Base operating system, except for noted
parameters

Config mode on master
controllers

Dell PowerConnect W-Series ArubaOS 6.2 |

Reference Guide

firewall cp | 269

Summary of Contents for PowerConnect W-7200 Series

Page 1: ...Dell PowerConnect W Series ArubaOS 6 2 Command Line Interface Reference Guide ...

Page 2: ...icense GPL GNU Lesser General Public License LGPL or other Open Source Licenses Includes software from Litech Systems Design The IF MAP client library copyright 2011 Infoblox Inc All rights reserved This product includes software developed by Lars Fenneberg et al The Open Source code used can be found at this site http www arubanetworks com open_source Legal Notice The use of Aruba Networks Inc sw...

Page 3: ...er for a 3G modem in the USB modem field in the AP provisioning profile or define a driver for a 4G modem in the 4G USB type field Starting with ArubaOS 6 2 1 0 you can configure drivers for both a 3G or a 4G modem using the USB field and the 4G USB Type field is deprecated What s New In ArubaOS 6 2 0 0 The following commands have been added in the ArubaOS 6 2 command line interface Command Descri...

Page 4: ...y This command displays the policy enforcement firewall visibility process state and status information show gap debug This command displays the troubleshooting information for the global AP database show iap table This command displays the details of the branch Instant AP network infor mation connected to the controller show interface profile voip profile This command displays the specified VoIP ...

Page 5: ...ed for TACACS server You can now specify an IPv6 host address for the host parameter copy The following parameters were added l usb partition partition number l usb partition partition number filename firewall The following parameters were added l enable bridging l prevent dhcp exhaustion firewall cp The following parameters were added l permit ip addr ip mask l deny ip addr l any l host l ftp htt...

Page 6: ...ress l internal dir l error counters l debug opcode l trace route l ip fragment show ap debug system status Added parameters to display Control Plane security OSPF SAPM Sta tion Management low priority syslog database user database and wrie less management statistics show mgmt users The Revocation Checkpoint rcp appears in the outpoint show storage Information detailing attached USB storage device...

Page 7: ...riteria firewall This clears the datapath sessions when roles are updated local userdb ap add This command adds a Remote AP entry to the Remote AP whitelist table local userdb ap del This command deletes a Remote AP entry from the Remote AP whitelist table local userdb ap modify This command modifies a Remote AP entry in the Remote AP whitelist table local userdb ap revoke Revoke a lost or stolen ...

Page 8: ... describes how to connect to the controller to use the CLI Serial Port Connection The serial port is located on the front panel of the controller Connect a terminal or PC workstation running a terminal emulation program to the serial port on the controller to use the CLI Configure your terminal or terminal emulation program to use the following communication settings Baud Rate Data Bits Parity Sto...

Page 9: ...Enter Configuration commands one per line End with CNTL Z When you are in basic config mode config appears before the prompt host config NOTE There are several other sub command modes that allow users to configure individual interfaces subinterfaces loopback addresses GRE tunnels and cellular profiles For details on the prompts and the available commands for each of these modes see Appendix A Comm...

Page 10: ...pe you can press the spacebar or tab to move to the next keyword The system then attempts to expand the abbreviation for you If there is only one command keyword that matches the abbreviation it is filled in for you automatically If the abbreviation is too vague too few characters the cursor does not advance and you must type more characters or use the help feature to list the matching commands De...

Page 11: ...or AP to reboot You may want to consider current network loads and conditions before issuing these commands as they may cause a momentary disruption in service as the unit resets Note also that changing the lms ip parameter in an AP system profile associated with an AP group will cause all APs in that AP group to reboot Commands that Reset an AP Commands that Reset a Controller l ap regroup l ap r...

Page 12: ...dr Two items within curled braces indicate that both parameters must be entered together If two or more sets of curled braces are separated by a vertical bar like in the example to the left enter only one choice Do not type the braces or bars Table 2 Text Conventions Command Line Editing The system records your most recently entered commands You can review the history of your actions or reissue a ...

Page 13: ...ware address use the hexadecimal format for example 00 05 4e 50 14 aa Service Set Identifier SSID A unique character string sometimes referred to as a network name consisting of no more than 32 characters The SSID is case sensitive for example WLAN 01 Basic Service Set Identifier BSSID This entry is the unique hard wireless MAC address of the AP A unique BSSID applies to each frequency 802 11a and...

Page 14: ... DellPowerConnect W Series ArubaOS 6 2 Reference Guide Contacting Dell Contact Center Online Main Website dell com Support Website dell com support Documentation Website dell com support manuals Table 5 Dell Contacts ...

Page 15: ...e list Description This command configures a Captive Portal authentication profile Syntax Parameter Description Range Default profile Name that identifies an instance of the profile The name must be 1 63 characters default authentication protocol mschapv2 pap chap This parameter specifies the type of authen tication required by this profile PAP is the default authentication type mschapv2 pap chap ...

Page 16: ...rface IP address in the redirection URL when external captive portal servers are used An external captive portal server can determine the controller from which a request originated by parsing the switchip variable in the URL This parameter requires the Public Access license login page url URL of the page that appears for the user logon This can be set to any URL auth index html logon wait Configur...

Page 17: ... 82 show fqdn Allows the user to see and select the fully qualified domain name FQDN on the login page The FQDNs shown are specified when configuring individual servers for the server group used with captive portal authentication enabled disabled disabled show acceptable use policy Show the acceptable use policy page before the logon page enabled disabled disabled single session Allows only one ac...

Page 18: ...ered for the initial role in the AAA profile Also when you configure the profile in the base operating system you cannot define the default role Example The following example configures a Captive Portal authentication profile that authenticates users against the controller s internal database Users who are successfully authenticated are assigned the auth guest role To create the auth guest user ro...

Page 19: ...g inner eap type eap gtc eap mschapv2 token caching period hours timer idrequest_period seconds mkey rotation period seconds quiet period seconds reauth period seconds ukey rotation period seconds wpa groupkey delay seconds wpa key period milliseconds wpa2 key delay milliseconds tls guest access tls guest role role unicast keyrotation use session key use static key validate pmkid voice aware wep k...

Page 20: ...e authentication server 500 1500 1100 heldstate bypass counter number This parameter is applicable when 802 1X authentication is terminated on the controller also known as AAA FastConnect Number of consecutive authentication failures which when reached causes the controller to not respond to authentication requests from a client while the controller is in a held state after the authentication fail...

Page 21: ...rt this feature the client will attempt to renegotiate the key whenever it roams to a new AP As a result the key cached on the controller can be out of sync with the key used by the client enabled reauth max number Maximum number of reauthentication attempts 1 10 3 reauthentication Select this option to force the client to do a 802 1X reauthentication after the expiration of the default timer for ...

Page 22: ...uch as SecureID and the use of LDAP or RADIUS as the user authentication server You can also enable caching of user credentials on the controller as a backup to an external authentication server EAP Microsoft Challenge Authentication Protocol version 2 MS CHAPv2 Described in RFC 2759 this EAP method is widely supported by Microsoft clients eap gtc ea p mscha pv2 eap mschap v2 token caching period ...

Page 23: ...ion takes place This feature is optional since most clients that support OKC and PMK caching do not send the PMKID in their association request disabled voice aware Enables rekey and reauthentication for VoWLAN clients NOTE The Next Generation Policy Enforced Firewall license must be installed enabled wep key retries number Number of times WPA WPA2 key messages are retried 1 5 3 wep key size Dynam...

Page 24: ...on user default role guest The following example configures an 802 1X profile that terminates authentication on the controller where the user authentication is performed with the controller s internal database or to a backend non 802 1X server aaa authentication dot1x dot1x termination enable Command History Version Description ArubaOS 3 0 Command introduced ArubaOS 6 1 The cert cn lookup enforce ...

Page 25: ...delimiter Delimiter colon dash or none used in the MAC string colon das h none none max authentication failures number Number of times a client can fail to authenticate before it is blacklisted A value of 0 disables blacklisting 0 10 0 disabled no Negates any configured parameter Usage Guidelines MAC authentication profile configures authentication of devices based on their physical MAC address MA...

Page 26: ...d ArubaOS 3 3 1 8 The max authentication failures parameter was allowed in the base operating system In earlier versions of ArubaOS the max authentication failures parameter required the Wireless Intrusion Protection license Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 27: ...istrative users enabled disabled disabled mchapv2 Enable MSCHAPv2 enabled disabled disabled no Negates any configured parameter server group group Name of the group of servers used to authenticate administrative users See aaa server group on page 82 default Usage Guidelines If you enable authentication with this command users configured with the mgmt user command must be authenticated using the sp...

Page 28: ...roup internal Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 3 2 The network operations role was introduced ArubaOS 3 3 The location api mgmt role was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 29: ...tabase in the master controller is used for authentication This command directs authentication to the internal database on the local controller where you run the command Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Re...

Page 30: ...tabase the user does not need write privileges but should be able to search the database and read attributes of other users in the database admin passwd string Password for the admin user allow cleartext Allows clear text unencrypted communication with the LDAP server enabled disabled disabled authport port Port number used for authentication Port 636 will be attempted for LDAP over SSL while port...

Page 31: ... you set clear text as the preferred connection type but do not allow clear text the controller will only use ldap s or start tls to contact the LDAP server ldap s start tls clear text ldap s timeout seconds Timeout period of a LDAP request in seconds 1 30 20 seconds Usage Guidelines You configure a server before you can add it to one or more server groups You create a server group for a specific ...

Page 32: ...es the server acctport port Accounting port on the server 1 65535 1813 authport port Authentication port on the server 1 65535 1812 clone server Name of an existing RADIUS server configuration from which parameter values are copied enable Enables the RADIUS server host Identify the RADIUS server either by its IP address or fully qualified domain name ipaddr IPv4 of the RADIUS server FQDN Fully qua...

Page 33: ...ill be that interface s IP address l If you do not associate the Source Interface with a configured server leave the field blank then the IP address of the global Source Interface will be used timeout seconds Maximum time in seconds that the controller waits before timing out the request and resending it 1 30 5 seconds use ip for calling sta tion Use an IP address instead of a MAC address for call...

Page 34: ...a authentication server radius DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 35: ...nfigured parameter retransmit number Maximum number of times a request is retried 0 3 3 session authorization Enables TACACS authorization Session authorization turns on the optional authorization session for admin users disabled tcp port port TCP port used by the server 1 65535 49 timeout timeout Timeout period of a TACACS request in seconds 1 30 20 seconds Usage Guidelines You configure a server...

Page 36: ...1 1 245 key qwERtyuIOp enable session authorization Command History Version Description ArubaOS 3 0 Command introduced ArubaOS 6 0 session authorization parameter was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 37: ...ws server host ipaddr IP address of the Windows server no Delete command Usage Guidelines You must define a Windows server before you can add it to one or more server groups You create a server group for a specific type of authentication see aaa server group on page 82 Windows servers are used for stateful NTLM authentication Example The following command configures and enables a windows server aa...

Page 38: ...38 aaa authentication server windows DellPowerConnect W Series ArubaOS 6 2 Reference Guide ...

Page 39: ...ervers used to authenticate the 802 1X users See aaa server group on page 82 timeout seconds Timeout period in seconds 1 20 10 seconds Usage Guidelines This command configures 802 1X authentication for clients on non Dell APs The controller maintains user session state information for these clients Example The following command assigns the employee user role to clients who successfully authenticat...

Page 40: ...Ps Syntax No parameters Usage Guidelines Run this command after changing the configuration of a RADIUS server in the server group configured with the aaa authentication stateful dot1x command This causes entries for the users to be created in the control path with the updated configuration information Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensin...

Page 41: ...he client s username and IP address the server IP address and the client s current authentication status If the client successfully authenticates via an NTLM authentication server the controller can recognize that the client has been authenticated and assign that client a specified user role When the user logs off or shuts down the client machine the user will remain in the authenticated role unti...

Page 42: ...a authentication stateful ntlm DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 43: ...to incorrect credentials After the maximum authentication attempts failures VIA will exit 3 server group server group Server group against which the user is authenticated Usage Guidelines Use this command to create VIA authentication profiles and associate user roles to the authentication profile Example host config aaa authentication via auth profile default host VIA Authentication Profile defaul...

Page 44: ...n profile client wlan profile position position clone controllers load balance csec gateway url URL csec http ports comma separated port numbers dns suffix list dns suffix list domain pre connect enable csec enable fips enable supplicant ext download url ext download url ike policy ike policy ikev2 policy ikev2 proto ikev2auth ipsec cryptomap map map number number ipsecv2 cryptomap lockdown all se...

Page 45: ...uted when the VIA connection is established The script must reside on the user client system auto login Enable or disable VIA client to auto login and establish a secure connection to the controller Enabled auto upgrade Enable or disable VIA client to automatically upgrade when an updated version of the client is available on the controller Enabled banner message reappear timeout Timeout value in ...

Page 46: ...ent security service provider Do not add space before or after the comma domain preconnect Enable this option to allow users with lost or expired passwords to establish a VIA connection to corporate network This option authenticates the user s device and establishes a VIA con nection that allows users to reset credentials and continue with corporate access Enabled dns suffix list dns suffix list T...

Page 47: ...minimized Use this option to keep the VIA client on a Microsoft WIndows operating system minimized to system tray save passwords Enable or disable users to save passwords entered in VIA Enabled server Configure VIA servers split tunneling Enable or disable split tunneling l If enabled all traffic to the VIA tunneled networks will go through the controller and the rest is just bridged directly on t...

Page 48: ... always associated to a user role and all users belonging to that role will use the configured settings If you do not assign a VIA connection profile to a user role the default connection profile is used Example The following example shows a simple VIA connection profile host config aaa authentication via connection profile via host VIA Connection Profile via server addr 202 100 10 100 internal ip...

Page 49: ...w whitelist traffic l banner message reappear timeout l controllers load balancing l enable fips l enable supplicant l whitelist Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide aaa authentication via connection profile 49 ...

Page 50: ...f the SSL fallback mode is enabled the VIA client will use SSL to create a secure connection Syntax Parameter Description Default no Disable SSL fallback option ssl fallback enable Use this option to enable an SSL fallback connection Disabled Example host config aaa authentication via global config Command History Command introduced in 5 0 Command Information Platforms Licensing Command Mode All p...

Page 51: ...s can view this list and select one during the client login Syntax Parameter Description Default auth profile auth profile The name of the VIA authentication profile position position The position of the profile to specify the order of selection clone source Duplicate an existing authentication profile Example host config aaa authentication via web auth default host VIA Web Authentication default ...

Page 52: ...ap and default rap VPN profiles and disabled by default on all other VPN profiles clone source Copies data from another VPN authentication profile Source is the profile name from which the data is copied default role role Role assigned to the VPN user upon login NOTE This parameter requires the Policy Enforcement Firewall for VPN Users PEFV license guest max authentication failures number Maximum ...

Page 53: ...efined VPN Authentication Profile default cap is not editable Command History Version Description ArubaOS 3 0 Command introduced ArubaOS 5 0 The default cap and default rap profiles were introduced ArubaOS 6 1 The cert cn lookup parameter was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system except for noted parameters The default role parameter re...

Page 54: ... AAA profile that is configured for MAC or 802 1X authentication The port on the controller to which the device is connected must be configured as untrusted Example The following commands configure an AAA profile for dot1x authentication and a wired profile that references the AAA profile aaa profile sec wired dot1x default role employee dot1x server group sec svrs aaa authentication wired profile...

Page 55: ...SPr Authentication Profile default role Default role assigned to users that complete WISPr authentication logon wait Configure the CPU utilization threshold that will trigger logon wait maximum and minimum times CPU threshold cpu threshold Percentage of CPU utilization at which the maximum and minimum login wait times are enforced Range 1 100 Default 60 max authentication failures Maximum auth fai...

Page 56: ... s credentials to the partner ISP s WISPr AAA server for authentication Once the client has been authenticated on the partner ISP it will be authenticated on your hotspot s own ISP as per their service agreements Once your ISP sends an authentication message to the controller the controller assigns the default WISPr user role to that client ArubaOS supports the following smart clients which enable...

Page 57: ...wispr location id network wispr location id network wispr location name location wispr location name location wispr location name operator name wispr location name location Command History This command was available in ArubaOS 3 4 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6...

Page 58: ...e contract applies to all users in a specified user role or per user in a user role When you apply a bandwidth contract to a VLAN see interface vlan on page 330 the contract limits multicast traffic and does not affect other data This is useful because an AP can only send multicast traffic at the rate of the slowest associated client Thus excessive multicast traffic will fill the buffers of the AP...

Page 59: ...dhcp option 77 Enable DHCP packet processing l encryption type Encryption method used by station l essid ESSID of access point l location user location ap name l macaddr MAC address of user NOTE If you use the dhcp option rule type best practices are to enable the enforce dhcp option in the AAA profile referenced by AP group s Virtual AP profile attribute value Specify one of the following conditi...

Page 60: ...Assign client to a role or VLAN based upon the DHCP signature ID One of the following l equals l starts with DHCP signature ID Note This string is not case sensitive dhcp option 77 Assign client to a role or VLAN based upon the user class identifier returned by DHCP server equals string encryption type Assign client to a role or VLAN based upon the encryption type used by the client One of the fol...

Page 61: ...facturers may use vendor class identifiers that begin with similar strings If you create a DHCP Option rule that uses the starts with condition instead of the equals condition the rule may assign a role or VLAN to more than one device type host config show log network all include DISCOVER Feb 26 02 50 34 202534 DBUG dhcpdwrap dhcp Datapath vlan1 DISCOVER 00 19 d2 01 0b 84 Options 74 01 3d 010019d2...

Page 62: ...st description createdforspecialcustomers The example rule shown below sets a user role for clients whose host name DHCP option 12 has a value of 6C6170746F70 which is the hexadecimal equivalent of the ASCII string laptop The first two digits in the Value field are thehexadecimal value of 12 which is 0C followed by the specific signature to be matched aaa derivation rules user device role set role...

Page 63: ...FQDN of the server rather than its IP address the controller will periodically generate a DNS request and cache the IP address returned in the DNS response Issue this command to configure the frequency of these requests Example This command configures a DNS query interval of 30 minutes host aaa dns query interval 30 Related Commands To view the current DNS query interval issue the command show aaa...

Page 64: ...r a period of 10 minutes you can set a different time limit with the aaa timers dead time command The aaa inservice command is useful when you become aware that an out of service authentication server is again available before the dead time period has elapsed You can use the aaa test server command to test the availability and response of a configured authentication server Example The following co...

Page 65: ...a role debugging that includes a policy to mirror session packets to a specified destination for further examination then use this command to assign the debugging role to a specific client Use the aaa ipv6 user delete command to remove the client or device from the role Note that issuing this command does not affect ongoing sessions that the client may already have For example if a client is in th...

Page 66: ...werConnect W Series ArubaOS 6 2 Reference Guide Command History This command was available in ArubaOS 3 3 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 67: ...t already had before being assigned a role with the aaa ipv6 user add command Example The following command clears ongoing sessions for an IPv6 client aaa user clear sessions 2002 d81f f9f0 1000 e409 9331 1d27 ef44 Command History This command was available in ArubaOS 3 3 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers Dell...

Page 68: ...be deleted name Name of the IPv6 client to be deleted role Role of the IPv6 client to be deleted Usage Guidelines This command allows you to manually delete clients users or roles For example if you used to the aaa ipv6 user add command to assign a user role to an IPv6 client you can use this command to remove the role assignment Example The following command a role aaa ipv6 user delete role web d...

Page 69: ...uthenticated IPv6 client The client must reauthenticate Example The following command logs out an IPv6 client aaa user logout 2002 d81f f9f0 1000 e409 9331 1d27 ef44 Command History This command was available in ArubaOS 3 3 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide...

Page 70: ...is cleared without administrator intervention Range 1 min to 1440 min 24 hrs Default 3 NOTE When a management user gets locked out that event is logged in the controller log file The management user lockout warning message can have any one of the following warning IDs l 125060 Password policy locked out a management user created via the mgmt user command in the serial console CLI l 125061 Password...

Page 71: ...efault there is no requirement for uppercase letters in a password and the parameter has a default value of 0 password not username Password cannot be the management users current username or the username spelled backwards Usage Guidelines By default the password for a management user has no requirements other than a minimum length of 6 alphanumeric or special characters You do not need to configu...

Page 72: ... characters including one numerical digit and one special character aaa password policy mgmt enable password min digit 1 password min length 9 password min special characters 1 Related Commands Command Description Mode show aaa password policy mgmt Use show aaa password policy mgmt to show the current management password policy Enable mode Command History This command was available in ArubaOS 5 0 ...

Page 73: ...ntication dot1x on page 19 authentication mac mac profile Name of the MAC authentication profile associated with the WLAN See aaa authentication mac on page 25 clone profile Name of an existing AAA profile configuration from which parameter values are copied devtype classification The device identification feature can automatically identify different client device types and operating systems by pa...

Page 74: ...age 82 radius interim accounting By default the RADIUS accounting feature sends only start and stop messages to the RADIUS accounting server Issue the interim radius accounting command to allow the controller to send Interim Update messages with current user statistics to the server at regular intervals disabled rfc 3576 server ip addr IP address of a RADIUS server that can send user disconnect an...

Page 75: ... A N A wired to wireless roam enabled enabled enabled Example The following command configures an AAA profile that assigns the employee role to clients after they are authenticated using the 802 1X server group radiusnet aaa profile corpnet dot1x default role employee dot1x server group zachjennings Command History Version Description ArubaOS 3 1 Command introduced ArubaOS 3 4 1 License requiremen...

Page 76: ...ofile DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system except for noted parameters Config mode on master controllers ...

Page 77: ...xample below shows part of the output for an LDAP record for the username JDOE host aaa query user eng JDOE objectClass top objectClass person objectClass organizationalPerson objectClass user cn John Doe sn Doe userCertificate 0 202 005 2240 202 004 240 003 002 001 002 002 012H 011 333K userCertificate 0 202 005 2240 202 004 240 003 002 001 002 002 012 350 346F userCertificate 0 202 005 2240 202 ...

Page 78: ...erConnect W Series ArubaOS 6 2 Reference Guide Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 79: ... Optional Display attributes for a specific vendor name and vendor ID Usage Guidelines Add RADIUS attributes for use in server derivation rules Use the show aaa radius attributes command to display a list of the current RADIUS attributes recognized by the controller To add a RADIUS attribute to the list use the aaa radius attributes command Example The following command adds the VSA Dell User Role...

Page 80: ...sconnect and change of authorization messages sent from the server to the controller contains information to identify the user for which the message is sent The controller supports the following attributes for identifying the users who authenticate with a RFC 3576 server l user name Name of the user to be authenticated l framed ip address User s IP address l calling station id Phone number of a st...

Page 81: ... information for a user whose session timeout is altered by a RFC 3576 server Command History Version Description ArubaOS 3 0 Comand introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide aaa rfc 3576 server 81 ...

Page 82: ...The controller attempts authentication with each server in the ordered list until either there is a successful authentication or the list of servers in the group is exhausted disabled auth server name Name of a configured authentication server match authstring This option associates the authentication server with a match rule that the controller can compare with the user client information in the ...

Page 83: ...ed together condition Attribute returned by the authentication server contains The rule is applied if and only if the attribute value contains the specified string ends with The rule is applied if and only if the attribute value ends with the specified string equals The rule is applied if and only if the attribute value equals the specified string not equals The rule is applied if and only if the ...

Page 84: ...ver group corp servers with a RADIUS server as the main authentication server and the internal database as the backup The command also sets the client s user role to the value of the returned Class attribute aaa server group corp servers auth server radius1 position 1 auth server internal position 2 set role condition Class value of Command History This command was introduced in ArubaOS 3 0 Comman...

Page 85: ... This command configures the user role assigned to clients that fail Sygate On Demand Agent SODA remediation Command History Version Description ArubaOS 3 0 Command introduced ArubaOS 3 4 Command deprecated DellPowerConnect W Series ArubaOS 6 2 Reference Guide aaa sygate on demand deprecated 85 ...

Page 86: ...ands only all Reports all commands configuration Reports configuration commands only show Reports show commands only mode Enables accounting for the server group enable disable disabled Usage Guidelines You must have previously configured the TACACS server and server group see aaa authentication server tacacs on page 35 and aaa server group on page 82 Example The following command enables accounti...

Page 87: ...es This command allows you to check a configured RADIUS authentication server or the internal database You can use this command to check for an out of service RADIUS server Example The following commands adds a user in the internal database and verifies the configuration local userdb add kgreen lkjHGfds aaa test server pap internal kgreen lkjHGfds Authentication successful Command History This com...

Page 88: ... over servicing requests from a lower priority server if the server continues to be unresponsive it is marked as down for the dead time 0 50 10 minutes idle timeout 1 15300 Maximum number of minutes after which a client is considered idle if there is no user traffic from the client The timeout period is reset if there is a user traffic If there is no IP traffic in the timeout period or there is no...

Page 89: ...Command History Version Description ArubaOS 3 0 Command introduced ArubaOS 3 4 Idle timeout values and defaults changed Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide aaa timers 89 ...

Page 90: ...escription macaddr MAC address of the AP Usage Guidelines This command configures a non Dell AP as a trusted AP Example The following command configures a trusted non Dell AP aaa trusted ap 00 40 96 4d 07 6e Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 91: ...ubleshooting issues with a specific client or device This command allows you to manually assign a client or device to a role For example you can create a role debugging that includes a policy to mirror session packets to a specified destination for further examination then use this command to assign the debugging role to a specific client Use the aaa user delete command to remove the client or dev...

Page 92: ...e Guide session acl log https In enable mode aaa user add 10 1 1 236 role web debug Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 93: ...hat the client already had before being assigned a role with the aaa user add command Example The following command clears ongoing sessions for a client aaa user clear sessions 10 1 1 236 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers DellPowerConnect W Series Aruba...

Page 94: ...eleted name Name of the client to be deleted role Role of the client to be deleted Usage Guidelines This command allows you to manually delete clients users or roles For example if you used to the aaa user add command to assign a user role to a client you can use this command to remove the role assignment Example The following command a role aaa user delete role web debug Command History This comm...

Page 95: ...ged from the system This command enables quick detection of multiple instances of the same MAC address in the user table and removal of an old IP address This can occur when a client or an AP connected to an untrusted port on the controller changes its IP address Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operat...

Page 96: ... IP address of the client to be logged out Usage Guidelines This command logs out an authenticated client The client must reauthenticate Example The following command logs out a client aaa user logout 10 1 1 236 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 97: ...ls a timer that polls the SOS every 60 seconds and checks the following l L3 ACLs l Upstream bandwidth contract l Downstream bandwidth contract Example The following command checks user SOS attributes aaa user monitor 10 1 1 236 Command History This command was available in ArubaOS 6 2 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master co...

Page 98: ... completing XML server authorization no Negates any configured parameter Usage Guidelines XML API is used for authentication and subscriber management from external agents This command configures an external XML API server For example an XML API server can send a blacklist request for a client to the controller The server configured with this command is referenced in the AAA profile for the WLAN s...

Page 99: ... ADP is enabled on the controller the controller automatically responds to the APs queries with its IP address If the APs are not in the same broadcast domain as the master controller you need to enable multicast on the network You also need to make sure that all routers are configured to listen for IGMP join requests from the controller and can route the multicast packets Use the show adp config ...

Page 100: ...ests suspect rap feature match type Match type eth wm ap wm eth gw wm match method Match method equal plus one minus one wired mac Tests the rogue AP classification feature Specifies the Wired MAC table enet mac Specifies the Ethernet MAC table mac Specifies the MAC entry to add remove from either the Wired MAC table or the Ethernet MAC table Usage Guidelines These commands are intended to be used...

Page 101: ...Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide am 101 ...

Page 102: ...and configures an AP group Syntax Parameter Description Range Default group Name that identifies the AP group The name must be 1 63 characters NOTE You cannot use quotes in the AP group name default ap system profile Configures AP administrative operations such as logging levels See ap system profile on page 155 default authorization profile Restrictive group for unauthorized AP clone Name of an e...

Page 103: ... profile on page 165 default event thresholds profile Configures Received Signal Strength Indication RSSI metrics See rf event thresholds profile on page 535 default ids profile Configures Dell s Intrusion Detection System IDS See ids profile on page 295 default mesh cluster profile Configures the mesh cluster profile for mesh nodes that are members of the AP group There is a default mesh cluster ...

Page 104: ...oup collects virtual AP definitions and configuration profiles which are applied to APs in the group Example The following command configures a virtual AP profile to the default AP group host config ap group default virtual ap corpnet Related Commands View AP group settings using the command show ap group Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 3 2 Support for t...

Page 105: ...cts all APs registered on this controller blink Causes the LEDs to blink for identification normal Restores the LEDs to their normal behavior Usage Guidelines Use the ap leds command to make the LEDs on a defined set of APs either blink or display in the currently configured LED operating mode Note that if the LED operating mode defined in the AP s system profile is set to off then the normal para...

Page 106: ...ap leds DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode Available on all platforms Base operating system Config mode on master or local controllers ...

Page 107: ... the AP has been previously provisioned with an earlier version of ArubaOS a name in the format building floor location The name must be 1 63 characters NOTE You cannot use quotes in the AP name ap system profile Configures AP administrative operations such as logging levels See ap system profile on page 155 default authorization profile Restrictive group for unauthorized AP clone Name of an exist...

Page 108: ...e mesh cluster profile If more than two mesh cluster profiles are configured mesh points use this number to identify primary and backup profile s The supported range of values is 1 16 The lower the number the higher the priority 1 mesh radio profile Configures the 802 11g and 802 11a radio settings for the AP mesh node See ap mesh ht ssid profile on page 129 The Secure Enterprise Mesh license must...

Page 109: ...how ap name Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 3 2 Support for mesh parameters was introduced ArubaOS 3 4 1 License requirements changed in ArubaOS 3 4 1 so the voip cac profile parameter required the PEF license instead of the Voice Services Module license required in earlier versions Command Information Platforms Licensing Command Mode All platforms Base ...

Page 110: ...aracters default Usage Guidelines All APs discovered by the controller are assigned to the default AP group An AP can belong to only one AP group at a time You can move an AP to an AP group that you created with the ap group command NOTE This command automatically reboots the AP Example The following command moves an AP to the corpnet group host config ap regroup wired mac 00 0f 1e 11 00 00 corpne...

Page 111: ...haracters NOTE You cannot use quotes in the AP name Usage Guidelines An AP name must be unique within your network NOTE This command automatically reboots the AP Example The following command renames an AP host config ap rename wired mac 00 0f 1e 11 00 00 building3 lobby Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Ba...

Page 112: ...uthenticated at the remote site By default these yet unauthorized APs are put into the temporary AP group authorization group and assigned the predefined profile NoAuthApGroup This configuration allows a user to connect to an unauthorized remote AP via a wired port then enter a corporate username and password Once a valid user has authorized the remote AP the AP will be permanently marked as autho...

Page 113: ...ame Reboot the AP with the specified name ap name ip addr Reboot the AP at the specified IP address ip addr wired mac Reboot the AP at the specified MAC address wired mac Usage Guidelines You should not normally need to use this command as APs automatically reboot when you reprovision them Use this command only when directed to do so by your Dell representative Example The following command reboot...

Page 114: ...t should connect Usage Guidelines To maintain a mesh topology created using the apconnect command Dell suggests setting the mesh reselection mode to reselect never otherwise the normal mesh reselection mechanisms could break up the selected topology Example The following command connects the mesh point meshpoint1 to a new parent with the specified BSSID host config apconnect ap name meshpoint1 par...

Page 115: ...t The mesh point will attempt to associate with another neighboring mesh node if available The old parent is not eligible for re association for 60 seconds after disconnection Example The following command disconnects a specific mesh point from its parent host config apdisconnect ap name meshpoint1 Related Commands Command Description Mode apconnect This command connects a mesh point to a new spec...

Page 116: ...d deprecated ap debug radio event log ap debug radio event log start stop show ap name name ip addr ip addr ip6 addr ip6 addr radio 0 1 size size of log events all ani hex rcfind rcupdate rx size text tx hexformat Description Start and stops radio event log capture for debugging purposes and sends a pktlog file to a dump server in the case of stop Syntax Parameter Description Range Default start S...

Page 117: ...tart ap name 6c f3 7f c6 71 90 radio 0 events all ap debug radio event log stop ap name 6c f3 7f c6 71 90 radio 0 show ap debug radio event log status ap name 6c f3 7f c6 71 90 Command History Release Modification ArubaOS 6 2 Command introduced Command Information Platforms Licensing Command Mode Available on all platforms Base operating system Enable mode on master controllers ap debug radio regi...

Page 118: ...rs qcu Collect QCU information radio Radio ID 0 or 1 Usage Guidelines This command collects specified radio register information for debugging purposes dumps the registers into a local file and will automatically transfer the file to the dump server that is configured in ap system profile Example The following command collects all radio registers from myap1 into a file called myradioregfile ap deb...

Page 119: ...support this feature If this feature is enabled for an APs group any APs in the group that do not support 803 az will ignore this setting disabled duplex The duplex mode of the Ethernet interface either full half or auto negotiated full half auto auto no Negates any configured parameter speed The speed of the Ethernet interface either 10 Mbps 100 Mbps 1000 Mbps 1 Gbps or auto negotiated 10 100 100...

Page 120: ...ication ArubaOS 3 0 Command introduced ArubaOS 3 3 Support for 1000 Mbps 1 Gbps Ethernet port speed was introduced ArubaOS 6 2 Support for the dot3az parameter was introduced Command Information Platforms Licensing Command Mode Available on all platforms Base operating system Config mode on master controllers ...

Page 121: ...ice signaling traffic softphone voice Use this application type if the AP supports voice services using softphone software applications on devices such as PCs or laptops streaming video Use this application type if the AP supports broadcast or multicast video or other streaming video services that require specific network policy treatment This application type is not recommended for video applicat...

Page 122: ...ecify a VLAN by VLAN ID 0 4094 or VLAN name Default is 0 Usage Guidelines LLDP MED media endpoint devices is an extension to LLDP that supports interoperability between VoIP devices and other networking clients LLDP MED network policy discovery lets end points and network devices advertise their VLAN IDs e g voice VLAN priority levels and DSCP values ArubaOS supports a maximum of eight LLDP MED Ne...

Page 123: ...This command was introduced in ArubaOS 6 2 Command Information Platforms Licensing Command Mode Available on all platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide ap lldp med network policy profile 123 ...

Page 124: ...VLAN is configured on the port the port vlan TLV will send that value otherwise it will send a value of 0 vlan name Transmit the LLDP 802 1 VLAN name TLV The AP sends a value of Unknown for VLAN 0 or VLAN number for non zero VLAN numbers dot3 tlvs Specify which of the following 802 3 TLVs the AP will send in LLDP PDUs By default the AP will send all 802 3 TLVs link aggregation Transmit the 802 3 l...

Page 125: ... a TLV that sends the AP name or wired MAC address receive Issue this command to enable LLDP PDU reception This parameter is enabled by default transmit Issue this command to enable LLDP PDU transmission This parameter is enabled by default transmit hold transmit hold Enter a value from 1 100 This value is multiplied by the transmit interval to determine the number of seconds to cache learned LLDP...

Page 126: ...ile allows the AP interface to send the port vlan and vlan name TLVs ap lldp profile 8021TLVs dot1 tlvs port vlan dot1 tlvs vlan name Command History This command was introduced in ArubaOS 6 2 Command Information Platforms Licensing Command Mode Available on all platforms Base operating system Config mode on master controllers ...

Page 127: ...er profile NOTE If you want a mesh cluster to use WPA2 PSK AES encryption do not use spaces in the mesh cluster name as this may cause errors in mesh points associated with that mesh cluster To view existing mesh cluster profiles use the CLI command show ap mesh cluster profile Dell mesh no Negates any configured parameter opmode Configures one of the following types of data encryption l opensyste...

Page 128: ...ion about priorities Cluster profiles including the default profile are not applied until you provision your APs for mesh Example The following command configures a mesh cluster profile named cluster1 for the mesh cluster headquarters ap mesh cluster profile cluster1 cluster headquarters Related Commands To view a complete list of mesh cluster profiles and their status use the following command sh...

Page 129: ...or enter a new name or create a new mesh high throughput profile The mesh high throughput profile can have a maximum of 32 characters To view existing high throughput SSID radio profiles use the command show ap mesh radio profile default 40MHz enable Enable or disable the use of 40 MHz channels This parameter is enabled by default enabled ba amsdu enable Enable Disable Receive AMSDU in BA negotiat...

Page 130: ...e or disable use of short 400ns guard interval for W AP130 series APs in 20 MHz mode A guard interval is a period of time between transmissions that allows reflections from the previous data transmission to settle before an AP transmits data again An AP identifies any signal content received inside this interval as unwanted inter symbol interference and rejects that data The 802 11n standard speci...

Page 131: ...n AP capabilities 0 1 1 supported mcs set A list of Modulation Coding Scheme MCS values or ranges of values to be supported on this SSID The MCS you choose determines the channel width 20MHz vs 40MHz and the number of spatial streams used by the mesh node The default value is 1 15 the complete set of supported values To specify a smaller range of values enter a hyphen between the lower and upper v...

Page 132: ...sid profile To view the settings of a specific mesh radio profile use the following command host config show ap mesh ht ssid profile name Command History Version Description ArubaOS 3 4 Command introduced ArubaOS 6 1 The short guard intvl 20Mhz ldpc stbc rx streams and stbc rx streams parameters were introduced Command Information Platforms Licensing Command Mode All platforms Base operating syste...

Page 133: ...a list of VLAN IDs that can be used by a mesh link on APs associated with this mesh radio profile vlan list A comma separated list of VLAN IDs You can also specify a range of VLAN IDs using a dash for example 1 4095 a tx rates Indicates the transmit rates for the 802 11a radio The AP attempts to use the highest transmission rate to establish a mesh link If a rate is unavailable the AP goes through...

Page 134: ...Maximum number of times a mesh node can re send a packet 0 15 4 times mesh mcast opt Enables or disables scanning of all active stations currently associated to a mesh point to select the lowest transmission rate based on the slowest connected mesh child When enabled this setting dynamically adjusts the multicast rate to that of the slowest connected mesh child Multicast frames are not sent if the...

Page 135: ...ed If no better parent is found the mesh point returns to its original parent This initial startup scan evaluates more distant mesh points before closer mesh points and incurs a dropout of 5 8 seconds for each mesh point After that time each mesh node evaluates alternative links if the existing uplink falls below the configured threshold level the link becomes a sub threshold link Best practices a...

Page 136: ...rofiles are specific to mesh nodes APs configured for mesh and determine the radio frequency channel used by mesh nodes to establish mesh links and the path to the mesh portal You can configure multiple radio profiles however you select and deploy only one radio profile per mesh cluster Radio profiles including the default profile are not active until you provision your APs for mesh If you modify ...

Page 137: ... tx power parameters were deprecated These settings can now be configured via the rf dot11a radio profile and rf dot11g radio profile commands ArubaOS 6 1 The eapol rate opt parameter was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide ap mesh radio profile 13...

Page 138: ... a provisioning profile for an AP or group of APs Syntax Parameter Description Range Default apdot1x passwd Password of the AP to authenticate to 802 1X using PEAP apdot1x username Username of the AP to authenticate to 802 1X using PEAP clone source Clone an existing ap provisioning profile link priority cellular link priority cellular Set the priority of the cellular uplink By default the cellula...

Page 139: ...n the required range the RAP will then check the RSSI limit of an alternate network for example 3G and reconnect to that alternate network The RAP will repeat the above steps each time it tries to connect using a 4G multimode modem in this mode link priority cellular link priority cellular Change the FQDN or IP address for the master controller set masterstr Specify the or IP address or FQDN for t...

Page 140: ...llular modem use the usb modeswitch command to specify the parameters for the hardware model of the USB cellular data card NOTE You must enclose the entire modeswitch parameter string in quotation marks usb passwd A PPP password if provided by the cellular service provider usb power mode auto ena ble disable Set the USB power mode to control the power to the USB port usb power mode auto ena ble di...

Page 141: ...oning profile named profile_branch in which the cellular link is the primary uplink because it has a higher priority than the Ethernet link host config ap provision profile profile_branch link priority cellular 2 link priority ethernet 1 usb type acm usb modeswitch v 0x106c p 0x3b06 V 0x106c P 0x3717 M 5534243b82e238c24000000800008ff020000000000000000000000000000 Command History Release Modificati...

Page 142: ... capture clear stop pause resume ap name ip addr ip6 addr pcap id radio 0 1 show ap packet capture status ap name ip addr ip6 addr Description These commands manage WiFi packet capture PCAP on Dell APs The WiFi packets are encapsulated in a UDP header and sent to a client running a packet analyzer like Wildpacket s Airopeek Omnipeek or Wireshark Syntax Parameter Description open port CPSEC CAPs an...

Page 143: ... utility such as Airmagnet Wireshark and so on on a remote client Before using these commands you need to start the packet analyzer utility on the client and open a capture window for the port from which you are capturing packets The packet analyzer cannot be used to control the flow or type of packets sent from Dell APs The packet analyzer processes all packets However you can apply display filte...

Page 144: ...o 0 The output of the command in the example below displays packet capture session statistics for the AP ap1 In this example the output has been divided into multiple sections to better fit on the pages of this document In the actual command line interface it will appear in a single long table show ap packet capture status ap name ap1 Packet Capture Sessions at ap1 IP 10 3 44 167 pcap id filter ty...

Page 145: ...s Licensing Command Mode All platforms Base operating system Works in Access Point Air Monitor and Spectrum Monitor modes on all AP models in enable mode DellPowerConnect W Series ArubaOS 6 2 Reference Guide ap packet capture 145 ...

Page 146: ...ks with devices set to improper country codes country code configured on the master controller during initial setup no Negates any configured parameter valid 11a 40mhz channel pair Specify a channel pair valid for 40 MHz operation in the 802 11a frequency band for the specified regulatory domain The two channels must be separated by a dash Example 36 40 44 48 52 56 country code determines supporte...

Page 147: ... controller can support APs in Japan Taiwan China and Singapore In order for an AP to boot correctly the country code configured in the AP regulatory domain profile must match the country code of the LMS If none of the channels supported by the AP have received regulatory approval by the country whose country code you selected the AP will revert to Air Monitor mode Examples The following command c...

Page 148: ...dard including channel pairs for 40 MHz mode of operation was introduced ArubaOS 5 0 The valid 11a 40mhz channel pair and valid 11g 40mhz channel pair parameters no longer support the and parameters that allowed you to define a primary and backup channel within the channel pair Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controller...

Page 149: ...and configures the regulatory domain profile for APs in Japan host ap remove_r1_key 00 50 43 21 01 b8 ap name MAcage 105 GL Execute the following command to check if the r1 key is removed from the AP host show ap remote debug r1_key ap name MAcage 105 GL Stored R1 Keys Station MAC Mobility Domain ID Validity Duration R1 Key Related Commands To check if the r1 key is removed from an AP use the show...

Page 150: ...lPowerConnect W Series ArubaOS 6 2 Reference Guide ap snmp profile deprecated Description This command configures an SNMP profile for APs Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 3 4 Command deprecated ...

Page 151: ...lone profile no priv passwd password user name name Description This command configures an SNMPv3 user profile for APs Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 3 4 Command deprecated DellPowerConnect W Series ArubaOS 6 2 Reference Guide ap snmp user profile deprecated 151 ...

Page 152: ...ble with the spectrum analysis dashboard in earlier versions of ArubaOS If you downgrade to an earlier version of ArubaOS and your client is unable to load a saved spectrum view in the spectrum dashboard access the CLI in enable mode and issue this command to delete the saved spectrum views and display default view settings in the spectrum dashboard Command History Introduced in ArubaOS 6 0 Comman...

Page 153: ... s mode setting that AP will begin to operate as a spectrum monitor but will remain associated with its previous 802 11a and 802 11g radio profiles If you change any parameter other than the overridden mode parameter in the spectrum monitor s 802 11a or 802 11 radio profiles the spectrum monitor will immediately update with the change When you remove the local spectrum override the spectrum monito...

Page 154: ...54 ap spectrum local override DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms RF Protect license Config mode on master controllers ...

Page 155: ... rap bw resv 2 rap bw resv 3 rap dhcp default router ipaddr rap dhcp dns server ipaddr rap dhcp lease days rap dhcp pool end ipaddr rap dhcp pool netmask netmask rap dhcp pool start ipaddr rap dhcp server id ipaddr rap dhcp server vlan vlan rap local network access request retry interval seconds rf band band rtls server ip addr ipaddr port port key key station message frequency seconds include una...

Page 156: ...el before an AP rebootstraps On the controller the GRE tunnel timeout is 1 5 x bootstrap threshold the tunnel is torn down after this number of seconds of inactivity on the tunnel 1 65535 8 clone Name of an existing AP system profile from which parameter values are copied dns domain Name of domain that is resolved by corporate DNS servers Use this parameter when configuring split tunnel double enc...

Page 157: ...pv6 In multi controller ipv6 networks specifies the IPv6 address of the local management switch LMS the controller which is responsible for terminating user traffic from the APs and processing and forwarding the traffic to the wired network This can be the IP address of the local or master controller When using redundant controllers as the LMS set this parameter to be the VRRP IP address to ensure...

Page 158: ...ease The amount of days that the assigned IP address is valid for the client Specify the lease in days 0 indicates the IP address is always valid the lease does not expire 0 30 0 rap dhcp pool end Configures a DHCP pool for remote APs This is the last IP address of the DHCP pool 192 168 11 254 rap dhcp pool netmask Configures a DHCP pool for remote APs This is the netmask used for the DHCP pool 25...

Page 159: ...rofile configures AP administrative operations such as logging levels Example The following command sets the LMS IP address in an AP system profile host config ap system profile local1 lms ip 10 1 1 240 Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 3 2 Support for additional RTLS servers and remote AP enhancements was introduced ArubaOS 3 3 2 l Maintenance mode parame...

Page 160: ...m profile DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system except for noted parameters Config mode on master controllers ...

Page 161: ...the specified IP address Usage Guidelines Use this command only under the supervision of Dell technical support If you delete the current image in the AP s flash memory the AP will not function until you reload another image Command History This command was introduced in ArubaOS 3 3 2 Command Information Platforms Licensing Command Mode All platforms running ArubaOS 3 3 2 x FIPS or later Base oper...

Page 162: ...unnel to the controller for processing The controller removes or adds the GRE headers decrypts or encrypts 802 11 frames and applies firewall rules to the user traffic as usual bridge 802 11 frames are bridged into the local Ethernet LAN When a remote AP or campus AP is in bridge mode the AP handles all 802 11 association requests and responses encryption decryption processes and firewall enforcem...

Page 163: ...t LANs configure and enable bridging on the mesh point Ethernet port Mesh nodes only support bridge mode and tunnel mode on their wired ports enet0 or enet1 Split tunnel mode is not supported Use the bridge mode to configure bridging on the mesh point Ethernet port Use tunnel mode to configure secure jack operation on the mesh node Ethernet port When configuring the Ethernet ports on APs with mult...

Page 164: ...ap profile DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system except for noted parameters Config mode on master controllers ...

Page 165: ...profile to be used by devices associated with this wired port profile The LLDP profile specifies the type length value TLV elements to be sent in LLDP PDUs no Negates any defined parameter rap backup Use the rap backup parameter to use the wired port on a Remote AP for local connectivity and troubleshooting when the AP cannot reach the controller If the AP is not connected to the controller no fir...

Page 166: ...port devices host config ap wired port profile wiredport1 aaa profile default open authentication timeout 30 wired ap profile wiredap1 Command History This command was introduced in ArubaOS 6 0 Command Information Platforms Licensing Command Mode All platforms Base operating system except for noted parameters Config mode on master controllers ...

Page 167: ...erface that defines the subnetwork for the static ARP entry is deleted you will be unable to use the arp command to overwrite the entry s current values use the no arp command to negate the entry and then enter a new arp command Example The following command configures an ARP entry host config arp 10 152 23 237 00 0B 86 01 7A C0 Command History This command was introduced in ArubaOS 3 0 Command In...

Page 168: ...tion enables audit trail for all commands in configuration mode Usage Guidelines By default audit trail is enabled for all commands in configuration mode Use the show audit trail command to display the content of the audit trail Example The following command enables an audit trail host config audit trail Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licen...

Page 169: ...that have a PCMCIA slot Usage Guidelines Use the restore flash command to untar and uncompress the flashbackup tar gz file Example The following command backs up flash directories to the flashbackup tar gz file host config backup flash Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Confi...

Page 170: ...ation mark Use quotation marks to enclose your text if you are including spaces spaces are not recognized unless your text string is enclosed in quotation marks without quotation marks the text is truncated at the first space You can also use the delimiter character within quotation marks l Press the Enter key after the delimiter to be placed into a mode where you can simply enter the banner text ...

Page 171: ...awesome Maintenance will be performed at 7 30 PM so please log off before 7 00 PM Command History This command was introduced in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide banner motd 171 ...

Page 172: ...ork ip address A B C D Reloads on the remote node specified by its IP address system 0 1 Enter the keyword system followed by the partition number 0 or 1 that you want the controller to use during the next boot login of the controller NOTE A controller reload is required before the new boot partition takes effect verbose Prints extra debugging information at boot Usage Guidelines Use the following...

Page 173: ... History Modification ArubaOS 1 0 Introduced for the first time ArubaOS 6 0 The remote node parameter was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide boot 173 ...

Page 174: ...on between service providers on the same type of network CDMA vs GSM as displayed in the show dialer group command driver acm hso option sierra Enter the keyword driver followed by one of the driver options l acm Linux ACM driver l hso Option High Speed driver l option Option USB data card driver default l sierra Sierra Wireless driver import address Enter the keyword import followed by the USB de...

Page 175: ... page 1294 and then enter the keyword product followed by the product ID listed in the show usb command Usage Guidelines The cellular modems are plug and play and support most native USB modems Cellular modems are activated only if it is the uplink with the highest priority see show uplink on page 1293 However new profiles can be created using this command to support new data cards or to customize...

Page 176: ...duce traffic load 10 300 10 seconds set maximum updates Maximum number of local controllers that can be updated at the same time with configuration changes You can decrease this value if you have a busy network You can increase this value to improve configuration synchronization 2 25 5 snapshot timer Interval in minutes that the local controller waits for a configuration download from the master u...

Page 177: ...command was introduced in ArubaOS 3 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide cfgm 177 ...

Page 178: ...ociated with authentication profile authentication server Provide authentication server details to clear values specific to an authentication server or all authentication server Parameters l all to clear all server statistics l internal to clear Internal server statistics l radius to clear RADIUS server statistics l tacacs to clear TACACS server statistics state Clear internal status of authentica...

Page 179: ...l tunnel configuration values on interface ports vrrp Clears all VRRP configuration values on interface ports datapath Clears all configuration values and statistics for the following datapath modules l application l bridge l bwm l crypto l dma l frame l hardware l ip reassembly l maintenance l message queue l route l route cache l session l station l tunnel l user l wifi reassembly l wmm dot1x Cl...

Page 180: ...cal TCP connection Specify the IP address of either the master or local controller port Clear all port statistics that includes link event counters or all counters Use the following parameters l link event l stats provisioning ap list Clear AP entries from the provisioning list provisioning params Clear provisioning parameters and reset them to the default configuration values rap wml Clear wired ...

Page 181: ... aaa authentication server all Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 The following MLD parameters are added to the ipv6 option l mld group l mld stats counters Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide clear 181 ...

Page 182: ...ired Mac information collected from the APs monitored ap wm mac Clear monitored AP wired Mac information collected fom the APs prop eth mac mac Clear the wired Mac information collected from the APs reg ap oui mac Clear the registered AP OUI information collected from the APs system gw mac mac Clear system gateway Mac information learned at the controller system wired mac mac Clear system wired Ma...

Page 183: ...en the show command was issued Note that the output of show clock and show log do not include timestamps even when this feature is enabled You can disable timestamps using the command no clock append Example The following example enables the timestamp feature host config clock append Command History This command was introduced in ArubaOS 6 2 Command Information Platforms Licensing Command Mode All...

Page 184: ...ets the time Specify hours minutes and seconds separated by spaces Numeric Usage Guidelines You can configure the year month day and time You must configure all four parameters Specify the time using a 24 hour clock You must specify the seconds Example The following example configures the clock to January 1st of 2007 at 1 03 52 AM host config clock set 2007 jan 1 1 3 52 Command History This comman...

Page 185: ...Enter the month when the time change begins or ends January December hh mm Enter the time in hours and minutes that the time change begins or ends 24 hours 23 23 Hours offset from the Universal Time Clock UTC 23 23 Usage Guidelines This command subtracts exactly 1 hour from the configured time The WORD can be any alphanumeric string but cannot start with a colon A WORD longer than five characters ...

Page 186: ...f March and ending at 2 00 AM on Sunday in the first week of November The example also sets the name of the time zone to PST with an offset of UTC 8 hours clock summer time PST recurring 2 Sun Mar 2 00 first Sun Nov 3 00 8 Command History This command was introduced in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master control...

Page 187: ...zone name longer than five characters is not accepted If you enter a time zone name containing punctuation the command is accepted but the time zone is set to UTC Example The following example configures the timezone to PST with an offset of UTC 8 hours clock timezone PST 8 Command History This command was introduced in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms...

Page 188: ...h their own hierarchy of APs and local controllers you can allow APs from one hierarchy to failover to any other hierarchy by defining a cluster of master controllers Each cluster will have one master controller as its cluster root and all other master controllers as cluster members To define a controller as a cluster root issue one of the following commands on that controller l cluster member cus...

Page 189: ...cluster switches Issue this command on a master controller using control plane security in a multi master environment to show other the other controllers to which it is connected Enable mode Command History Introduced in ArubaOS 6 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on cluster root controllers DellPowerConnect W Series ArubaOS 6 2 ...

Page 190: ... installed certificate to authenticate that cluster member l cluster member factory cert Define the controller as a cluster root and select a factory installed certificate to authenticate that cluster member l cluster member ip Define the controller as a cluster root and set the IPsec key to authenticate that cluster member NOTE For information on installing certificates on your controller refer t...

Page 191: ...in ArubaOS 6 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on cluster root controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide cluster member factory cert 191 ...

Page 192: ... controllers and APs Next the cluster root will send the certificate to each cluster member which in turn certifies their own local controllers and APs Since all controllers and APs in the cluster get their certificates from the cluster root they will all have the same trust anchor and the APs can switch to any other controller in the cluster and still remain connected to the secure network Issue ...

Page 193: ...ter controller using control plane security in a multi master environment to show other the other controllers to which it is connected Enable mode Command History Introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on cluster root controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide cluster member ip 193 ...

Page 194: ...he MAC address of the certificate root mac 1 mac Specify MAC address of the cluster root root mac 2 mac Specify MAC address of the redundant cluster Root ipsec custom cert Use a custom user installed certificate for secure communication between the cluster root and the specified cluster member root mac 1 mac Specify the MAC address of the cluster root s certificate root mac 2 mac Optional If your ...

Page 195: ...er root NOTE For information on installing certificates on your controller refer to the Management Utilities chapter of the Dell PowerConnect W Series ArubaOS User Guide Example The following command defines the IPsec key for communication between the cluster member and the root controller172 21 45 22 host config cluster root ip 172 21 45 22 ipsec ipseckey1 Related Commands Parameter Description M...

Page 196: ...e Guidelines Upon entering this command the enable mode prompt changes to host config To return to enable mode enter Ctrl Z or exit Example The following command allows you to enter configuration commands host configure terminal Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master c...

Page 197: ...to enable automatic certificate provisioning When this feature is enabled the controller will attempt to send certificates to associated APs To disable this feature use the command no auto cert prov Automatic certificate provisioning is disabled by default cpsec enable Issue this command to enable control plane security To disable this feature use the command no cpsec enable Control plane security...

Page 198: ... Related Commands Command Description Mode show control plane security Show the current configuration of the control plane security profile Config mode Command History This command was introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master or local controllers ...

Page 199: ... command is not configured then the controller IP defaults to the loopback interface address If the loopback interface address is not configured then the first configured VLAN interface address is selected Generally VLAN 1 is the factory default setting and thus becomes the controller IP address Example The following command sets the controller IP address to VLAN interface 6 host config controller...

Page 200: ...ler to the IPv6 loopback interface address or a specific IPv6 VLAN interface address If the controller IPv6 command is not configured then the controller IP defaults to the loopback interface address If the loopback interface address is not configured then the first configured VLAN interface address is selected Generally VLAN 1 is the factory default setting and thus becomes the controller IP addr...

Page 201: ...oller s flash file system the system image to a specified destination srcfilename Full name of the flash file to be copied flash Copy the file to the flash file system destfilename Specify the new name of the copied file tftp Copy the file to a TFTP server tftphost Specify the IP address or hostname of the TFTP server usb Copy the file to an attached USB storage device partition Specify the partit...

Page 202: ...e path of the filename to be copied flash Copy the file to the flash file system destfilename Specify the new name of the copied file system Copy the file to the system partition startup config Copy the startup configuration to a specified flash file or to a TFTP server flash Copy the file to the flash file system filename Specify the new name of the copied startup configuration file tftp Using TF...

Page 203: ...r and import the database To restore a configuration file copy the file from network server to the controller s flash system then copy the file from the flash system to the system configuration This ensures that you do not accidentally overwrite your system startup configuration file Unlike the controller s flash the USB device has more than two partitions not just 0 and 1 When copying a file from...

Page 204: ...204 copy DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config modes on master controllers ...

Page 205: ...te with a rate of 10 000Kbps host config cp bandwidth contract cp rate kbits 10000 Related Commands Command Description Mode show cp bwcontracts Display a list of Control Processor CP bandwidth contracts for whitelist ACLs Enable or Config modes firewall cp This command creates a new whitelist ACL and can associate a bandwidth contract with that ACL Enable or Config modes Command History This comm...

Page 206: ...urity associations SAs Syntax No parameters Usage Guidelines Use this command to remove old IPsec security associations if remote APs on your network still use an old SA after upgrading to a newer version of ArubaOS Command History This command was introduced in ArubaOS 6 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 207: ...ntax Parameter Description Range Default name Name of the map priority Priority of the map 1 10000 10000 no Negates a configured parameter set pfs Enables Perfect Forward Secrecy PFS mode Use one of the following l group1 768 bit Diffie Hellman prime modulus group l group2 1024 bit Diffie Hellman prime modulus group l group19 256 bit random Diffie Hellman ECP modulus group l group20 group1 DellPow...

Page 208: ...nsform sets with the crypto ipsec transform set command default transform version Specify the version of IKE protocol the controller uses to set up a security association SA in the IPsec protocol suite l v1 IKEv1 l v2 IKEv2 v1 Usage Guidelines Dynamic maps enable IPsec SA negotiations from dynamically addressed IPsec peers Once you have defined a dynamic map you can optionally associate that map w...

Page 209: ...e group19 and group20 PFS group values Command Information Platforms Licensing Command Mode All platforms The group19 and group20 PFS options requires the Advanced Cryptography ACR license All other parameters are available in the base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide crypto dynamic map 209 ...

Page 210: ...cm Use ESP with 128 bit AES GCM encryption esp aes192 Use ESP with 192 bit AES encryption esp aes256 Use ESP with 256 bit AES encryption esp aes256 gcm Use ESP with 256 bit AES GCM encryption esp des Use ESP with 56 bit DES encryption esp md5 hmac Use ESP with the MD5 HMAC variant authentication algorithm esp null hmac Use ESP with no authentication This option is not recommended esp sha hmac Use ...

Page 211: ...were introduced Command Information Platforms Licensing Command Mode All platforms The esp aes128 gcm and esp aes56 gcm transform set parameters require the Advanced Cryptography ACR license All other parameters are available in the base OS Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide crypto ipsec 211 ...

Page 212: ...onfigure the IP netmask for the group key mask Subnet mask for the group key disable Disable IKE processing eap passthrough Select one of the following authentication types for IKEv2 user authentication using EAP l eap mschapv2 l eap peap l eap tls enable Enable IKE processing groupname Configure the IKE Aggressive group name Aggressive mode IKE is a 3 packet IKE exchange that does not provide ide...

Page 213: ...no crypto isakmp packet dump Usage Guidelines Use this command to configure the IKE pre shared key set the EAP authentication method for IKEv2 clients using EAP user authentication and enable source NAT if the IP addresses of clients need to be translated to access the network Example The following command configures an ISAKMP peer IP address and subnet mask After configuring an ISAKMP address and...

Page 214: ...er the priority level authentication Configure the IKE authentication method pre share Use Pre Shared Keys for IKE authentication This is the default authentication type rsa sig Use RSA Signatures for IKE authentication ecdsa 256 Use ECDSA 256 signatures for IKE authentication ecdsa 384 Use ECDSA 384 signatures for IKE authentication encryption Configure the IKE encryption algorithm 3DES Use 168 b...

Page 215: ...tocol for the IKE policy l v1 IKEv1 l v2 IKEv2 Usage Guidelines To define settings for a ISAKMP policy issue the command crypto isakmp policy priority then press Enter The CLI will enter config isakmp mode which allows you to configure the policy values Example The following command configures an ISAKMP peer IP address and subnet mask After configuring an ISAKMP address and netmask you will be pro...

Page 216: ...latforms The following settings require the Advanced Cryptogram ACR license l hash algorithm SHA 256 128 SHA 384 192 l Diffie Hellman DH Groups 19 and 20 l Pseudo Random Function PRF PRF HMAC SHA256 PRF HMAC SHA384 l Authentication ecdsa 256 and ecdsa 384 All other parameters are supported in the base OS Config mode on master controllers ...

Page 217: ...of the IPsec map priority Priority of the entry 1 9998 dst net IP address and netmask for the destination network force natt Include this parameter to always enforce UDP 4500 for IKE and IPsec This option is disabled by default no Negates a configured parameter local fqdn local_id_fqdn If the local controller has a dynamic IP address you must specify the fully qualified domain name FQDN of the con...

Page 218: ...re connect Enables or disables pre connection ena ble dis able disabled set ca certificate cacert name User defined name of a trusted CA certificate installed in the controller Use the show crypto local pki TrustedCA command to display the CA certificates that have been imported into the controller set pfs If you enable Perfect Forward Secrecy PFS mode new session keys are not derived from previou...

Page 219: ...show crypto local ipsec map command to display the certificates associated with all configured site to site VPN maps use the tag map option to display certificates associated with a specific site to site VPN map ArubaOS supports site to site VPNs with two statically addressed controllers or with one static and one dynamically addressed controller By default site to site VPN uses IKE Main mode with...

Page 220: ... IKE Aggressive mode for Site Site VPN host config crypto local ipsec map name2 priority src net ipaddr mask dst net ipaddr mask peer ip 0 0 0 0 peer fqdn fqdn id peer_id_fqdn vlan id trusted enable For the Pre shared key crypto local isakmp key key fqdn fqdn id For a static IP controller that responds to IKE Aggressive mode for Site Site VPN with One PSK for All FQDNs host config crypto local ips...

Page 221: ...rms The group19 and group20 PFS options requires the Advanced Cryptography ACR license All other parameters are available in the base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide crypto localipsec map 221 ...

Page 222: ... the controller Use the show crypto local pki TrustedCA command to display the CA certificates that have been imported into the controller Usage Guidelines You can assign multiple CA certificates Use the show crypto local isakmp ca certificate command to view the CA certificates associated with VPN clients Example This command configures a CA certificate crypto local isakmp ca certificate TrustedC...

Page 223: ...racters Usage Guidelines This feature allows you to create a certificate group so you can access multiple types of certificates on the same controller Example This command configures a certificate group that consists of server certificate named newtest with the CA certificate TrustedCA crypto local isakmp certificate group server certificate newtest ca certificate TrustedCA Command History This co...

Page 224: ... Idle timeout in seconds 10 3600 22 seconds retry timeout Retry interval in seconds 2 60 2 seconds retry attempts Number of retry attempts 3 10 3 Usage Guidelines DPD is enabled by default on the controller for site to site VPN Example This command configures DPD parameters crypto local isakmp dpd idle timeout 60 retry timeout 3 retry attempts 5 Command History This command was introduced in Aruba...

Page 225: ... for the specified FQDN fqdn any Configure the PSK for any FQDN Usage Guidelines This command configures the IKE preshared key Example The following command configures an IKE preshared key for site to site VPN crypto local isakmp key R8nD0mK3y address 172 16 100 1 netmask 255 255 255 255 Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 3 4 The fqdn and fqdn any parameter...

Page 226: ...s command allows invalid or expired certificates to be used for site to site VPN Syntax No parameters Usage Guidelines This command allows invalid or expired certificates to be used for site to site VPN Command History This command was introduced in ArubaOS 3 2 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master and local controllers ...

Page 227: ...uidelines This command removes expired ISAKMP SAs from the controller Command History This command was introduced in ArubaOS 6 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide crypto localisakmp sa cleanup 227 ...

Page 228: ...ificate command to view the server certificate associated with VPN clients You must import and configure server certificates separately on master and local controllers NOTE There is a default server certificate installed in the controller however this certificate does not guarantee security for production networks Best practices is to replace the default certificate with a custom certificate issue...

Page 229: ... VPN client that uses certificates will not be authenticated using username password You must disable XAuth for Cisco VPN clients using CAC Smart Cards Example This command disables IKE XAuth for Cisco VPN clients using CAC Smart Cards no crypto local isakmp xauth Command History This command was introduced in ArubaOS 3 2 Command Information Platforms Licensing Command Mode All platforms Base oper...

Page 230: ...me Original imported filename of the CRL IntermediateCA Configures an intermediate CA certificate name Name of the intermediate CA certificate filename Original imported filename of the CRL OCSPResponderCert Configures a OCSP responder certificate certname Name of responder certificate filename Original imported filename of the responder certificate OCSPSignerCert Configures a OCSP signer certific...

Page 231: ...his is the source of revocation information in the OCSP responses Usage Guidelines This command lets you configure the controller to perform real time certificate revocation checks using the Online Certificate Status Protocol OCSP or traditional certificate validation using the Certificate Revocation List CRL client Refer to the Certificate Revocation chapter in the Dell PowerConnect W Series Arub...

Page 232: ...2 Command introduced ArubaOS 6 1 The following parameters were introduced l CRL l Intermediate CA l OCSPResponderCert l OCSPSignerCert l global ocsp signer cert l rcp l service ocsp responder Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master or local controllers ...

Page 233: ... the certificate that is used to sign OCSP responses for this revocation check point The OCSP signer certificate must be previously imported on to the controller using the WebUI The OCSP signer cert can be the same trusted CA as the check point a designated OCSP signer certificate issued by the same CA as the check point or some other local trusted authority If the ocsp signer cert is not specifie...

Page 234: ...ttp 10 4 46 202 ocsp The revocation check method is OCSP with CRL configured as the back up method crypto local pki rcp CARoot ocsp responder cert RootCA Ocsp_responder ocsp url http 10 4 46 202 ocsp crl location file Security1 WIN 05PRGNGEKAO CA unrevoked crl revocation check ocsp crl Related Commands Command Description Mode crypto local pki This command configures a local certificate OCSP signe...

Page 235: ...p used as the default global map If you have not yet defined a dynamic or ipsec map issue the command crypto map global map or crypto local ipsec map to define map parameters Example The following command configures the global map with the dynamic map named dynamic_map_2 host config crypto map global map 2 ipsec isakmp dynamic dynamic_map_2 Command History This command was introduced in ArubaOS 3 ...

Page 236: ...yourcompany com country country_val Specify a country name e g US or CA state_or_province state Specify the name of a state or province city city_val Specify the name of a city organization organization_val Specify the name of an organization unit e g sales unit unit_val Specify a unit value e g EMEA email email_val Specify an email address in the format name mycompany com Usage Guidelines Use thi...

Page 237: ... name parameter was introduced to support certificate signing requests using an elliptic curve EC key Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide crypto pki 237 ...

Page 238: ...rt name Import a server certificate TrustedCA name Import a trusted CA certificate pem Import a certificate in x509 PEM format See certificate types under the der parameter pfx Import a certificate in PFX format See certificate types under the der parameter pkcs12 Import a certificate in PKCS12 format See certificate types under the derparameter pkcs7 Import a certificate in PKCS7 format See certi...

Page 239: ...Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide crypto pki import 239 ...

Page 240: ...ffect immediately If a peer is not configured the controller displays an error message Use the database synchronize period command in config mode to configure the interval for automatic database synchronization Use the database synchronize rf plan data command to include RF plan data when synchronizing in standby mode Example The following commands cause the database on the active master controlle...

Page 241: ...ould delete files that you no longer need The copy scp command creates RSA signatures whenever it connects to a new host These host signatures are stored in the flash file system Example The following command deletes a file host delete filename december config backup cfg The following command deletes an RSA signature entry from flash host delete ssh host addr 10 100 102 101 The following command d...

Page 242: ...e Guidelines You can configure the name and IP address of the destination You can optionally configure the subnet or invert the selection Example The following example configures a destination called Home with an IP address of 10 10 10 10 host config destination Home 10 10 10 10 Command History Release Modification ArubaOS 1 0 Command introduced ArubaOS 3 0 Replaced with netdestination command Com...

Page 243: ...e number of links the file has to other files or directories l The third column displays the file owner l The fourth column displays group member information l The remaining columns display the file size date and time the file was either created or last modified and the file name Example The following command displays the files currently residing on the system flash host dir The following is sampl...

Page 244: ...erConnect W Series ArubaOS 6 2 Reference Guide Command Information Platform License Command Mode Available on all platforms Available in the base operating system Enable and Config modes on local or master controllers ...

Page 245: ...rameters This can cause new addresses to be assigned on a VLAN where the DHCP or PPPoE client is configured Command History This command was introduced in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms Available in the base operating system Enable mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide dynamic ip 245 ...

Page 246: ... from your controller Usage Guidelines Use this command to safely remove an external USB device Example host eject usb Command History Command introduced in ArubaOS 6 2 Command Information Platform License Command Mode Available on all platforms Available in the base operating system User mode on master or local controllers in enable mode ...

Page 247: ...fault admin user password also resets the enable mode password to enable See the Dell PowerConnect W Series ArubaOS User Guide for more information about resetting the admin and enable mode passwords When you are in enable mode the CLI prompt ends with the hash character Example The following example allows you to enter enable mode on the controller host enable Password host Command History Comman...

Page 248: ...ller and not be prompted to enter an enable mode password To restore the enable mode password prompt use the config mode command no enable bypass Example The following example allows bypass the enable mode password prompt host configure terminal Enter Configuration commands one per line End with CNTL Z host config enable bypass host config Command History Version Modification ArubaOS 6 0 Command i...

Page 249: ...xample allows you to change the password for enable mode host configure terminal Enter Configuration commands one per line End with CNTL Z host config enable secret Password Re Type password host config Command History Version Modification ArubaOS 1 0 Command introduced ArubaOS 3 3 2 Updated with restriction of the secret phase Command Informatio Platform License Command Mode Available on all plat...

Page 250: ...isplayed encrypted enabled Usage Guidelines Certain commands such as show crypto isakmp key display configured key information Use the encrypt command to display the key information in plain text or encrypted Example The following command allows passwords and keys to be displayed in plain text host encrypt disable Command History Introduced in ArubaOS 3 0 Command Information Platform License Comma...

Page 251: ...r removed from the ESI group You define ESI servers via the command esi server Usage Guidelines Use the show esi group command to show ESI group information Example The following command sets up the ESI group named fortinet host config esi group fortinet ping default server forti_1 Command History Introduced in ArubaOS 2 5 Command Information Platform License Command Mode Available on all platform...

Page 252: ...external third party appliances such as anti virus gateways content filters and intrusion detection systems It processes syslog messages according to user defined rules and takes configurable actions on the corresponding system users ESI servers see esi server on page 259 are configured into domains to which ESI syslog parser rules see esi parser rule on page 253 are applied Use the show esi parse...

Page 253: ...ntifies the user no Negates any configured parameter position Specifies the rule s priority position 1 32 1 highest set Specifies the action to take blacklist the user or change the user role Note The role entity should be configured before it is accepted by the ESI rule test Test the regular expression output configured in the esi parser rules command You can test the expressions against a specif...

Page 254: ...n log_id 0 9 10 match ipaddr src set blacklist domain fortinet enable In this example the corresponding ESI expression is Sep 26 18 30 02 log_id 0100030101 type virus subtype infected src 1 2 3 4 The following example of the test command tests a rule against a specified single syslog message test msg 26 18 30 02 log_id 0100030101 type virus subtype infected src 1 2 3 4 26 18 30 02 log_id 010003010...

Page 255: ...ArubaOS 3 1 Command Information Platform License Command Mode Available on all platforms Requires the PEFNG license Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide esiparser rule 255 ...

Page 256: ... specified single syslog message host config esi parser rule test msg 26 18 30 02 log_ id 0100030101 type virus subtype infected src 1 2 3 4 26 18 30 02 log_id 0100030101 type virus subtype infected src 1 2 3 4 Condition Matched with rule forti_rule User ipaddr 1 2 3 4 The following command tests against a file named test log which contains several syslog messages esi parser rule test file test lo...

Page 257: ...ubaOS 3 1 Command Information Platform License Command Mode Available on all platforms Requires the PEFNG license Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide esiparser rule test 257 ...

Page 258: ...any configured parameter retry count Specifies the ping retry count 1 65536 2 timeout Specifies the ping timeout in seconds 1 65536 2 Usage Guidelines Use the show esi ping command to show ESI ping information Example The following command specifies the ping health check attributes host config esi ping default frequency 5 retry count 2 timeout 2 Command History Introduced in ArubaOS 2 5 Command In...

Page 259: ...le a health check on the specified address trusted port Specifies the port connected to the trusted side of the ESI server slot port format untrusted ip addr Specifies the server IP address on the untrusted network As an option you can also enable a health check on the specified address untrusted port Specifies the port connected to the untrusted side of the ESI server Usage Guidelines Use the sho...

Page 260: ...server DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platform License Command Mode Available on all platforms Requires the PEFNG license Config mode on master and local controllers ...

Page 261: ...n entering this command in user mode you are returned to the user login Example The following sequence of exit commands return the user from the interface configuration sub mode to the user login host config if exit host config exit host exit host exit User Command History Introduced in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms Available in the base o...

Page 262: ...n directed to do so by an Dell support representative The global AP database resides on a master controller and contains information about known APs on all controllers in the system You can view the contents of the global AP database with the show ap database command Example The following command exports the global AP database to a file host export gap db global ap db Command History This command ...

Page 263: ... performing destination NAT This option should be enabled when the controller is not the default gateway for wireless clients and the default gateway is behind the controller This option is typically used for captive portal configuration disabled amsdu Aggregated Medium Access Control Service Data Units AMSDU packets are dropped if this option is enabled disabled attack rate Sets rates which if ex...

Page 264: ...voice over WLAN device and a SIP server This option should be enabled only when thee is no VoIP or VoWLAN traffic on the network disabled disable stateful ua processing Disables stateful UA processing disabled disable stateful vocera processing Disables stateful VOCERA processing disabled drop ip fragments When enabled all IP fragments are dropped You should not enable this option unless instructe...

Page 265: ...s are logged and an SNMP trap is sent disabled prohibit ip spoofing Detects IP spoofing where an intruder sends messages using the IP address of a trusted client When this option is enabled source and destination IP and MAC addresses are checked possible IP spoofing attacks are logged and an SNMP trap is sent enabled in IPv4 disabled in IPv6 prohibit rst replay Closes a TCP connection in both dire...

Page 266: ...dle session timeout in seconds for sessions that are marked as voice sessions If no voice packet exchange occurs over a voice session for the specified time the voice session is removed 16 300 300 seconds shape mcast Enables multicast optimization and provides excellent streaming quality regardless of the amount of VLANs or IP IGMP groups that are used disabled voip wmm voip content enforcement If...

Page 267: ... In previous versions of ArubaOS this feature checked only the source IP and the source MAC address in the frame Starting with ArubaOS 6 1 this feature also checks the destination IP and the destination MAC address in the frame The parameter amsdu was added ArubaOS 6 2 The parameter clear sessions role update was deprecated ArubaOS 6 2 1 The imm fb parameter was introduced Command Information Plat...

Page 268: ...itelist Specifies an entry that is allowed permit on the session ACL whitelist any Specifies any IPv4 source address host ip addr Indicates a specific IPv4 source address proto Protocol that the session traffic is using IP protocol number Specifies the IP protocol number that is permitted or denied 1 255 start port Specifies the starting port in the port range on which session traffic is running 1...

Page 269: ...he controller host config fw cp deny proto 6 ports 5000 6000 Related Commands Command Description Mode show firewall cp Show Control Processor CP whitelist ACL info Enable or Config modes cp bandwidth contract This command configures a bandwidth contract traffic rate which can then be associated with a whitelist session ACL Enable or Config modes Command History Modification ArubaOS 3 4 Command in...

Page 270: ...orwarded to the controller 1 200 Mbps 1 trusted mcast Specifies the trusted multicast traffic rate limit 1 200 Mbps 2 trusted ucast Specifies the trusted unicast traffic rate limit 1 200 Mbps 80 untrusted mcast Specifies the untrusted multicast traffic rate limit 1 200 Mbps 2 untrusted ucast Specifies the untrusted unicast traffic rate limit 1 200 Mbps 10 Usage Guidelines This command configures f...

Page 271: ...e following command enables firewall visibility host config firewall visibility Related Commands Command Description Mode show firewall visibility Displays the policy enforcement firewall visibility process state and status information Config or Enable mode Command History This command is introduced in ArubaOS 6 2 Command Information Platforms Licensing Command Mode W 3200 W 3400 W 3600 W 6000M3 a...

Page 272: ...the gateway health check and should only be issued under the guidance of the support staff Related Commands Command Description Mode show gateway health check Display the current status of the gateway health check feature This command is available in Config and Enable mode on master and local controllers host config show gateway health check History Introduced in ArubaOS 3 4 Command Information Pl...

Page 273: ...est provisioning feature the guest access email command allows you to set up the SMTP port and server that process guest provisioning email This email process sends email to either the guest or the sponsor whenever a guest user account is created or when the Guest Provisioning user manually sends email from the Guest Provisioning page Example The following command creates a guest access email prof...

Page 274: ... ArubaOS 6 2 Reference Guide Command History Modification ArubaOS 3 4 Introduced for the first time Command Information Platform License Command Mode Available on all platforms Available in the base operating system Config mode on master controllers ...

Page 275: ...roller You should issue this command before rebooting or shutting down to avoid interrupting processes Command History Introduced in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms Available in the base operating system Enable mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide halt 275 ...

Page 276: ...When typed at the beginning of a line the question mark lists all commands available in the current mode l When typed at the end of a command or abbreviation the question mark lists possible commands that match l When typed in place of a parameter the question mark lists available options Example The following command displays help host help Command History Available in ArubaOS 3 0 Command Informa...

Page 277: ...bols question marks or asterisks enclose the text in quotes The default names for the following controllers are l W 3200XM Dell 3200XM l W 3400 Dell 3400 l W 3600 Dell 3600 Example The following example configures the controller hostname to Controller 1 hostname Controller 1 Command History Introduced in ArubaOS 1 0 Command Information Platform License Command Mode Available on all platforms Avail...

Page 278: ...ied neighbor or suspected rogue if the rule is matched suspected rogue clone Copy data from another AP classification rule profile conf level incr Increase the confidence level in percentage when the rule matches 0 100 5 discovered ap cnt discovered ap cnt Enter the keyword discovered ap cnt followed by the number of APs to be discovered 0 100 0 match ssids Match SSIDs match or do not match true f...

Page 279: ...h rule can have only one specification of the Discovered AP Count Each rule can specify a minimum or maximum of the Discovered AP count The minimum or maximum operation must be specified if the Discovered AP count is specified The default setting is to check for the minimum discovered AP count Example The following example configures the AP Configuration Rule Profile named rule1 then enables the r...

Page 280: ...me Name of the IDS AP classification rule Usage Guidelines This command activates an active AP rule created by the ids ap classification rule change command You must create the rule before you can activate it Example host IDS Active AP Rules Profile rule name rule2 Command History Release Modification ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode Available on ...

Page 281: ...invalid address detect malformed association request detect malformed auth frame detect malformed htie detect malformed large duration detect omerta attack detect overflow eapol key detect overflow ie detect power save dos attack detect rate anomalies detect rts rate anomaly detect tkip replay attack disassoc rate thresholds number disconnect deauth disassoc threshold disconnect sta assoc resp thr...

Page 282: ...fake AP beacons that must be received within the flood increase time to trigger an alarm 0 100 000 50 assoc rate thresholds Rate threshold for associate request frames auth rate thresholds Rate threshold for authenticate frames block ack dos quiet time Time to wait in seconds after detecting an attempt to reset the receive window using a forged block ACK add 60 360000 seconds 900 seconds chopchop ...

Page 283: ...hopChop attack true false false detect client flood Enable disable detection of client flood attack true false disable detect cts rate anomaly Enable disable detection of CTS rate anomaly true false disable detect disconnect station In a station disconnection attack an attacker spoofs the MAC address of either an active client or an active AP The attacker then sends deauthenticate frames to the ta...

Page 284: ...save dos attack Enable disable detection of Power Save DoS attack true false enable detect rate anomalies Enable disable detection of rate anomalies true false disable detect rts rate anomaly Enable disable detection of RTS rate anomaly true false disable detect tkip replay attack Enable disable detection of TKIP replay attack true false disable disassoc rate thresholds Rate threshold for disassoc...

Page 285: ...0000 seconds 900 seconds malformed large duration quiet time Time to wait in seconds after detecting a large duration for a frame after which the check can be resumed 60 360000 seconds 900 seconds no Negates any configured parameter omerta quiet time Time to wait in seconds after detecting an Omerta attack after which the check can be resumed 60 360000 seconds 900 seconds omerta threshold The Disa...

Page 286: ... deauth blacklist Enables detection of a deauth attack initiated against a client associated to an AP When such an attack is detected the client is quarantined from the network to prevent a man in the middle attack from being successful true false false tkip replay quiet time Time to wait in seconds after detecting a TKIP replay attack after which the check can be resumed 60 360000 seconds 900 sec...

Page 287: ...ower save dos attack power save dos min frames power save dos quiet time power save dos threshold Deprecated Predefined Profiles Deprecated DOS profile l ids dos disabled l ids dos low setting l ids dos medium setting l ids dos high setting Command Information Platform License Command Mode Available on all platforms Requires the RFprotect license Config mode on master controllers DellPowerConnect ...

Page 288: ...ontainment susp l3 rogue wireless containment deauth only none tarpit all sta tarpit non valid sta wired containment ap adj mac wireless containment debug Description Configure an IDS general profile Syntax Parameter Description Ran ge Defa ult profile name Name that identifies an instance of the profile The name must be 1 63 characters defa ult adhoc ap inactivity timeout Ad hoc IBSS AP inactivit...

Page 289: ...rtls Enable disable RTLS communication with the configured mobility manager ena bled dis abled dis abled mon stats update interval Time interval in seconds for AP to update the switch with stats for monitored devices Minimum is 60 60 36000 0 sec onds 60 sec onds no Negates any configured parameter send adhoc info to controller Enable or disable sending Adhoc information to the controller from the ...

Page 290: ...is offset by one character from its wired MAC address NOTE This feature requires that the following wired containment parameter in the ids general profile is also enabled and that the confidence level of the suspected rogue exceeds the level configured by the suspect rogue containment and suspect rogue conf level parameters in the ids unauthorized device profile true false wireless containment dea...

Page 291: ...ainment tarpit all sta host IDS General Profile floor7 wireless containment debug Command History Version Description ArubaOS 3 0 Command Introduced ArubaOS 5 0 mobility manager rtls parameter introduced ArubaOS 6 0 Deprecated predefined profiles and added numerous General profile options Deprecated Predefined Profiles Deprecated General profiles l ids general disabled l ids general high setting C...

Page 292: ...econds beacon diff threshold Percentage increase in beacon rates that triggers an AP impersonation event 0 100 50 beacon inc wait time Time in seconds after the beacon difference threshold is crossed before an AP impersonation event is generated 3 seconds beacon wrong channel quiet time Time to wait in seconds after detecting a beacon with the wrong channel after which the check can be resumed 60 ...

Page 293: ... a client s authentication credentials Man in the middle attacks often rely on a number of different vulnerabilities Example The following command enables detections in the impersonation profile host config ids impersonation profile floor1 host IDS Impersonation Profile floor1 detect beacon wrong channel host IDS Impersonation Profile floor1 detect ap impersonation Command History Version Modifica...

Page 294: ...rd none logs and traps event correlation quiet time value Time to wait in seconds after generating a correlated event after which the event could be raised again This only applies to events that are repeatedly raised by an AP 30 360000 seconds 900 seconds Usage Guidelines Manage the events correlation for IDS event traps and syslogs logs Example host config ids management profile host IDS Manageme...

Page 295: ...ame of an IDS impersonation profile to be applied to the AP group name See ids impersonation profile on page 292 default no Negates any configured parameter signature matching profile Name of an IDS signature matching profile to be applied to the AP group name See ids signature matching profile on page 299 default unauthorized device profile Name of an IDS unauthorized device profile to be applied...

Page 296: ...and Introduced ArubaOS 6 0 Deprecated predefined profiles Deprecated Predefined Profile Deprecated Profile for levels disabled high medium and low l ids disabled l ids high setting l ids medium setting l ids low setting Command Information Platform License Command Mode Available on all platforms Requires the RFprotect license Config mode on master controllers ...

Page 297: ...ype of frame that must be exceeded within a specific interval in an entire channel to trigger an alarm any 300 clone Name of an existing IDS rate thresholds profile from which parameter values are copied no Negates any configured parameter node quiet time After a node rate anomaly alarm has been triggered the time in seconds that must elapse before another identical alarm may be triggered This opt...

Page 298: ...ofile Lobby host IDS Rate Thresholds Profile Lobby channel threshold 250 Command History Version Modification ArubaOS 3 0 Command Introduced ArubaOS 6 0 Deprecated predefined profiles Deprecated Predefined Profiles Deprecated the predefined profile with probe request response threshold Command Information Platform License Command Mode Available on all platforms Requires the RFprotect license Confi...

Page 299: ...See ids signature profile on page 301 Usage Guidelines You can include one or more predefined signature profiles or a user defined signature profile in a signature matching profile Example The following command configures a signature matching profile host config IDS signature matching LobbyEast host IDS Signature Matching Profile LobbyEast signature Null Probe Response Command History Version Modi...

Page 300: ...ure matching profile DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platform License Command Mode Available on all platforms Requires the RFprotect license Config mode on master controllers ...

Page 301: ...profile from which parameter values are copied dst mac Destination MAC address in the 802 11 frame header frame type Type of 802 11 frame For each type of frame further parameters can be specified to filter and detect only the required frames assoc Association frame type auth Authentication frame type beacon Beacon frame type control All control frames data All data frames deauth Deauthentication ...

Page 302: ... MAC address in the 802 11 frame header Example The following command configures a signature profile host config ids signature profile floor4 host IDS Signature Profile floor4 frame type assoc host IDS Signature Profile floor4 src mac 00 00 00 00 00 00 Usage Guidelines The following describes the configuration for the predefined signature profiles Signature Profile Parameter Value AirJack frame ty...

Page 303: ...formation Platform License Command Mode Available on all platforms Requires the RFprotect license Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide ids signature profile 303 ...

Page 304: ...ation detect valid ssid misuse detect windows bridge detect wireless bridge detect wireless hosted network mac oui quiet time seconds no oui classification overlay classification privacy prop wm classification protect adhoc enhanced protect adhoc network protect high throughput protect ht 40mhz protect misconfigured ap protect ssid protect valid sta x protect windows bridge protect wireless hosted...

Page 305: ...ation overrides the original configuration For example if you configure allow well known mac hsrp and then configure allow well known mac iana the original configuration is lost To add more options to the original configuration include all of the required options for example allow well known mac hsrp iana Use caution when configuring this command If the neighboring network uses similar routers tho...

Page 306: ...ices advertising greenfield preamble capability false detect invalid mac oui Enables checking of the first three bytes of a MAC address known as the organizationally unique identifier OUI assigned by the IEEE to known manufacturers Often clients using a spoofed MAC address do not use a valid OUI and instead use a randomly generated MAC address Enabling MAC OUI checking causes an alarm to be trigge...

Page 307: ...ation Enable disable OUI based rogue AP classification enable overlay classification Enable disable overlay rogue AP classification enable privacy Enables encryption as a valid AP configuration false prop wm classification Enable disable rogue AP classification through propagated wired MACs true protect adhoc enhanced Enables advanced protection from adhoc networks including adhoc networks in open...

Page 308: ...at is not using WPA encryption is flagged as misconfigured false rogue containment Rogue APs can be detected see classification but are not automatically disabled This option automatically shuts down rogue APs When this option is enabled true clients attempting to associate to an AP classified as a rogue are disconnected through a denial of service attack false suspect rogue conf level Confidence ...

Page 309: ... devices that can potentially disrupt network operations Example The following command copies the settings from the ids unauthorized device disabled profile and then enables detection and protection from adhoc networks host config ids unauthorized device profile floor7 host IDS Unauthorized Device Profile floor7 unauth1 host IDS Unauthorized Device Profile floor7 clone ids unauthorized device disa...

Page 310: ...ds wms general profile wms general adhoc ap ageout interval adhoc ap ageout interval ap ageout interval ap ageout interval collect stats learn ap learn system wired macs no persistent neighbor persistent valid sta poll interval poll interval poll retries poll retries propagate wired macs sta ageout interval sta ageout interval stat update Description This command configures the WLAN management sys...

Page 311: ... on the same wired networks as Dell APs are classified as rogue APs Enabling AP learning classifies non Dell APs as valid APs Typically you would want to enable AP learning in environments with large numbers of existing non Dell APs and leave AP learning enabled until all APs in the network have been detected and classified as valid Then disable AP learning and reclassify any unknown APs as interf...

Page 312: ...DS WMS General Profile learn ap To disable AP learning host IDS WMS General Profile no learn ap Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 Added parameter learned system wired mac Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 313: ...o apply to the EVDO modem Example host config cell ip access group 3 session Related Command Command Description show interface cellular access group List the Access groups configured on the cellular interface Command History Release Modification ArubaOS 5 0 Command introduced Command Information Platforms Licensing Command Mode W 600 series Base operating system Configuration Mode config cell Del...

Page 314: ...rnet interface on the controller Syntax Parameter Description Range Default slot slot is always 1 port Number assigned to the network interface embedded in the controller Port numbers start at 0 from the left most position description String that describes this interface duplex Transmission mode on the interface full or half duplex or auto to automatically adjust transmission auto full half auto i...

Page 315: ...nterface carries traffic only for the specified VLAN 1 mode Sets the mode of the interface to access or trunk mode only access trunk access trunk Sets the interface as a trunk port for the specified VLANs A trunk port carries traffic for multiple VLANs using 802 1q tagging to mark frames for specific VLANs You can include all VLANs configured on the controller or add or remove specified VLANs Spec...

Page 316: ...d the 16 byte shared key used to authenticate the controllers to each other The key must be the same on both controllers allowed vlan VLANs that are allowed on the xSec tunnel mtu Optional MTU size for the xSec tunnel vlan xSec VLAN ID For controller to controller communications both controllers must belong to the same VLAN 1 4094 Usage Guidelines Use the show port status command to obtain informa...

Page 317: ... 1 The parameter muxport was changed to tunneled node port Command Information Platforms Licensing Command Mode All platforms This command is available in the base operating system The ip access group parameter requires the PEFNG license The xsec parameter requires the xSec license Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide interface fastether...

Page 318: ...idelines If configured the loopback address is used as the controller s IP address If you do not configure a loopback address for the controller the IP address assigned to VLAN 1 is used as the controller s IP address After you configure or modify a loopback address you need to reboot the controller Example The following command configures a loopback address host config interface loopback ip addre...

Page 319: ...DellPowerConnect W Series ArubaOS 6 2 Reference Guide interface loopback 319 ...

Page 320: ... port channel You cannot specify both FastEthernet and GigabitEthernet interfaces for the same port channel del Deletes the specified Fastethernet or Gigabitethernet interface to the port channel ip access group Applies the specified access control list ACL to the interface Use the ip access list command to configure an ACL NOTE This command requires the PEFNG license in Applies ACL to interface s...

Page 321: ... is additive and adds given vlans to the existing untrusted vlan set However if you execute the trusted vlan word command it overrides any earlier untrusted VLANs or a range of untrusted VLANs and creates a new set of trusted VLANs NOTE A port supports a user VLAN range from 1 4094 If you want to set all VLANs 1 4094 on a port as untrusted then mark the port itself as untrusted By default the port...

Page 322: ...meter was added Command Information Platforms Licensing Command Mode This command is available in the base operating system The ipaccess group parameter requires the PEFNG license The xsec parameter requires the xSec license Config mode on master and local controllers interface profile voip profile interface profile voip profile profile name clone source no voip dot1p priority voip dscp value voip...

Page 323: ...ofile does not apply the configuration to any interface or interface group To apply the VoIP profile use the interface gigabitethernet and interface group commands Example The following command configures a VoIP profile interface profile voip profile VoIP_PHONES voip dot1p 100 voip dscp 125 voip mode auto discover voip vlan 126 Command History This command was introduced in ArubaOS Release Modific...

Page 324: ...tomatically adjust transmission auto full hal f auto ip access group Applies the specified access control list ACL to the interface Use the ip access list command to configure an ACL in Applies ACL to interface s inbound traffic out Applies ACL to interface s outbound traffic session Applies session ACL to interface and optionally to a selected VLAN associated with this port no Negates any configu...

Page 325: ...pplied When Dell APs are attached directly to the controller set the port to be trusted enabled vlan word Sets the supplied range of VLANs as trusted All remaining become untrusted automatically For example If you set a VLAN range as vlan 1 10 100 300 301 305 400 501 4094 Then all VLANs in this range are trusted and all others become untrusted by default You can also use the no trusted vlan comman...

Page 326: ...n ArubaOS 3 0 Command introduced ArubaOS 3 4 The trusted VLAN and ip access group session vlan parameters were introduced ArubaOS 3 4 1 The trusted vlan word parameter was added Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master and local controllers ...

Page 327: ... tunnel mtu MTU size for the interface 1024 9216 no Negates any configured parameter shutdown Causes a hard shutdown of the interface trusted Set this interface and range of VLANs to be trusted VLANs not included in the trusted range of VLANs will be by default untrusted Trusted ports and VLANs are typically connected to internal controlled networks while untrusted ports connect to third party APs...

Page 328: ...16 bit protocol number uniquely identifies a Layer 2 tunnel The controllers at both endpoints of the tunnel must be configured with the same protocol number source The local endpoint of the tunnel on the controller This can be one of the following l specified IP address l the loopback interface configured on the controller l specified VLAN vlan VLANs to be included in this tunnel Usage Guidelines ...

Page 329: ...mand Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide interface tunnel 329 ...

Page 330: ... interface Syntax Parameter Description Range Defau lt vlan VLAN ID number 1 4094 bandwidth contract Name of the bandwidth contract to be applied to this VLAN interface When applied to a VLAN the contract only limits multicast traffic and does not affect other data Use the aaa bandwidth contract command to configure a bandwidth contract bcmc optimization Enables broadcast and multicast traffic opt...

Page 331: ...e switch 1 80 routing Enables layer 3 forwarding on the VLAN interface To disable layer 3 forwarding you must configure the IP address for the interface and specify no ip routing ena bled ipv6 Configures IPv6 for this interface address Configures the link local address or the global unicast adress for this interface mld snooping Enables Multicast Listener Discovery MLD snooping on this interface n...

Page 332: ...information about the AP and SSID through which a client is connecting into the DHCP request Many service providers use this mechanism to make access control decisions You can include only the MAC address or MAC address and ESSID essid ESSID is an alphanumeric name that uniquely identifies a wireless network shutdown Causes a hard shutdown of the interface suppress arp Prevents flooding of ARP bro...

Page 333: ...6 0 The pppoe max segment site pppoe password pppoe service name and pppoe password parameters were introduced ArubaOS 6 1 The option 82 parameter was introduced ArubaOS 6 2 The nd parameter for configuring neighbor discovery and router advertizement options was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master and local contr...

Page 334: ...optional parameter to configure the global unicast address in Extended Universal Identifier 64 bit format EUI 64 for this interface nd Configures the IPv6 neighbor discovery options for router advertizement functionality ra Configures the following router advertisement options l dns Configures IPv6 recursive DNS server l enable Enables IPv6 RA l hop limit Configures RA hop limit l interval Configu...

Page 335: ...f interface vlan 1 config subif ipv6 address 2001 DB8 0 3 64 eui 64 Command History Release Modification ArubaOS 6 1 This command was introduced ArubaOS 6 2 The nd parameter for configuring neighbor discovery and router advertisement options was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W S...

Page 336: ...to interfaces on the W 6000M3 controller slots 0 3 The port parameter refers to the network interfaces that are embedded in the front panel of the W 3000 series controller or a W 6000M3 controller module installed in a W 6000 controller chassis Port numbers start at 0 from the left most position Usage Guidelines The newer IGMP proxy feature and the older IGMP snooping feature cannot be enabled at ...

Page 337: ...terface vlan vlan ipv6 mld snooping and the IPv6 router will send multicast frames to only those nodes that need to receive them Command History This command was introduced in ArubaOS 3 4 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide interface vlan ip igmp proxy 337 ...

Page 338: ...ollowing l Ethertype in decimal or hexadecimal 0 65535 and optional wildcard 0 65535 l any match any Ethertype Optionally you can configure the mirror parameter which mirrors packets to a datapath or remote destination or set the position of the ACL The default position is last a position of 1 puts the ACL at the top of the list Usage Guidelines The Ethertype field in an Ethernet frame indicates t...

Page 339: ...d Information Platform License Command Mode Available on all platforms Requires the PEFNG license Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide ip access list eth 339 ...

Page 340: ...rtal on the controller If you have the Next Generation Policy Enforcement Firewall PEFNG license installed in the controller modify the captive portal session ACL to permit HTTP S traffic to the destination cp redirect address ip6addr instead of mswitch If you do not have the PEFNG license installed in the controller the implicit captive portal profile ACL is automatically modified when you issue ...

Page 341: ...ines the way to learn the route Usage Guidelines This command configures an IPv6 default gateway Example The following command configures an IPv6 default gateway host config ipv6 default gateway 2cce 205 160 100 fe 1 Command History Introduced in ArubaOS 6 1 Command Information Platform License Command Mode Available on all platforms Available in the base operating system Config mode on master con...

Page 342: ...ing globally This option is disabled by default Syntax No parameters Usage Guidelines This command enables IPv6 packet processing globally Command History This command was introduced in ArubaOS 6 0 Command Information Platform License Command Mode Available on all platforms Available in the base operating system Config mode on master controllers ...

Page 343: ...between wired or wireless users You can configure user role policies that prevent Layer 3 traffic between users or networks but this does not block Layer 2 traffic This option can be used to prevent Appletalk or IPX traffic from being forwarded disabled drop ip frag ments When enabled all IP fragments are dropped You should not enable this option unless instructed to do so by an Dell representativ...

Page 344: ... session packets are sent The destination can be either an IPv4 address or a controller port You configure IPv6 flows to be mirrored with the mirror option of the ipv6 access list session command Use this option only for troubleshooting or debugging ip address ipaddr Send mirrored session packets to the specified IP address port slot port Send mirrored session packets to the specified controller p...

Page 345: ...he number of seconds represented by this value must be less than the query interval robustness variable Specify a value between 2 to 10 The default value is 2 The robustness variable allows you to tune for the expected packet loss on a link If a link is expected to be lossy you can increase this value NOTE You must not configure the robustness variable as 0 or 1 Usage Guidelines You can modify the...

Page 346: ...346 ipv6 mld DellPowerConnect W Series ArubaOS 6 2 Reference Guide ...

Page 347: ...hbor entry Usage Guidelines You can configure an IPv6 static neighbor on a VLAN interface Example The following command configures an IPv6 static neighbor on VLAN 1 host config ipv6 neighbor 2cce 205 160 100 fe vlan 1 00 0b 86 61 13 28 Command History Introduced in ArubaOS 6 1 Command Information Platform License Command Mode Available on all platforms Available in the base operating system Config...

Page 348: ...address or null 0 to terminate or discard the packets cost Specify the distance metric to select the routing protocol that determines the way to learn the route Usage Guidelines You can configure static IPv6 routes on the controller Example The following command configures a static IPv6 route on the controller host config ipv6 route 2cce 205 160 100 fe 64 2cce 205 160 100 ff 1 Command History Intr...

Page 349: ...smission Control Protocol l udp User Datagram Protocol source Source which can be one of the following l Source address IPv4 or IPv6 and wildcard l any any source l host specify a single host IP address dest Destination which can be one of the following l Destination address IPv4 or IPv6 and wildcard l any any destination l host specify a single host IP address no Negates any configured parameter ...

Page 350: ...Usage Guidelines Extended ACLs are supported for compatibility with router software from other vendors This ACL permits or denies traffic based on the source or destination IP address or IP protocol Example The following command configures an extended ACL host config ip access list extended 100 deny any host 1 1 21 245 any Command History This command was available in ArubaOS 3 0 Command Informati...

Page 351: ...llow the specified packets which can be the following MAC address and optional wildcard any any packets host specify a MAC address Optionally you can configure the mirror parameter which mirrors packets to a datapath or remote destination Usage Guidelines MAC ACLs allow filtering of non IP traffic This ACL filters on a specific source MAC address or range of MAC addresses If you configure the mirr...

Page 352: ...352 ip access list mac DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platform License Command Mode Available on all platforms Requires the PEFNG license Config mode ...

Page 353: ...P address to match traffic network specify the IP address and netmask user represents the IP address of the user service Network service which can be one of the following IP protocol number 0 255 name of a network service use the show netservice command to see configured services any match any traffic tcp specify the TCP port number 0 65535 udp specify the UDP port number 0 65535 action Action if ...

Page 354: ...ession packets to datapath or remote destination If you configure the mirror option define the destination to which mirrored packets are sent in the firewall policy For more information see firewall on page 263 next hop list Route packet to the next hop in the list position specify the position of the rule 1 is first default is last queue assign flow to priority queue high low send deny response i...

Page 355: ...mit Low 4 2 11 12 11 11 2 any any permit Low 6 Command History Introduced in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms Requires the PEFNG license Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide ip access list session 355 ...

Page 356: ...ddress and optional wildcard any any packets host specify a host IP address no Negates any configured parameter permit Allow the specified packets which can be the following IP address and optional wildcard any any packets host specify a host IP address Usage Guidelines Standard ACLs are supported for compatibility with router software from other vendors This ACL permits or denies traffic based on...

Page 357: ...rcement Firewall PEFNG license installed in the controller modify the captive portal session ACL to permit HTTP S traffic to the destination cp redirect address ipaddr instead of mswitch If you do not have the PEFNG license installed in the controller the implicit captive portal profile ACL is automatically modified when you issue this command Example The following command configures a captive por...

Page 358: ...ipsec map cost Distance metric for this route Usage Guidelines You can use this command to set the default gateway to the IP address of the interface on the upstream router or switch to which you connect the controller If you define more than one dynamic gateway type you must also define a cost for the route to each gateway The controller will first attempt to obtain a gateway IP address using the...

Page 359: ...IP addresses Usage Guidelines Use this command to specifically exclude certain addresses from being assigned by the DHCP server It is good practice to exclude any statically assigned addresses Example The following command configures an excluded address range ip dhcp excluded address 192 168 1 1 192 168 1 255 Command History Introduced in ArubaOS 3 0 Command Information Platform License Command Mo...

Page 360: ...ed through PPPoE or DHCP domain name Domain name to which the client belongs lease The amount of time that the assigned IP address is valid for the client Specify the lease in days hours minutes netbios name server IP address of the NetBIOS Windows Internet Naming Service WINS server which can be one of the following address IP address of the WINS server You can specify up to eight IP addresses im...

Page 361: ... of the VLAN matches a configured DHCP pool the controller answers the request Example The following command configures a DHCP pool host config ip dhcp pool floor1 default router 10 26 1 1 dns server 192 168 1 10 domain name floor1 test com lease 0 8 0 network 10 26 1 0 255 255 255 0 Command History Introduced in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platfo...

Page 362: ...rameters for this command Usage Guidelines This command is enabled by default Use the no form of this command to disable Example The following command enables DNS hostname translation host config ip domain lookup Command History This command was available in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms Available in the base operating system Config mode o...

Page 363: ...tain domain names You must have at least one domain name server configured on the controller see ip name server on page 378 Example The following command configures the default domain name host config ip domain name yourdomain com Command History This command was available in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms Available in the base operating sy...

Page 364: ... per group 1 65535 300 query interval Interval in seconds at which the controller sends host query messages to the multicast group address 224 0 0 1 to solicit group membership information 1 65535 seconds 125 seconds query response interval Maximum time in 1 10th seconds that can elapse between when the controller sends a host query message and when it receives a response This must be less than th...

Page 365: ...GMP host config ip igmp query interval 130 Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 Added parameters max members per group and quick client convergence Command Information Platform License Command Mode Available on all platforms Available in the base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide ip ig...

Page 366: ...paddr Starting IP address for the pool end ipaddr Optional Ending IP address for the pool Usage Guidelines VPN clients can be assigned IP addresses from the L2TP pool Example The following command configures an L2TP pool host config ip local pool 10 1 1 1 10 1 1 99 Command History This command was available in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms...

Page 367: ... active domain on the controller However once you assign a controller to a user defined domain the default mobility domain is no longer an active domain on the controller Example The following command assigns the controller to a user defined mobility domain host config ip mobile active domain campus1 Command History This command was available in ArubaOS 3 0 Command Information Platform License Com...

Page 368: ...arameter Usage Guidelines You configure the HAT on a master controller the mobility domain information is pushed to all local controllers that are managed by the same master HAT entries map subnetworks or VLANs and the home agents The home agent is typically the controller s IP address The home agent s IP address must be routable that is all controllers that belong to the same mobility domain must...

Page 369: ...ArubaOS 3 0 Command available ArubaOS 6 0 A new parameter description is added for providing more information about a HAT entry ArubaOS 3 4 1 vlan range parameter introduced Command Information Platform License Command Mode Available on all platforms Available in the base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide ip mobile domain 369 ...

Page 370: ...re registration messages are sent to the home agent interval Retransmission interval in milliseconds 100 10000 1000 milliseconds retransmits Maximum number of times the foreign agent attempts mobile IP registration message exchanges before giving up 0 5 3 Usage Guidelines A foreign agent is the controller which handles all mobile IP communication with a home agent on behalf of a roaming client Exa...

Page 371: ...ifference in seconds for timestamp based replay protection as described by RFC 3344 IP Mobility Support for IPv4 0 disables replay 0 300 7 seconds Usage Guidelines A home agent for a mobile client is the controller where the client first appears when it joins the mobility domain The home agent is the single point of contact for the client when it roams Example The following command configures the ...

Page 372: ...yntax Platform License mac address The MAC address of the host Usage Guidelines Executing this command enables packet tracing for the given mac address This is used for troubleshooting purposes only Example The following command enables packet tracing for the host host config ip mobile packet trace 00 40 96 a6 a1 a4 Command History This command was available in ArubaOS 3 4 Command Information Plat...

Page 373: ...ew bootp request will kick start a new DHCP state machine NOTE Best practices is to keep this parameter at the default setting 0 65534 25 ignore options Enables support for devices that use DHCP with zero options For example Symbol NOTE Best practices is to keep this parameter at the default setting disabled max requests Maximum number of BOOTP packets that are allowed to be handled during one DHC...

Page 374: ...without waiting for the stale timeout user delete from management foreign agent to foreign agent handoff etc This is different from the no service timeout no service timeout occurs up front while the stale timeout begins when mobility service is provided but the connection is disrupted for some reason 30 3600 60 seconds stand alone AP Enables support for third party or standalone APs When this is ...

Page 375: ...troller it is recommended that you keep the on association option enabled This helps trigger mobility as soon as 802 11 association packets are received from the mobile client Example The following command enables the packet trace for the given MAC address ip mobile packet trace 00 40 96 a6 a1 a4 Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 6 2 The re home parameter ...

Page 376: ... up 0 5 3 Usage Guidelines A home agent or foreign agent can send a registration revocation message which revokes registration service for the mobile client For example when a mobile client roams from one foreign agent to another the home agent can send a registration revocation message to the first foreign agent so that the foreign agent can free any resources held for the client Example The foll...

Page 377: ...ress Description This command configures the capture of association trail for all devices Command History Version Description ArubaOS 3 0 Command introduced ArubaOS 6 1 Command deprecated DellPowerConnect W Series ArubaOS 6 2 Reference Guide ip mobile trail deprecated 377 ...

Page 378: ...idelines You can configure up to six servers using separate commands Specify one or more servers when you configure a default domain name see ip domain name on page 363 Example The following command configures a name server ip name server 10 1 1 245 Command History This command was available in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms Available in th...

Page 379: ... addresses in the pool dest ipaddr Destination NAT IP address Usage Guidelines This command configures a NAT pool which you can reference in a session ACL rule see ip access list session on page 353 Example The following command configures a NAT pool host config ip nat pool 2net 2 1 1 1 2 1 1 125 Command History This command was available in ArubaOS 3 0 Command Information Platform License Command...

Page 380: ...erval elapses the neighboring routers declare the router dead 1 to 65535 seconds 40 hello interval seconds Set the elapse interval seconds between hello packets sent on the interface 1 to 65535 seconds 10 message digest key keyid passwd Enable OSPF MD5 authentication and set the key identification and a character string password keyid 1 to 256 No default priority number Set the priority number of ...

Page 381: ...uration Command History Release Modification ArubaOS 3 4 Command introduced Command Information Platforms Licensing Command Mode All Platforms Base operating system Configuration Interface Mode config subif DellPowerConnect W Series ArubaOS 6 2 Reference Guide ip ospf 381 ...

Page 382: ...ip pppoe max segment size deprecated ip pppoe max segment size mss Description This command configures the maximum TCP segment size mss in bytes for Point to Point Protocol over Ethernet PPPoE data Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 Command deprecated ...

Page 383: ...Description This command configures the PPP over Ethernet PPPoE password Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 Command deprecated DellPowerConnect W Series ArubaOS 6 2 Reference Guide ip pppoe password deprecated 383 ...

Page 384: ...baOS 6 2 Reference Guide ip pppoe service name deprecated ip pppoe service name service_name Description This command configures the PPP over Ethernet PPPoE service name Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 Command deprecated ...

Page 385: ...Description This command configures the PPP over Ethernet PPPoE username Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 Command deprecated DellPowerConnect W Series ArubaOS 6 2 Reference Guide ip pppoe username deprecated 385 ...

Page 386: ...only be used on the master controller udp port UDP port to receive server requests 0 65535 3799 source inter face Interface for all outgoing RADIUS packets The IP address of the specified interface is included in the IP header of RADIUS packets The interface can be one of the following loopback The loopback interface vlan The specified VLAN Usage Guidelines This command configures global RADIUS se...

Page 387: ...DellPowerConnect W Series ArubaOS 6 2 Reference Guide ip radius 387 ...

Page 388: ...he cost the higher the priority ipsec name Enter the keyword ipsec followed by the ipsec map name to use a static ipsec route map null 0 Enter the key word null 0 to designate a null interface Usage Guidelines This command configures a static route on the controller other than the default gateway Use the ip default gateway command to set the default gateway to the IP address of the interface on th...

Page 389: ...that is configured in a passive state The port in a passive mode responds to negotiations requests from other ports that are in an active state Ports in passive state respond to LACP packets Usage Guidelines LACP is disabled by default this command enables LACP If the group number assigned contains static port members the command is rejected Related Command Command Description show lacp View the L...

Page 390: ...delines Set the port priority for LACP Related Commands Command Description lacp group Enable LACP and configure on the interface show lacp View the LACP configuration status show lacp sys id View the LACP system ID information show interface port channel View information on a specified port channel interface Command History Release Modification ArubaOS 3 4 1 Command introduced Command Information...

Page 391: ...ription lacp group Enable LACP and configure on the interface show lacp View the LACP configuration status show lacp sys id View the LACP system ID information show interface port channel View information on a specified port channel interface Command History Release Modification ArubaOS 3 4 1 Command introduced Command Information Platforms Licensing Command Mode All Platforms Base operating syste...

Page 392: ...PDU Link Aggregation Control Protocol data unit from the remote system before terminating the LACP session The default time out value is 90 seconds long Related Commands Command Description lacp group Enable LACP and configure on the interface show lacp View the LACP configuration status show lacp sys id View the LACP system ID information show interface port channel View information on a specifie...

Page 393: ...stem reboot in the LCD menu Enabled upgrade image Disables or enables the upgrade image option in the LCD menu Enabled partition 0 partition 1 Disables or enables image upgrade on the specified partition 0 or 1 Enabled upload config Disables or enables the upload config option in the LCD menu Enabled Usage Guidelines You can use this command to disable executing the maintenance operations using th...

Page 394: ...e menu The following example disables executing the specified maintenance operation using the LCD menu host configure terminal host config lcd menu host lcd menu disable menu maintenance factory default Disable factory default menu gui quick setup Disable quick setup menu on LCD media eject Disable media eject menu on LCD system halt Disable system halt menu on LCD system reboot Disable system reb...

Page 395: ...ontroller report Saves a license report to the specified file in flash Usage Guidelines Obtain an Dell software license certificate from your Dell sales representative or authorized reseller Use the certificate ID and the system serial number to obtain a software license key which you install in the controller NOTE Users that are not very familiar with this procedure may wish to use the License Ma...

Page 396: ...ster controllers to use IKEv2 and custom installed certificates you can optionally use Suite B cryptographic algorithms for IPsec encryption Specify one of the following options l gcm 128 Use 128 bit AES GCM Suite B encryption l gcm 256 Use 256 bit AES GCM Suite B encryption Usage Guidelines Use this command on a master controller to configure the custom certificate for communication with a local ...

Page 397: ... 128 and suite b gcm 256 encryption options for IPsec custom certificates requires the Advanced Cryptography ACR license All other parameters are available in the base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide local custom cert 397 ...

Page 398: ...p command to configure the IP address and certificates for the master controller If your master and local controllers use certificates for authentication the IPsec tunnel will be created using IKEv2 Example The following command configures the local controller with a factory installed certificate host config local factory cert local mac 00 16 CF AF 3E E1 Related Commands Command Description Mode s...

Page 399: ...the description includes spaces it must be enclosed within quotation marks full name full name Name of the client using the AP Usage Guidelines You can manually change or disable entries from the remote AP whitelist to temporarily revoke an AP s secure access to the network Example The following command adds a remote AP whitelist entry for an AP with the MAC address 00 16 CF AF 3E E1 host config l...

Page 400: ...characters generate password Automatically generate a password for the username password Add the specified password for the username 6 128 characters comments Comments added to the guest user account email Email address for the guest user account expiry Expiration for the user account If this is not set the account does not expire no expiration duration Duration in minutes for the user account 1 2...

Page 401: ...al database in the master controller is used for authentication Issue the aaa authentication server internal use local switch command to use the internal database in a local controller you then need to add user accounts to the internal database in the local controller Example The following command adds a guest user in the internal database with an automatically generated username and password host...

Page 402: ... W Series ArubaOS 6 2 Reference Guide Command Information Platform License Command Mode Available on all platforms Available in the base operating system The role parameter requires the PEFNG license Enable and config modes on master controllers ...

Page 403: ... entry with the correct Remote Node configuration profile A remote node profile has to be validated before it is configured and pushed to a Remote Node Example This example adds the Remote Node profile named Location 1 to the Remote Node whitelist remote node master local userdb remote node add mac address 00 16 CF AF 3E E1 remote node profile Location_1 This example removes a Remote Node from the...

Page 404: ...rofile Shows Remote Node profile status information Enable and Config mode show local userdb remote node The output of this command lists the MAC address and assigned Remote Node profile for of each Remote Node associated with that Remote Node master Enable and Config mode Command History Modification ArubaOS 6 0 Command introduced Command Information Platform License Command Mode Available on all...

Page 405: ...for the username password Add the specified password for the username 6 128 characters comments Comments added to the user account email Email address for the user account expiry Expiration for the user account If this is not set the account does not expire no expiration duration Duration in minutes for the user account 1 2147483647 time Date and time in mm dd yyy and hh mm format that the user ac...

Page 406: ...fy the internal database as an authentication server client information is checked against the user accounts in the internal database You can modify an existing user account in the internal database with the local userdb modify command or delete an account with the local userdb del command By default the internal database in the master controller is used for authentication Issue the aaa authentica...

Page 407: ... mgmt user webui cacert certificate_ name serial number username role command if you want the authentication process to use previously configured certificate name and serial number to derive the user role Config mode Command History Modification ArubaOS 3 0 Introduced for the first time ArubaOS 3 4 The guest sponsor and optional field parameters were added Command Information Platform License Comm...

Page 408: ... Use this command on a master controller to configure the IP address and preshared key or certificates for communication with a local controller On the local controller use the masterip command to configure the IP address and preshared key for the master controller If your master and local controllers use a pre shared key for authentication they will create the IPsec tunnel using IKEv1 Example The...

Page 409: ...nt unauthorized users from accessing the company s corporate network use the command local userdb ap revoke Example The example below deletes an AP from the remote AP whitelist host config local userdb ap del mac addr 00 0b 86 c3 58 38 Related Commands Command Description lacp group Enable LACP and configure on the interface show lacp View the LACP configuration status show lacp sys id View the LA...

Page 410: ...description description Description of the AP If the description includes spaces it must be enclosed within quotation marks full name full name Name of the client using the AP mode enable disable Enable or disable the AP without deleting it from the database Usage Guidelines You can manually change or disable entries from the AP whitelist to temporarily revoke an AP s secure access to the network ...

Page 411: ...n remote AP to prevent unauthorized users from accessing the company s corporate network To permanently remove an AP from the whitelist use the command local userdb ap del Example The example below revokes an A s entry from the remote AP whitelist host config local userdb ap revoke mac addr 00 0b 86 c3 58 38 revoke comment removing this AP from the 1st floor Command History Modification ArubaOS 3 ...

Page 412: ...age Guidelines User account entries created with expirations are automatically deleted from the internal database at the specified expiration Use this command to delete an entry before its expiration or to delete an entry that was created without an expiration Example The following command deletes a specific user account entry host local userdb del username guest4157 Command History Introduced in ...

Page 413: ...le in flash Usage Guidelines After using this command you can use the copy command to transfer the file from flash to another location Example The following command saves the internal database to a file host local userdb export jan userdb Command History Introduced in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms Available in the base operating system Ena...

Page 414: ...s and reinitializes the internal database Syntax No parameters Usage Guidelines Before using this command you can save the internal database with the local userdb export command Command History Introduced in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms Available in the base operating system Enable mode on master controllers ...

Page 415: ...leted from the internal database at the specified expiration Use this command to delete an entry before its expiration or to delete an entry that was created without an expiration Example The following command deletes a specific user account entry host local userdb guest del username guest4157 Command History Introduced in ArubaOS 3 4 Command Information Platform License Command Mode Available on ...

Page 416: ...added to the user account email Email address for the use account expiry Expiration for the user account If this is not set the account does not expire no expiration duration Duration in minutes for the user account 1 2147483647 time Date and time in mm dd yyy and hh mm format that the user account expires guest company Name of the guest s company NOTE A guest is the person who needs guest access ...

Page 417: ...delines Use the show local userdb guest command to view the current user account entries in the internal database Example The following command disables an guest user account in the internal database host local userdb guest modify username guest4157 mode disable Command History Introduced in ArubaOS 3 4 Command Information Platform License Command Mode Available on all platforms Available in the b...

Page 418: ...ess to sponsor Allows you to send email to the sponsor s email address Usage Guidelines This command allows the guest provisioning user or network administrator to causes the controller to send email to the guest and or sponsor any time a guest user is created Example The following command causes the controller to send an email to the sponsor alerting them that the guest user Laura was just create...

Page 419: ...the contents in the specified file The file must be a valid internal database file saved with the local userdb export command Example The following command imports the specified file into the internal database host local userdb import jan userdb Command History Introduced in ArubaOS 3 0 Command Information Platform License Command Mode Available on all platforms Available in the base operating sys...

Page 420: ...tabase can remain valid 1 2147483647 Usage Guidelines The user in the guest provisioning role cannot create guest accounts that expire beyond the configured maximum time This command is not available to the user in the guest provisioning role Example The following command sets the maximum time for guest accounts in the internal database to 8 hours 480 minutes host config local userdb maximum expir...

Page 421: ...for the user account If this is not set the account does not expire no expiration duration Duration in minutes for the user account 1 2147483647 time Date and time in mm dd yyy and hh mm format that the user account expires guest company Name of the guest s company NOTE A guest is the person who needs guest access to the company s Dell wireless network guest fullname The guest s full name guest ph...

Page 422: ...e Date and time in mm dd yyy and hh mm format the guest account begins Usage Guidelines Use the show local userdb command to view the current user account entries in the internal database Example The following command disables an existing user account in the internal database host local userdb modify username guest4157 mode disable Command History Modification ArubaOS 3 0 Introduced for the first ...

Page 423: ... is created When configuring the guest provisioning feature the guest user is generally created by Guest Provisioning user This is the person who is responsible for signing in guests at your company Example host config local userdb send to guest Command History Introduced in ArubaOS 3 4 Command Information Platform License Command Mode Available on all platforms Available in the base operating sys...

Page 424: ...ry contact Email is sent directly to the guest s sponsor after the guest user is created When configuring the guest provisioning feature the sponsor is generally created by the Guest Provisioning user This is the person who responsible for signing in guests at your company Example host config local userdb send to sponsor Command History Introduced in ArubaOS 3 4 Command Information Platform Licens...

Page 425: ... a space in the name use quotation marks to enclose the text string To change the existing name enter the command with a different string To unconfigure the location enter at the prompt Example The following command configures the location host config location Building 10 second floor room 21E Command History Introduced in ArubaOS 3 0 Command Information Platform License Command Mode Available on ...

Page 426: ...sage Guidelines The local use facilities local0 local1 local2 local3 local4 local5 local6 and local7 are not reserved for specific message generating sources and can be used for sending syslog messages Use the show logging command to verify that the device sends logging messages Example The following command adds the remote logging server with the IP address 10 1 2 3 with a user log type using loc...

Page 427: ...cal1 local2 local3 local4 local5 local6 and local7 are not reserved for specific message generating sources and can be used for sending syslog messages Example The following command sets the facility to local4 host config logging facility local4 Command History Introduced in ArubaOS 2 5 Command Information Platform License Command Mode Available on all platforms Available in the base operating sys...

Page 428: ...l conditions such as hard drive errors errors 3 Error conditions warnings 4 Warning messages notifications 5 Significant events of a non critical and normal nature informational 6 Messages of general interest to system users debugging 7 Messages containing information for debugging purposes category Message category which can be one of the following ap debug AP troubleshooting messages You must sp...

Page 429: ...ndependent Multicast pppoed PPPoE pptp PPTP processes Run time processes profmgr Profile Manager publisher Publish subscribe service rfm RF Troubleshooting Manager snmp SNMP stm Station management syslogdwrap Syslogd wrap traffic Traffic vrrpd VRRP wms Wireless management master controller only subcat Message subcategory which depends upon the message category specified The following lists the sub...

Page 430: ... through level 5 from emergencies through notifications are also logged The warnings severity level is set by default for all message categories Only the logging level warnings security subcat ids and logging level warnings security subcat ids ap subcategories are enabled by default Other subcategories are not generated by default even their severity is warning or higher Issue the logging level co...

Page 431: ... a Telnet or SSH session times out If you set the timeout value to 0 sessions do not time out The TCP session timeout for wireless and wired user sessions through the controller is 15 minutes this timeout for user sessions is not configurable ExampleThe following command configures management sessions on the controller to not time out host config loginsession timeout 0 Command History This command...

Page 432: ...s Usage Guidelines Use this command to leave the current CLI session and return to the user login Example The following command exits the CLI session host logout User Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system User mode on local or master controllers ...

Page 433: ...delines The MAC address table is used to forward traffic between ports on the controller The table includes addresses learned by the controller This command allows you to manually enter static addresses that are bound to specific ports and VLANs Example The following command configures a MAC address table entry host config mac address table static 00 0b 86 f0 05 60 fastethernet 1 12 vlan 22 Comman...

Page 434: ...h you configure using the vrrp command Example The following command configures VRRP for the initially preferred master controller host config vrrp 22 vlan 22 ip address 10 200 22 254 priority 110 preempt description Preferred Master tracking master up time 30 add 20 no shutdown master redundancy master vrrp 22 peer ip address 192 168 2 1 ipsec qwerTY012 The following shows the corresponding VRRP ...

Page 435: ...and Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide master redundancy master vrrp 435 ...

Page 436: ...nstalled on the master controller Use the show crypto local pki TrustedCA command to display the CA certificates that have been imported into the controller server cert cert User defined name of a server certificate installed on the master controller Use the show crypto local pki ServerCert command to display the server certificates that have been imported into the controller interface Specify the...

Page 437: ... local controller NOTE Changing the IP address of the master on a local controller requires a reboot of the local controller If your master and local controllers use a pre shared key for authentication they will create the IPsec tunnel using IKEv1 If your master and local controllers use certificates for authentication the IPsec tunnel will be created using IKEv2 Example The following command conf...

Page 438: ...stedCA command to display the CA certificates that have been imported into the controller server cert cert User defined name of a server certificate installed on on the redundant master controller Use the show crypto local pki ServerCert command to display the server certificates that have been imported into the controller suite b If you configure your master controllers to use IKEv2 and custom in...

Page 439: ...ec custom cert parameters were introduced to allow certificate based authentication of master and local controllers Command Information Platform License Command Mode Available on all platforms The suite b gcm 128 and suite b gcm 256 encryption options for IPsec custom certificates requires the Advanced Cryptography ACR license All other parameters are available in the base operating system Config ...

Page 440: ...ation Monitoring AMON protocol Syntax Parameter Description amp other Define any other type of management server primary server ip addr IP address of the primary management server Example The following command defines a primary and secondary Airwave Management server host config mgmt server type amp primary server 192 168 6 2 Command History Modification ArubaOS 3 4 Command introduced ArubaOS 6 1 ...

Page 441: ...r l read only Permits access to CLI show commands or WebUI monitoring pages only l root Permits access to all management functions on the controller password NOTE You are prompted for the password for this user after you type in role and press Enter The password must have a minimum of six characters You can use special characters in the management user password The restrictions are as follows l Yo...

Page 442: ... Use webui cacert certificate name command if you want an external authentication server to derive the management user role This is helpful if there are a large number of users who need to be authenticated Or use the mgmt user webui cacert certificate_name serial number username role if you want the authentication process to use previously configured certificate name and serial number to derive th...

Page 443: ...Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide mgmt user 443 ...

Page 444: ... l Configures the IP address of the MMS server In previous ArubaOS releases this was done with the mobility server command l Creates an SNMP version 3 user profile with the configured username and password This allows SNMP SETs from the MMS server to be received by the controller The authentication protocol is Secure Hash Algorithm SHA and Data Encryption Standard DES is used for encryption If use...

Page 445: ...d was introduced in ArubaOS 3 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide mobility manager 445 ...

Page 446: ...resses consisting of sequential addresses between a lower and an upper value The maximum number of addresses in the range is 16 If larger ranges are needed convert the range into a subnetwork and use the network parameter Usage Aliases can simplify configuration of session ACLs as you can use an alias when specifying the traffic source and or destination it in multiple session ACLs Once you config...

Page 447: ...on ArubaOS 3 0 Command introduced ArubaOS 6 1 Host functionality now only supports IPv4 subnets ArubaOS 6 2 Name parameter has maximum character length Command Information Platforms Licensing Command Mode All platforms Requires the Policy Enforcement Firewall license Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide netdestination 447 ...

Page 448: ...A range of IPv6 addresses consisting of sequential addresses between a lower and an upper value The maximum number of addresses in the range is 16 If larger ranges are needed convert the range into a subnetwork and use the network parameter Usage Guidelines Aliases can simplify configuration of session ACLs as you can use an alias when specifying the traffic source and or destination Once you conf...

Page 449: ...a description about the net destination up to 128 characters long Dell PowerConnect W Series ArubaOS 6 2 Maximum length allowed for netdestination6 name is now 63 characters Command Information Platforms Licensing Command Mode All platforms Requires the Policy Enforcement Firewall license Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide netdestination6 449 ...

Page 450: ...6 mobility header l routing Matches the IPv6 routing header deny Denies the IPv6 packets matching the specified extended header type permit Permits the IPv6 packets matching the specified extended header type NOTE By default all the EH types are supported in the default EH Usage Guidelines ArubaOS firewall is enhanced to process the IPv6 extension header EH to enable IPv6 packet filtering You can ...

Page 451: ...Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide netexthdr 451 ...

Page 452: ...e port number or define a port range by specifying both the lower and upper port numbers 0 65535 ALG Application level gateway ALG for this alias service Specify one of the following service types l dhcp Service is DHCP l dns Service is DNS l ftp Service is FTP l h323 Service is H323 l noe Service is Alcatel NOE l rtsp Service is RTSP l sccp Service is SCCP l sip Service is SIP l sips Service is S...

Page 453: ...rubaOS 6 0 The list parameter for defining non contiguous ports was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide netservice 453 ...

Page 454: ...clients per host Specify the maximum number of concurrent clients for a single host Currently the W 600 series supports a maximum of 20 concurrent clients max jobs Specify the maximum number of jobs that can be saved in the memory Currently the W 600 seriescontroller will support a storage of 1000 jobs Usage Guidelines Use this command in the config mode In the enable mode you can use the network ...

Page 455: ...ode Where disk name is the name of the disk You can also specify the disk alias instead of the disk name filesystem path is the path to access the share This path contains the partition name and the shared folder name mode is the permission settings You can either specify read only or read write modes Example The following command associates a share to a file system path and configures the access ...

Page 456: ...456 network storage deprecated DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode W 600 series Base operating system Enable mode ...

Page 457: ...ver This helps identify secure servers from fradulent servers This command has to be enabled for NTP authentication to work Example The following command configures an NTP server host config ntp authenticate Command History Release Modification ArubaOS 6 1 Command introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers D...

Page 458: ...eyvalue The key value is a secret string which along with the key identifier is used for authentication This is added into the database Usage Guidelines NTP authentication works with a symmetric key configured by user The key is shared by the client Dellcontroller and an external NTP server This command adds both the key identifier and secret string into the database Example The following command ...

Page 459: ...ey identifier configured in the ntp authentication key command Usage Guidelines You can configure the controller to set its system clock using NTP by specifying one or more NTP servers Example The following command configures an NTP server using the iburst optional parameter and using a key identifier 123456 host config ntp server 10 1 1 245 iburst key 12345 Command History Release Modification Ar...

Page 460: ...ing that can be used for authentication Usage Guidelines You can configure additional subset of keys which are trusted and can be used for NTP authentication Example The following command configures an additional trusted key 84956 which can be used for NTP authentication host config ntp trusted key 84956 Command History Release Modification ArubaOS 6 1 Command introduced Command Information Platfo...

Page 461: ...ll CLI ports are always skipped Disabled Usage Guidelines This command applies to control path packets not datapath packets Packets can be retrieved through the tar log command look for the filter pcap file This command activates packet capture options on the current switch They are not saved and applied across switches If you do want to enable a packet capture session without setting values that ...

Page 462: ...462 packet capture DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 463: ... to bypass the all setting All CLI ports are always skipped Disabled Usage Guidelines This command applies to control path packets not datapath packets Packets can be retrieved through the tar log command look for the filter pcap file This command activates packet capture options on the current switch They are not saved and applied across switches Example The following command sets the default pac...

Page 464: ...ed Packet filtering for all other packets disabled Packet Capture Defaults across switches and reboots if saved Packet filtering TCP with 2 port s enabled 2 1 Packet filtering UDP with 1 port s enabled 1 Command History This command was introduced in ArubaOS 2 3 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 465: ...rmation on the pause mechanism that stops the command output from printing continuously to the terminal see paging on page 466 If you need to adjust the screen size use your terminal application to do so Example The following command sets 80 as the number of lines of text displayed host config page 80 Command History This command was introduced in ArubaOS 1 0 Command Information Platforms Licensin...

Page 466: ...nable mode to disable paging The paging setting is active on a per user session For example if you disable paging from the CLI it only affects that session For new or existing sessions paging is enabled by default You can also configure the number of lines of text displayed when paging is enabled For more information refer to the command page on page 465 If you need to adjust the screen size use y...

Page 467: ...RAM save Saves panic information from NVRAM into the specified file in flash Usage Guidelines To troubleshoot system crashes use the panic save command to save information from NVRAM into the specified file then use the panic clear command to clear the information from NVRAM Example The following command lists panic information in NVRAM host panic list nvram Command History This command was introd...

Page 468: ... way PAPI messages are authenticated is through a shared secret key The papi security command lets you configure a key on the master controller which then distributes it to other controllers and APs thus allowing each site to have a unique key If no key is configured then the controller uses the default key When enhanced security mode is disabled any AP can obtain the current shared secret key Whe...

Page 469: ...y Modification ArubaOS 3 4 Command introduced ArubaOS 6 2 Command deprecated Command Information Platform License Command Mode Available on all platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide papi security deprecated 469 ...

Page 470: ... number to indicate one of the following formats for captured packets l 0 pcap l 1 peek l 2 airmagnet l 3 pcap radio header l 4 ppi bssid Optional BSSID of the Air Monitor interface for the PCAP session bssid BSSID of the Air Monitor Interface which is usually its MAC address channel Optional Number of a radio channel to tune into to capture packets maxlen Optional Limit the length of 802 11 frame...

Page 471: ...on resume Resume a packet capture session start Start a new packet capture session stop Stop a packet capture session Before using these commands you need to start the AiroPeek application on the client and open a capture window for the air monitor The AiroPeek application cannot be used to control the flow or type of packets sent from Dell air monitors The AiroPeek application processes all packe...

Page 472: ...ommand Introduced ArubaOS 3 4 The maxlen parameter was introduced and the pcap start command deprecated ArubaOS 6 2 Functionality with 2 new parameters now subsumed by the ap packet capture command Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 473: ...oller to Dell support NOTE Before you use the phonehome now command to create and send a report you must first access the command line interface in config mode and issue the command phonehome enable to enable this feature smtp Configure the SMTP server that will send email messages from the controller to Dell support a b c d IP address of the SMPT server from_addy Local email address from which th...

Page 474: ...ng the sender s user name and password Each PhoneHome report attachment is encrypted before it is transmitted to the SMTP server and is decrypted by Dell support when it is received If the PhoneHome status report email is larger than the maximum email size supported by your SMTP server the controller will divide the PhoneHome attachment into multiple smaller attachments and send the report to Dell...

Page 475: ...ecified IP address The controller times out after two seconds You can also ping the specified IPv6 address Examples The following example pings 10 10 10 5 host ping 10 10 10 5 The sample controller output is Press q to abort Sending 5 100 byte ICMP Echos to 10 10 10 5 timeout is 2 seconds Success rate is 100 percent 5 5 round trip min avg max 0 408 0 5434 1 073 ms The following example pings the s...

Page 476: ...dification ArubaOS 1 0 Command introduced ArubaOS 6 1 Introduced ipv6 parameter to provide support for IPv6 This command was introduced in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system User Enable and Config modes on master controllers ...

Page 477: ...packet trace data into the Control Processor pktrace Write packet trace data in the packet tracemask tmask Specify the trace mask This value will be provided by Dell technical support Example The following example enables packet tracing for the traffic matching the acl stateful dot1x host pkt trace acl stateful dot1x enable trace cptrace trace mask val Command History This command was introduced i...

Page 478: ... tracing for the ACL tracemask tmask Specify a trace mask Use this feature only under the supervision of Dell technical support Example The following command enables the global packet tracing for all traffic host config pkt trace global enable Command History This command was introduced in ArubaOS 3 4 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable m...

Page 479: ... profile to manage the transmission rate of a class of traffic based on user defined criteria Command History Release Modification ArubaOS 6 2 Command deprecated DellPowerConnect W Series ArubaOS 6 2 Reference Guide policer profile deprecated 479 ...

Page 480: ...the user s IP address is assigned when the user negotiates a PPTP session Use the show vpdn pptp local command to see the used and free addresses in the pool PPTP is an alternative to IPsec that is supported by various hardware platforms PPTP is considered to be less secure than IPsec but also requires less configuration You configure PPTP with the vpdn command Example The following command config...

Page 481: ...eady tagged with 802 1p and or IP ToS in hardware queues You apply configured priority maps to ports on the controller using the interface fastethernet or interface gigbitethernet command This causes the controller to inspect inbound traffic on the port when a matching QoS tag is found the packet or flow is mapped to the specified queue Example The following commands configure a priority map and a...

Page 482: ...ocess monitor records a critical log message but does not restart any process If you want the configure watchdog to restart a process once it fails to respond use the CLI command process monitor restart Example The following changes the default process monitor behavior so the process monitor restarts nonresponsive processes host process monitor restart Related Commands The show process monitor sta...

Page 483: ...istory Release Modification ArubaOS 3 4 Command introduced ArubaOS 3 4 The process restart command was deprecated Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide process monitor 483 ...

Page 484: ...r To use spaces plus symbols question marks or asterisks enclose the text in quotes You cannot alter the parentheses that surround the prompt text or the greater than or hash symbols that indicate user or enable CLI mode Example The following example changes the prompt text to It s a new day host config prompt It s a new day It s a new day config Command History This command was introduced in Arub...

Page 485: ...x ipaddr ipaddr latitude location link priority cellular link priority ethernet longitude location master name ipaddr mesh role mesh point mesh portal none remote mesh portal mesh sae sae disable sae enable netmask netmask no pap passwd string pap user name pppoe chap secret key pppoe passwd string pppoe service name name pppoe user name read bootinfo ap name name ip addr ipaddr wired mac macaddr ...

Page 486: ... error message is displayed 90 to 90 Decimal Degrees a antenna Antenna use for 5 GHz 802 11a frequency band l 1 Use antenna 1 l 2 Use antenna 2 l both Use both antennas default 1 2 both default altitude Altitude in meters of the AP NOTE This parameter is supported on outdoor APs only If you use this parameter to configure an indoor AP an error message is displayed ap group Name of the AP group to ...

Page 487: ...d location name FQLN for the AP in the format APname floor building campus g ant bearing Determines the horizontal coverage distance of the 802 11g 2 4GHz antenna from True North From a planning perspective the horizontal coverage pattern does not consider the elevation or vertical antenna pattern NOTE This parameter is supported on outdoor APs only If you use this parameter to configure an indoor...

Page 488: ...ate as a mesh node You assign one of three roles mesh portal mesh point or remote mesh point If you select none the AP operates as a thin AP mesh sae Enable or disable Simultaneous Authentication of Equals SAE on a mesh network This option offers enhanced security over the default wpa2 psk aes mesh security setting and provides secure attack resistant authentication using a pre shared key SAE supp...

Page 489: ... data using only legacy rates and single stream HT rates up to MCS 7 This setting is disabled by default server ip IP address of the controller from which the AP boots server name DNS name of the controller from which the AP boots set ikepsk by addr Set a IKE preshared key to correspond to a specific IP address syslocation User defined description of the location of the AP uplink vlan uplink vlan ...

Page 490: ...PPP username provided by the cellular service provider Usage Guidelines You do not need to provision APs before installing and using them The exceptions are outdoor APs which have antenna gains that you must provision before they can be used and APs configured for mesh You must provision the AP before you install it as a mesh node in a mesh deployment NOTE Users less familiar with this process may...

Page 491: ...n the provisioning ap list Use the show provisioning ap list command to see the APs that will be provisioned Use the clear provisioning ap list command to clear the provisioning ap list 2 Use the copy provisioning params option to copy an AP s parameter values to the provisioning params workspace 3 Use the provision ap options to set new values Use the show provisioning params command to display p...

Page 492: ... parameters were introduced for provisioning IPv6 APs l dns server ip6 l ip6addr l ip6prefix l gateway6 ArubaOS 6 2 The following new parameters were introduced for provisioning APs in single chain mode l sch mode radio 0 l sch mode radio 1 The following new parameters were introduced for provisioning APs for 802 1X authentication l apdot1x passwd l apdot1x username The following new parameters we...

Page 493: ...value no traffic class traffic class value Description This command configures a QoS profile to assign TC DP DSCP and 802 1p values to an interface or policer profile Command History Release Modification ArubaOS 6 2 Command deprecated DellPowerConnect W Series ArubaOS 6 2 Reference Guide qos profile deprecated 493 ...

Page 494: ...the show rap wml cache command to show the cache of all lookups for a database server Use the show rap wml servers command to show the database server state Use the show rap wml wired mac command to show wired MAC discovered on traffic through the AP Example This example configures a MySQL server and sets up associated rap wml table attributes host config rap wml mysqlserver type mysql ip addr 10 ...

Page 495: ...Command Information Platforms Licensing Command Mode All platforms Requires the RF Protect license Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide rap wml 495 ...

Page 496: ...ow far back in seconds to look for the MAC address Use 0 seconds to lookup everything 0 Usage Guidelines Use the rap wml servername command to configure a MySQL or an MSSQL server then use the rap wml table command to configure the associated database table for the server Example This example configures a MySQL server and sets up associated rap wml table attributes for that server host config rap ...

Page 497: ...ommand Information Platforms Licensing Command Mode All platforms Requires the RF Protect license Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide rap wmltable 497 ...

Page 498: ...lPowerConnect W Series ArubaOS 6 2 Reference Guide reload peer sc deprecated reload peer sc Description This command performs a reboot of the W 6000M3 controller module Command History Version Description ArubaOS 6 1 Command deprecated ...

Page 499: ... save the configuration y n l Enter y to save the configuration l Enter n to not save the configuration l Press Enter to exit the command without saving changes or rebooting the controller If your configuration has already been saved the controller returns the following message Do you really want to reset the system y n l Enter y to reboot the controller l Enter n to cancel this action The command...

Page 500: ...Syntax No parameters Usage Guidelines Issue this command on a Remote Node Master to use a factory installed certificate to authenticate a Remote Node Example The following command configures the local remote node on a master remote node host config remote node local factory certs Command History Introduced in ArubaOS 6 1 Command Information Platform License Command Mode Available on all platforms ...

Page 501: ...ed key for communication with a local remote node On the local remote node the pre shared key is configured in the setup wizard during the initial boot The pre shared keys for both the master and local controllers must match On the local remote node use the remote node masterip command to configure the switch IP address and preshared key for the master remote node Example The following command con...

Page 502: ...e Master Usage Guidelines Use this command on a local Remote Node to configure the IP address and preshared key for communication with the master Remote Node On the master controller use the remote node localip command to configure the IP address and preshared key for a local Remote Node NOTE Changing the IP address of the master on a local Remote Node requires a reboot of the local Remote Control...

Page 503: ... mgmt user username role password localauth disablessh pubkey client cert certificate username role webui cacert certificate_name serial number username role mobility manager ipaddr user username password interval secs retrycount number udp port port rtls rtls udp port trap version 1 2c 3 model model_type no priority map name remote node dhcp pool pool name pool type vlan id tunnel range startip s...

Page 504: ...r profile on page 174 clone profile name Use this command to copy a Remote Node profile to this profile controller ip vlan id ip address Select one of the following parameters for the VLAN interface dhcp client The remote node will use DHCP to obtain IP address internal Then remote node IP will be derived from the remote node DHCP pool pppoe Use PPPoE to obtain IP address dialer group name Dialer ...

Page 505: ...ss with the controller This could be AirWave Management Server or any other server that would like to receive messages from the controller using AMON protocol For details on using this command see mgmt server on page 440 mgmt user Configure a management user For details on using this command see mgmt user on page 441 mobility manager Configure a mobility manager For details on using command see mo...

Page 506: ...the system contact syslocation syslocation Configures the name of the system location for the controller Enter an alphanumeric string that specifies the name of the system location uplink Define an uplink manager configuration For details on using this command see uplink on page 1435 validate After you have defined configuration settings for a Remote Node profile you must activate that profile by ...

Page 507: ...onfiguration information Enable and Config mode show remote node profile Shows Remote Node profile status information Enable and Config mode show local userdb remote node The output of this command lists the MAC address and assigned remote node profile for each Remote Controller associated with that Remote Controller master Enable and Config mode Command History Modification ArubaOS 6 0 Command in...

Page 508: ...file If you change the file extension the file may be unrecognized by the system For example if you have an existing file named upgrade log the new file must include the log file extension You cannot rename the active configuration currently selected to boot the controller If you attempt to rename the active configuration file the controller returns the following message Cannot rename active confi...

Page 509: ...p flash command to tar and compress flash directories to the flashbackup tar gz file Example The following command restores flash directories from the flashbackup tar gz file host restore flash Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers DellPowerConnect W Serie...

Page 510: ...annel Dwell time in ms for channels where there is wireless activity 100 32768 ms 500 ms dwell time other reg domain channel Dwell time in ms for channels not in the APs regulatory domain 100 32768 ms 250 ms dwell time rare channel Dwell time in ms for rare channels 100 32768 ms 100 ms dwell time reg domain channel Dwell time in ms for AP s Regulatory domain channels 100 32768 ms 250 ms no Delete ...

Page 511: ...Command Information Platforms Licensing Command Mode All Platforms RFProtect Configuration Mode config DellPowerConnect W Series ArubaOS 6 2 Reference Guide rf am scan profile 511 ...

Page 512: ...ubleshooting Syntax Parameter Description Range ap name Name of the AP that performs the test dest mac MAC address of the client to be tested phy 802 11 type either a or g a g radio Radio ID either 0 or 1 0 1 bssid BSSID of the AP that performs the test ip addr IP address of the AP that performs the test Syntax Usage Guidelines This command can run predefined test profiles for antenna connectivity...

Page 513: ... reg domain reg domain scanning video aware scan voip aware scan Description This command configures the Adaptive Radio Management ARM profile Syntax Parameter Description Range Default profile Name of this instance of the profile The name must be 1 63 characters default 40MHz allowed bands The specified setting allows ARM to determine if 40 MHz mode of operation is allowed on the 5 GHz or 2 4 GHz...

Page 514: ... 5 GHZ 802 11a and 2 4 GHZ 802 11b g frequency bands single band Computes ARM assignments for a single band backoff time Time in seconds an AP backs off after requesting a new channel or power 120 3600 240 seconds client aware If the Client Aware option is enabled the AP does not change channels if there is active client traffic on that AP If Client Aware is disabled the AP may change to a more op...

Page 515: ... Best practices are to configure a Minimum Scan Time between 1 20 scans Default 8 scans 1 2 147 483 647 Recommended Values 1 20 8 scans min tx power Minimum effective isotropic radiated power EIRP from 3 to 33 dBm in 3 dBm increments You may also specify a special value of 127 dBm for regulatory minimum This value takes into account both radio transmit power and antenna gain Higher power level set...

Page 516: ... APs on the network you may want to lower the Scan Interval to help those APs find their optimal settings more quickly Raise the Scan Interval back to its default setting after the APs are functioning as desired 0 2 147 483 647 Recommended Values 0 30 10 seconds scan mode Select the scan mode for the AP l all reg domain The AP scans channels within all regulatory domains This is the default settin...

Page 517: ... channel used by the mesh feature When a mesh point locates an upstream mesh portal it will scan the regulatory domain channels list to determine the channel assigned to it for a mesh point always uses the channel selected by its mesh portal However if a mesh portal uses an ARM profile enabled with a single band or multi band channel power assignment and the scanning feature the mesh portal will s...

Page 518: ... 11n standard was introduced ArubaOS 3 3 2 Support for the wait time parameter was removed ArubaOS 3 4 1 The voip aware scan parameter no longer requires a license and is available in the base OS ArubaOS 6 1 The ps aware scan parameter is now disabled by default Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers ...

Page 519: ...ad bal domain spectrum load balancing spectrum monitoring spectrum profile profile tpc power tpc power tx power dBm Description This command configures AP radio settings for the 5 GHz frequency band including the Adaptive Radio Management ARM profile and the high throughput 802 11n radio profile Syntax Parameter Description Range Default profile Name of this instance of the profile The name must b...

Page 520: ...e is 0 55 dB The default 0 dB reduction allows the radio to retain its current default Rx sensitivity value Values from 1 dB 55 dB reduce the power level that the radio can hear by that amount If you con figure this feature to use a non default value you must also reduce the radio s transmission Tx power to match its new received Rx power level Failure to match a device s Tx power level to its Rx ...

Page 521: ...d the AP is busy greater than half the time When this mode is enabled the CCA threshold adjusts to accommodate transmissions between the AP its most distant associated client l Disable mode This mode does not support the tuning of the CCA Detect Threshold enabled disabled enabled channel reuse threshold RX Sensitivity Tuning Based Channel Reuse Threshold in dBm If the Rx Sensitivity Tuning Based C...

Page 522: ...from non 802 11 interferers such as DECT or Bluetooth devices the level can be increased up to level 5 for improved performance However increasing the level makes the AP slightly deaf to its surroundings causing the AP to lose a small amount of range The levels for this parameter are l Level 0 no ANI adaptation l Level 1 noise immunity only l Level 2 noise and spur immunity This is the default set...

Page 523: ... data to a desktop or laptop client This parameter is only available for AP models W AP92 W AP93 W AP105 W AP175 series W AP120 series and the W AP130 series no Negates any configured parameter radio enable Enables or disables radio configuration enabled slb mode channel radio SLB Mode allows control over how to balance clients Select one of the following options l channel Channel based load balan...

Page 524: ... versions of ArubaOS When you upgrade to ArubaOS 3 4 x or later you must manually configure the spectrum load balancing settings as the AP load balancing feature can no longer be used and any previous AP load balancing settings will not be preserved disabled spectrum monitoring Issue this command to turn an W AP130 series in ap mode into a hybrid AP An AP in hybrid AP mode will continue to serve c...

Page 525: ...s a high throughout radio profile named default a host config rf dot11a radio profile samplea high throughput enable ht radio profile default a The following command configures a primary channel number of 157 and a secondary channel number of 161 for 40 MHz mode of operation for the selected dot11a radio profile named samplea host config rf dot11a radio profile samplea channel 157 Command History ...

Page 526: ...ease Modification ArubaOS 6 1 The spectrum monitoring and slb threshold parameters were introduced ArubaOS 6 1 3 2 The cell size reduction parameter was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 527: ...spectrum mode no radio enable slb mode channel radio slb threshold slb update interval secs spectrum load bal domain spectrum load balancing spectrum monitoring spectrum profile tpc power tpc power tx power dBm Description This command configures AP radio settings for the 2 4 GHz frequency band including the Adaptive Radio Management ARM profile and the high throughput 802 11n radio profile Syntax...

Page 528: ...d optimizing channel reuse This value should only be changed if the network is experiencing performance issues The possible range of values for this feature is 0 55 dB The default 0 dB reduction allows the radio to retain its current default Rx sensitivity value Values from 1 dB 55 dB reduce the power level that the radio can hear by that amount If you con figure this feature to use a non default ...

Page 529: ...d by default l Static mode This mode of operation is a coverage based adaptation of the Clear Channel Assessment CCA thresholds In the static mode of operation the CCA is adjusted according to the configured transmission power level on the AP so as the AP transmit power decreases as the CCA threshold increases and vice versa l Dynamic mode In this mode the Clear Channel Assessment CCA thresholds a...

Page 530: ...d Country Information and 802 11h TPC or Transmit Power Control capabilities This parameter is disabled by default disabled high throughput enable Enables high throughput 802 11n features on a radio using the 2 4 GHz frequency band enabled ht radio profile Name of high throughput radio profile to use for configuring high throughput support on the 5 GHz frequency band See rf ht radio profile on pag...

Page 531: ...TE This parameter only applies to AUTH and ASSOC RE ASSOC management frames 0 999999 20 frames per interval mode One of the operating modes for the AP ap mode ap mode Device provides transparent secure high speed data communications between wireless network devices and the wired LAN am mode Device behaves as an air monitor to collect statistics monitor traffic detect intrusions enforce security po...

Page 532: ...cognize RF neighborhoods defined by the ARM feature spectrum load balancing The Spectrum Load Balancing feature helps optimize network resources by balancing clients across channels regardless of whether the AP or the controller is responding to the wireless clients probe requests If enabled the controller compares whether or not an AP has more clients than its neighboring APs on other channels If...

Page 533: ...Bm 127 dBm 14 dBm Usage Guidelines This command configures radios that operate in the 2 4 GHz frequency band which includes radios utilizing the IEEE 802 11b g or IEEE 802 11n standard Channels must be valid for the country configured in the AP regulatory domain profile see ap regulatory domain profile on page 146 To view the supported channels use the show ap allowed channels command Examples The...

Page 534: ...tivity Tuning Based Channel Reuse l RX Sensitivity Threshold l ARM WIDS Override ArubaOS 3 4 1 The maximum distance parameter was introduced ArubaOS 3 4 2 The beacon regulate parameter was introduced ArubaOS 6 0 Support for the following parameters l am scan profile l cap reg eirp l slb mode l slb update interval ArubaOS 6 1 The spectrum monitoring and slb threshold parameters were introduced Arub...

Page 535: ...ge of maximum for a given radio For 802 11b the maximum bandwidth is 7 Mbps For 802 11 a and g the maximum is 30 Mbps The recommended value is 85 0 100 0 bwr low wm After a bandwidth exceeded condition exists the condition persists until bandwidth drops below this value The recommended value is 70 0 100 0 clone Name of an existing radio profile from which parameter values are copied detect frame r...

Page 536: ...er a non unicast rate exceeded condition exists the condition persists until the non unicast rate drops below this value 0 100 0 frer high wm If the frame receive error rate as a percentage of total frames in an AP exceeds this value a frame receive error rate exceeded condition exists The recommended value is 16 0 100 16 frer low wm After a frame receive error rate exceeded condition exists the c...

Page 537: ...s command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide rf event thresholds profile 537 ...

Page 538: ...dio profile on page 527 l Default is generally used when the same ht radio profile is desired for use with both frequency bands default a default g default 40MHz intolerance Controls whether or not APs using this radio profile will advertise intolerance of 40 MHz operation By default 40 MHz operation is allowed disabled clone Name of an existing high throughput radio profile from which parameter v...

Page 539: ...t radio profile you wish to use must be assigned to a dot11a and or dot11g radio profile You can assign the same profile or different profiles to the 2 4 GHZ and 5 GHZ frequency bands See rf dot11a radio profile on page 519 and rf dot11g radio profile on page 527 Example The following command configures an ht radio profile named default g and enables 40MHz intolerance host config rf ht radio profi...

Page 540: ... off an AP when the RSSI drops below a defined minimum threshold disabled low rssi threshold Minimum RSSI above which deauth should never be sent 1 255 0 no Negates any configured parameter rssi check frequency Interval in seconds to sample RSSI 9 255 0 seconds rssi falloff wait time seconds Time in seconds to wait with decreasing RSSI before deauth is sent to the client The maximum value is 8 sec...

Page 541: ... detection interval l hole good rssi threshold l hole good sta ageout l hole idle sta ageout l hole poor rssi threshold ArubaOS 6 0 The following parameters were deprecated l detect association failure l detect interference l hole detection interval l hole good rssi threshold l hole good sta ageout l hole idle sta ageout l hole poor rssi threshold l interference baseline l interference exceed time...

Page 542: ...cordless ff phone Cordless phone fixed frequency devices 5 65535 seconds 10 sec cordless fh base Cordless base frequency hopper devices 5 65535 seconds 240 sec cordless fh network Cordless network frequency hopper devices 5 65535 seconds 60 sec generic ff Generic fixed frequency devices 5 65535 seconds 10 sec generic fh Generic frequency hopper devices 5 65535 seconds 25 sec generic interferer 5 6...

Page 543: ...eout times for spectrum monitors and hybrid APs using this profile Example The following command creates the spectrum profile spectrum2 host config rf spectrum profile spectrum2 Related Commands show rf spectrum profile Command History Release Modification ArubaOS 6 0 Command introduced ArubaOS 6 2 The spectrum band parameter was deprecated The following default ageout times were changed l cordles...

Page 544: ... executed on all controllers master and local that need to provide support for layer 3 roaming in a mobility domain You can disable IP mobility in a virtual AP profile with the wlan virtual ap command IP mobility is enabled by default in a virtual AP profile Example This command enables IP mobility host config router mobile Command History Release Modification ArubaOS 3 0 Command introduced Comman...

Page 545: ...summary LSA into this NSSA area stub no summary Set an area as a Total Stub Area and optionally do not send summary LSA into this area default information originate always Control distribution of default information by distributing a default route redistribute vlan vlan ids Redistribute the vlan user subnet add vlan ids Add the user VLANs to the list remove vlan ids Remove user VLANs to the list r...

Page 546: ... VLAN subnet matching 75 1 16 will not be advertised in the router LSA To return to the default advertisement execute the command host config no router ospf subnet exclude 75 1 1 0 255 255 0 0 Related Commands Command Description show ip ospf View OSPF configuration Command History Release Modification ArubaOS 3 4 Command introduced ArubaOS 6 0 Added the options area default cost nssa and default ...

Page 547: ... the storage devices attached to the controller l Printer server To provide access to printers attached to the controller Example The following command enables the DHCP server in the controller host config service dhcp The following command enables the NAS services in the controller host config service network storage The following command enables the printer services in the controller host config...

Page 548: ...information for a single controller only Example The output of this command shows that two local controllers have a custom certificate installed host show local cert mac Local Switches configured by Local Certificate Switch IP of the Local MAC address of the Local Certificate Cert Type CA cert 10 4 62 3 0B 86 F0 12 AC 15 10 4 62 5 00 0B 86 F0 05 60 Custom Undefined The output of this command inclu...

Page 549: ...custom cert This command configures a custom certificate for secure communication between a local controller and a master controller Enable or Config mode on master or local controllers Command History Available in ArubaOS 6 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series Aruba...

Page 550: ...ummary of Remote Node address pool information Example This example shows a summary of Remote Node DHCP address pool information host show remote node dhcp pool pool1 Remote Node Address Pools Pool Name Type Start IP Address End IP Address Domain Name Num Hosts The output of this command includes the following parameters Parameter Description Pool Name Name of the new DHCP pool Type Type of pool T...

Page 551: ...OS 6 0 Command introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show remote node dhcp pool 551 ...

Page 552: ...o create a Remote Node profile Example This example shows the configuration status of Remote Node profile named test host show remote node profile remote node profile name Profile name Output Modifiers cr host show remote node profile test Vlan interface not configured for the controller ip vlan No uplink information has been configured remote node profile test remote node dhcp pool newpool pool t...

Page 553: ... Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show remote node profile 553 ...

Page 554: ... this command to display configuration DHCP pool information license usage information and running configuration information for a remote node Examples This example shows a remote node configuration host show remote node config 00 0b 86 f0 26 e0 controller ip vlan 2 vlan 2 vlan 3 interface fastethernet 1 7 interface fastethernet 1 7 switchport access vlan 3 interface fastethernet 1 7 trusted inter...

Page 555: ...Lic Used RF Protect Lic Used Last update secs ago 00 0b 86 f0 26 e0 192 167 1 1 0 0 0 2 Related Commands Command Description Mode remote node profile Use this command to create a Remote Node profile Enable and Config modes remote node localip Use this command to configure the switch IP address and preshared key for the local Remote Node on a master Remote Node Enable and Config modes remote node m...

Page 556: ...issue the commands specific to those features Example The output of this command displays an authentication overview for your controller including the authentication methods used and the numbers of successes or failures for each method This example shows the numbers of authentication successes and failures for a controller using TACACS and RADIUS authentication methods host show aaa authentication...

Page 557: ... there are three configured captive portal profiles in the Captive Profile Authentication Profile List The References column lists the number of other profiles with references to a captive portal authentication profile and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show aaa authentication capt...

Page 558: ...ome page before redirecting the user to the final web URL If set to 0 the welcome page displays until the user clicks on the indicated link User Login Shows whether the profile has enabled or disabled captive portal with authentication of user credentials Guest Login Shows whether the profile has enabled or disabled captive portal guest login without authentication Logout popup window Shows whethe...

Page 559: ...dded to the redirection URL if enabled Allow only one active user session If enabled only one active user session is allowed at any time This feature is disabled by default White List Shows the configured white list on an IPv4 or IPv6 network destination The white list contains authenticated websites that a guest can access Black List Shows the configured black list on an IPv4 or IPv6 network dest...

Page 560: ... Guide Version Description parameters were added ArubaOS 6 2 the Authentication Protocol parameter was added and the Use CHAP parameter was deprecated Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 561: ...URL flash upload custom ssu guest cp logintext html Login policy text URL upload custom ssu guest cp acceptableusepolicy html Custom page background color Custom page background image uplo The output of this command includes the following parameters Parameters Description Login page design theme Indicates whether the controller is using one of the two predefined login page designs 1 or 2 or has a ...

Page 562: ...ptive portal If you do not yet have any captive portal profiles defined use the command aaa authentication captive portal to configure your captive portal profiles Config mode Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 563: ...r WPA WPS2 countermeasures If countermeasures have not been configured the output for this command will be blank Examples The following example lists all dot1x authentication profiles The References column lists the number of other profiles with references to a 802 1X authentication profile and the Profile Status column indicates whether the profile is predefined User defined 802 1X profiles will ...

Page 564: ...to the user depending on which authentication is successful Machine Authentication Default Machine Role Default role assigned to the user after completing only machine authentication Machine Authentication Cache Timeout The timeout period in hours for machine authentication After this period passes the use will have to re authenticate Blacklist on Machine Authentication Failure If enabled the clie...

Page 565: ... unicast and multicast key exchanges Time interval after which the PMKSA will be deleted Show the PMKSA cache interval Time interval in Hours Range 1 2000 Default 8 hrs WPA WPA2 Key Message Retry Count Number of times WPA WPA2 key messages are retried Multicast Key Rotation Shows if multicast key rotation is enabled or disabled Unicast Key Rotation Shows if unicast key rotation is enabled or disab...

Page 566: ...configured as the inner EAP method token caching allows the controller to cache the username and password of each authenticated user Token Caching Period Timeout period in hours for the cached information CA Certificate Name of the CA certificate for client authentication loaded in the controller Server Certificate Name of the Server certificate used by the controller to authenticate itself to the...

Page 567: ...les defined use the command aaa authentication dot1x to configure your 802 1X profiles Config mode Command History Version Description ArubaOS 3 0 Command introduced ArubaOS 6 1 The Check certificate common name against AAA server Enforce Suite b 128 and Enforce Suite b 192 parameters were introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or...

Page 568: ...defined appears in the Profile Status column host show aaa authentication dot1x pDot1x 802 1X Authentication Profile pDot1x Parameter Value Max authentication failures 0 Enforce Machine Authentication Disabled Machine Authentication Default Machine Role guest Machine Authentication Cache Timeout 24 hrs Blacklist on Machine Authentication Failure Disabled Machine Authentication Default User Role gu...

Page 569: ... controller Config mode Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show aaa authentication mac 569 ...

Page 570: ...anagement Authentication Profile Parameter Value Default Role root Server Group ServerGroup1 Enable Enabled Parameter Description Default Role This parameter shows which of the following roles the controller uses for authentication management l root the super user role default l guest provisioning guest provisioning role l network operations network operator role l read only read only role l locat...

Page 571: ...Mode parameter in the command output was renamed Enable Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show aaa authentication mgmt 571 ...

Page 572: ...ample The output of the following example displays 802 1X authentication information for your controller host show aaa authentication stateful dot1x Stateful 802 1X Authentication Profile Parameter Value Default Role guest Server Group newgroup2 Timeout 10 sec Mode Enabled Parameter Description Default Role This parameter shows which role the controller uses for 802 1X authentication management Se...

Page 573: ...ated Commands Command Description Mode aaa authentication stateful dot1x Use the command aaa authentication stateful dot1x to configure the settings displayed in the output of this show command Config mode Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local contr...

Page 574: ...ully authenticated using the NT LAN Manager NTLM authentication protocol the name of the group of windows servers used to authenticate these users and the NTLM authentication timeout period in seconds Examples The output of the example below shows two stateful NTLM authentication profiles default and NTLMprofile1 which are each referenced one time by other profiles the Profile Status columns are b...

Page 575: ...s command includes the following parameters Related Commands Command Description aaa authentication stateful ntlm Use the command aaa authentication stateful ntlm to configure the settings displayed in the output of this show command Command History This command was introduced in ArubaOS 3 4 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config...

Page 576: ...me to display detailed configuration information for that profile If you do not yet have any VIA authentication profiles defined use the command aaa authentication via auth profile to configure your VIA authentication profiles Examples This first example shows that there are three configured captive portal profiles in the Captive Profile Authentication Profile List The References column lists the ...

Page 577: ...klisted Description Description of the VIA authentication profile Related Commands Command Description Mode aaa authentication via auth profile Use aaa authentication via auth profile to configure the parameters displayed in the output of this show command Config mode Command History This command was introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base ...

Page 578: ... display detailed configuration information for that profile If you do not yet have any VIA connection profiles defined use the command aaa authentication via connection profile to configure your VIA connection profiles Examples This first example shows that there are three configured connection profiles in the Captive Profile Authentication Profile List The References column lists the number of o...

Page 579: ...d URL N A Allow user to disconnect VIA Enabled Content Security Gateway URL N A Comma seperated list of HTTP ports to be inspected apart from default port 80 N A Enable Content Security Services Disabled Keep VIA window minimized Disabled Block traffic until VPN tunnel is up Disabled Block traffic rules N A The output of this command includes the following parameters Configuration Option Descripti...

Page 580: ...he CLI using the crypto local ipsec map ipsec map name command VIA IKE Policy List of IKE policies that the VIA Client has to use to connect to the controller Use Windows Credentials Enable or disable the use of the Windows credentials to login to VIA If enabled the SSO Single Sign on feature can be utilized by remote users to connect to internal resources Default Enabled Enable IKEv2 Select this ...

Page 581: ... the client once the VPN connection is established Default None VIA max session timeout The maximum time minutes allowed before the VIA session is disconnected Default 1440 min VIA Logon Script Name of the logon script that must be executed after VIA establishes a secure connection The logon script must reside in the client computer VIA Logoff Script Name of the log off script that must be execute...

Page 582: ...ic until VPN tunnel is up setting will not apply Related Commands Command Description Mode aaa authentication via connection profile Use aaa authentication via connection profile to configure the parameters displayed in the output of this show command Config mode Command History This command was introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base opera...

Page 583: ...rofile name to see the list of authentication profiles Examples host show aaa authentication via web auth VIA Web Authentication List Name References Profile Status default 2 Total 1 host show aaa authentication via web auth default VIA Web Authentication default Parameter Value VIA Authentication Profiles via1 The output of this command includes the following parameters Parameter Description VIA ...

Page 584: ...werConnect W Series ArubaOS 6 2 Reference Guide Command History This command was introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 585: ...rofile default Parameter Value Default Role default vpn role Server Group default Max Authentication failures 2 TechPubs show aaa authentication vpn default cap VPN Authentication Profile default cap Predefined Parameter Value Default Role ap role Server Group internal Max Authentication failures 0 TechPubs show aaa authentication vpn default rap VPN Authentication Profile default rap Predefined c...

Page 586: ...played in the output of this show command Config mode Command History Version Description ArubaOS 3 0 Command introduced ArubaOS 5 0 The default cap and default rap profiles were introduced ArubaOS 6 1 The Check certificate common name against AAA server parameter was introduced Command Information Platforms Licensing Command Mode All platforms The PEFV license and the base operating system Enable...

Page 587: ...rofile_3 host show aaa authentication wired Wired Authentication Profile Parameter Value AAA Profile Secure_profile_3 Related Commands Command Description Mode aaa authentication wired Use the command aaa authentication wired to configure the settings displayed in the output of this show command Config mode Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Li...

Page 588: ...s by other profiles the Profile Status columns are blank indicating that these profiles are both user defined If a profile is predefined the value Predefined appears in the Profile Status column host show aaa authentication wispr WISPr Authentication Profile List Name References Profile Status default 2 WISPr1 2 Total 2 host show aaa authentication wispr WISPr1 WISPr Authentication Profile WISPr1 ...

Page 589: ...s Logon wait maximum wait If the controller s CPU utilization has surpassed the logon wait CPU utilization threshold value the Logon wait maximum wait parameter defines the maximum number of seconds a user will have to wait to retry a login attempt Range 1 10 seconds Default 10 seconds WISPr Location ID E 164 Area Code The E 164 Area Code in the WISPr Location ID WISPr Location ID E 164 Country Co...

Page 590: ...uthentication wispr DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 591: ... Enabled 0 The following data columns appear in the output of this command Parameter Description Name Name of the authentication server Type The type of authentication server ArubaOS supports LDAP RADIUS and TACACS servers in addition to its own local internal authentication server FQDN The Fully Qualified Domain Name of the server if configured IP addr IP address of the server in dotted decimal f...

Page 592: ...hentication server all DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 593: ...erver in dotted decimal format Retries Number of retries allowed before the server stops attempting to authenticate a request Timeout Timeout period in seconds Status Shows if the server is enabled of disabled Include the statistics parameter to display additional details for the internal server host show aaa authentication server internal statistics Internal Database Server Statistics PAP Request...

Page 594: ...hat were deauthenticated because they stopped responding Unknown Response Number of times the server did not recognize the response possibly due to internal errors Timeouts Number of times that the controller timed out an authentication request AvgRespTime ms Time it takes the server to respond to an authentication request in seconds Uptime d h m Time elapsed since the last server reboot SEQ first...

Page 595: ...n entry in the Profile Status column host aaa authentication server ldap LDAP Server List Name References Profile Status ldap1 5 ldap2 3 ldap3 1 Total 3 Include the ldap_server_name parameter to display additional details for an individual server host show aaa authentication server ldap ldap1 LDAP Server ldap1 Parameter Value Host 10 1 1 234 Admin DN cn corp cn Users dc 1m dc corp dc com Admin Pas...

Page 596: ...over LDAP Start TLS operation and clear text Base DN Distinguished Name of the node which contains the required user database Filter Filter that should be applied to search of the user in the LDAP database default filter string is ì objectclass î Key attribute Attribute that should be used as a key in search for the LDAP server Timeout Timeout period of a LDAP request in seconds Mode Shows whether...

Page 597: ...efined User defined servers will not have an entry in the Profile Status column host aaa authentication server radius RADIUS Server List Name References Profile Status myserver 3 radius 0 servername 0 Total 3 To view additional statistics for all RADIUS servers include the statistics parameter Include the rad_server_ name parameter to display additional details for an individual server host show a...

Page 598: ...e timing out the request and resending it NAS ID Network Access Server NAS identifier to use in RADIUS packets NAS IP NAS IP address to send in RADIUS packets If you do not configure a server specific NAS IP the global NAS IP is used Source Interface The source interface VLAN ID number Use MD5 If enabled the RADIUS server will use a MD5 hash of cleartext password Mode Shows whether this server is ...

Page 599: ...ferences column lists the number of other profiles that reference a TACACS server and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host aaa authentication server tacacs TACACS Server List Name References Profile Status LabAuth 5 TACACS1 3 Total 2 Include the tacacs_server_name parameter to display ad...

Page 600: ...controller before the server is marked as down Timeout Maximum time in seconds that the controller waits before timing out the request and resending it Mode Shows whether this server is Enabled or Disabled The output of this command includes the following parameters Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 0 The Statistics parameter was introduced Command Infor...

Page 601: ...file is predefined User defined profiles will not have an entry in the Profile Status column host aaa authentication server tacacs Windows Server List Name References Profile Status NTLM 1 Windows2 1 Total 2 Include the windows_server_name parameter to display additional details for an individual server host show aaa authentication server windows Windows2 Windows Server windows Parameter Value Hos...

Page 602: ...2 Reference Guide The output of this command includes the following parameters Command History This command was introduced in ArubaOS 3 4 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 603: ...racts Contract Id Rate bits second VLAN 1 6000000 User 2 2048000 Total contracts 2 Per user contract total 4096 Per user contract usage 0 Related Commands Command Description Mode aaa bandwidth contract Use this command to define contracts to limit traffic for a user or VLAN Config mode Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode ...

Page 604: ...r group group1 Server Group Name Inservice trim FQDN match FQDN Internal Yes No Server Rule Table Priority Attribute Operation Operand Action Value Total Hits New Hits 1 Filter Id equals nsFilter set vlan 111 24 Rule Entries 1 The following data columns appear in the output of this command Parameter Description Name Name of the authentication server assigned to this server group Inservice Specifie...

Page 605: ...ute is matched Action This parameter identifies whether the rule sets a server group role set role or a VLAN set vlan Value Sets the user role or VLAN ID to be assigned to the client if the condition is met Total Hits Number of times the rule has been applied since the last server reboot New Hits Number of times the rule has been applied since the show aaa derivation rules command was last issued ...

Page 606: ...he value of the attribute selected must be already configured on the controller when the rule is applied Operand This is the string to which the value of the returned attribute is matched Action This parameter identifies whether the rule sets a server group role set role or a VLAN set vlan Value Sets the user role or VLAN ID to be assigned to the client if the condition is met Total Hits Number of...

Page 607: ...al can be changed using the aaa dns query period command Issue the show aaa dns query period command to view the current DNS query interval Example This command shows that the controller will send a DNS query every 30 minutes host show aaa dns query period DNS Query Interval 30 minutes Related Commands To configure the DNS query interval issue the command aaa dns query interval Command History Thi...

Page 608: ...onse Issue this command to view the IP addreses that currently correlate to each RADIUS server FQDN Example The output of this command shows the IP addresses for two RADIUS servers host show aaa fqdn server names Auth Server FQDN names FQDN IP Address Refcount myhost1 example com 192 0 2 3 2myhost2 example com Related Commands To configure a RADIUS authentication server using that server s fully q...

Page 609: ...used for MAC authentication dot1x auth Name of the server group used for dot1x authentication rad act Name of the server group used for RADIUS authentication XML api IP address of a configured XML API server RFC3576 IP address of a RADIUS server that can send user disconnect and change of authorization messages as described in RFC 3576 UDR group Name of the user derivation rule profile ww roam Sho...

Page 610: ...on Mode aaa profile Use aaa profile define the parameters displayed in the output of this show command Config mode Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 611: ...inimum number of Special characters comma 1 Username or Reverse of username NOT in Password No Maximum Number of failed attempts in 3 minute window to lockout user 0 Time duration to lockout the user upon crossing the lock out threshold 3 Maximum consecutive character repeats 0 The following data columns appear in the output of this command Parameter Description Enable password policy Shows if the...

Page 612: ...eshold below By default the password lockout feature is disabled and the default value of this parameter is 0 attempts Time duration to lockout the user upon crossing the lock out threshold Amount of time a management user will be locked out and prevented from logging into the controller after exceeding the maximum number of failed attempts setting show above The default lockout time is 3 minutes ...

Page 613: ...ation Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show aaa password policy mgmt 613 ...

Page 614: ...nticaion Fail Through Disabled RADIUS Accounting Server Group N A RADIUS Interim Accounting Disabled XML API server N A RFC 3576 server N A User derivation rules N A Wired to Wireless Roaming Enabled SIP authentication role N A Device Type Classification Enabled Enforce DHCP Disabled The following data columns appear in the output of this command Parameter Description Name The name of the AAA prof...

Page 615: ...ole For controllers with an installed PEFNG license this parameter displays the configured role assigned to a session initiation protocol SIP client upon registration device type classification Shows if the device identification feature is enabled or disabled When devtype classification parameter is enabled the output of the show user and show user table commands shows each client s device type if...

Page 616: ...ring Acct Session Time 46 Integer Framed AppleTalk Zone 39 String Connect Info 77 String Acct Ouput Packets 48 Integer Aruba Location Id 6 String Aruba 14823 Service Type 6 Integer Rad Length 310 Integer CHAP Password 3 String Aruba Template User 8 String Aruba 14823 Event Timestamp 55 Date Login Service 15 Integer Exec Program Wait 1039 String Tunnel Password 69 String Framed IP Netmask 9 IP Addr...

Page 617: ...rmation Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show aaa radius attributes 617 ...

Page 618: ...ed User defined servers will not have an entry in the Profile Status column host show aaa rfc 3567 server RFC 3576 Server List Name References Profile Status 10 2 14 6 2 To view details for all RFC 3576 servers include the statistics parameter host show aaa rfc 3576 server statistics RADIUS RFC 3576 Statistics Statistics 10 1 2 3 10 1 2 34 Disconnect Requests 13 3 Disconnect Accepts 12 3 Disconnec...

Page 619: ...f invalid requests Packets Dropped Number of packets dropped Unknown service Number of requests for an unknown service type CoA Requests Number of requests for a Change of Authorization CoA CoA Accepts Number of times a CoA request was accepted CoA Rejects Number of times a CoA request was rejected No permission Number of requests for a service that has been defined but has not been administrative...

Page 620: ...and the Profile Status column indicates whether the server group is predefined User defined server groups will not have an entry in the Profile Status column Examples This first example shows that there are five configured server groups host show aaa server group summary Server Group List Name References Profile Status auth profile 2 1 coltrane server group 1 default 25 group1 0 internal 0 Predefi...

Page 621: ...e Specifies if the server is in service or out of service Server Type If enabled user information in an authentication request is edited before the request is sent to the server trim FDQN If enabled user information in an authentication request is edited before the request is sent to the server Match Type If the match type is authstring he authentication server associates with a match rule that th...

Page 622: ...which the string in Operand is matched with the attribute value returned by the authentication server l contains The rule is applied if and only if the attribute value contains the string in parameter Operand l starts with The rule is applied if and only if the attribute value returned starts with the string in parameter Operand l ends with The rule is applied if and only if the attribute value re...

Page 623: ...formation Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show aaa server group 623 ...

Page 624: ... has two defined AP groups host show aaa state ap group AP Group Table Name ID ap1 1 ap2 2 Related Commands Command Description Mode aaa server group Use aaa server group to define the AP groups displayed in the output of this show command Config mode Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system ...

Page 625: ...tations 121 190 367550 Captive Portal Users 4 802 1x Users 119 VPN Users 0 MAC Users 0 Stateful 802 1x Users 0 Tunneled users 0 Configured user roles 21 Configured session ACL 41 Configured destinations 32 Configured services 77 Configured Auth servers 9 Auth server in service 9 Radius server timeouts 7062 Successful authentications Web MAC VPN 802 1x Krb RadAcct SecureID Stateful 802 1x Managemen...

Page 626: ...stered with the controller Maximum number of stations that can be registered with the controller at any time Total number of stations that have registered the controller since the last controller reboot Captive Portal Users Number of current users authenticated via captive portal 802 1x Users Number of current users authenticated via 802 1X authentication VPN Users Number of current users authenti...

Page 627: ...hentications or authentication failures since the last controller reset Idled users Total number of users that are not broadcasting data to an AP Mobility Shows whether the IP mobility feature has been enabled or disabled on the controller fast age When the fast age feature allows the controller actively sends probe packets to all users with the same MAC address but different IP addresses The user...

Page 628: ...el 0 Idled users due to SOS other 0 Idled users due STM deauth tunnel 0 dtunnel 0 Idled users from STM timeout tunnel 0 dtunnel 0 Idled users from STM other 0 Current users with STM idle flag 0 Idle messages SOS 0 STM deauth 0 STM timeout 0 Logon lifetime iterations 4501 entries deleted 121 SIP authentication messages received 29227 dropped 29227 Missing auth user deletes 0 Captive portal forced u...

Page 629: ... of VRRP users special mac Number of users with a special MAC address iap Number of instant AP users idled users Number of inactive stations that are not broadcasting data to an AP idled users due to MAC mismatch For internal use only Idled users due to SOS wireless tunnel Number of wireless users in tunnel forwarding mode that were aged out by the controller wireless dtunnel Number of wireless us...

Page 630: ... controlpath and the datapath Mobility Stats Number of different messages exchanged between the mobile IP and the auth module NOTE This is used for troubleshooting purposes only Captive portal forced user deletes Number of idle users deleted after captive portal authentication Auth User Rejects Received L2 User Number of authentication rejects received for L2 users from the datapath due to a failu...

Page 631: ... statistics for idled users and user rejects were introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show aaa state debug statistics 631 ...

Page 632: ... messages PAPI Messages Msg ID Name Since last Read Total 5004 set master ip 2 2 7005 Set switch ip 1 1 7007 Set VLAN ip 5 5 66 delete xauth vpn users 1 1 RAW socket Messages Msg ID Name Since last Read Total 1 raw PAP req 188 188 33 captive portal config 11113 11113 59 TACACS ACCT config for cli 1 1 60 TACACS ACCT config for web 1 1 Sibyte Messages Opcode Name Sent Since Last Read Sent Total Recv...

Page 633: ...e Code number of the message type Sent Since last Read Number of messages sent since the buffer was last read Sent Total Total number of message sent since the controller was last reset Recv Since last Read Number of messages received since the buffer was last read Recv Total Total number of message received since the controller was last reset Command History This command was introduced in ArubaOS...

Page 634: ...output of this command includes the following parameters Parameter Description IP IP address of a multiplexer MUX server Tunnel ID ID number of a MUX tunnel Slot Port The slot and port used by the controller in the format slot port slot is always 1 except when referring to interfaces on the W 6000M3 controller AP Type AP model type AP Name Name of an AP Command History This command was introduced ...

Page 635: ...AP name group AL40 corp1344 PHY a ingress 0x10e8 tunnel 136 vlan default 65 assigned 0 current 65 cached 0 user derived 0 vlan how 0 name MYCOMPANY tgonzales role employee default logon cached employee dot1x role how 1 acl 51 0 age 00 02 50 Authentication Yes status successful method 802 1x protocol EAP MD5 server vortex dot1xctx 1 sap 1 Flags mba 0 AAA prof default corp1344 Auth dot1x prof defaul...

Page 636: ...te Associated HA Yes Proxy ARP No Roaming No Tunnel ID 0 L3 Mob 0 Flags internal 0 trusted_ap 0 delete 0 l3auth 0 l2 1 mba 0 Flags innerip 0 outerip 0 guest 0 station 0 download 1 nodatapath 0 Auth fails 0 phy_type a HT reauth 0 BW Contract up 0 down 0 user how 1 Vlan default 65 Assigned 0 Current 65 vlan how 0 Mobility Messages L2 0 Move 0 Inter 0 Intra 0 ProxyArp 0 Flags 0x0 Tunnel 0 SlotPort 0x...

Page 637: ...how aaa sysgate on demand Syntax No parameters Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 3 4 Command deprecated DellPowerConnect W Series ArubaOS 6 2 Reference Guide show aaa sygate on demand deprecated 637 ...

Page 638: ...ounting Configuration Parameter Value Mode Enabled Commands configuration Server Group tacacs1 Parameter Description Mode Shows whether this server group is Enabled or Disabled Commands Displays the types of commands that are reported to the TACACS server group l action reports action commands only l all reports all commands l configuration reports configuration commands only l show reports show c...

Page 639: ...rmation Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show aaa tacacs accounting 639 ...

Page 640: ...aaa tacacs accounting TACACS Accounting Configuration Parameter Value Mode Enabled Server Group acct server The output of this command includes the following parameters Parameter Description Mode Shows if the TACACS accounting feature is enabled or disable Server Group The server group that contains the active TACACS server Command History This command was introduced in ArubaOS 3 0 Command Informa...

Page 641: ...r lifetime 5 minutes Related Commands Command Description Mode aaa timers Use aaa timers to define the settings displayed in the output of this show command Config mode Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master and local controllers DellPowerConnect W Series Aru...

Page 642: ...ration Syntax No parameters Example The example below shows that the controller is configured to use HTTPS on port 4343 or 443 and HTTP on port 8888 host show aaa web admin port https port 4343 http port 8888 Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master and local c...

Page 643: ...ler has two configured XML API servers that are each referenced by two different AAA profiles Note that user defined servers will not have an entry in the Profile Status column host show aaa xml api statistics XML API Server List Name References Profile Status 10 1 2 3 2 10 4 3 2 2 Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All p...

Page 644: ...occurred is displayed firs The number of new events since the last time the counters were displayed is shown in parentheses host show aaa xml api statistics Statistics 10 1 2 3 user_authenticate 0 0 user_add 0 0 user_delete 0 0 user_blacklist 0 0 user_query 0 0 unknown user 0 0 unknown role 0 0 unknown external agent 0 0 authentication failed 0 0 invalid command 0 0 invalid message authentication ...

Page 645: ...commands with an invalid digest type when a key is configured on the controller missing message authentication Number of XML commands with an missing authentication method when a key is configured on the controller missing or invalid version number Number of commands with a missing or invalid version number The version number should always be 1 0 internal error Number of internal server errors cli...

Page 646: ... Received Suc cess Failed Total number of requests received number of successful requests number of failed requests Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master and local controllers ...

Page 647: ...t 1027 any any 17 0 65535 138 138 f80001 permit 1028 any any 17 0 65535 123 123 f80001 permit 1029 user 10 6 2 253 255 255 255 255 6 0 65535 443 443 f80001 permit 1030 user any 6 0 65535 80 80 d1f90 0000 f80021 permit dnat 1031 user any 6 0 65535 443 443 d1f91 0000 f80021 permit dnat 1032 any any 17 0 65535 500 500 f80001 permit 1033 any any 50 0 65535 0 65535 f80001 permit 1034 any any 17 0 65535...

Page 648: ...Ace entries reused 373 times ACL count 64 tunnel acl 0 The output of this command displays the following parameters Parameter Description ACL Number of the specified ACL Type Shows the ACL type l role Access list is used to define a user role l mac MAC ACLs allow filtering of non IP traffic This ACL filters on a specific source MAC address or range of MAC addresses l session Session ACLs define tr...

Page 649: ...ACE entries reused For internal use only ACL count Total number of defined ACLs Tunnel ACL Total number of defined tunnel ACLs The following example displays the ACL table for ACL 1 host show acl ace table acl 1 Acl Table ACL Type ACE Index Ace Count Name Applied 1 role 1020 18 logon 0 Total free ACE entries 3591 Free ACE entries at the bottom 2991 Next ACE entry to use 1041 table 1 Ace entries re...

Page 650: ...is shown in a single wide table host show acl ace table acl 1 User Role ACL Hits Role Policy Src Dst logon control any any logon control any any logon any any visitor vp control any any visitor vp control any any visitor vp access any any visitor vp access user mswitch master visitor vp access any any User Role ACL Hits Service Action Dest Opcode New Hits Total Hits Index svc icmp permit 0 6 5052 ...

Page 651: ...mask l user represents the IP address of the user Service Network service which can be one of the following l IP protocol number 0 255 l name of a network service use the show netservice command to see configured services l any match any traffic l tcp specify the TCP port number 0 65535 l udp specify the UDP port number 0 65535 Action Action if rule is applied which can be one of the following l d...

Page 652: ...since this command was last issued Total Hits Number of times the ACL was applied since the controller was last reset Index Index number of the ACL Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master controllers ...

Page 653: ...the master controller and ADP is enabled on the controller the controller automatically responds to the APs queries with its IP address This command shows whether ADP is enabled or disabled on the controller igmp join Shows whether the controller has enabled or disabled the sending of Internet Group Management Protocol IGMP join requests igmp vlan ID of the VLAN to which IGMP reports are sent If t...

Page 654: ...udes the following parameters Parameter Description IGMP Join Tx Number of Internet Group Management Protocol IGMP join requests sent by the controller IGMP Drop Tx Number of Internet Group Management Protocol IGMP drop requests sent by the controller ADP Tx Number of ADP responses sent to APs ADP Rx Number of multicast and broadcast queries received from APs trying to locate the master controller...

Page 655: ...ified IP address by entering an IP address in dotted decimal format ip6 addr ip6 addr View data for an AP with a specified IPv6 address type Show AP information filtered by type of AP access point Show information for Access Points only air monitor Show information for Air Monitors only sensor Show only RFprotect Sensor information voip only Show AP information filtered by associated active VoIP c...

Page 656: ...Flags Uptime Outer IP AP1X default 10 3 15 107 0 AP HT 1 15 21 5 0 AP HT 44 15 21 125 1E2 5m 48s N A Flags a Reduce ARP packets in the air A Enet1 in active standby mode B Battery Boost On C Cellular D Disconn Extra Calls On d Drop Mcast Bcast On E Wired AP enabled K 802 11K Enabled L Client Balancing Enabled M Mesh N 802 11b protection disabled P PPPOE R Remote AP X Maintenance Mode 1 802 1x auth...

Page 657: ...ted the R flag changes to R l S RFprotect Sensor l U USB modem l X Maintenance Mode Uptime Number of hours minutes and seconds since the last controller reboot or bootstrap in the format hours minutes seconds Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 The parameter ip6 addr was added to view data for an IPv6 AP Command Information Platforms Licensing Command Mo...

Page 658: ...e configured AP groups The Name column lists the names of all configured AP groups the Profile Status column indicates whether the AP group is predefined User defined profiles will not have an entry in the Profile Status column host show ap group AP group List Name Profile Status corp office branch office am corp corp1 Corp1 AM Corp1 AM Ch11 Corp1 AM Ch6 corp1 AP85 corp1 lab Total 9 Include an AP ...

Page 659: ... profile Profile that defines the duplex and speed of the Ethernet 0 interface on the AP Ethernet interface 1 link profile Profile that defines the duplex and speed of the Ethernet 0 interface on the AP AP system profile Name of the AP system profile for the AP group VoIP Call Admission Control profile Name of the AP system profile for the AP group 802 11a Traffic Management profile Name of the 80...

Page 660: ...Guide Related Commands Configure AP group settings using the command ap group Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers ...

Page 661: ...o display a complete list of configuration settings for that AP If the AP has default settings the value may appear as N A The AP in the example below has all default profile settings host show ap group corp1 AP name mp3 Parameter Value Virtual AP N A Excluded Virtual AP N A 802 11a radio profile N A 802 11g radio profile N A Wired AP profile N A Ethernet interface 0 link profile N A Ethernet inte...

Page 662: ...0 interface on the AP AP system profile Name of the AP system profile for the AP VoIP Call Admission Control profile Name of the AP system profile for the AP 802 11a Traffic Management profile Name of the 802 11a WLAN traffic management profile for the AP group 802 11g Traffic Management profile Name of the 802 11g WLAN traffic management profile for the AP Regulatory Domain profile Name of the re...

Page 663: ...d Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap name 663 ...

Page 664: ...id channel lists to be reset to the defaults for that country Examples The output of this example shows all allowed channels for the country code US host show ap allowed channels US Allowed Channels for Country Code US PHY Type Allowed Channels 802 11g indoor 1 2 3 4 5 6 7 8 9 10 11 802 11a indoor 36 40 44 48 149 153 157 161 165 802 11g outdoor 1 2 3 4 5 6 7 8 9 10 11 802 11a outdoor 149 153 157 1...

Page 665: ...command show ap group Examples In the example below the output of this command lists the profiles associated with the AP group Corp13 host show ap ap group AP2 AP group corp13 Parameter Value Virtual AP corp13 guest Virtual AP corp13 ether wpa2 Virtual AP corp13 ether voip Virtual AP corp13 ether comm 802 11a radio profile default 802 11g radio profile default Wired AP profile default Ethernet int...

Page 666: ...ted Commands Command Description Mode ap group Configure your AP groups and AP group profiles Config mode Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers ...

Page 667: ... changes over time and the reason why those changes took place host ethersphere lms3 show ap arm history ap name AP 16 Interface wifi0 ARM History Reason Old channel New channel Old Power New Power Last change P 153 153 12 9 3d 14h 56m 48s P 153 153 9 12 3d 13h 44m 7s P 153 153 12 15 3d 13h 23m 5s P 153 153 15 18 3d 13h 16m 32s P 153 153 18 21 3d 11h 42m 42s P 153 153 21 15 3d 8h 16m 12s Interface...

Page 668: ...e Power l OFF Turn off Radio l ON Turn on Radio The Reason key appears at the bottom of the ARM History table Old Channel Channel number used by the AP interface before the ARM change New Channel Channel number used by the AP interface after the ARM change Old Power Power level of the AP interface before the ARM change New Power Power level of the AP interface after the ARM change Last Change Time...

Page 669: ... ap70_1 Interface wifi1 00 1b 2f e6 1c d0 known interfering SNR 1 CH 1 00 19 e3 31 55 f2 known interfering SNR 7 CH 1 00 1f f3 01 4d 3f known interfering SNR 1 CH 1 00 18 39 96 b4 16 known interfering SNR 0 CH 1 00 11 24 ec 49 05 known interfering SNR 0 CH 1 Interface wifi0 00 19 7e 4d 8a 1d known interfering SNR 0 CH 1 00 19 a9 ce 13 90 interfering SNR 0 CH 4 00 19 7e 4d 80 df known interfering S...

Page 670: ...d information for the individual channels being monitored and statistics for each AP interface Use this command verify an AP s RF health or to determine why multiple APs in the same area are on the same channel host show ap arm rf summary ap name ap21 Channel Summary channel retry phy err mac err noise cov idx intf_idx 161 0 0 9 86 0 0 0 0 0 0 1 0 0 0 65 0 0 553 48 0 0 48 0 0 2 81 0 0 71 0 0 0 165...

Page 671: ... s neighbors see on the selected channel l Metric value d is the interference the AP s neighbors see on the adjacent channel l To calculate the total Interference Index for a channel add a b c d Interface Name Name of the fastethernet or gigabit Ethernet interface Current ARM Assignment Current channels assigned by the AP s ARM profile Target Coverage Index Ideal value of coverage index an AP trie...

Page 672: ...10 37 host show ap arm scan times ip addr 10 15 10 37 Channel Scan Time channel assign time scans attempted scans rejected dos scans flags timer tick 36 8579 349 0 0 DVACT 50598 40 2365 349 0 0 DVACT 50610 44 2495 349 0 0 DVACT 50621 48 9714 349 0 0 DVACT 50656 52 0 349 0 0 DA 50643 56 0 349 0 0 DA 50655 60 0 348 0 0 DA 50519 64 0 348 0 0 DA 50530 149 5546 348 0 0 DVACT 50542 153 2310 348 0 0 DVAC...

Page 673: ...es an AP enabled with the rogue aware scanning feature had to contain a rogue device on a channel flags The flags column displays additional relevant information about the channel The flags key appears at the bottom of the Channel Scan Time table timer tick Timer tick at which the last scan was attempted last scan channel The last channel scanned by the AP current scan channel The AP s current cha...

Page 674: ...ress in dotted decimal format Usage Guidelines The output of the show ap arm state command shows 802 11a and 802 11g information for all APs Include an AP name or IP address to show data for just a single AP or use the dot11a or dot11g keywords to show data for all APs using that radio type Examples The output of this command shows 802 11a information for all neighboring APs host show ap arm state...

Page 675: ...age AP clients heard in in the AP neighbor client list AP client density 100 l D Density Percentage AP clients heard in the AP neighbor s client list neighbor client density 100 Command History Version Description ArubaOS 3 0 Command introduced ArubaOS 6 1 The neighbor density parameter was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable o...

Page 676: ...AP associations for an Extended Service Set Identifier ESSID An Extended Service Set Identifier ESSID is a alphanumeric name that uniquely identifies a wireless network If the name includes spaces you must enclose the ESSID in quotation marks ip addr ip addr Show AP associations for a specific AP by entering an IP address in dotted decimal format You can also include the essid phy or voip only key...

Page 677: ... bssid The AP Basic Service Set Identifier BSSID mac MAC address of the AP auth This column displays a y if the AP has been configured for 802 11 authorization frame types Otherwise it displays an n assoc This column displays a y if the AP has been configured for 802 11 association frame types Otherwise it displays an n aid 802 11 association ID A client receives a unique 802 11 association ID whe...

Page 678: ...ellPowerConnect W Series ArubaOS 6 2 Reference Guide Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers ...

Page 679: ...ce Set Identifier ESSID An Extended Service Set Identifier ESSID is a alphanumeric name that uniquely identifies a wireless network If the name includes spaces you must enclose the ESSID in quotation marks Examples The output of the command below shows the association table for clients in the AP group group1 show ap association remote ap group group1 Flags W WMM client A Active R RRM client PHY De...

Page 680: ...nterval indicates a listen interval time of 1 second essid Name that uniquely identifies the AP s Extended Service Set Identifier ESSID vlan id Identification number of the AP s VLAN tunnel id Identification number of the AP s tunnel phy The RF band in which the AP should operate g 2 4 GHz a 5 GHz assoc time Amount of time the client has associated with the AP in the format hours minutes seconds n...

Page 681: ...entire AP authorization profile list including profile status and the number of references to each profile Include a profile name to display the authorization group defined for that profile Examples The following example lists all AP authorization profiles The References column lists the number of other profiles with references to that authorization profile and the Profile Status column indicates ...

Page 682: ...emote APs Related Commands Command Description Mode ap authorization profile This command defines a temporary configuration profile for remote APs that are not yet authorized on the network Config mode Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controlle...

Page 683: ...acklisted l user defined User was blacklisted due to blacklist criteria were defined by the network administrator l mitm attack Blacklisted for a man in the middle MITM attack impersonating a valid enterprise AP l ping flood Blacklisted for a ping flood attack l session flood Blacklisted for a session flood attack l syn flood Blacklisted for a syn flood attack l session blacklist User session was ...

Page 684: ...escription Mode stm add blacklist client stm remove blacklist client macaddr Manually add or remove clients from a blacklist Config mode Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers ...

Page 685: ...e slot and port numbers should be separated by a forward slash Usage Guidelines The output of the show ap bss table command shows the Dell AP BSS table for all APs To filter this information and view BSS table data for an individual AP or a specific port and slot number include the ap name bssid essid ip addr or port keywords Example The output of this command shows the BSS table for the seven act...

Page 686: ... EIRP Radio channel used by the AP current effective Isotropic Radiated Power EIRP maximum EIRP cur cl Current number of clients on the AP ap name Name of the AP in t s Number of seconds that an AP has been inactive tot t An AP s total active time in seconds mtu Maximum Transmission Unit MTU size in bytes This value describes the greatest amount of data that can be transferred in one physical fram...

Page 687: ...w report ip addr 192 0 2 170 Bandwidth report for AP AL16 radio 0 Virtual AP Allocated Share Actual Share Offered Load Delivered Load corp1344 guest 0 0 0 kbps 0 kbps corp1344 ethersphere wpa2 0 0 0 kbps 0 kbps Average Throughput 0 kbps Bandwidth report for AP AL16 radio 1 Virtual AP Allocated Share Actual Share Offered Load Delivered Load corp1344 guest 0 0 0 kbps 0 kbps corp1344 ethersphere voip...

Page 688: ... throughput for the Virtual AP in kbps This value may be less than the offered load if the Virtual AP has used all its allocated bandwidth Average Throughput Average throughput for the virtual AP in kbps Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers ...

Page 689: ...he client auth This column displays a y if the AP has been configured for 802 11 authorization frame types Otherwise it displays an n assoc This column displays a y if the AP has been configured for 802 11 association frame types Otherwise it displays an n aid Number of beacons in the 802 11 listen interval There are ten beacons sent per second so a ten beacon listen interval indicates a listen in...

Page 690: ...isplay auth assoc If the client has only been authorized this data column will display auth Reason If the client failed to authenticate this data column lists the reason code for 802 11 authentication failure Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers ...

Page 691: ...displayed in the output of this command show ap config ap group apgroup14 Parameter 802 11g 802 11a Source LMS IP N A N A ap system profile default Backup LMS IP N A N A ap system profile default LMS Preemption Disabled Disabled ap system profile default LMS Hold down Period 600 sec 600 sec ap system profile default Master controller IP address N A N A ap system profile default RF Band g g ap syst...

Page 692: ...255 0 ap system profile default Remote AP DHCP Lease Time 0 days 0 days ap system profile default Heartbeat DSCP 0 0 ap system profile default Session ACL N A N A ap system profile default Image URL N A N A ap system profile default Maintenance Mode Disabled Disabled ap system profile default The output of this command includes the following parameters Parameter Description LMS IP The IPv4 address...

Page 693: ...led SSID When enabled all traffic is re encrypted in the IPsec tunnel When disabled the wireless frame is only encapsulated inside the IPsec tunnel Native VLAN ID Native VLAN for bridge mode virtual APs frames on the native VLAN are not tagged with 802 1q tags SAP MTU Maximum Transmission Unit MTU size in bytes This value describes the greatest amount of data that can be transferred in one physica...

Page 694: ...d as start of DHCP Pool Remote AP DHCP Pool End Shows the IP Address used as end of DHCP Pool Remote AP DHCP Pool Netmask Shows the netmask of DHCP Pool Remote AP DHCP Lease Time Shows the length of leases in days 0 means infinite Remote AP uplink total bandwidth This is the total reserved uplink bandwidth in Kilobits per second Remote AP bw reservation Session ACLs with uplink bandwidth reservati...

Page 695: ...sion power level Advertise 802 11d and 802 11h Capabilities This column reports whether or not the AP will advertise its 802 11d Country Information and 802 11h TPC or Transmit Power Control capabilities TPC Power The transmit power advertised in the TPC IE of beacons and probe responses Range 0 51 dBm Spectrum Load Balancing The Spectrum Load Balancing feature helps optimize network resources by ...

Page 696: ...s defined by the ARM feature Rx sensitivity tuning based channel reuse The channel reuse feature can operate in either of the following three modes static dynamic or disable This feature is disabled by default l Static mode This mode of operation is a coverage based adaptation of the Clear Channel Assessment CCA thresholds In the static mode of operation the CCA is adjusted according to the config...

Page 697: ...agement Frame Throttle Limit Maximum number of management frames that can come from this radio in each throttle interval ARM WIDS Override Shows if Adaptive Radio Management ARM and Wireless IDS functions are enabled or disabled If a radio is configured to operate in Air Monitor mode then these functions are always enabled regardless of this option Protection for 802 11b Clients Displays whether o...

Page 698: ...bled Active Scan Displays whether or not the active scan feature is enabled NOTE This option elicits more information from nearby APs but also creates additional management traffic on the network Active Scan is disabled by default and should not be enabled except under the direct supervision of Dell Support Scanning Shows if scanning is enabled or disabled for this AP If this option is disabled th...

Page 699: ...ew channel Backoff Time After an AP changes channel or power settings it waits for this backoff time interval before it asks for a new channel power setting Error Rate Threshold The minimum percentage of PHY errors and MAC errors in the channel that will trigger a channel change Error Rate Wait Time Minimum time in seconds the error rate on the AP has to exceed its defined error rate threshold bef...

Page 700: ...able Shows if the SSID is enabled or disabled ESSID Name that uniquely identifies the Extended Service Set Identifier SSID Encryption Encryption type used on this AP DTIM Interval Shows the interval in milliseconds between the sending of Delivery Traffic Indication Messages DTIMs in the beacon This is the maximum number of beacon cycles before unacknowledged network broadcasts are flushed Basic Ra...

Page 701: ...ffic DSCP mapping for WMM best effort AC Displays the DSCP value used to map WMM best effort traffic DSCP mapping for WMM background AC Displays the DSCP value used to map WMM background traffic 902il Compatibility Mode Shows if 902 il compatibility mode is enabled or disabled This parameter only needs to be enabled for APs with associated clients using NTT DoCoMo 902iL phones Hide SSID Shows if t...

Page 702: ...d before the client gives up BC MC Rate Optimization Shows if the AP has enabled or disabled scanning of all active stations currently associated to that AP to select the lowest transmission rate for broadcast and multicast frames This option only applies to broadcast and multicast data frames 802 11 management frames are transmitted at the lowest configured rate Rate Optimization for delivering E...

Page 703: ... AP68 and W AP105 only The configured value will be adjusted based on AP capabilities Minimum number of spatial streams usable for STBC transmission Controls the maximum number of spatial streams usable for STBC reception 0 disables STBC reception 1 uses STBC for MCS 0 7 Higher MCS values are not supported Supported on the W AP90 W AP130 series W AP175 series W AP68 and W AP105 only The configured...

Page 704: ...eny access for a virtual AP Mobile IP Shows if IP mobility has been enabled or disabled for the virtual AP HA Discovery on association If enabled home agent discovery is triggered on client association instead of home agent discovery based on traffic from client Mobility on association can speed up roaming and improve connectivity for clients that do not send many uplink packets to trigger mobilit...

Page 705: ...this option is enabled all broadcast ARP requests are converted to unicast and sent directly to the client You can check the status of this option using the show ap active and the show datapath tunnel command If enabled the output will display the letter a in the flags column Band Steering Shows if band steering has been enabled or disabled for a virtual AP ARM s band steering feature encourages d...

Page 706: ... TSPEC Enforcement Period Displays the maximum time for the station to start a call after the TSPEC request VoIP Drop SIP Invite and send status code client Displays the status code sent to the client when a SIP Invite is dropped l 480 Temporary Unavailable l 486 Busy Here l 503 Service Unavailable l none Don t send SIP status code VoIP Drop SIP Invite and send status code server Displays the stat...

Page 707: ...mmand Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap config 707 ...

Page 708: ...S 6 2 Reference Guide show ap coverage holes deprecated show ap coverage holes Description Show information for APs that have detected coverage holes in the wireless network Command History Version Description ArubaOS 2 0 Command introduced ArubaOS 6 1 Command deprecated ...

Page 709: ...tional data columns l Wired MAC Address l Serial l Slot Port l FQLN outdoor Show only APs that have an installation mode set to outdoor page page Display a limited number of APs by entering the number of APs to be displayed in the output of this command sensors Show only RFprotect sensors disconnected Show only disconnected RFprotect sensors sort by Sort the output of this command by a specific da...

Page 710: ...is command Example The output of the command show ap database shows the controller s database of information for APs in the group default The output also includes a description of the flag types that may appear in the Flags column show ap database group default AP Database Name Group AP Type IP Address Status Flags Switch IP 3 125 141112 default 125 192 0 2 12 Up 1h 48m 27s 10 4 97 4 3 125 142113 ...

Page 711: ...y a more general summary overview of the AP registered to a controller use the command show ap database summary Enable and Config modes Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 6 2 The usb parameter was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W...

Page 712: ...t a total of five APs four up and one down AP Database Summary AP Mode Total Up Total Down Total Upgrading Total Rebooting RAP Up RAP Down RAP Upgrading RAP Rebooting Access Points 4 1 0 0 0 0 0 0 Air Monitors 0 0 0 0 0 0 0 0 Wired Access Points 0 0 0 0 0 0 0 0 Mesh Portals 0 0 0 0 0 0 0 0 Mesh Points 0 0 0 0 0 0 0 0 Spectrum Monitors 1 1 0 0 0 0 0 0 Upgrading and Rebooting counts only reflect APs...

Page 713: ... Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap database summary 713 ...

Page 714: ...failure deprecated show ap debug association failure ap name ap name bssid bssid client mac client mac essid essid ip addr ip addr Description Display association failure information that can be used to troubleshoot problems on an AP Command History Platforms Licensing ArubaOS 3 0 Command introduced ArubaOS 5 0 Command deprecated ...

Page 715: ... Filter the AP Config table by port and slot numbers The slot and port numbers should be separated by a forward slash Examples The output of this command shows the AP configuration table for a specific BSSID host show ap debug bss config Dell AP Config Table bss ess vlan ip phy type fw mode max cl rates tx rates preamble mtu status wmm 00 1a 1e 11 24 c2 cera2 66 10 6 1 203 g HT ap tunnel 64 0x3 0x...

Page 716: ...of clients allowed for this BSSID preamble Shows if short preambles are enabled for 802 11b g radios Network performance may be higher when short preamble is enabled In mixed radio environments some 802 11b wireless client stations may experience difficulty associating with the AP using a short preamble MTU Maximum Transmission Unit MTU size in bytes This value describes the greatest amount of dat...

Page 717: ...l Per radio Statistics Transmit specific Statistics Frames Rcvd For TX 4263 Tx Frames Dropped 613 Frames Transmitted 3650 Success With Retry 0 Tx Mgmt Frames 451975 Beacons Transmitted 447712 Tx Probe Responses 4263 Tx Data Frames 0 Multicast Data 0 Tx CTS Frames 0 Dropped After Retry 613 Dropped No Buffer 0 Missed ACKs 613 Long Preamble 4263 Short Preamble 0 Tx EAPOL Frames 0 Tx 6 Mbps 3650 Tx WM...

Page 718: ...ed retry Dropped No Buffer Number of frames dropped because the AP s buffer was full Missed ACKs Number of missed acknowledgements ACKs Long Preamble Number of frames sent with a long preamble Short Preamble Number of frames sent with a short preamble Tx EAPOL Frames Number of Extensible Authentication Protocol over LAN EAPOL frames transmitted Tx 6 Mbps Number of frames transmitted at 6 Mbps Tx 9...

Page 719: ...se ratio for the last received data packet on the secondary control channel 2 This parameter is only displayed for APs operating in 40 Mhz mode Last ACK SNR Signal to noise ratio for the last received ACK packet Last ACK SNR CTL0 Signal to noise ratio for the last received ACK packet on the primary control channel 0 This parameter is only displayed for APs operating in 40 Mhz mode Last ACK SNR CTL...

Page 720: ...f probe requests PS Poll Frames Number of Power Save poll frames Rx 6 Mbps Number of frames received at 6 Mbps Rx 9 Mbps Number of frames received at 9 Mbps Rx 12 Mbps Number of frames received at 12 Mbps Rx 18 Mbps Number of frames received at 18 Mbps Rx 24 Mbps Number of frames received at 24 Mbps Rx 36 Mbps Number of frames received at 36 Mbps Rx 48 Mbps Number of frames received at 48 Mbps Rx ...

Page 721: ...signed 55396 STM SAP Down 19 AP Message 192 STA On Call Message 12164 STA Message 19750 STA SIP authenticate Message 10919 STA Deauthenticate 707 Stat Update V3 441447 VoIP CAC State Announcement 37185 Remote AP State 371330 AP Message Response 164 assoc req 4358 assoc resp 4358 reassoc req 950 reassoc resp 950 disassoc 452 deauth 5117 sapcp 351131 The output of this command includes the following...

Page 722: ... Update V3 For internal use only VoIP CAC State Announcement Number of times a controller announces a call admission control CAC state change to the AP Changes in CAC state could include the ability of call admission controls to accept more or fewer calls than previously configured Remote AP State For internal use only AP Message Response For internal use only assoc req Number of 802 11 associatio...

Page 723: ...obe Responses 0 Tx Data Frames 20 Tx CTS Frames 0 Dropped After Retry 0 Dropped No Buffer 0 Missed ACKs 1 Long Preamble 22 Short Preamble 0 Tx EAPOL Frames 13 Tx 6 Mbps 15 Tx 48 Mbps 5 Tx 54 Mbps 2 Tx WMM VO 15 UAPSD OverflowDrop 0 Receive specific Statistics Last SNR 31 Last SNR CTL0 28 Last SNR CTL1 25 Last SNR CTL2 22 Last ACK SNR 32 Last ACK SNR CTL0 30 Last ACK SNR CTL1 28 Last ACK SNR CTL2 2...

Page 724: ... with a long preamble Short Preamble Number of frames sent with a short preamble Tx EAPOL Frames Number of Extensible Authentication Protocol over LAN EAPOL frames transmitted Tx n Mbps Number of frames transmitted at n Mbps where n is a value between 6 and 300 Tx WMM Number of Wifi Multimedia WMM packets transmitted for the following access categories If the AP has not transmitted packets in a ca...

Page 725: ...ode Last ACK SNR EXT1 Signal to noise ratio for the last received ACK packet on the secondary extension channel 1 This parameter is only displayed for APs operating in 40 Mhz mode Frames Received Number of frames received Rx Data Frames Number of data frames received Null Data Frames Number of null data frames received Rx Mgmt Frames Number of management frames received PS Poll Frames Number of po...

Page 726: ...e signal to noise SNR ratio is acceptable Examples The example below shows part of the AP configuration table for a specific BSSID Additional parameters not displayed are described in the table below host show ap debug client table ap name AP12 MAC ESSID BSSID Assoc_State HT_State AID PS_State UAPSD Tx_Pkts Rx_Pkts PS_Qlen Tx_Retr 00 17 f2 4d 01 e2 wpa2 00 1a 1e 11 5f 11 Associated None 0x1 Awake ...

Page 727: ...this access category this value is 0 l VI If 1 UAPSD is enabled for the Video access category If UAPSD is disabled for this access category this value is 0 l BK If 1 UAPSD is enabled for the Background access category If UAPSD is disabled for this access category this value is 0 l BE If 1 UAPSD is enabled for the Best Effort access category If UAPSD is disabled for this access category this value ...

Page 728: ...ed decimal format Example The output of this command shows how many times each AP has rebooted a hard boot or bootstrapped a soft boot the number of configuration changes sent and acknowledged by that AP and whether or not the AP rebooted due to a kernel crash In this example the output has been divided into multiple sections to better fit on the pages of this document In the actual command line i...

Page 729: ...ootstrapped since AP reboot Bootstraps are also known as soft restarts Total Bootstraps Total number of times the AP bootstrapped since AP image upgrade Reboots Number of times power to the AP cycled off and then on again since image upgrade Reboots also known as hard restarts Crash Indicates whether or not the AP was rebooted due to a kernel crash Use show ap debug crash info to view the crash si...

Page 730: ...n x x x Cavium Networks Version 1 4 0 build 58 4 CVMSEG size 2 cache lines 256 bytes 4 Setting flash physical map for 16MB flash at 0x1ec00000 4 Determined physical RAM map 7 On node 0 totalpages 16384 7 DMA zone 16384 pages LIFO batch 3 7 DMA32 zone 0 pages LIFO batch 0 7 Normal zone 0 pages LIFO batch 0 7 HighMem zone 0 pages LIFO batch 0 4 Primary instruction cache 32kB virtually tagged 4 way 6...

Page 731: ... Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap debug crash info 731 ...

Page 732: ...command shows datapath tunnel parameters for an AP with the IP address 192 0 2 32 host show ap debug datapath 192 0 2 32 Datapath Parameters Table essid encr alg client vlan id tunnel id gre type deny bcast num clients guest Open 63 0x10f6 0x8300 disable 0 voip WPA2 8021X AES 66 0x1103 0x8310 disable 7 corp WPA2 PSK AES 66 0x10f1 0x8320 disable 0 guest Open 63 0x10f7 0x8200 disable 1 wpa2 WPA2 802...

Page 733: ...in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap debug datapath 733 ...

Page 734: ... information for a specific Basic Service Set Identifier BSSID The Basic Service Set Identifier BSSID is usually the AP s MAC address ip addr ip addr Show log information for an AP with a specific IP address by entering an IP address in dotted decimal format Usage Guidelines Use this command to review configuration changes made since the AP was last reset Command History Introduced in ArubaOS 3 0 ...

Page 735: ...ervice Set Identifier BSSID is usually the AP s MAC address ip addr ip addr Show log information for an AP with a specific IP address by entering an IP address in dotted decimal format Usage Guidelines An AP s log files show configuration changes since the AP was last reset Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating s...

Page 736: ...d DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap debug mgmt frames deprecated Description Show traced 802 11 management frames Command History Version Modification ArubaOS 3 0 Command Introduced ArubaOS 5 0 Command deprecated ...

Page 737: ... host show ap debug radio stats ap name AP12 radio 1 RADIO Stats Parameter Value General Per radio Statistics Total Radio Resets 0 Resets Beacon Fail 0 TX Power Changes 5 Channel Changes 2 Radio Band Changes 0 Current Noise Floor 95 11g Protection 0 Transmit specific Statistics Frames Rcvd For TX 2452151 Tx Frames Dropped 1736429 Frames Transmitted 4247212 If you include the advanced option at the...

Page 738: ...idual background noise detected by an AP NOTE Noise seen by an AP is reported as dBm Therefore a noise floor of 100 dBm is smaller lower than a noise floor of 50 dBm For most environments the noise floor should be no greater than 80 dBm Anything larger may indicate an interference problem which is drowning out good signals data in background noise Avail TX Buffers An AP has a set number of buffers...

Page 739: ...an once UAPSD Recv frame for TX The number of frames received for transmission over the air interface using UAPSD UAPSD Ageout Drain The number of time UAPSD queue is drained i e frames are dropped due to ageout UAPSD TX proc comp The number of UAPSD frames that were successfully transmitted UAPSD SP In prog The number of times a trigger frame was received while a Scheduled Period SP was already i...

Page 740: ... sent with a long preamble Short Preamble Number of frames sent with a short preamble Beacon Interrupts Number of broadcast beacons that were interrupted TX Interrupts Number of transmission interrupts FIFO Underrun The number of Receive FIFO overruns Allocated Desc Number of allocated transmit descriptors Freed Desc Number of freed transmit descriptors Tx EAPOL Frames Number of Extensible Authent...

Page 741: ...t SNR EXT2 Signal to noise ratio for the last received ACK packet on the secondary extension channel 2 This parameter is only displayed for APs operating in 40 Mhz mode Last ACK SNR Signal to noise ratio for the last received ACK packet Last ACK SNR CTL0 Signal to noise ratio for the last received ACK packet on the primary control channel 0 This parameter is only displayed for APs operating in 40 ...

Page 742: ...ts received Rx Probe Responses Number of Probe responses received Rx RTS Frames Ready To Send RTS frames received These frames are sent when a computer has data to transmit Rx CTS Frames Clear To Send CTS frames received This type of frame are used to verify that a client is ready to receive information ACK Frames Number of acknowledgement frames received PS Poll Frames Power Save Poll PS Poll fra...

Page 743: ... short preamble received at the specified rate Rx HT number Mbps Number of high throughput packets received at the specified rate Rx WMM BE Number of Wifi Multimedia WMM packets received for the following access categories If the AP has not transmitted packets in a category type this data row will not appear in the output of the command Rx WMM BE Best Effort Rx WMM BK Background Rx WMM VO VoIP Rx ...

Page 744: ...f this command displays configuration information for each interface The example below shows only part of the output for this command Additional parameters not displayed are described in the table below host show ap debug received config ap name AP12 Downloaded Config for WIFI 0 Item Value BSSID LMS IP 10 6 2 250 Master IP 10 100 103 2 Mode AP Mode QBSS Probe Response Allow Access Native VLAN ID 1...

Page 745: ...02 11n features on tare enabled or disabled on the radio Channel Shows the channel number for the AP s 802 11a 802 11n physical layer Beacon Period Shows the time in milliseconds between successive beacon transmissions The beacon advertises the AP s presence identity and radio characteristics to wireless clients Transmit Power Shows the current transmission power level Advertise TPC Capability If ...

Page 746: ...ncy bands or on neither frequency band Honor 40 MHz intolerance Shows if 40 MHz intolerance is enabled or disabled If enabled the radio will stop using the 40 MHz channels if the 40 MHz intolerance indication is received from another AP or station Legacy station workaround Shows if interoperability for misbehaving legacy stations is enabled or disabled Country Code Display the country code for the...

Page 747: ... is enabled or disabled on the AP If this option is enabled the AP is responsible for sending 802 11 probe responses to wireless clients probe requests If this option is disabled then the controller sends the 802 11 probe responses Disable Probe Retry Shows if the AP has enabled or disabled MAC level retries for probe response frames By default this parameter is enabled which mean that MAC level r...

Page 748: ...hernet LAN for remote APs or a combination thereof depending on the destination corporate traffic goes to the controller and Internet access remains local Only 802 1X authentication is supported when configuring bridge or split tunnel mode Band Steering Shows if band steering has been enabled or disabled for a virtual AP ARM s band steering feature encourages dual band capable clients to stay on t...

Page 749: ...the Association Failure Table show below If the Idle time column in the output of this command is a low value reason column will describe why association failed host show ap remote debug association failure ap name AP 65 port3 Association Failure Table MAC Address AP Name BSSID ESSID State Radio Idle Time Reason 00 16 6f 09 54 3e AL29 00 1a 1e 11 6f 00 guest 802 11g 20h 39m 33s Denied AP Going Dow...

Page 750: ... authorized or both authorized and associated with an AP Radio The AP radio type Idle Time Amount of time that the client has been idle in the format hours minutes seconds Reason A brief description of the reason why the client failed to associate Command History Introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode...

Page 751: ...ktout pktdrop pktqd cmn C O H drop Numcl TotCl BWmgmt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 d1 d2 d3 d4 d5 d6 d7 d8 d9 0 0 0 0 0 0 0 0 0 idx tokens last t in out drop q tx t rx t al t rate idx d1 d2 d3 d4 d5 d6 d7 d8 d9 0 0 0 0 0 0 0 0 0 0 VAP station001 pktin pktout pktdrop pktqd cmn C O H drop Numcl TotCl BWmgmt 0 8144 0 0 0 0 0 0 0 0 2 0 2 0 d1 d2 d3 d4 d5 d6 d7 d8 d9 0 0 0 0 0 0 0 0 0 idx tokens last t ...

Page 752: ...ment feature has been enabled Otherwise it displays a 0 d n For internal use only idx Association ID tokens This value represents the credits the station has to transmit tokens last t Number of tokens that were allocated to the station last time token allocation algorithm ran in Number of packets received out Number of packets sent drop Number of dropped packets q Number of queued packets tx t Tot...

Page 753: ...tatistics l Tunnel heartbeat stats l Interface counters l AP uptime l Boot version l MTU discovery l memory usage l LMS information l ARP cache l Kernel slab statistics l Power status l Route table l Interrupts l CPU type l Interface Information l Crash Information l CPU usage statistics The following parameters are included in the output of this command and can help troubleshoot problems on an AP...

Page 754: ...t Information table A large number of reboots can mean that the AP has hardware problems Command History Release Modification ArubaOS 5 0 Crash information parameter was introduced ArubaOS 3 0 Command introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers ...

Page 755: ... no wireless clients are being traced this table will be empty host show ap debug trace addr Trace List MAC Address 00 1a 1e c5 ca b4 00 1a 1e c5 d6 46 00 1a 1e c5 d7 40 00 1a 1e c5 d7 64 00 1a 1e c5 d9 56 00 1a 1e c5 d9 b0 Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers D...

Page 756: ...ormation provisioned on the RAP host show ap debug usb ap name RAP 2 USB Information Parameter Value Manufacturer Pantech Product PANTECH Serial Number Driver ptuml_cdc_ether Vendor ID 106c Product ID 3718 USB Modem State Active USB Uplink RSSI in dBm 73 Supported Network Services CDMA GSM LTE Firmware Version L0290VWB522F 242 ESN Number 990000472325325Current Network Service 4G LTE Command Histor...

Page 757: ...dentifier BSSID is usually the AP s MAC address ip addr ip addr Show data for an AP with the specified IP address ip6 addr ip6 addr Show data for an AP with the specified IPv6 address Examples The example below shows part of the output for the command show ap details ap name ap name host show ap details ap name AP32 AP AL39 Basic Information Item Value AP IP Address 10 6 1 206 LMS IP Address 10 6 ...

Page 758: ...or AP Type AP model Serial Serial number for the AP Wired MAC address MAC address of the wired interface Radio 0 BSSID Basic Service Set Identifier BSSID of the AP s radio 0 This is usually the radio s MAC address Radio 1 BSSID Basic Service Set Identifier BSSID of the AP s radio 1 This is usually the radio s MAC address Enet 1 MAC address MAC address of the AP s Ethernet port AP State Displays th...

Page 759: ...ry Secondary Channel The secondary channel number for the AP The secondary channel is a 20 MHz channel used in conjunction with the primary channel to create a 40 MHz channel for high throughput clients High throughput capable APs use only the primary channel to communicate with 20 MHz clients The secondary channel is used for transmissions with 40 MHz capable high throughput clients EIRP Current ...

Page 760: ...l String The dial string for the USB modem USB Initialization String The initialization string for the USB modem USB TTY device path The TTY device path for the USB modem Mesh Role If the mesh role is none the AP is operating as a thin AP An AP operating as a mesh node can have one of two roles mesh portal or mesh point Installation The type of installation indoor or outdoor The default parameter ...

Page 761: ...disabled by default Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 3 2 Introduced support for mesh parameters additional antenna parameters and AP location parameters ArubaOS 3 4 Introduced support for the following parameters l installation l mesh sae l set ikepsk by addr l usb dev l usb dial l usb init l usb passwd l usb tty l usb type l usb user ArubaOS 5 0 The mesh...

Page 762: ...enet link profile default AP Ethernet Link profile default Parameter Value Speed auto Duplex auto The output of this command includes the following parameters Parameter Description Speed The speed of the Ethernet interface This value can be either 10 Mbps 100 Mbps 1000Mbps 1 Gbps or auto auto negotiated Duplex The duplex mode of the AP s Ethernet interface This value can be either full half or aut...

Page 763: ...he output of this command includes the following information Column Description ESSID An Extended Service Set Identifier ESSID is the identifying name of an 802 11 wireless network APs Number of APs associated with the ESSID VLAN s VLAN IDs of the VLANs for the ESSID Encryption The layer 2 authentication and encryption used on this ESSID to protect access and ensure the privacy of the data transmi...

Page 764: ... Rates Mbps MCS Streams 20 MHz 40 MHz 40 MHz SGI 0 1 6 5 13 5 15 0 1 1 13 0 27 0 30 0 2 1 19 5 40 5 45 0 3 1 26 0 54 0 60 0 4 1 39 0 81 0 90 0 5 1 52 0 108 0 120 0 6 1 58 5 121 5 135 0 7 1 65 0 135 0 150 0 8 2 13 0 27 0 30 0 9 2 26 0 54 0 60 0 10 2 39 0 81 0 90 0 11 2 52 0 108 0 120 0 12 2 78 0 162 0 180 0 13 2 104 0 216 0 240 0 14 2 117 0 243 0 270 0 15 2 130 0 270 0 300 0 The output of this comm...

Page 765: ...ed in ArubaOS 3 3 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap ht rates 765 ...

Page 766: ...rrent running image version as well as the image version stored in the controller s flash memory host show ap image version ip addr 192 0 2 45 Access Points Image Version AP Running Image Version String 10 6 1 200 3 3 2 5 Wed Oct 22 10 46 42 PDT 2008 Flash Image Version String Checksums Image Load Status 3 3 2 5 Wed Oct 22 10 46 42 PDT 2008 Yes 3 0 Done The output of this command includes the foll...

Page 767: ...is status indicates that the controller reset after the upgrade was performed or the upgrade was performed after the AP first registered with the controller Completed The AP was updated after it was registered to the controller and after the controller s last reset If AP shows a status of completed it will also display the time it took it update that AP In progress The AP is currently updating its...

Page 768: ...APs 13 RAPs 2 Remote node APs 0 Tunneled nodes 0 Total APs 0 Remaining AP Capacity Type Number CAPs 3 RAPs 62 The output of this command includes the following information Parameter Description AP Licenses Number of AP licenses currently available on the controller RF Protect Licenses Number of RF Protect licenses currently available on the controller PEF Licenses Number of Policy Enforcement Fire...

Page 769: ...tal 802 11n 120abg Licenses l 802 11n 120abg Licenses Used l Total 802 11n 121abg Licenses l 802 11n 121abg Licenses Used l Total 802 11n 124abg Licenses l 802 11n 124abg Licenses Used l Total 802 11n 125abg Licenses l 802 11n 125abg Licenses Used ArubaOS 6 2 The output of this command was reorganized to reflect updated the newest license scheme Command Information Platforms Licensing Command Mode...

Page 770: ...d below shows that the controller has two LLDP profiles host show ap lldp med network policy profile AP LLDP Profile List Name References Profile Status default 0 video 2 Total 2 The following command displays configuration details for the LLDP profile named default host show ap lldp med network policy profile video AP LLDP Profile new Parameter Value PDU transmission Enabled Reception of LLDP PDU...

Page 771: ... x 30 seconds or 120 seconds Optional TLVs The AP sends the listed optional TLVs in LLDP PDUs 802 1 TLVs The AP sends the listed 802 1 TLVs in LLDP PDUs By default the AP will send all 802 1 TLVs 802 3 TLVs The AP sends the listed 802 3 TLVs in LLDP PDUs By default the AP will send all 802 3 TLVs LLDP MED TLVs Lists the LLDP MED TLVs the AP will send in LLDP PDUs By default the AP will not send an...

Page 772: ...information for two interfaces host show ap lldp counters AP LLDP Counters Updated every 60 seconds AP Interface Received Unknown TLVs Malformed Overflow Transmitted 00 1a 1e ce fb bf bond0 0 0 0 0 68159 00 24 6c c0 00 86 bond0 0 0 0 0 68153 The output of this command includes the following information Parameter Description AP Name of the AP sending or receiving LLDP PDUs Interface Name of the AP ...

Page 773: ...in ArubaOS 6 2 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap lldp counters 773 ...

Page 774: ...tion to display the entire LLDP MED Network policy profile list including profile status and the number of references to each profile Include a profile name to display the configuration settings for that profile Examples The following example lists all LLDP MED Network policy profile profiles The References column lists the number of other profiles with references to that LLDP MED Network policy p...

Page 775: ...cation type if both the same network policies apply to both video and video signaling traffic l voice T he AP services IP telephones and other appliances that support interactive voice services This is the default application type l voice signaling T The AP is part of a network that requires a different policy for voice signaling than for the voice media Do not use this application type if both th...

Page 776: ...d network policy profile DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 777: ...se this command to display information about the AP s LLDP peers By default this command displays LLDP neighbors for the entire list of LLDP interfaces Include a the name of IP address of an AP to display neighbor information only for that one device Examples The output of the command below shows the LLDP neighbor list for an AP named ap12 host show ap lldp neighbors ap name ap12 AP LLDP Neighbors...

Page 778: ...t address of the LLDP neighbor Capabilities This data column can list any of the following data codes to indicate LLDP neighbor capabilities l R Router l B Bridge l A Access Point l P Phone l O Other Command History Command introduced in ArubaOS 6 2 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 779: ...nded Service Set ESS Identifier is the user defined name of an 802 11 wireless network s p The controller slot and port used by the AP in the format slot port The port parameter refers to the network interfaces that are embedded in the front panel of the W 3000 series controller Port numbers start at 0 from the left most position ip IP address of the AP phy One of the following 802 11 types l a l ...

Page 780: ...ow ap load balancing DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers ...

Page 781: ...sh portals host show ap mesh active Mesh Cluster Name meshprofile1 Name Group IP Address BSSID Band Ch EIRP MaxEIRP MTU Enet 0 1 Mesh Role mp1 mp1 10 3 148 245 00 1a 1e 85 c0 30 802 11a 157 19 36 Off Off Point mp2 mp2 10 3 148 250 00 1a 1e 88 11 f0 802 11a 157 19 36 Bridge Bridge Point mp3 mp3 10 3 148 253 00 1a 1e 88 01 f0 802 11a 157 19 36 Bridge Bridge Point mpp mpp125 10 3 148 252 00 1a 1e 88 ...

Page 782: ...ler depending upon their destination l Off Interface is not available for serving clients If an AP has only one wired interface the output of this command will display a dash for the unavailable port Mesh Role An AP operating as a mesh node can have one of two roles mesh portal or mesh point Parent If the AP is operating as a mesh point this parameter displays the name of its parent mesh portal Me...

Page 783: ... meshcluster2 Mesh Cluster profile meshcluster2 Parameter Value Cluster Name company mesh RF Band a Encryption opensystem WPA Hexkey N A WPA Passphrase N A The output of this command includes the following information Parameter Description Cluster Name Name of the mesh cluster using this profile RF band The RF band in which the AP should operate l g 2 4 GHz l a 5 GHz Encryption Data encryption set...

Page 784: ...Guide Command History Introduced in ArubaOS 3 2 Command Information Platforms Licensing Command Mode All platforms This show command is available in the base operating system Commands to configure the mesh feature require the Mesh license Enable or Config mode on master controllers ...

Page 785: ...the total number of counters and in parenthesis the number of requests or responses with high throughput information elements HE IEs host show ap mesh debug counters ap name meshpoint1 Mesh Packet Counters Interface Echo Sent Echo Recv Probe Req Probe Resp Assoc Req Assoc Resp Assoc Fail Link up down Resel Switch Other Parent 68865 68755 24 8 8 HT 3 1 HT 3 1 HT 1 1 0 Child 68913 67373 6 8 2 1 2 0 ...

Page 786: ...association response packets from the interface specified in the Interface parameter This number includes valid responses and fail responses Assoc Fail Number of fail responses received from the interface specified in the Interface parameter Link up down Number of times the link up or link down state has changed Resel Number of times a mesh point attempted to reselect a different mesh portal Switc...

Page 787: ...named mp2 host show ap mesh debug current cluster ap name mp2 AP mp2 Current Cluster Profile default Item Value Cluster Name smettu mesh RF Band a Encryption opensystem WPA Hexkey N A WPA Passphrase The output of this command includes the following information Column Description Cluster Name Name of the mesh cluster using this profile RF band The RF band in which the mesh point or mesh portal oper...

Page 788: ...ce Guide Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms This show command is available in the base operating system Commands to configure the mesh feature require the Mesh license Enable or Config mode on master controllers ...

Page 789: ...in dotted decimal format Usage Guidelines This is an internal technical support command Dell technical support may request that you issue this command to help analyze and troubleshoot problems with your mesh network Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms This show command is available in the base operating system Commands to con...

Page 790: ...entifier BSSID is usually the AP s MAC address ip addr ip addr Show data for an AP with a specific IP address by entering an IP address in dotted decimal format Usage Guidelines This is an internal technical support command Dell technical support may request that you issue this command to help analyze and troubleshoot problems with the hostapd process or your mesh network Command History Introduce...

Page 791: ...st information and page 2 has the oldest If this parameter is omitted this command will display all meshd log information oldest first Usage Guidelines This is an internal technical support command Dell technical support may request that you issue this command to help analyze and troubleshoot problems with the meshd process or your mesh network Command History Release Modification ArubaOS 3 0 Comm...

Page 792: ...c IP address by entering an IP address in dotted decimal format Example The output of the command below shows statistics for the AP s mesh cluster profile and recovery cluster profile host show ap mesh debug provisioned clusters ap name portal2 AP Portal Cluster Profile mesh cluster profile Parameter Value Cluster Name sw ad GB32 RF Band a Encryption opensystem WPA Hexkey N A WPA Passphrase AP Por...

Page 793: ...tion WPA Passphrase The WPA password that generates the preshared key only for mesh cluster profiles using WPA2 with AES encryption Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms This show command is available in the base operating system Commands to configure the mesh feature require the Mesh license Enable or Config mode on master con...

Page 794: ...rofile s status Include the optional profile parameter to show detailed settings for an individual mesh high throughput SSID profile Examples The example below shows the configuration settings for the mesh high throughput radio profile default host show ap mesh ht ssid profile default Mesh High throughput SSID profile default Parameter Value 40 MHz channel usage Enabled BA AMSDU Enable Enabled Hig...

Page 795: ...r of spatial streams usable for STBC transmission 0 disables STBC transmission 1 uses STBC for MCS 0 7 Higher MCS values are not supported Supported on W AP90 series W AP175 series W AP130 series and W AP105 only The configured value will be adjusted based on AP capabilities MPDU Aggregation Shows if the profile enables or disables MAC protocol data unit MPDU aggregation Max received A MPDU size C...

Page 796: ...n parameter was deprecated The following parameters were introduced l Short guard interval in 20 MHz mode l Low density Parity Check l Maximum number of spatial streams usable for STBC reception l Maximum number of spatial streams usable for STBC transmission Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers ...

Page 797: ...face the output appears in a single wide table The Flags column the output of this command indicates the high throughput HT properties of the mesh node In the example below the string HT 40MHzsgi 2ss indicates that the node uses a 40MHz channel with a short guard interval sgi and sends 2 spatial streams ss host show ap mesh neighbors ap name portal Neighbor list MAC Portal Channel Age Hops Cost Re...

Page 798: ... the controller A lower number indicates a better quality path where a higher number indicates a less favorable path e g a path which may be longer or more congested than a path with a lower value For a mesh point the path cost is the sum of the parent path cost the parent node cost the link cost Relation Shows the relationship between the specified AP and the AP on the neighbor list and the amoun...

Page 799: ...odified to include the Rate Tx Rx column Command Information Platforms Licensing Command Mode All platforms This show command is available in the base operating system Commands to configure the mesh feature require the Mesh license Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap mesh neighbors 799 ...

Page 800: ...ing the number of references to each profile and each profile s status Include the optional profile parameter to show detailed settings for an individual mesh radio profile Example The example below shows the configuration settings for the mesh cluster profile default host show ap mesh radio profile default Mesh Radio profile default Parameter Value 802 11a Transmit Rates 6 9 12 18 24 36 48 54 802...

Page 801: ...ept Maximum Hop Count The maximum number of hops allowed between a mesh point and a mesh portal Mesh Private Vlan This parameter is experimental and reserved for future use Mesh High throughput SSID Profile The High throughput SSID Profile associated with this mesh radio profile Mesh Survivability This parameter shows if mesh points and portals can become active even if the controller cannot be re...

Page 802: ...sh node can re send a packet RTS Threshold The packet size sent by mesh nodes Mesh nodes transmitting frames larger than this threshold must issue request to send RTS and wait for other mesh nodes to respond with clear to send CTS to begin transmission This helps prevent mid air collisions Command History Release Modification ArubaOS 3 2 Command Introduced ArubaOS 3 4 The 802 11g Portal channel an...

Page 803: ... into a report file on the controller s flash drive where it can be analyzed for debugging purposes The information in this report includes the output of the following commands l show ap mesh neighbors l show ap mesh debug current cluster l show ap mesh debug provisioned clusters l show ap mesh debug counters l show ap mesh debug forwarding table l show ap mesh debug meshd log l show ap mesh debug...

Page 804: ...ntering the index number of the AP at which command output should start Example An N in the Mesh Role column indicates the node is 11N capable An N beside the parent name in the Parent column indicates that the mesh node s the parent is also 11N capable host show ap mesh topology Mesh Cluster Name sw ad GB32 Name Mesh Role Parent Path Cost Node Cost Link Cost Hop Count RSSI Rate Tx Rx Last Update ...

Page 805: ...to the mesh portal RSSI The Receive Signal Strength Indicator RSSI value displayed in the output of this command represents signal strength as a signal to noise ratio For example a value of 30 would indicate that the power of the received signal is 30 dBm above the signal noise threshold Rate Tx Rx The rate in Mbps that a mesh point transmits and receives at on its uplink Note that the rate inform...

Page 806: ...nel client list Show list of client being monitored containment info Show containment events and counters triggered by the wired containment and wireless containment features configured in the ids general profile The output of this command shows device and target data for wired containment activity a well as data for the following counters Wireless Containment Counters l Last Deauth Timer Tick l D...

Page 807: ...Display the Potential client table The Potential Client table shows the following values l last bssid the Last BSSID to which the client associated l from bssid l to bssid l mt Monitor time the number of timer ticks elapsed since the controller first recognized the client l it Client Idle time expressed as a number of timer ticks routers Show Router MAC Addresses learned The output of this command...

Page 808: ... 00 1a 1e 88 90 40 employee4 6 unknown 80211b g HT 20 disable 3159 0 disable 00 1a 1e 8e 73 e1 guest10 6 unknown 80211b g HT 20 disable 941 0 disable 00 1a 1e 8e 73 e0 emplyee10 6 unknown 80211b g HT 20 disable 910 0 disable 00 1a 1e 8e 73 f0 emplyee10 48 unknown 80211a HT 40 disable 252 0 disable 00 1a 1e 8e 73 f1 guest10 48 unknown 80211a HT 40 disable 252 0 disable 00 1a 1e 8d 5b 30 guest 48 va...

Page 809: ... enabled on the AP Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 3 4 The ap bssid and enet mac parameters were added to the show ap monitor wired mac command ArubaOS 6 1 Added the following parameter to ids state ap name bssid ip addr Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers De...

Page 810: ...Examples The output of the command lists the MAC addresses associated with the Air Monitor BSSID host show ap monitor association ap name ap9 00 1a 1e 11 74 a1 Association Table mac rsta type auth phy type 00 1d d9 01 c4 50 valid yes 80211a 00 17 f2 4d 01 e2 valid yes 80211a 00 1f 3b 8c 28 89 valid yes 80211a 00 1d d9 05 05 d0 valid yes 80211a 00 14 a4 25 72 6d valid yes 80211a 00 19 7d d6 74 8d v...

Page 811: ... ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap monitor association 811 ...

Page 812: ...s IP address in dotted decimal format profile config Show an Air Monitor profile configuration ap radio Show the Air Monitor radio configuration parameters as defined in the AM s 802 11a 802 11b or high throughput radio profiles ap system Show an Air Monitor s system configuration settings as defined in it s AP System profile arm Show an Air Monitor s Adaptive Radio Management ARM settings as defi...

Page 813: ...onitor probe type phy type task channel pkts 00 1a 1e 11 5f 10 enable enable sap 80211a HT 40 tuned 153 496970814 00 1a 1e 11 5f 00 enable enable sap 80211b g HT 20 tuned 6 391278179 Wired Interface mac ip gw ip gw mac status pkts macs gw macs tagged pkts vlan 00 1a 1e c9 15 f0 192 0 2 32 200 192 0 2 32 254 00 0b 86 08 e1 00 enable 101960 2 3 1 03 Global Counters key value Packets Read 888248993 B...

Page 814: ...ss scan Indicates whether or not if active scanning is enabled on this AP monitor Indicates whether the AP radio is currently enabled or disabled probe type This parameter displays one of the following options to show the AP is configured l sap Default AP setting l am AP is configured as an Air Monitor l m portal AP is configured as a Mesh portal l m point AP is configured as a Mesh point task Thi...

Page 815: ...rupt rate seen on the interface in interrupts per second Cur PPI Current interrupt rate seen on the interface in interrupts per second Uptime Number of seconds since the AP was last reset LMS IP IP address of the AP s local controller Master IP IP address of the AP s master controller AP type AP model type Country Code The AP s country code Valid radio channels for your wireless network are based ...

Page 816: ...Bssid BSSID of the radio Type Indicates whether the controller type is master or local Status If up the AP can reach the controller If down the AP cannot reach the controller Last reg The time the AP last registered with the WMS process N reg Number of times the AP has registered with the WMS process Last update The last timer tick time the AP updated the WMS process Next update Interval between t...

Page 817: ...nd Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap monitor debug 817 ...

Page 818: ... is usually the AP s MAC address ip addr ip addr Show data for an AP with a specific IP address by entering its IP address in dotted decimal format mac mac Show data for a specific MAC address by entering the MAC address of a client or AP client mac client mac Show data for a specific client MAC address by entering the MAC address of a client Example The output of the following command shows monit...

Page 819: ...AP s last reset count Number of packets seen on the AP over the interval since the AP s last reset Duration Time over which the AP has measured RSSI values tx The total number of deauthorization frames sent to this MAC address for containment in the interval from the AP s last reset until the current timer tick old tx The total number of deauthorization frames sent to this MAC address for containm...

Page 820: ... only if handoff assist is enabled in the AP s RF Optimization profile ht type This parameter indicates support for the following HT types no No support for high throughput HT 20 Support for 20 Mhz high throughput only HT 40 Support for 40 Mhz high throughput primary channel Primary radio channel sec channel Secondary radio channel gf supported If 1 this AP supports greenfield mode If 0 greenfield...

Page 821: ...cket capture commands used to direct an Dell AP to send packet captures to a client packet capture utility such as Airmagnet Wireshark and so on on a remote client Example show ap packet capture status ap name ap1 Packet Capture Sessions at ap1 IP 10 3 44 167 pcap id filter type intf channel max pkts 1 type eq all interactive 6c f3 7f ba 65 70 153 0 max pkt size num pkts status url target Radio ID...

Page 822: ...he Basic Service Set Identifier BSSID is usually the AP s MAC address ip addr ip addr Show data for an AP with a specific IP address by entering its IP address in dotted decimal format Usage Guidelines Use this command to monitor the configuration profiles in use by an AP or a specific BSSID The output of this command shows the name of each profile type that is associated with the AP or BSSID as w...

Page 823: ...r with the value N A host show ap provisioning ap name AP8 AP mp2 Provisioning Parameters Item Value host config show ap provisioning ap name 00 24 6c c7 d5 c8 AP 00 24 6c c7 d5 c8 Provisioning Parameters Item Value AP Name 00 24 6c c7 d5 c8 AP Group default Location name N A SNMP sysLocation N A Master 10 4 62 9 Gateway N A IPv6 Gateway N A Netmask N A IP Addr N A IPv6 Addr N A IPv6 Prefix 64 DNS...

Page 824: ...teway IP address of the default gateway for the AP Netmask Netmask for the AP s IP address IP Addr IP address for the AP IPv6 The static IP6 address of the AP 6 IPv6 Prefix The prefix of static IPv6 address of the AP Dns IP IP address of the DNS server DNS IPv6 The prefix of static IPv6 address of the AP Domain Name Domain name used by the AP Server Name DNS name of the controller from which the A...

Page 825: ...he dial string for the USB modem This parameter only needs to be specified if the default string is not correct USB Initialization String The initialization string for the USB modem This parameter only needs to be specified if the default string is not correct USB TTY device data path The TTY device path for the USB modem This parameter only needs to be specified if the default path is not correct...

Page 826: ...Ps only The horizontal coverage pattern does not consider the elevation or vertical antenna pattern Antenna tilt angle for 802 11a The angle of the 802 11a 5GHz antenna This parameter can range from between 90 degrees and 0 degrees for downtilt and between 90 degrees and 0 degrees for uptilt Antenna tilt angle for 802 11g The angle of the 802 11g 2 4GHz antenna This parameter can range from betwee...

Page 827: ...o longer displays the sae default setting if the parameter is disabled Only the sae disable option indicates that this parameter is currently in its default disabled state Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap provisioning 827 ...

Page 828: ...ion group defined for that profile Examples The following example lists all AP provisioning profiles The References column lists the number of other profiles with references to that provisioning profile and the Profile Status column indicates whether the profile is predefined User defined AP provisioning profiles will not have an entry in the Profile Status column host show ap provisioning profile...

Page 829: ...o be specified if the default string is not correct USB Initialization String The initialization string for the USB modem This parameter only needs to be specified if the default string is not correct USB TTY device data path The TTY device path for the USB modem This parameter only needs to be specified if the default path is not correct USB TTY device control path The TTY device control path for...

Page 830: ...is feature Usage Guidelines The AP provisioning profile allows you to define a set of provisioning parameters to an AP group These settings can be saved or assigned to an AP group via the command ap group group provisioning profile profile Related Commands Command Description provision ap Change provisioning parameters for an individual AP This command does not save the provisioning parameters set...

Page 831: ...ecified mode access point Show only APs operating as access points air monitor Show only APs operating as air monitors disabled Show only disabled APs ht Show only high throughput APs ht 40mhz Show only 40 Mhz high throughput APs legacy Show only legacy not high throughput APs sap monitor Show only APs operating as SAP monitors sort by Sort the output of this command by a specific data column ap g...

Page 832: ... HT 100 2 0 sw ad ap125 13 default 125 10 3 129 98 Up 14h 49m 36s M 10 3 129 232 AP HT 10 2 5 0 AP HT 100 4 0 sw ad ap65 19 default 65 10 3 129 95 Down 10 3 129 232 Flags U Unprovisioned N Duplicate name G No such group L Unlicensed R Remote AP I Inactive X Maintenance Mode P PPPoE AP B Built in AP S RFprotect Sensor d Disconnected Sensor H Using 802 11n license M Mesh node Y Mesh Recovery The out...

Page 833: ...radios registered to this controller Syntax Parameter Description ap name ap name Allows you to filter radio information by AP name dot11a Allows you to filter 802 11a radio information dot11g Allows you to filter 802 11g radio information ip addr ip addr Allows you to filter radio information by IP address ip6 addr ip addr Allows you to filter radio information by IPv6 address Example The output ...

Page 834: ... 0 0 0 0 0 10 11 11 10 11 11 0 0 0 0 0 0 28 29 5 96 70 4 0 0 0 0 0 0 27 NF Noise Floor dBm U Utilization I Interference TD Time used by data frames TM time used by mgnt frames time used by ctrl frames Total Radios 6 The output of this command includes the following information Parameter Description Name Name of the AP Group Group to which AP radio is assigned AP Type AP model IP Address Radio IP a...

Page 835: ...nd Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap radio summary 835 ...

Page 836: ...he regulatory domain profile and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show ap regulatory domain profile Regulatory Domain profile List Name References Profile Status corp channel profile 8 default 10 channel test 1 This example displays the configuration settings for the profile corp cha...

Page 837: ... These channels are limited to those valid for the country code Valid 802 11g 40MHz channel pair Selected 802 11b g 40 MHz channel pair available for use by an AP using the specified domain profile These channels are limited to those valid for the profile s country code Valid 802 11a 40MHz channel pair Selected 802 11a 40 MHz channel pair available for use by an AP using the specified domain profi...

Page 838: ...ecific IP address Examples Use this command to determine the number of message counters recorded for each counter type seen by the remote AP The output of the command in the example below shows counters for Remote AP State and VoIP CAC State Announcements host show ap remote counters ap name al22 Counters Name Value Remote AP State 62851 VoIP CAC State Announcement 13605 The output of this command...

Page 839: ...ser is connected to an AP and to validate the AP to which is connected Example The output of this command displays information about the remote clients associated with an AP with the IP address 192 0 2 32 host show ap remote debug association ip addr 192 0 2 32 Flags W WMM client A Active R RRM client PHY Details HT High throughput 20 20MHz 40 40MHz n ss n spatial streams Association Table Name bs...

Page 840: ...o a ten beacon listen interval indicates a listen interval time of 1 second essid Name that uniquely identifies the AP s Extended Service Set Identifier ESSID vlan id Identification number of the AP s VLAN tunnel id Identification number of the AP s tunnel phy The RF band in which the AP operates a 5 GHz b g 2 4 GHz assoc time Amount of time the client has associated with the AP in the format hour...

Page 841: ...P with the smallest value of association time is the last AP used by the client Example Use the show ap association bssid command to verify that a user has associated with an AP or to determine last AP to which the client was connected The output of this command in the example below shows the association table for the client with the MAC address 00 13 fd 5c 7c 59 If the flags column in the output ...

Page 842: ...nique 802 11 association ID when it associates to an AP 1 int Number of beacons in the 802 11 listen interval There are ten beacons sent per second so a ten beacon listen interval indicates a listen interval time of 1 second essid Name that uniquely identifies the AP s Extended Service Set Identifier ESSID vlan id Identification number of the AP s VLAN tunnel id Identification number of the AP s t...

Page 843: ...nable enable 00 0b 86 9b e5 60 guest 63 10 6 14 79 g ap tunnel 20 0x2 0x3fe enable 0 enable enable 00 1a 1e 97 e5 41 voip 66 10 6 1 199 g HT ap tunnel 20 0xc 0x14c enable 0 enable enable 00 1a 1e 11 74 a1 voip 66 10 6 1 197 g HT ap tunnel 20 0xc 0x14c enable 0 enable enable 00 1a 1e 11 5f 11 wpa2 65 10 6 1 200 a HT ap tunnel 20 0x150 0xff0 0 enable enable The output of this command includes the fo...

Page 844: ... experience difficulty associating with the AP using a short preamble MTU Maximum Transmission Unit MTU size in bytes This value describes the greatest amount of data that can be transferred in one physical frame status Shows if this BSSID is enabled or disabled wmm Shows if the BSSID has enabled or disabled WMM also known as IEEE 802 11e Enhanced Distribution Coordination Function EDCF WMM provid...

Page 845: ...te 808921 ARM Propagate 590567 ARM Neighbor Assigned 55396 STM SAP Down 19 AP Message 192 STA On Call Message 12164 STA Message 19750 STA SIP authenticate Message 10919 STA Deauthenticate 707 Stat Update V3 441447 VoIP CAC State Announcement 37185 Remote AP State 371330 AP Message Response 164 assoc req 4358 assoc resp 4358 reassoc req 950 reassoc resp 950 disassoc 452 deauth 5117 sapcp 351131 The...

Page 846: ...uthenticate Number of times a station sent a message to an AP to deauthenticate a client Stat Update V3 For internal use only VoIP CAC State Announcement Number of times a controller announces a call admission control CAC state change to the AP Changes in CAC state could include the ability of call admission controls to accept more or fewer calls than previously configured Remote AP State For inte...

Page 847: ...tion Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap remote debug client mgmt counters 847 ...

Page 848: ...ts IP address in dotted decimal format acls Display ACLs of offline Virtual APs VAPs vap vap Display the configuration of a specific offline VAP by entering the name of an VAP vaps Display the current number of offline VAPs Example The output of this command can be used to debug problems with a remote AP The command below shows statistics for an AP with the IP address 192 0 2 64 host show ap remot...

Page 849: ...ngth of DHCP DNS leases in days If this parameter displays a zero 0 the DHCP lease is has no defined end Session ACL Name of the ACL applied to the user session Session ACL name Name of the ACL applied to the user session Session ACL count Number of rules in the applied to the user session Session Aces A list of the individual rules in the session ACL ACL 1 This parameter shows the position of an ...

Page 850: ... MAC address of the client count count Limit the amount of information displayed by specifying number of frames to appear in the output of this command Examples Use this command to debug 802 1 authentication on a remote AP The example below shows that a client successfully associated with the remote AP then was later deauthenticated host show ap remote debug mgmt frames ap name AP32 Traced 802 11 ...

Page 851: ... the received signal is 30 dBm above the signal noise threshold Misc Additional information describing the client s action In the case of deauthentication a reason associated with the event will be displayed in this column Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers De...

Page 852: ...MAC address ip addr ip addr Show debugging information for an AP with a specific IP address by entering its IP address in dotted decimal format Examples Use this command to view all the r1 keys that are stored in an AP You can filter the output based on the AP name BSSID or IP address host show ap remote debug r1_key ap name MAcage 105 GL Stored R1 Keys Station MAC Mobility Domain ID Validity Dura...

Page 853: ...ts either of two criteria such as a specified ESSID or channel page number Enter a number from 10 100 inclusive to specify the number of entries that should appear in each page of the output for this command For example if the output of this command has 100 entries and you select a page value of 20 the output will appear in 5 pages each with 20 entries If you selected a page value of 10 the output...

Page 854: ... 03 37 38 no 2010 05 16 17 41 36 2010 05 18 15 06 02 38 38 no 2010 05 16 17 41 36 2010 05 18 15 04 23 37 40 no 2010 05 16 17 41 36 2010 05 18 15 07 32 The output of this command includes the following information Column Description bssid Basic Service Set Identifier for an AP This is usually the AP s MAC address essid Extended service set identifier that names a wireless network spectrum id Identi...

Page 855: ...a desktop or laptop client Config mode on master or local controllers rf dot11g radio profilemodespectrum mode Set a 802 11g radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers Command History Introduced in ArubaOS 6 0 Command Information Platforms Licensing Command Mode All platforms Base ...

Page 856: ...graphs it refers to the ACI caused by Wi Fi transmitters The channel utilization option in the Channel Metrics Chart shows the percentage of the channel utilization due to both ACI and non Wi Fi interfering devices Unlike the ACI shown in the show ap spectrum interference power output the ACI shown in this graph indicates the percentage of channel time that is occupied by ACI or unavailable for Wi...

Page 857: ...urrent noise floor and the duty cycle for non Wi Fi devices on that channel Availability The percentage of the channel currently available for use Utilization The percentage of the channel being used WiFi Util The percentage of the channel currently being used by wifi devices Interference Util The percentage of the channel currently being used by non Wi Fi interference wifi ACI Adjacent Channel In...

Page 858: ...Set a 802 11a radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers rf dot11g radio profilemodespectrum mode Set a 802 11g radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers Command H...

Page 859: ... SNIR SNIR is the ratio of signal strength to the combined levels of interference and noise on that channel This value is calculated by determining the maximum noise floor and interference signal levels and then calculating how strong the desired signal is above this maximum NOTE A hybrid AP on a 20 MHz channel will see 40 MHz Wi Fi data as non Wi Fi data Examples The output of the example below s...

Page 860: ...ference signal levels and then calculating how strong the desired signal is above this maximum Related Commands Command Description Mode ap spectrum local override Convert an AP or AM into a spectrum monitor by adding it to the spectrum local override list Config mode on master or local controllers rf dot11a radio profilemodespectrum mode Set a 802 11a radio so the device operates as an spectrum m...

Page 861: ...ormation for a client with a specific MAC address start start Limit the output of this command to clients that with the specified index number or lower limit number Limit the displayed output to the specified number of entries or Use this parameter to display information that meets either or two criteria such as a specified ESSID or channel page number Enter a number from 10 100 inclusive to speci...

Page 862: ...hersphere wpa2 121 149 80211a 00 21 6a 51 e4 30 00 1a 1e 87 c1 91 ethersphere wpa2 164 149 80211a HT 40 00 24 d6 65 a9 e6 00 24 6c 80 48 7a ethersphere voip 222 149 80211a HT 40 signal dBm add time last seen 71 2010 05 17 09 53 47 2010 05 17 12 36 54 66 2010 05 17 12 01 01 2010 05 17 12 36 42 74 2010 05 17 09 54 59 2010 05 17 12 35 55 79 2010 05 17 10 23 29 2010 05 17 12 37 28 66 2010 05 17 10 17 ...

Page 863: ... Set a 802 11a radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers rf dot11g radio profilemodespectrum mode Set a 802 11g radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers Command ...

Page 864: ...p name Name of the spectrum monitor for which you want to view spectrum information ip addr ip addr IP address of the spectrum monitor for which you want to view spectrum information freq band 2 4ghz 5ghz Save information for a specific radio type either 2 4 GHz or 5 GHz Usage Guidelines Use this command under the supervision of your Dell technical support representative to troubleshoot spectrum a...

Page 865: ...rubaOS 6 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap spectrum debug 865 ...

Page 866: ... FFT duty cycle data fft to controller Save the FFT max average and duty cycle data max Save the maximum FFT power measured for all samples taken over the last second normalized Save normalized FFT information raw Save the raw FFT information received from driver raw normalized Save FFT information received from driver and its normalized FFT Usage Guidelines Use this command under the guidance of ...

Page 867: ...perates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers Command History Introduced in ArubaOS 6 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap spectrum debug...

Page 868: ...otal 2 List of Subscriptions AP name Band Client IP Subscribe Time HTTPD pid Last Data Sent Send Failed ap123 2GHz 10 100 100 67 2010 05 18 03 49 44 PM 1711 1s 0 ap123 5GHz 10 100 100 67 2010 05 18 03 49 51 PM 1711 1s 0 Num Subscriptions 2 Current Time 2010 05 18 03 49 54 PM Message Counters AP name Band FFT Data FFT Duty Cycle Device Info Device Details Devices Seen Channel Info ap123 2GHz 4 4 1 ...

Page 869: ...tes as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers rf dot11g radio profilemodespectrum mode Set a 802 11g radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers Command History Introduced in ArubaOS 6 0 Comman...

Page 870: ...pport representative to troubleshoot spectrum analysis errors Related Commands Command Description Mode ap spectrum local override Convert an AP or AM into a spectrum monitor by adding it to the spectrum local override list Config mode on master or local controllers rf dot11a radio profilemodespectrum mode Set a 802 11a radio so the device operates as an spectrum monitor and can send spectrum anal...

Page 871: ...nsmits on that channel For additional details about non Wi Fi device types shown in this table see Non Wi Fi Interferers on page 874 NOTE This chart is not available for W AP120 series or W AP68 access points A hybrid AP on a 20 MHz channel will see 40 MHz Wi Fi data as non Wi Fi data Examples The output of this command shows that video devices sent a signal on channels 153 and 157 during 99 of th...

Page 872: ...io so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers rf dot11g radio profilemodespectrum mode Set a 802 11g radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers Command History Introduced...

Page 873: ...ectrum devices cordless base fh View information for frequency hopping cordless phone bases seen by the spectrum device cordless phone ff View information for frequency hopping cordless phones seen by the spectrum device cordless network fh View information for frequency hopping cordless network devices seen by the spectrum device generic ff View information for generic fixed frequency devices see...

Page 874: ...rdless phone base units transmit periodic beacon like frames at all times When the handsets are not transmitting i e no active phone calls the cordless base is classified as Frequency Hopper Cordless Base Frequency Hopper Cordless Network When there is an active phone call and one or more handsets are part of the phone conversation the device is classified as Frequency Hopper Cordless Network Cord...

Page 875: ... Delete time Video 1 5745312 6000 149 76 99 2010 05 16 20 07 08 Video 2 5745312 6000 149 75 99 2010 05 16 20 07 39 2010 05 17 16 50 24 Video 3 5745312 6000 149 74 99 2010 05 16 20 20 25 2010 05 16 20 20 36 Video 4 5745312 6000 149 76 99 2010 05 16 20 32 44 2010 05 16 20 33 07 Video 5 5742031 6000 149 79 99 2010 05 16 20 33 43 2010 05 16 20 33 53 Video 6 5745312 6000 149 75 99 2010 05 16 20 34 08 2...

Page 876: ...ce was first detected Delete time Time at which the device was aged out Related Commands Command Description Mode ap spectrum local override Convert an AP or AM into a spectrum monitor by adding it to the spectrum local override list Config mode on master or local controllers rf dot11a radio profilemodespectrum mode Set a 802 11a radio so the device operates as an spectrum monitor and can send spe...

Page 877: ...OTE This option is available only for 2 4 GHz spectrum devices cordless base fh View information for frequency hopping cordless phone bases seen by the spectrum device cordless phone ff View information for frequency hopping cordless phones seen by the spectrum device cordless network fh View information for frequency hopping cordless network devices seen by the spectrum device generic ff View inf...

Page 878: ...e Type ID Cfreq Bandwidth Channels affected Signal strength Cordless Phone FH 3 5826093 80000 149 157 161 165 49 Duty cycle Add time Update time 5 2010 05 17 10 04 53 2010 05 17 10 04 55 Total 1 Current Time 2010 05 17 10 04 56 The output of this command includes the following information Column Description Type Device type This parameter can be any of the following l audio FF fixed frequency l bl...

Page 879: ...s rf dot11a radio profilemodespectrum mode Set a 802 11a radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers rf dot11g radio profilemodespectrum mode Set a 802 11g radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mo...

Page 880: ...uetooth Show only bluetooth devices NOTE This option is available only for 2 4 GHz spectrum device radios cordless base fh View information for frequency hopping cordless phone bases seen by the spectrum device cordless phone ff View information for frequency hopping cordless phones seen by the spectrum device cordless network fh View information for frequency hopping cordless network devices seen...

Page 881: ...78 5 5773281 Cordless Base FH 1 Deleted 78 5 5747343 Cordless Base FH 2 Added 78 5 5757656 Cordless Base FH 2 Deleted 78 5 5760469 Cordless Base FH 3 Added 80 5 5802813 Cordless Base FH 3 Deleted 80 5 5802813 Cordless Base FH 4 Added 80 5 5770781 Start Freq End Freq Channels Affected Bandwidth 5733281 5813281 153 80000 5707343 5787343 149 153 157 161 165 80000 5717656 5797656 153 80000 5720469 580...

Page 882: ...nds Command Description Mode ap spectrum local override Convert an AP or AM into a spectrum monitor by adding it to the spectrum local override list Config mode on master or local controllers rf dot11a radio profilemodespectrum mode Set a 802 11a radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local cont...

Page 883: ...is command to show the types of devices that the spectrum device can detect on each channel it monitors For additional details about non Wi Fi device types shown in this table see Non Wi Fi Interferers on page 874 Examples The output of this example shows that the spectrum monitor ap123 is able to detect 61wi fi devices on channel 149g host show ap spectrum device summary ap name ap123 freq band 5...

Page 884: ...o so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers rf dot11g radio profilemodespectrum mode Set a 802 11g radio so the device operates as an spectrum monitor and can send spectrum analysis data to a desktop or laptop client Config mode on master or local controllers Command History Introduced ...

Page 885: ... a clean environment the noise floor of a 20 MHz channel will be around 95 dBm and that of a 40 MHz channel will be around 92 dBm Certain types of fixed frequency continuous transmitters such as video bridges fixed frequency phones and wireless cameras typically elevate the noise floor as seen by the Wi Fi radio Other interferers such as the frequency hopping phones Bluetooth and Xbox devices may ...

Page 886: ...ncludes the following information Column Description Channel An 802 11a or 802 11g radio channel Noise Floor dBm Current noise floor recorded on the channel Max AP Signal dBm Power level of the AP on the channel with the highest signal power Max AP SSID SSID of the AP on the channel with the highest signal power Max AP BSSID BSSID of the AP on the channel with the highest signal power ACI dBm Adja...

Page 887: ...n Assignment Clients ap121 1 192 168 151 253 default 1 149 21 3 ap124 1 192 168 151 254 default 1 48 15 3 ap125 1 192 168 151 251 default 1 44 15 2 The output of this command includes the following information Column Description Name Name of an AP IP address AP IP address Domain Name of the spectrum load balancing domain assigned to the AP Assignment Current channel and power assignment for the AP...

Page 888: ...e Value column in the output of this command includes the following information Parameter Description Override Entry Indicates that an AP radio has been added to the local override list Value Radio that has been added to the override list and the band used by that radio Related Commands Command Description Mode ap spectrum local override Convert an AP or AM into a spectrum monitor by adding it to ...

Page 889: ...S 6 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap spectrum local override 889 ...

Page 890: ...89 default 105 A 5GHz 44 Access Point 10 240 16 177 2011 01 21 07 17 57 AM 00 24 6c c7 d6 1c default 93 A 5GHz Spectrum Monitor 10 240 16 177 2011 01 21 07 18 22 AM The output of this command includes the following information Column Description AP name Name of an AP configured as a spectrum monitor or hybrid AP Group Name of the spectrum device s AP group Ap Type the AP model number Phy The radio...

Page 891: ...rmation Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap spectrum monitors 891 ...

Page 892: ...ecific spectrum monitor filename Name of the file to which this data should be saved This file does not have to already exist on the controller the show ap spectrum technical support command will create this file Usage Guidelines Use this command under the supervision of your Dell technical support representative to troubleshoot spectrum analysis issues or errors Command History Introduced in Arub...

Page 893: ...emption Disabled LMS Hold down Period 600 sec Remote AP DHCP Server VLAN N A Remote AP DHCP Server Id 192 168 11 1 Remote AP DHCP Default Router 192 168 11 1 Remote AP DHCP DNS Server N A Remote AP DHCP Pool Start 192 168 11 2 Remote AP DHCP Pool End 192 168 11 254 Remote AP DHCP Pool Netmask 255 255 255 0 Remote AP DHCP Lease Time 0 days Remote AP uplink total bandwidth 0 kbps Remote AP bw reserv...

Page 894: ...an be transferred in one physical frame LMS IP The IP address of the local management switch LMS the Dell controller which is responsible for terminating user traffic from the APs and processing and forwarding the traffic to the wired network NOTE If the LMS IP is blank the access point will remain on the controller that it finds using methods like DNS or DHCP If an IP address is configured for th...

Page 895: ...meter defines the last IP address in the DHCP pool for remote APs Remote AP DHCP PoolNe tmask Configures a DHCP pool for remote APs This is the netmask used for the DHCP pool Remote AP uplink total bandwidth This is the total reserved uplink bandwidth in Kilobits per second Remote AP bw reservation 1Remote AP bw reservation 2Remote AP bw reservation 3 Session ACLs with uplink bandwidth reservation...

Page 896: ...epalive messages After the maximum number of retries the AP either tries the IP address specified by the bkup lms ip if configured or reboots Request Retry Interval Interval in seconds between the first and second retries of AP generated requests If the configured interval is less than 30 seconds the interval for subsequent retries is increased up to 30 seconds Number of IPSEC retries The number o...

Page 897: ...guration was introduced l The mms rtls server parameter was deprecated in ArubaOS 3 3 2 ArubaOS 5 0 The master ip rfprotect server ip and rfprotect bkup server parameters were deprecated ArubaOS 6 0 Added support for the option to set the RF scanning band am scan rf band The keepalive interval parameter was deprecated Command Information Platforms Licensing Command Mode All platforms Base operatin...

Page 898: ...cription name Name of the AP for which you want to view tech support data filename Save the output of this command into a file on the controller with the specified filename Usage Guidelines This is an internal technical support command Dell technical support may request that you issue this command to help analyze and troubleshoot problems with an AP or your wireless network Command History Introdu...

Page 899: ...s network If the name includes spaces you must enclose the ESSID in quotation marks ip addr ip addr Show VLAN data for an AP with a specific IP address by entering an IP address in dotted decimal format Examples The output of this command displays the VLAN Usage table host show ap vlan usage VLAN Usage Table VLAN ID Clients 64 1 65 32 66 44 The output of this command includes the following informa...

Page 900: ...s the configuration parameters for the wired AP profile default host show ap wired ap profile default Wired AP profile default Parameter Value Wired AP enable Disabled Forward mode tunnel Switchport mode access Access mode VLAN 1 Trunk mode native VLAN 1 Trunk mode allowed VLANs 1 4094 Trusted Not Trusted Broadcast Broadcast The output of this command includes the following information Column Desc...

Page 901: ...rt Possible values are Trusted or Not Trusted Broadcast If set to broadcast the wired AP port will forward broadcast traffic If the parameter displays Do Not Broadcast broadcast traffic will not be forwarded Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect ...

Page 902: ...t 4 Predefined editable shutdown 3 Predefined Total 3 The following command displays information for an individual wired port profile host show ap wired port profile default AP wired port profile default Parameter Value Wired AP profile default Ethernet interface link profile default AP LLDP profile default Shut down No Remote AP Backup Enabled AAA Profile N A Time to wait for authentication to su...

Page 903: ...d The AAA profile will be applied when the AP is connected to controller AAA Profile Name of a AAA profile to be used by devices connecting to the AP s wired port Time to wait for authentication to succeed Authentication timeout value in seconds for devices connecting the AP s wired port The supported range is 1 65535 seconds and the default value is 20 seconds Command History This command was int...

Page 904: ...mal format client ip client ip Show wired RAP statistics for a specified client IP address client mac client mac Show wired RAP statistics for a specified client MAC address Example host show ap wired stats ap name rap5wn client mac 00 14 d1 19 3c 0b RAP Wired User Statistics Counter Value Slot 0 Port 1 VLAN 1 TX Packets 78 TX Bytes 7894 RX Packets 37 RX Bytes 5352 TX Broadcast Packets 36 TX Broad...

Page 905: ...tes Number of broadcast bytes sent TX Multicast Packets Number of multicast packets sent TX Multicast Bytes Number of multicast bytes sent Command History Introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ap wired stats 905 ...

Page 906: ...a Show the WMM flow table for a 802 11a radio dot11g Show the WMM flow table for a 802 11g radio Usage Guidelines WMM or Wireless Multimedia Extensions are a subset of the 802 11e standard WMM provides for four different types of traffic classification voice video best effort and background with voice having the highest priority and background the lowest Issue the show ap wmm flow command to view ...

Page 907: ...low Possible values are l normalack l noack l blockack l resack reserved ack Tclas traffic classification element Tclas information includes one of the following classification types the 802 1p priority and IP version ver 4 or ver 6 l type0 Classification based on Ethernet parameters l type1 Classification based on TCP UDP or IP parameters IPv4 or IPv6 l type2 Classification based on based on IEEE...

Page 908: ...4 00 0B 86 02 EE 00 vlan1 The output of this command includes the following parameters Parameter Description Protocol Protocol using ARP Although the controller will most often use ARP to translate IP addresses to Ethernet MAC addresses ARP may also be used for other protocols such as Token Ring FDDI or IEEE 802 11 and for IP over ATM Address IP address of the device Hardware Address MAC address o...

Page 909: ... successfully Feb 5 06 37 20 cli 1239 USER admin 10 3 129 250 COMMAND wlan virtual ap default no vap enable command executed successfully Feb 5 06 37 29 cli 1239 USER admin 10 3 129 250 COMMAND wlan virtual ap mpp a only no vap enable command executed successfully Feb 5 06 46 10 cli 1239 USER admin 10 3 129 250 COMMAND interface gigabitethernet 1 2 port monitor igigabitethernet 1 1 command execute...

Page 910: ... tracebuf count 10 Auth Trace Buffer Feb 5 08 08 29 wpa2 key2 00 09 ef 05 1e b2 00 1a 1e 97 e5 42 119 mic failure Feb 5 08 08 30 wpa2 key1 00 09 ef 05 1e b2 00 1a 1e 97 e5 42 117 Feb 5 08 08 30 wpa2 key2 00 09 ef 05 1e b2 00 1a 1e 97 e5 42 119 mic failure Feb 5 08 08 31 wpa2 key1 00 09 ef 05 1e b2 00 1a 1e 97 e5 42 117 Feb 5 08 08 31 station down 00 09 ef 05 1e b2 00 1a 1e 97 e5 42 Feb 5 08 08 31 ...

Page 911: ...pe of exchange that was made l The direction the packet was sent l The source MAC address l The destination MAC address l BSSID Server Name l The packet number l The packet length l Additional information if available e g username encryption and WPA type or reason for failure Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platform...

Page 912: ...t log in to the controller s command line or browser interfaces Example host show banner This testlab controller is scheduled for maintenance starting Saturday night at 11 p m Related Commands Configure a banner message using the command banner motd Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Con...

Page 913: ...bootConfig File default cfg Boot Partition PARTITION 1 Related Commands Configure boot parameters using the command boot Command History This command was available in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show boot 913 ...

Page 914: ...ellular Profile table The example below shows eight preconfigured cellular profiles host show cellular profile Cellular Profile Table Name Vend Prod Serial Dialer Tty Driver Priority Modeswitch Novatel_U720 1410 2110 evdo_us ttyUSB0 option default Novatel_U727 1410 4100 evdo_us ttyUSB0 option default Kyocera_KPC680 0c88 180a evdo_us ttyUSB0 option default Sierra_Compass_597 1199 0023 evdo_us ttyUS...

Page 915: ...plays the cellular profile priority profiles with the default priority of 100 will display the word default in the Priority column Range 1 to 255 Default 100 Modeswitch One of two USB device modeswitch settings l eject Eject the CDROM device l rezero Send SCSI CDROM rezero command Command History Introduced in ArubaOS 3 4 Command Information Platforms Licensing Command Mode 600 Series Base operati...

Page 916: ...optional summer time parameter to display configured daylight savings time settings The timezone parameter shows the current timezone with its time offset from Greenwich Mean Time Example The output below shows the current time on the controller clock host show clock Thu Feb 5 16 52 28 PST 2009 Related Commands Configure clock settings using the commands clock append clock summer time recurring an...

Page 917: ...tion of the output shows the IP address of each cluster member host config show cluster config Cluster Role Root Cluster IPSEC Controllers Switch IP address of Cluster Members Key 172 21 18 18 172 21 18 19 Related Commands Command Description Mode control plane security Configure the control plane security profile Config mode cluster member ip This command sets the controller as a control plane se...

Page 918: ...uster config DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on cluster member or cluster root controllers ...

Page 919: ...unicate with the cluster root this table will be blank host config show cluster switches SWITCH IP CLUSTER ROLE 172 21 18 18 ROOT In this example the show cluster switches command was issued on a cluster root The Switch IP section of the output shows the IP address of a VLAN on each cluster member that can currently communicate with the cluster root host config show cluster switches SWITCH IP CLUS...

Page 920: ... W Series ArubaOS 6 2 Reference Guide Command History This command was introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on cluster member or cluster root controllers ...

Page 921: ... a single new command may have replaced several older commands host show command mappingCommand Map New Command Old Command show ap active show wlan ap show ap arm neighbors show ap arm neighbors show ap arm rf summary show am rf summary show ap arm scan times show am scan times show ap arm state show wlan arm show ap association show stm association show wlan client show wlan remote client show a...

Page 922: ...command mapping DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 923: ...df012bf3faf1a26a5987a53d78041a4287c0b62cb36a telnet cli telnet soe hostname TechPubs650 clock timezone PST 8 location Building1 floor1 controller config 7 ip NAT pool dynamic srcnat 0 0 0 0 0 0 0 0 ip access list eth validuserethacl permit any netservice svc netbios dgm udp 138 netservice svc snmp trap udp 162 Command History This command was available in ArubaOS 1 0 Command Information Platforms ...

Page 924: ...rs Example The output of this command shows the controller s IP address and VLAN interface ID host show controller ip Switch IP Address 10 168 254 221 Switch IP is configured to be Vlan Interface 1 Command History This command was available in ArubaOS 3 4 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 925: ...witch IPv6 address is from Vlan Interface 1 The output of this command shows the controller s IPv6 address and VLAN interface ID Command History This command is introduced in ArubaOS 6 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show controller i...

Page 926: ... certificate provisioning features are enabled in the control plane security profile and that the controller will send certificates to a range of IP addresses host config show control plane security Control Plane Security Profile Parameter Value Control Plane Security Enabled Auto Cert Provisioning Enabled Auto Cert Allow All Disabled Auto Cert Allowed Addresses 10 1 1 16 10 1 42 55 Related Comman...

Page 927: ... This value is typically set during the controller s initial setup procedure Use this command to determine the country code specified during setup Example The output of this command shows the controller s country model and hardware types host show country Country US Model DellW 650 US Hardware Restricted US Command History This command was available in ArubaOS 1 0 Command Information Platforms Lic...

Page 928: ...cts Contract Id Rate bits second limit 4098 2000000000 newcontract 4097 1000000000 Related Commands Command Description Mode cp bandwidth contract This command configures a bandwidth contract traffic rate which can then be associated with a whitelist session ACL Enable or Config modes firewall cp This command creates a new whitelist ACL and can associate a bandwidth contract with that ACL Enable o...

Page 929: ...em processes host show cpuload user 6 9 system 7 7 idle 85 4 The output of this command includes the following parameters Parameter Description user Percentage of controller CPU resources used by application processes system Percentage of controller CPU resources used by system processes idle Percentage of unused controller CPU resources Command History This command was available in ArubaOS 1 0 Co...

Page 930: ... local ipsec map Crypto Map Template default local master ipsecmap 9999 IKE Version 1 lifetime 300 86400 seconds no volume limit PFS Y N N Transform sets default ml transform Peer gateway 0 0 0 0 Interface VLAN 0 Source network 0 0 0 0 0 0 0 0 Destination network 0 0 0 0 0 0 0 0 Pre Connect Y N N Tunnel Trusted Y N Y Forced NAT T Y N N Crypto Map Template testmap 3 IKE Version 1 lifetime 300 86400...

Page 931: ...output of this command displays the configured IKE version Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show crypto localipsec map 931 ...

Page 932: ...r to clear a crypto ISAKMP state associated with a specific IP address Examples The command show crypto dp sends debug information to CRYTPO logs host show crypto Datapath debug output sent to CRYPTO logs Related Commands Command Description Mode crypto isakmp Use this command to configure Internet Key Exchange IKE parameters for the Internet Security Association and Key Management Protocol ISAKMP...

Page 933: ...ng the command crypto map global map Examples The command show crypto dynamic map shows IPsec dynamic map configuration host show crypto dynamic map Crypto Map Template default dynamicmap 10000 IKE Version 1 lifetime 300 86400 seconds no volume limit PFS Y N N Transform sets default transform Related Commands Command Description Mode crypto dynamic map Use this command to configure a dynamic map C...

Page 934: ...ypto dynamic map DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 935: ...et default transform esp 3des esp sha hmac will negotiate Transport Tunnel Transform set default ml transform esp 3des esp sha hmac will negotiate Transport Tunnel Transform set default boc bm transform esp 3des esp sha hmac will negotiate Transport Tunnel Transform set default cluster transform esp aes256 esp sha hmac will negotiate Transport Tunnel Transform set default 1st ikev2 transform esp a...

Page 936: ...ate Transport Tunnel Transform set name esp aes256 gcm esp sha hmac will negotiate Transport Tunnel Related Commands Command Description Mode crypto ipsec Use this command to configure IPsec parameters Config mode Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or loc...

Page 937: ...l IKE version l encryption and hash algorithms l authentication method l PRF methods l DH group l lifetime settings sa Show the security associations peer peer ip Shows crypto isakmp security associations for this IP stats Show detailed IKE statistics This information can be very useful for troubleshooting problems with ISAKMP Usage Guidelines Use the show crypto isakmp command to ver ISAKMP setti...

Page 938: ...Advanced Encryption Standard 256 bit keys hash algorithm Secure Hash Algorithm 160 authentication method Pre Shared Key Diffie Hellman Group 2 1024 bit lifetime 300 86400 seconds no volume limit Related Commands Command Description Mode crypto isakmp Use this command to configure Internet Key Exchange IKE parameters for the Internet Security Association and Key Management Protocol ISAKMP Config mo...

Page 939: ...onfigured by address server certificate Shows all the IKE server certificates used to authenticate the controller for VPN clients xauth Shows the IKE XAuth configuration for VPN clients Usage Guidelines Use the show crypto local isakmp command to view IKE parameters Examples This example shows sample output for the show crypto local ca certificate show crypto local dpd show crypto local key show c...

Page 940: ...sakmp xauth IKE XAuth Enabled Related Commands Command Description Mode crypto local isakmp ca certificate Use this command to assign the Certificate Authority CA certificate used to authenticate VPN clients Config mode crypto local isakmp ca certificate Use this command to assign a certificate group so you can access multiple types of certificates on the same controller Config mode crypto local i...

Page 941: ...ow crypto local isakmp certificate group command was introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show crypto localisakmp 941 ...

Page 942: ...mmand to show local certificate OCSP signer or responder certificate and CRL data and statistics Syntax Parameter Description CRL Shows the name original filename reference count and expiration status of all CRLs on this controller CRL name ALL Shows the version signature algorithm issuer last update next update and CRL extensions and all other attributes of this CRL CRL name crlnumber Shows the n...

Page 943: ... has the identical sub parameters as those listed under the TrustedCA parameter in this table TrustedCA Shows trusted CA certificate information This certificate can be either a root CA or intermediate CA Dell encourages but does not require an intermediate CA s signing CA to be the controller itself name ALL Shows the version signature algorithm issuer last update next update and CRL extensions a...

Page 944: ... certificate Original Filename Name of the original certificate when it was added to the controller Reference Count Number of RCPs that reference this OCSP responder certificate signer certificate or CRL Expired Shows whether the controller has enabled or disabled client remediation with Sygate on demand agent This example shows the dates for which this OCSP responder certificate is valid host con...

Page 945: ...f the certificate in the controller s internal directory structure Config mode crypto local pkircp name Specifies the certificates that are used to sign OCSP responses for this revocation check point Config mode Command History Version Modification ArubaOS 3 2 Command introduced ArubaOS 6 1 The following parameters were introduced l CRL l Intermediate CA l OCSPResponderCert l OCSPSignerCert l glob...

Page 946: ...lt dynamicmap 10000 IKE Version 1 lifetime 300 86400 seconds no volume limit PFS Y N N Transform sets default transform default aes Crypto Map GLOBAL IKEV2 MAP 10000 ipsec isakmp Crypto Map default local master ipsecmap 9999 ipsec isakmp Crypto Map Template default local master ipsecmap 9999 IKE Version 1 lifetime 300 86400 seconds no volume limit PFS Y N N Transform sets default ml transform Peer...

Page 947: ...output of this command displays the configured IKE version for the map Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show crypto map 947 ...

Page 948: ... 96 85 49 a3 56 63 76 ee 99 82 fe 4b 31 6c 80 25 c4 ed c7 9e 8e 5e 3e a2 1f 90 62 b7 91 69 75 27 e8 29 ba d1 76 3c 0b 14 dd 83 3a 0c 62 f2 2f 49 90 47 f5 2f e6 4e dc c3 06 7e d2 51 29 ec 52 8c 40 26 de ae c6 a0 21 1b ee 46 b1 7a 9b dd 0b 67 44 48 66 19 ec c7 f4 24 bd 28 98 a2 c7 6b fb b6 8e 43 aa c7 22 3a b8 ec 9a 0a 50 c0 29 b7 84 46 70 a5 3f 09 Exponent 65537 0x10001 Attributes a0 00 Signature A...

Page 949: ...0OnNJjuFWlvSB0WPhwvrmCStAe I1xoDO7m mh7tnoYuQ05PeLf208 cExMGOB ovyAaIPAEmB995CuQVZfOSJ7Y hO1BafpE7nAmPt2uYgA END CERTIFICATE REQUEST Related Commands Command Description Mode crypto pki Use this command to generate a certificate signing request CSR for the captive portal feature Enable mode crypto pki import Use this command to import certificates for the captive portal feature Enable mode Command...

Page 950: ...st show database synchronize Last synchronization time Not synchronized since last reboot Periodic synchronization is enabled and runs every 25 minutes Synchronization includes RF plan data Related Commands Command Description Mode database synchronize Show the output of the database synchronize command Enable and Config modes Command History Release Modification ArubaOS 3 0 Command introduced Com...

Page 951: ...maintenance counters message queue counters nat ap name ap name counters ip addr ip address network ingress papi port rap bw resv rap css rap pkt trace rap stats route ap name ap name counters ip addr ip address ipv4 ipv6 table verbose route cache ap name ap name counters ip addr ip address ipv4 ipv6 table verbose services session ap name ap name counters ip addr ip address ipv6 table station coun...

Page 952: ...res and max link length ip addr ip address IP address of the AP Shows MAC address VLAN assigned VLANs destination and flags information table macaddr Displays the current high maximum and total number of bridge table entries for the Dell controller bwm table Shows bandwidth management table entry statistics such as CPU contract Bits sec policed available bytes queued bytes and packets cp bwm Displ...

Page 953: ...ons l Descr failures This is the number of times a packet descriptor was not available and the packet dropped l Dot1QDiscards The number of packets received on a trunk port where the VLAN presented did not match any configured on the controller and the packet dropped l Dot1d Discards Spanning tree is disabled and each BPDU frame is counted and dropped l Denied Frames Frames that are denied by the ...

Page 954: ...counters Displays statistics of messages received by a CPU from other datapath CPUs only CPUs that receive messages and non zero statistics are shown maintenance counters Displays datapath maintenance statistics nat Displays the contents of the datapath NAT entries table It displays NAT pools as configured in the datapath Statistics include pool SITP start SIP end and DIP network ingress Displays ...

Page 955: ... ip address IP address of the AP ipv4 Displays datapath IPv4 routing table ipv6 Displays datapath IPv6 routing table table Displays route table entries such as IP mask gateway cost VLAN and flags verbose Displays all detailed route table entries including IP mask gateway cost VLAN flags Internal VerNum Index route cache Displays datapath route cache table statistics ap name ap name Name of the AP ...

Page 956: ...lues output from this command represent the water marks since the last boot of the controller This is the same value obtainable from the Num Associations output from the show stm connectivity command mac macaddr Hardware address in hexadecimal format tcp Displays contents of the tcp tunnel table This command displays all tcp tunnels that are terminated by the controller app app Name of the applica...

Page 957: ...rrent CPU utilization of all datapath CPUs vlan Displays VLAN table information such as VLAN memberships inside the datapath including L tunnels which tunnel L2 traffic ap name ap name Name of the AP ip addr ip address IP address of AP table Displays VLAN number flag port and datapath VLAN multicast entries vlan mcast Displays the datapath VLAN multicast table ap name ap name Name of the AP ip add...

Page 958: ...nvalid Length 0 IPSec Invalid Head Room 0 IPSec Invalid Protocol 0 PPTP Encryption Failures 0 PPTP Decryption Failures 0 WEP Encryption Failures 0 WEP Decryption Failures 0 WEP No Key not serious 0 TKIP Encryptions 0 TKIP Encryption Failures 0 TKIP Decryptions 0 TKIP Decryption Failures 0 TKIP MIC Failures 0 TKIP Decrypt Bad Counter 0 TKIP P1Key Not Ready 0 Command History Version Description Arub...

Page 959: ...e supervision of Dell technical support ArubaOS 6 2 The firewall agg sess parameter is introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show datapath 959 ...

Page 960: ...destination controller Position Type IP addr Mask Range 1 host 10 16 15 1 user Position Type IP addr Mask Range 1 network 255 255 255 255 0 0 0 0 mswitch Position Type IP addr Mask Range 1 host 10 16 15 1 any Position Type IP addr Mask Range 1 network 0 0 0 0 0 0 0 0 The output of this command includes the following parameters Parameter Description Position Displays the priority position of the al...

Page 961: ...estination in 3 0 Command Information Platforms Licensing Command Mode All platforms You must have a PEFNG license to configure or view a destination Enable or Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show destination 961 ...

Page 962: ...nes Displays the Dialer Group Table with the current dialing parameters Example host show dialer group Dialer Group Table Name Init String Dial String evdo_us ATQ0V1E0 ATDT 777 gsm_us AT CGDCONT 1 IP ISP CINGULAR ATD 99 Command History Introduced in ArubaOS 3 4 Command Information Platforms Licensing Command Mode W 600 series controllers Base operating system Config mode on master and local contro...

Page 963: ...usb SEGATE HJ1235_p1 docs USB directory list Permission Size Time Stamp Directory Name drwxr xr x 0 May 13 09 39 samba The output of this command includes the following parameters Parameter Description Permission Read write and execute permissions for the directory Size Size of the directory Time Stamp Date and time that the directory was last modified Directory Name Name of the directory on the U...

Page 964: ...82 ab a0 10 3 9 220 AP monitor 124 0 0 FORWARD_TUNNEL_80211 default 1 00 1a 1e 82 ab b0 10 3 9 220 AP monitor 124 0 0 FORWARD_TUNNEL_80211 default 1 00 1a 1e 87 ff d1 10 3 9 242 sw pn t2 AP 00 1a 1e c0 7f fc 0 WPA2 PSK AES 0 FORWARD_TUNNEL_80211 default default 1 Num APs 5 The output of this command includes the following parameters Parameter Description MAC The MAC address of the AP IP The IP add...

Page 965: ...ntroduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show dot1x ap table 965 ...

Page 966: ...g AES Keys AP MAC GTK Size Slot 00 1a 1e 87 ff d0 128 Bit 1 00 1a 1e 87 ff d1 128 Bit 1 The output of this command includes the following parameters Parameter Description AP MAC AP MAC address GTK Size Slot GTK The group temporal key Size Size of the AES key Slot Slot number Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platform...

Page 967: ...udes the following parameters Parameter Description AP MAC AP MAC address Key1 Size Slot Key1 The WEP key Size Size of the WEP key Slot Slot number Key12 Size Slot Key2 The WEP key Size Size of the WEP key Slot Slot number Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on mast...

Page 968: ...Key Information AP MAC Key1 Size Key2 Size Key3 Size Key3 Size Num APs 0 The output of this command includes the following parameters Parameter Description AP MAC AP s MAC address Key1 Size WEP key 1 and its size Key2 Size WEP key 2 and its size Key3 Size WEP key 3 and its size Key3 Size WEP key 3 and its size Command History This command was introduced in ArubaOS 3 0 Command Information Platforms...

Page 969: ...s 1 The output of this command includes the following parameters Parameter Description AP MAC AP MAC Address GTK Size Slot GTK The group temporal key Size Size of the AES key Slot Slot number Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers DellPowerConnect...

Page 970: ...s 4 Acl 53 Station Sync Request 9 Sync Response 9 Up 2321 Down 2272 Unknown 72 EAP RX Pkts 4811 Dropped Pkts 4497 TX Pkts 5253 WPA Message 1 2484 Message 2 63 Message 3 63 Message 4 63 Group Message 1 63 Group Message 2 63 Rx Failed 2418 IE Mismatches 4836 Key Exchange Failures 602 WPA2 Message 1 2630 Message 2 13 Message 3 13 Message 4 13 Rx Failed 2079 IE Mismatches 4158 Key Exchange Failures 54...

Page 971: ...Message 1 l Message 2 l Message 3 l Message 4 l Group Message 1 l Group Message 2 l Rx Failed l IE Mismatches l Key Exchange Failures l Number of WPA message 1s sent l Number of WPA message 2s sent l Number of WPA message 3s sent l Number of WPA message 4s sent l Number of WPA group message 1s sent l Number of WPA group message 2s sent l Number of WPA related EAP packets dropped for any reason l N...

Page 972: ...show dot1x counters DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers ...

Page 973: ...ts from station 0 EAP Successes sent 0 EAP Failures sent 0 Station failed to respond 0 Station NAKs 0 Radius pkts to the server 0 Radius pkts from the server 0 Server failed to respond 0 Server rejects 0 WPA WPA2 Key Message1 1 WPA WPA2 Key Message2 1 WPA WPA2 Key Message3 1 WPA WPA2 Key Message4 1 WPA GKey Message1 0 WPA GKey Message2 0 ID of the last EAP request 0 Length of the last EAP request ...

Page 974: ...from the station EAP Successes sent Number of EAP successes sent EAP Failures sent Number of EAP failures sent Station failed to respond Number of times the station failed to respond Station NAKs Number of station negative acknowledgement characters Radius pkts to the server Number of radius packets set to the server Radius pkts from the server Number of radius packets sent from the server Server ...

Page 975: ...gth of the last radius request The length of the last radius request ID of the last radius response The ID of the last radius response Length of the last radius response The length of the last radius response Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers...

Page 976: ... 00 0b 86 8b 68 68 WPA2 AES Explicit Mode EAP PEAP No Station Entries 1 The output of this command includes the following parameters Parameter Description MAC Supplicant MAC address Name Supplicant name Auth Shows if the supplicant authenticated successfully AP MAC AP MAC address Enc Key Type Enc Key Supplicant s encryption key Type Encryption type used by the supplicant Auth Mode Authentication m...

Page 977: ... 46 22 a5 ec 9b fb a6 00 03 7f bf 12 ac zoobar22 00 0b 86 c0 04 88 bb 2d e1 57 e1 b8 9b a2 71 f5 98 ad 61 db 47 e7 The output of this command includes the following parameters Parameter Description MAC Supplicant MAC address Name Supplicant name AP AP MAC address PMKID Station PMKID Command History This command was introduces in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All ...

Page 978: ...26 f8 f5 user1 00 0b 86 8b 68 68 1 0 0 0 0 0 0 Total 2 0 0 0 0 0 0 Station Entries 1 The output of this command includes the following parameters Parameter Description MAC Supplicant MAC address Name Supplicant name AP AP MAC address Auth Succs Number of successful authentications Auth Fails Number of authentication failures Auth Tmout Number of authentication timeouts Re Auths Number of reauthent...

Page 979: ...mation Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show dot1x supplicant info statistics 979 ...

Page 980: ...arty appliances such as anti virus gateways Use this command to view configured ESI server groups Example This example below displays the name of each configured ESI group including its ping definitions and ESI server host show esi groups ESI Group Table Name Tunnel ID Ping Flags Servers anything 0x1042 pingset_1 C 0 cupertino 0x1043 C 0 Flags C Datapath Download complete Related Commands Platform...

Page 981: ... Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show esigroups 981 ...

Page 982: ...re configured into domains to which ESI syslog parser rules are applied Use the show esi parser domains command to show ESI parser domain information Example The ESI Parser Domain table in the example below shows that the controller has two ESI domains and two ESI servers host show esi parser domains ESI Parser Domain Table Domain ESI Servers Peer Controllers corp_domain 172 21 5 50 10 3 132 14 re...

Page 983: ...roduced in ArubaOS 3 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show esiparser 983 ...

Page 984: ...ec Timeout sec Retry Count ID Num Groups ping_att1 5 2 2 0 1 ESIping 5 2 2 1 0 ESIping2 50000 2 2 2 2 The output of this command includes the following information Column Description Name Name of a group of ping settings frequency Specifies the ping frequency in seconds timeout Specifies the ping timeout in seconds retry count Specifies the ping retry count ID ID number assigned to the ping attrib...

Page 985: ...troduced in ArubaOS 2 5 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show esiping 985 ...

Page 986: ...ll ESI servers You can include the name of an ESI group to view servers assigned to just that group or specify a server name to view information for that server only Example This example below displays configuration details for the ESI server name forti_1 host show esi servers server name forti_1 ESI Server Table Name Trusted IP Untrusted IP Trusted s p Untrusted s p Group Mode NAT Port ID forti_1...

Page 987: ...server has not yet been assigned to a group this column will be blank Mode Specifies the ESI server mode of operation bridge nat or route Nat Port Displays the NAT destination TCP UDP port ID ID number assigned to the server when it was first defined Flags This data column displays any flags associated with this server The flag key appears below the ESI Server Table Related Commands Platforms Lice...

Page 988: ...the client Usage Guidelines Use this command to view the hit miss rate of r1 keys cached on an AP before a Fast BSS Transition roaming This counter helps to verify if enough r1 keys are pushed to the neighboring APs Example host show fast roaming r1 efficiency Fast Roaming R1 Key Efficiency Client MAC Hit Miss 00 50 43 21 01 b8 0 0 0 0 Command History This command was introduced in ArubaOS 6 2 Com...

Page 989: ...3 08 97 Authentication Server corp1 supersvr is down 2009 03 02 18 13 08 98 All authentication servers in server group sg auth2 are brought back in service 2009 03 02 18 13 08 99 Authentication Server corp1 supersvr is down 2009 03 02 18 13 08 100 All authentication servers in server group sg auth2 are brought back in service 2009 03 02 18 13 08 101 Authentication Server corp1 supersvr is down 200...

Page 990: ...ervers in server group sg auth2 are brought back in service 2009 03 02 18 13 09 115 Authentication Server corp1 supersvr is down Total number of entries in the queue 23 Related Commands Command Description Mode clear fault id all Manually clear a single fault by specifying the fault ID number or clear all faults by including the all parameter Config mode Command History This command was introduced...

Page 991: ...ing Disabled Session Idle Timeout Disabled Broadcast filter ARP Disabled WMM content enforcement Disabled Session VOIP Timeout Disabled Stateful H 323 Processing Enabled Stateful SCCP Processing Enabled Only allow local subnets in user table Disabled Monitor police CP attacks Disabled Rate limit CP untrusted ucast traffic Enabled 20 Mbps Rate limit CP untrusted mcast traffic Enabled 4 Mbps Rate li...

Page 992: ...itor TCP SYN attack If enabled the controller monitors the number of TCP SYN messages per second If this value exceeds the maximum configured rate the controller will register a denial of service attack Monitor IP sessions attack If enabled the controller monitors the number of TCP sessions requests per second If this value exceeds the maximum configured rate the controller will register a denial ...

Page 993: ... the controller monitors a misbehaving user s inbound traffic rate If this rate is exceeded the controller can register a denial of service attack Rate limit CP untrusted ucast traffic Shows the inbound traffic rate Rate limit CP untrusted mcast traffic Displays the untrusted multicast traffic rate limit Rate limit CP trusted ucast traffic Displays the trusted unicast traffic rate limit Rate limit...

Page 994: ...ssion tunnelFIB Enables session tunnel based forwarding Prevent DHCP Exhaustion If enabled this option checks for DHCP client hardware address against the packet source MAC address This command checks the frame s source MAC against the DHCPv4 client hardware address and drops the packet if it does not match This feature prevents a client from submitting multiple DHCP requests with different hardwa...

Page 995: ...DellPowerConnect W Series ArubaOS 6 2 Reference Guide show firewall 995 ...

Page 996: ...ost show firewall cp CP firewall policies IP Version Source IP Source Mask Protocol Start Port End Port Permit Deny hits contract ipv4 any 6 21 21 Permit 0 test ipv4 10 10 10 10 2 2 2 2 6 8 9 Permit 0 ipv4 2 2 2 2 2 1 1 2 Permit 0 Command History Release Modification ArubaOS 3 4 Command introduced ArubaOS6 2 The IP Version parameter was added Command Information Platforms Licensing Command Mode Al...

Page 997: ...wall visibility as enabled or disabled Example The output of this command shows the status of firewall visibility host show firewall visibility status enabled Command History This command is introduced in ArubaOS 6 2 Command Information Platforms Licensing Command Mode W 3200 W 3400 W 3600 W 6000M3 and W 7200 series controllers This command requires the PEFNG license Config or Enable mode on maste...

Page 998: ...b7ed42 1244 40 up no 172 20 1 205 0 0 0 0 50b80053 31 172 20 1 205 50b800d2 1252 20 up no 172 20 1 206 0 0 0 0 50b80054 31 172 20 1 206 50b800d4 1359 10 up no 172 20 1 210 0 0 0 0 50b79631 0 172 20 1 210 50b796a9 1617 41 up no 172 20 1 216 0 0 0 0 50b80055 0 0 0 0 0 00000000 0 up no 192 169 1 207 0 0 0 0 50b791ef 0 192 169 1 207 50b7920c 1633 20 up no 192 169 1 208 0 0 0 0 50b791e7 0 192 169 1 208...

Page 999: ...ween the LMS and the master controller It can be Yes or No If it is yes then the Msg Len and Attempt fields are set Msg Len The length of the message that the master controller is syncing with the LMS Attempts Number of times the master controller has attempted to sync with the LMS Command History This command is introduced in Dell PowerConnect W Series ArubaOS 6 2 Command Information Platforms Li...

Page 1000: ...l Technical Support Example This example below shows that the gateway health check feature has not been enabled on the controller host show gateway health check Gateway health check not enabled Related Commands Command Description Mode gateway health check disable Disable the gateway health check Config mode Command History This command was introduced in ArubaOS 3 4 Command Information Platforms L...

Page 1001: ...id Count users matching the specified BSSID essid Count users matching the specified ESSID If the ESSID includes spaces you must enclose it in quotation marks ap name Count users matching the specified AP name phy type Count users matching the specified Phy type age Count users matching the specified age Example Issue this command to display a global user count The output shown below is a result o...

Page 1002: ... table count DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Master controller only Base operating system Enable or config mode on master controllers ...

Page 1003: ...e the user is currently associated authentication method Count users matching the specified authentication method role Count users matching the specified role bssid Count users matching the specified BSSID essid Count users matching the specified ESSID If the ESSID includes spaces you must enclose it in quotation marks ap name Count users matching the specified AP name phy type Count users matchin...

Page 1004: ... 4e 45 5e c8 CorpNetwork2 employee 00 02 22 802 1x wlanAP 10 100 105 102 00 14 a5 30 c2 7f fdedhia employee 01 20 09 802 1x AP98 10 100 105 97 00 1b 77 c4 a2 fa CorpNetwork2 employee 00 02 18 802 1x AP98 10 100 105 109 00 21 5c 02 16 bb melindayao employee 00 05 40 802 1x AP09 users Roaming Essid Bssid Phy Profile Associated wirelessint wpa2 00 1a 1e 85 d3 b1 a HT default Associated wirelessint wp...

Page 1005: ...gned to the user tunnel split tunnel decrypt tunnel or bridge Type Type of client device if identified Command History Release Modification ArubaOS 3 4 Command introduced ArubaOS 6 1 The devtype parameter was introduced and the output of this command expanded to include the Type column Command Information Platforms Licensing Command Mode All platforms Master controller only Base operating system E...

Page 1006: ...st access email profile parameters The Parameter and Value columns show the configured SMTP server and SMTP ports that process guest email host show guest access email Guest access Email Profile Parameter Value SMTP Server 10 1 1 4 SMTP Port 25 Related Commands Command Description Mode guest access email This command shows a guest access email profile configuration Enable or Config modes local use...

Page 1007: ...rs spaces punctuation and symbol characters host show hostname hostname is SampleHost Related Commands Configure the controller s hostname using the command hostname Command History This command was available in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Available on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Referenc...

Page 1008: ... c7 c8 c0 01 6 c 764f6038018f2c2765292911e55fedc0c98f86cf79331d890 5 6 UP 10 15 207 20 6 00 24 6c c9 27 c f c2b46b530119844dcbdb55ddb94ff308d1f08ec7cb4eda113 c 0 DOWN 0 0 0 0 d8 c7 c8 c0 b8 d 6 9deb828c0106f4562b50c8141cfa28ad5c1a3f89b3e171efc c 14 DOWN 0 0 0 0 00 1a 1e 08 23 f 4 be5ffcf801eedd92a76b978ceee53f4e2284c8e8f3dbd8445 7 5 DOWN 0 0 0 0 00 24 6c c9 27 c f b5d279460166c39a5fb9462a65559eb91...

Page 1009: ...Key Key for the branch which is unique to each branch Index Index assigned to the branch Status Current status of the branch UP DOWN Inner IP Internal VPN IP of the branch MAC Address MAC address of the Virtual Controller of the branch Command History Introduced in Dell PowerConnect W Series ArubaOS 6 2 DellPowerConnect W Series ArubaOS 6 2 Reference Guide show iap table 1009 ...

Page 1010: ...lassification rule IDS AP Classification Rule Profile List Name References Profile Status exclude ssid rule 1 rule1 1 rule2 1 Total 3 In the example above the Reference column indicates the number of references to the rule named in the Name column The Profile Status column is blank unless the rule is predefined Optionally you can enter a rule name to view the parameters for that rule For example h...

Page 1011: ...on Platforms Licensing Command Mode Available on all platforms Requires the RFprotect license Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ids ap classification rule 1011 ...

Page 1012: ...ofile Parameter Value AP Rule name snr0 AP Rule name rule1 AP Rule name rule2 AP Rule name exclude ssid rule In the above example the rule names in the Value column have been activated by the ids ap rule matching command Command History Release Modification ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode Available on all platforms Requires the RFprotect license ...

Page 1013: ... number of references to the profile named in the Name column The Profile Status column is blank unless the rule is predefined The example below displays a partial output for the profile test1 host config show ids dos profile test1 Parameter Value Detect Disconnect Station Attack true Disconnect STA Assoc Response Theshold 5 Disconnect STA Deauth and Disassoc Theshold 8 Disconnect STA Detection Qu...

Page 1014: ...terval 5 sec RTS Rate Quiet Time 900 sec Detect Rate Anomalies false Rate Thresholds for Assoc Frames default Rate Thresholds for Disassoc Frames default Rate Thresholds for Deauth Frames default For a detailed explanation of the output shown above see the ids dos profile command Related Commands Configure IDS DoS profiles using the command ids dos profile Command History Release Modification Arub...

Page 1015: ... the example above the Reference column indicates the number of references to the profile named in the Name column The Profile Status column is blank unless the rule is predefined The example below displays the settings for the profile Michael host config show ids general profile Michael IDS General Profile Michael Parameter Value Stats Update Interval 60 sec Monitored Device Stats Update Interval...

Page 1016: ...me in seconds after which an AP is aged out Min Potential AP Beacon Rate Minimum beacon rate acceptable from a potential AP in percentage of the advertised beacon interval Min Potential AP Monitor Time Minimum time in seconds a potential AP has to be up before it is classified as a real AP Signature Quiet Time After a signature match is detected the time to wait in seconds to resume checking Wirel...

Page 1017: ...Command Introduced ArubaOS 5 0 Mobility Manager RTLS parameter introduced ArubaOS 6 0 Refreshed show output Command Information Platforms Licensing Command Mode Available on all platforms Requires the RFprotect license Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ids general profile 1017 ...

Page 1018: ...file IDS Impersonation Profile List Name References Profile Status default 4 test 0 test1 1 Wizard test 1 Wizard test2 1 Total 5 In the example above the Reference column indicates the number of references to the profile named in the Name column The Profile Status column is blank unless the rule is predefined The example below displays the configuration settings for the profile test1 host config s...

Page 1019: ...annel Disable detection of beacons advertising the incorrect channel Beacon Wrong Channel Detection Quiet Time Wait 90 seconds after detecting a beacon with the wrong channel after which the check can be resumed Detect Hotspotter Attack Enable detection of the Hotspotter attack to lure away valid clients Hotspotter Quiet Time Wait 90 seconds after detecting an attempt to Use the Hotspotter tool ag...

Page 1020: ...e Parameter Value IDS Event Correlation logs and traps Event Correlation Quiet Time 900 sec The display output of the above command includes Parameter Description IDS Event Correlation Management profile is set for logs and traps Event Correlation Quiet Time The time to wait 900 seconds before the event can be raised again Command History Version Description ArubaOS 6 0 Command Introduced Command ...

Page 1021: ...file Status default 5 test 0 test tarpit 1 test wired lb 0 test1 0 Wizard test 0 Wizard test2 0 Total 7 In the example above the Reference column indicates the number of references to the profile named in the Name column The Profile Status column is blank unless the rule is predefined This example displays the configuration settings for the profile test1 host config show ids profile test1 IDS Prof...

Page 1022: ...applied to an AP or AP group IDS Impersonation profile Name of a IDS Impersonation profile to be applied to an AP or AP group IDS Unauthorized Device profile Name of a IDS Unauthorized Device profile to be applied to an AP or AP group Related Commands Configure the IDS profile using the command ids profile Command History Version Description ArubaOS 3 0 Command Introduced ArubaOS 6 0 Refreshed sho...

Page 1023: ...holds Profile List Name References Profile Status default 20 probe request response thresholds 10 Predefined test 0 Total 3 In the example above the Reference column indicates the number of references to the profile named in the Name column The Profile Status column is blank unless the rule is predefined This example displays the configuration settings for the profile test host config show ids rat...

Page 1024: ... Time in seconds in which the threshold must be exceeded in order to trigger an alarm Node Quiet Time The time that must elapse after a node rate alarm before another identical alarm may be triggered This option prevents excessive messages in the log file Node Threshold Number of a specific type of frame that must be exceeded within a specific interval for a particular client MAC address to trigge...

Page 1025: ...ignature Matching Profile List Name References Profile Status default 4 test1 1 Wizard test 1 Wizard test2 1 Total 4 In the example above the Reference column indicates the number of references to the profile named in the Name column The Profile Status column is blank unless the rule is predefined This example displays the configuration settings for the profile test1 host config show ids signature...

Page 1026: ...he Signature Matching profile using the command ids signature matching profile Command History Version Description ArubaOS 3 0 Command Introduced ArubaOS 6 0 Refreshed show output Command Information Platforms Licensing Command Mode Available on all platforms Requires the RFprotect license Config mode on master controllers ...

Page 1027: ...at the controller has eight configured Signature profiles host show ids signature profile IDS Signature Profile List Name References Profile Status AirJack 1 Predefined ASLEAP 1 Predefined Deauth Broadcast 1 Predefined default 1 Netstumbler Generic 1 Predefined Netstumbler Version 3 3 0x 1 Predefined Null Probe Response 1 Predefined sample 0 Total 8 This example displays the configuration settings...

Page 1028: ...l ssid For beacon probe request and probe response frame types the SSID as either a string or hex pattern l ssid length For beacon probe request and probe response frame types the length in bytes of the SSID payload Pattern at a fixed offset in the payload of an 802 11 frame sequence number Sequence number of the frame src mac Source MAC address in the 802 11 frame header dst mac Source MAC addres...

Page 1029: ... Profile Status default 4 test 0 test1 1 Wizard test 1 Wizard test2 1 Total 5 In the example above the Reference column indicates the number of references to the profile named in the Name column The Profile Status column is blank unless the rule is predefined This example displays the configuration settings for the profile test1 host config show ids unauthorized device profile test1 IDS Unauthoriz...

Page 1030: ... Adhoc Network Using Valid SSID Quiet Time 900 sec Detect Valid Client Misassociation true The output of this command includes the following parameters Parameter Description Detect AdHoc Networks Shows if the profile has enabled or disabled detection of adhoc networks Protect from Adhoc Networks Shows if the profile has enabled or disabled protection from adhoc networks Detect Windows Bridge Shows...

Page 1031: ...e weak and or repeating Detect Misconfigured AP Shows if the profile has enabled or disabled detection of misconfigured APs Protect Misconfigured AP Shows if the profile has enabled or disabled protection of misconfigured APs Detect Valid SSID Misuse Shows if the detect valid SSID minuse is enabled true or disabled false Protect SSID Shows if the profile has enabled or disabled use of SSID by vali...

Page 1032: ...unauthorized device profile Command History Version Description ArubaOS 3 0 Command Introduced ArubaOS 6 0 Refreshed show output Command Information Platforms Licensing Command Mode Available on all platforms Requires the RFprotect license Config mode on master controllers show ids wms general profile show ids wms general profile Description Display general statistics for the wms configuration Syn...

Page 1033: ...tes that an client must unseen by any probes before it is deleted from the database Statistics update Shows the status of the statistics updates in the database Persistent Neighbor APs Shows the status of known AP neighbors Persistent Valid STAs Shows the status of known AP neighbors AP learning Shows the status of learning of non Dell APs Propagate Wired Macs Shows if the controller has enabled o...

Page 1034: ... show ids wms general profile DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 1035: ...the following parameters Parameter Description Partition Partition number and name The default boot partition will display a Default boot notice by the partition name Software Version Version of ArubaOS software running on the partition Build number Build number for the software version Label The label parameter can display additional information for the build By default this value is the software...

Page 1036: ...Description List the Access groups configured on the cellular interface Example host config cell show interface cellular access group Cell Interface session access list 3 is configured Command History Release Modification ArubaOS 5 0 Command introduced Command Information Platforms Licensing Command Mode W 600 series Base operating system Configuration Mode config cell ...

Page 1037: ...85 8243 16771 GE1 3 5247669 47718 8245 16813 GE1 4 26893373267 20838930 8243 16561 GE1 6 539935348 8160008 8139 461 GE1 7 23563612641 15531317 7 336 The output of this command includes the following parameters Parameter Description Port Port number InOctets Number of octets received through the port InUcastPkts Number of unicast packets received through the port InMcastPkts Number of multicast pac...

Page 1038: ...erConnect W Series ArubaOS 6 2 Reference Guide Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers ...

Page 1039: ... Mbps MTU 1500 bytes BW is 100 Mbit Last clearing of show interface counters 15 day 21 hr 34 min 53 sec link status last changed 15 day 21 hr 32 min 16 sec 1122463 packets input 196293018 bytes Received 661896 broadcasts 0 runts 0 giants 0 throttles 0 input error bytes 0 CRC 0 frame 661881 multicast 460567 unicast 191428 packets output 97063150 bytes 0 output errors bytes 0 deferred 0 collisions 0...

Page 1040: ... counters related to the specified port are listed This port is Whether or not this port is trusted POE status of the port is The POE status of the specified port show interface fastethernet 1 0 access group FE 1 0 Port Vlan Session ACL SessionACL Vlan Status The output of this command includes the following parameters Parameter Description SessionACL Session ACL name Vlan VLAN number Status ACL s...

Page 1041: ...de VLAN 1 Default Trunking Vlans Enabled ALL Trunking Vlans Active 1 3 The output of this command includes the following parameters Parameter Description Name Port name Switchport Whether or not switchport is enabled Administrative mode Administrative mode Operational mode Operational mode Administrative Trunking Encapsulation Encapsulation method used for administrative trunking Operational Trunk...

Page 1042: ...1 1 xsec xsec vlan 7 is ACTIVE The output of this command includes the following parameters Parameter Description xsec vlan 7 is ACTIVE This states that xsec is active on the specified port as well as the associated VLAN Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master...

Page 1043: ...ull speed 100 Mbps MTU 1500 bytes BW is 100 Mbit Last clearing of show interface counters 23 day 4 hr 27 min 54 sec link status last changed 15 day 3 hr 15 min 21 sec 2049219 packets input 112651020 bytes Received 911909 broadcasts 0 runts 0 giants 0 throttles 26 input error bytes 0 CRC 0 frame 906926 multicast 1137310 unicast 185897 packets output 58327172 bytes 0 output errors bytes 0 deferred 0...

Page 1044: ...t is trusted POE status of the port is The POE status of the specified port host show interface gigabitethernet 1 0 Port InOctets InUcastPkts InMcastPkts InBcastPkts GE1 0 112670646 1137507 907019 4983 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts GE1 0 58342401 170490 104 15373 The output of this command includes the following parameters Parameter Description Port Port number InOctets Num...

Page 1045: ...Mode VLAN The access mode VLAN for the specified port Trunking Native Mode VLAN The trunking native mode VLAN for the specified port Trunking Vlans Enabled Number of trunking VLANs currently enabled Trunking Vlans Active Number of trunking VLANs currently active host show interface gigabitethernet 1 0 untrusted vlan Name GE1 0 Untrusted Vlan s The output of this command includes the following para...

Page 1046: ...interface gigabitethernet DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers ...

Page 1047: ...mand includes the following parameters Parameter Description loopback interface is Status of the loopback interface line protocol is Status of the line protocol on the specified port Hardware is Hardware interface type address is MAC address of the loopback interface Internet address is IP address and subnet mask of the loopback interface Command History This command was introduced in ArubaOS 3 0 ...

Page 1048: ... 86 F0 36 B1 Description Link Aggregate LACP Spanning Tree is disabled VLAN membership 1 Switchport priority 0 Member port Last clearing of show interface counters 3 day 21 hr 23 min 6 sec link status last changed 3 day 21 hr 23 min 6 sec 0 packets input 0 bytes Received 0 broadcasts 0 runts 0 giants 0 throttles 0 input error bytes 0 CRC 0 frame 0 multicast 0 unicast 0 packets output 0 bytes 0 out...

Page 1049: ...ated to the specified port are listed Port channel 0 is Whether or not this port channel is trusted show interface port channel 0 access group Port Channel 0 Port Vlan Session ACL SessionACL Vlan Status The output of this command includes the following parameters Parameter Description SessionACL Session ACL name Vlan VLAN number Status ACL status show interface port channel 0 counters Port InOctet...

Page 1050: ...l 0 untrusted vlan Name FE1 0 Untrusted Vlan s The output of this command includes the following parameters Parameter Description Name Name of the specified port Untrusted Vlan s List of untrusted VLANs show interface port channel 0 xsec xsec vlan 7 is ACTIVE The output of this command includes the following parameters Parameter Description xsec vlan 7 is ACTIVE This states that xsec is active on ...

Page 1051: ...alue VOIP VLAN 1 DSCP 0 802 1 UP 0 VOIP Mode auto discover The output of this command includes the following information Parameter Description VOIP VLAN The Voice VLAN ID DSCP The DSCP value for the voice VLAN 802 1 UP The 802 11p priority level VOIP Mode The mode of VoIP operation It can be auto discover or static Command History Command introduced in ArubaOS 6 2 Command Information Platforms Lic...

Page 1052: ...nnel keepalive is disabled he output of this command includes the following parameters Parameter Description Tunnel 2000 is Status of the specified tunnel line protocol is Displays the status of the line protocol on the specified tunnel Description Description of the specified interface Internet address is IP address and subnet mask of the specified interface Source IP address of the tunnel s sour...

Page 1053: ...troduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show interface tunnel 1053 ...

Page 1054: ...not set MTU 1500 bytes Last clearing of show interface counters 4 day 0 hr 28 min 58 sec link status last changed 4 day 0 hr 28 min 58 sec Proxy Arp is disabled for the Interface DHCP Option 82 mac and essid are configured on this Interface The output of this command includes the following parameters Parameter Description VLAN1 is Status of the specified VLAN line protocol is Displays the status o...

Page 1055: ...ed Proxy ARP is Status of proxy ARP on the specified interface DHCP Option 82 is Status of DHCP Option 82 If the MAC address and ESSID are configured on this interface Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Re...

Page 1056: ...d 2 FPGA LCCI Rev 0x6 Line Card 2 Switch Chip Broadcom 56308 Rev 0x3 Line Card 2 Mez Card Present Line Card 2 SPOE Present Line Card 2 Sup Card 0 Absent Line Card 2 Sup Card 1 Present Active Line Card 2 Assembly 2000001C Rev 03 00 24FE 2GE Line Card 2 Serial C00000277 Date 02 22 05 Line Card 2 SPOE Assembly 2000020B Rev 01 00 SPOE 2 Line Card 2 SPOE Serial FP0000100 Line Card 2 MEZZ Assembly 20000...

Page 1057: ...mV 3320 mV AMP 2500mV 2480 mV AMP 1800mV 1800 mV AMP 1500mV 1500 mV AMP BCM 1200mV 1200 mV AMP FPGA 1200mV 1 1200 mV AMP FPGA 1200mV 2 1200 mV The output includes the following parameters Parameter Description Supervisor Card Slot Supervisor card slot number Mobility Processor Revision of the image downloaded to the FPGA This can change if a newer image is included in a newer release SC Assembly A...

Page 1058: ...r of the line card in the specified slot Line Card slot number SPOE Assembly Assembly number of SPOE line card in the specified slot Line Card slot number SPOE Serial Serial number of SPOE line card in the specified slot Line Card slot number MEZZ Assembly Assembly number of the mezzanine card in the specified slot Line Card slot number MEZZ Serial Serial number of the mezzanine card in the specif...

Page 1059: ...layed in the right column should match the corresponding value in the left column generally with 5 Command History This command was introduced in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show inventory 1059 ...

Page 1060: ...0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 disk_io 3 0 679 460 7196 219 950 ctxt 135640513 btime 1241728432 processes 357519 The output includes the following parameters Parameter Description cpu The number of jiffies 1 100th o...

Page 1061: ...as introduced in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show iostat 1061 ...

Page 1062: ...d session access list User14 is applied Port Vlan Session ACL SessionACL Vlan Status coltrane 22 configured The output of this command includes the following parameters Parameter Description Session ACL Name of the ACL applied to the interface VLAN If the ACL was applied to a VLAN associated with this port this column will show the VLAN ID Status Shows whether or not the session ACL is configured ...

Page 1063: ...ion Platforms Licensing Command Mode All platforms Base operating system Available in Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ip access group 1063 ...

Page 1064: ...e Type Use Count Roles 200 eth 33 standard allowall session 2 trusted ap default vpn role ap acl session 2 rap_role ap role captiveportal session 4 coltrane logon wizardtest logon test logon logon captiveportal6 session 2 guest logon logon control session 7 ap role coltrane logon wizardtest logon guest stateful test logon logon cplogout session 1 guest default session guest session log https sessi...

Page 1065: ...ist Mirror DisScan ClassifyMedia IPv4 6 6 6 6 6 6 6 The output of this command may include some or all of the following parameters Parameter Description Priority Name of an access control list ACL Source The traffic source which can be one of the following l alias The network resource use the netdestination command to configure aliases use the show netdestination command to see configured aliases ...

Page 1066: ...p Specify the ESI server group configured with the esi group command l opcode Specify the datapath destination ID 0x33 0x34 or 0x82 Do not use this parameter without proper guidance from Dell tunnel Specify the ID of the tunnel configured with the interface tunnel command src nat Perform source NAT on packets Timerange Any defined time range for this rule Log Shows if the rule was configured to ge...

Page 1067: ...ion Platforms Licensing Command Mode All platforms Base operating system Available in Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ip access list 1067 ...

Page 1068: ...he IP address to which captive portal users are automatically directed host show ip cp redirect address Captive Portal redirect Address 10 3 63 11 Related Commands Command Description ip cp redirect address This command configures a redirect address for captive portal Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system ...

Page 1069: ...s 126 Active leases 126 Expired leases 0 Abandoned leases 0 The output of this command includes the following parameters Parameter Description Network Name Range of addresses that the DHCP server may assign to clients Free leases Number of available DHCP leases Expired leases Number of leases that have expired because they have extended past their valid lease period Abandoned leases Number of aban...

Page 1070: ...1070 show ip dhcp DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command History Introduced in ArubaOS 3 0 ...

Page 1071: ... configured Related Commands Command Description ip domain lookup This command enables Domain Name System DNS hostname to address translation ip domain name This command configures the default domain name ip dhcp pool This command configures a DHCP pool on the controller Command History Introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating syst...

Page 1072: ...mation interface vlan vlan Show IGMP interface information proxy group vlan vlan Show IGMP proxy group information for a specific interface proxy mobility group maddr maddr Display the IGMP proxy group information stored for mobile clients which are away from the controller proxy mobiity stats Display the most important messages exchanged between the mobility process and the IGMP proxy proxy stats...

Page 1073: ...enabled or disabled The following example displays the current IGMP configuration settings for the controller host show ip igmp config IGMP Config Name Value robustness variable 2 query interval 125 query response interval 100 startup query interval 31 startup query count 2 last member query interval 10 last member query count 2 version 1 router present timeout 400 The output of this command inclu...

Page 1074: ...e of this parameter is 1 4 of the query interval last member query count Number of group specific queries that the controller sends before assuming that there are no local group members last member query interval Maximum time in seconds that can elapse between group specific query messages version 1 router present timeout Timeout in seconds if the controller detects a version 1 IGM router Related ...

Page 1075: ... MAC address brief Limit the output of this command to show just two lines of data domain name Display subnet VLAN and home agent information for all mobility domains or specify a mobility domain name to view data for that domain only global View the current Mobility Agents global configuration hat Display the Active Home Agent Table host Display a list of Mobile IP hosts host ip Filter the Mobile...

Page 1076: ...ntroller which handles all mobile IP communication with a home agent on behalf of a roaming client home agent Show only mobile IP home agent statistics A home agent for a mobile client is the controller where the client first appears when it joins the mobility domain proxy Show only counters for mobile IP proxy traffic proxy dhcp Show only counters for mobile IP proxy DHCP traffic trail host ip ho...

Page 1077: ...s 9c b7 0d 3f a4 8a 10 15 26 162 test Roaming Status Home Switch Home VLAN Service time 0 days 00 09 05 Home VLAN 3 on network 10 15 26 0 24 DHCP lease for Harsha PC at Fri Apr 27 02 15 49 2012 for 240 secs from 10 15 24 11 The output of this command includes the following parameters Parameter Description mac addr ip addr MAC and IP addresses of the host Roaming Status Displays how long the host h...

Page 1078: ...onfigures the proxy mobile IP module in a mobility enabled controller ip mobile revocation This command configures the frequency at which registration revocation messages are sent ip mobile trail deprecated This command configures the capture of association trail for all devices Command History Command introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Bas...

Page 1079: ...of source NAT addresses in the pool End IP IP address that defines the end of the range of source NAT addresses in the pool DNAT IP Destination NAT IP address if defined Related Commands Command Description ip nat This command configures a pool of IP addresses for network address translation NAT Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Comma...

Page 1080: ...ssue this command without any of the optional parameters described in the table above the show ip ospf command will display general router and area settings for the OSPF host config subif show ip ospf OSPF is currently running with Router ID 123 45 110 200 Number of areas in this router is 1 Area 10 1 1 0 Number of interfaces in this area is 2 Area is totally stub area SPF algorithm executed 0 tim...

Page 1081: ...tails of the designated router ID and interface address Backup Designated Router ID Details of the backup router ID and interface address Timer intervals configured Details of elapse time intervals for Hello Dead Transmit wait and retransmit Neighbor Count Details the number of neighbors and adjacent neighbors Tx Stat Counters and statistics for transmitted data l Hellos Number of transmitted hell...

Page 1082: ...ave different authentication type than the local interface BadAuth Number of received packets where authentication failed BadNeigh Number of received packets which didn t have a valid neighbor BadPckType Number of received packets that have wrong OSPF packet type BadVirtLink Number of received packets that didn t match have a valid virtual link Related Commands Command Description ip ospf Configur...

Page 1083: ...red on the PPPoE access concentrator PPPoE password If this parameter displays the word HIDDEN a PAP password is configured on the PPPoE access concentrator If this parameter is NONE there is no PPOE password configured PPPoE service name PPPoE service name PPPoE VLAN VLAN configured to use PPPoE to obtain an IP address via the command interface vlan id ip address pppoe Command History Introduced ...

Page 1084: ...source interface Show the source address of outgoing RADIUS requests Examples The example below shows the RADIUS client NAS IP address host show ip radius nas ip RADIUS client NAS IP address 10 168 254 221 Related Commands Command Description ip radius This command configures global parameters for configured RADIUS servers Command History Introduced in ArubaOS 3 0 Command Information Platforms Lic...

Page 1085: ...ey are connected host show ip route Codes C connected O OSPF R RIP S static M mgmt U route usable candidate default Gateway of last resort is 10 6 2 254 to network 0 0 0 0 S 0 0 0 0 0 1 0 via 10 6 2 254 C 10 9 2 0 is directly connected VLAN1 C 10 9 3 0 is directly connected VLAN63 C 10 9 4 0 is directly connected VLAN64 C 10 9 5 0 is directly connected VLAN65 C 10 9 6 0 is directly connected VLAN6...

Page 1086: ...route DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Available in Config or Enable mode on master or local controllers ...

Page 1087: ...cs for an AP with a specific IP address Enter the IP address in dotted decimal format Usage Guidelines Issue this command at the request of Dell support to troubleshoot application errors Example The following example shows IPC statistics for the SAPD process on an AP named mpp125 host show ipc statistics app ap sapd ap name mpp125 Local Statistics To application Tx Msg Tx Blk Tx Ret Tx Fail Rx Ac...

Page 1088: ...d Rx Ack Number of received acknowledgements Rx Msg Number of received messages Rx Drop Number of received messages that were dropped Rx Err Number of received messages with errors Tx Ack Number of transmitted acknowledgements Allocated Buffers Number of allocated buffers for IPC messages Static Buffers Number of static buffers for IPC messages Static Buffer Size Size of the static buffer Command ...

Page 1089: ...ust be obtained from Dell support Usage Guidelines Issue this command at the request of Dell support to troubleshoot application errors Command History This command was available in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on local and master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ipc...

Page 1090: ... mobileip Mobile IP l ntp NTP Daemon l ospf OSPF l pim Protocol Independent Multicast l pktfilter Packet Filter l pptp PPTP l profmgr Profile Manager l publisher Publish subscribe service l resolver Resolver l sapm SAPM l snmp SNMP agent l stm Station Management l stm lopri Station Management Low Priority l stm Station Management l syslogd Syslog Manager l userdb User Database Server l wms Wireles...

Page 1091: ...eter Description Tx Msg Number of transmitted messages Tx Blk Number of blocking messages transmitted Tx Ret Number of transmitted messages that were returned Tx Fail Number of failure messages that were transmitted Rx Ack Number of received acknowledgements Rx Msg Number of received messages Rx Drop Number of received messages that were dropped Rx Err Number of received messages with errors Tx Ac...

Page 1092: ...statistics app name DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master or local controllers ...

Page 1093: ...r Description string To view details of a specific ACL brief To view a summary of all IPv6 ACLs Command History Version Modification ArubaOS 3 3 Command introduced ArubaOS 6 1 Command deprecated This command has been replaced by the show ip access list command DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ipv6 access list deprecated 1093 ...

Page 1094: ...ipv6 datapath session counters deprecated show ipv6 datapath session counters Description Displays datapath session table statistics Command History Version Modification ArubaOS 1 0 Command introduced ArubaOS 6 1 Command deprecated This command has been replaced by the show datapath session ipv6 counters command ...

Page 1095: ...ter If specified displays IPv6 datapath session table for that IP address By default displays session table for all IPv6 addresses Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 Command deprecated This command has been replaced by the show datapath session ipv6 table command DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ipv6 datapath session table depr...

Page 1096: ...ide show ipv6 datapath user counters deprecated show ipv6 datapath user counters Description Displays datapath user table statistics Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 Command deprecated This command has been replaced by the show datapath user ipv6 command ...

Page 1097: ... datapath user table entries Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 Command deprecated This command has been replaced by the show datapath user ipv6 command DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ipv6 datapath user table deprecated 1097 ...

Page 1098: ...enial of service attack Monitor TCP SYN attack If enabled the controller monitors the number of TCP SYN messages per second If this value exceeds the maximum configured rate the controller will register a denial of service attack Monitor IPv6 sessions attack If enabled the controller monitors the number of TCP session requests per second If this value exceeds the maximum configured rate the contro...

Page 1099: ... are sent Prohibit IPv6 Spoofing Status on IPv6 spoofing When this option is enabled IP and MAC addresses are checked possible IP spoofing attacks are logged and an SNMP trap is sent Enable IPv6 Stateful Firewall Shows if IPv6 stateful firewall is enabled Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating syst...

Page 1100: ...328 64 loopback up up fe80 b 860f ff61 1328 64 mgmt down down unassigned IPv6 is disabled The following table details the columns and content in the show command Column Description Interface List the interface and interface identification with the IPv6 address and netmask for the interface if configured Status Protocol States the administrative status and the IPv6 status on the interface Enabled u...

Page 1101: ...eter Description robustness variable Denotes the value that is used to calculate the timeout value of an MLD client query interval Denotes the time interval at which the MLD query is sent query response interval Denotes the time interval at which the MLD query response should be received Command History This command was available in ArubaOS 3 3 Command Information Platforms Licensing Command Mode ...

Page 1102: ...escription received total The total number of MLD messages received queries The total number of MLD queries received v1 reports The total number of MLD v1 reports received received leaves The total number of MLD v1 leave messages received received unknown types The total number of unrecognized messages received len errors The total number of error message where the length check has failed checksum...

Page 1103: ...ormation Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ipv6 mld counters 1103 ...

Page 1104: ... group MLD Group Table Group Members The output of this command includes the following parameters Parameter Description Group Name of MLD groups Members Number of members in an MLD group Command History This command was available in ArubaOS 3 3 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master and local controllers ...

Page 1105: ...6 f0 20 20 disabled disabled CP 7 7 7 7 1 255 255 255 0 00 0b 86 f0 20 20 disabled disabled CP 170 192 170 1 1 255 255 255 0 00 0b 86 f0 20 20 disabled disabled CP The output of this command includes the following parameters Parameter Description VLAN Denotes the VLAN ID Addr IP address of the VLAN interface Netmask Network mask of the VLAN interface IP address MAC Address MAC address of VLAN inte...

Page 1106: ...VLAN interface via the ipv6 neighbor command Examples The example below shows the ipv6 neighbors configured on VLAN 1 host show ipv6 neighbors vlan 1 IPv6 Neighbors IPv6 Address Age Link layer Addr State Interface 2cce 205 160 100 fe 00 0b 86 61 13 28 PERMANENT vlan 1 Command History Introduced in ArubaOS 6 1 Command Information Platforms Licensing Command Mode All platforms Base operating system ...

Page 1107: ...tatus IPv6 RA Status VlanId State Prefix es 1 enabled 2001 abcd 1234 dead 64 220 enabled 2200 eab feed 12 64 230 enabled 2300 eab feed 64 7 enabled 2001 470 faca 2 64 2001 470 faca 3 64 2001 470 faca 4 64 Command History Introduced in ArubaOS 6 2 Command Information Platforms Licensing Command Mode All platforms Base operating system Available in Config or Enable mode on master or local controller...

Page 1108: ...switch to which you connect the controller Examples The examples below show the ipv6 address of routers and the VLANs to which they are connected host show ipv6 route Codes C connected O OSPF R RIP S static M mgmt U route usable candidate default Gateway of last resort is 2001 3 to network 128 at cost 1 S 0 1 0 via 2001 3 C 2001 64 is directly connected VLAN1 C 2010 abcd 1234 dead 64 is directly c...

Page 1109: ...user table that are in debug mode essid Displays entries in the IPv6 user table that are associated to the specified ESSID If the ESSID includes spaces you must enclose it in quotation marks internal Displays internal IPv6 users ip Displays IPv6 users that match the specified IPv6 IP address location This value refers to the AP group of the IPv6 client Use the show aaa state ap group to get the AP...

Page 1110: ...rs IP MAC Name Role Age d h m Auth VPN link AP name Roaming Essid Bssid Phy Profile fe80 216 ceff fe2c b485 00 16 ce 2c b4 85 Wing A logon 00 00 06 802 1x 00 0b 86 c1 0e 8c Wireless Wing A 00 0b 86 90 e8 c0 g default dot1x 2003 d81f f9f0 1001 617c 9151 6d25 f754 00 16 ce 2c b4 85 Wing A logon 00 00 06 802 1x 00 0b 86 c1 0e 8c Wireless Wing A 00 0b 86 90 e8 c0 g default dot1x The output of this com...

Page 1111: ...ble in ArubaOS 3 3 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ipv6 user table 1111 ...

Page 1112: ...oints 64 Outdoor Mesh Access Points 64 RF Protect 64 Voice Service Module Unlimited VPN Server Module 512 xSec Module 96 Next Generation Policy Enforcement Firewall Module 64 Advanced Cryptography 2024 Service provider AP 0 RF Protect ENABLED Policy Enforcement Firewall ENABLED Remote APs ENABLED External Services Interface ENABLED Client Integrity Module ENABLED VPN Server ENABLED Wired 802 1X EN...

Page 1113: ...and show license on page 1118 Command History This command was available in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on local and master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show keys 1113 ...

Page 1114: ...ce is requesting fast LACPDUs A Device is in active mode P Device is in passive mode Partner s information Port Flags Pri OperKey State Num Dev Id FE 1 1 SA 1 0x10 0x45 0x5 00 0b 86 51 1e 70 FE 1 2 SA 1 0x10 0x45 0x6 00 0b 86 51 1e 70 When a port in a LAG is misconnected that is the partner device is different than the other ports or the neighborship times out or can not exchange LACPDUs with the ...

Page 1115: ...w interface port channel View information on a specified port channel interface show lacp sys id View the LACP system ID information Command History Release Modification ArubaOS 3 4 1 Command introduced Command Information Platform Licensing Command Mode All Platforms Base operating system Enable and Configuration modes for Master and Local controllers DellPowerConnect W Series ArubaOS 6 2 Referen...

Page 1116: ... 86 40 37 C0 Host show lacp sys id 32768 00 0B 86 40 37 C0 Related Commands Command Description lacp group Enable LACP and configure on the interface lacp port priority Configure the LACP port priority show lacp View the LACP configuration status show interface port channel View information on a specified port channel interface Command History Release Modification ArubaOS 3 4 1 Command introduced ...

Page 1117: ...nu maintenance upload config enabled menu maintenance factory default enabled menu maintenance media eject enabled menu maintenance reload system enabled menu maintenance halt system enabled menu maintenance enabled menu enabled Related Commands Command History Release Modification ArubaOS 6 2 Command introduced Command Information Platforms Licensing Command Mode W 7200 series Base operating syst...

Page 1118: ...g Upgrade 128 21 01 13 GIleLrCX d8lxt3z5 vQC50n60 f31amOxu Rf0uEoTn qXQ 2010 01 21 Never E 124abg Upgrade 128 21 01 22 ldsXG7ik pj HVm4t Qt3541UC 3wzC Efj yn08g HF Dg 2010 01 21 Never E 125abg Upgrade 128 21 01 3 sJvaPL88 gWDdlMpj LZMZ2YKK 2fU8NV6l XIH4wRk8 44I 2010 05 05 Never E RF Protect 512 08 51 57 QtemJpLj Qm5D9WvK 8c9lbaL6 t2nU6 Pj LSNd00FZ tJo 2010 05 05 Never E RF Protect 1024 08 52 07 21...

Page 1119: ...of the display output They are A The license is auto generated E The license if fully enabled R You must reboot your controller to fully enable this license Service Type The license name feature Related Commands To view additional statistics for license key usage use the command show keys Command History Release Modification ArubaOS1 0 Command introduced ArubaOS 3 4 Verbose parameter was deprecate...

Page 1120: ... usage xsec Show Extreme Security xSec user and tunnel license usage Examples The following example displays the user license usage host show license usage user User License Usage Name Value License Limit 2048 License Usage 12 License Available 2036 License Exceeded 0 The AP license usage is displayed below host show license usage acr AP Licenses Type Number AP Licenses 128 RF Protect Licenses 128...

Page 1121: ...Used l Total 802 11n 125abg Licenses l 802 11n 125abg Licenses Used ArubaOS 5 0 Deprecated the option vpn ArubaOS 6 1 Added option for ACR license ArubaOS 6 2 The output of the show license usage ap and show license usage user commands was reorganized to reflect the newest license scheme Command Information Platforms Licensing Command Mode All platforms Base operating system The output of this com...

Page 1122: ...id not properly move to the new table during the upgrade procedure In the example below the command output has been divided into two tables to fit on a single page of this document In the command line interface this output would appear in a single wide table host show local userdb ap AP entry Details Name AP Group AP Name Full Name Authen Username Revoke Text 00 0b 86 c3 58 38 local chuck chuck na...

Page 1123: ...ed via the command local userdb ap modify mac addr mode enable this field is cleared AP_Authenticated This column indicates the authorization status of the AP An AP can either be Authenticated or Provisioned Remote APs that do not support certificated based provisioning will always display a Provisioned status Remote APs that support certificated based provisioning can display either a Authenticat...

Page 1124: ...1124 show local userdb ap DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command History Modification ArubaOS 5 0 Command introduced ...

Page 1125: ...rt offset page page_size parameters to control which guest account records in the database display initially and the number of account records displayed on a page Example This example shows the basic summary of a user accounts in the database host show local userdb guest maximum expiration start 5 page 4 local userdb guest maximum expiration 90 Guest UserSummary Name Password Role E Mail Enabled E...

Page 1126: ...s enabled or disabled the ability to use the HTTP protocol to redirect users to the captive portal page Sponsor Name Shows the sponsor s name Grantor Name Shows the grantor s name User Entries Shows the number of user accounts in the database Related Commands Command Description Mode local userdb add Use this command to configure the parameters displayed in the output of this show command Enable a...

Page 1127: ...this command displays all entries in the whitelist To display only part of the Remote Node Controller whitelist include the start offset parameters to start displaying the Remote Node Controller whitelist at the specified entry value You can also include the optional mac address mac addr parameters to display values for a single Remote Node Controller entry Example This example shows the basic sum...

Page 1128: ...tion Mode remote node profile The remote node profile command lets you create a Remote Node Controller profile Config mode Command History Release Modification ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master and local controllers ...

Page 1129: ...alid for in minutes Use the start offset page page_size parameters to control which user account records in the database display initially and the number of account records displayed on a page Example This example shows the basic summary of a user accounts in the database host show local userdb maximum expiration start 5 page 4 local userdb maximum expiration 90 User Summary Name Password Role E M...

Page 1130: ...nabled or disabled the ability to use the HTTP protocol to redirect users to the captive portal page Sponsor Name Shows the sponsor s name Grantor Name Shows the grantor s name User Entries Shows the number of user accounts in the database Related Commands Command Description Mode local userdb add Use this command to configure the parameters displayed in the output of this show command Enable and ...

Page 1131: ... a user account Paula in the database host show local userdb username Paula User Summary Name Password Role E Mail Enabled Expiry Status Sponsor Name Grantor Name paula guest Yes Inactive admin User Entries 1 Command History Release Modification ArubaOS 3 0 Command introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master an...

Page 1132: ...articular user account in the database Example This example shows the basic summary of a user account Paula in the database host show local userdb username Paula User Summary Name Password Role E Mail Enabled Expiry Status Sponsor Name Grantor Name paula guest Yes Inactive admin User Entries 1 Command History Release Modification ArubaOS 3 0 Command introduced Command Information Platforms Licensi...

Page 1133: ...etween master and local controllers host show localip Local Switches configured by Local Switch IP Switch IP address of the Local Key 0 0 0 0 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show...

Page 1134: ... admin was not found in the database Mar 3 13 26 20 localdb 567 133019 ERRS localdb User admin was not found in the database Mar 3 13 46 54 fpcli USER admin connected from 10 100 100 66 has logged out Mar 3 13 57 53 fpcli USER admin has logged in from 10 100 100 66 Mar 3 13 57 53 localdb 567 133006 ERRS localdb User admin Failed Authentication Mar 3 13 57 53 localdb 567 133006 ERRS localdb User ad...

Page 1135: ...ilable BSSID s Nov 24 20 54 24 KERNEL AP39 10 6 1 21 edev dev_addr 00 1a 1e ca 59 7c Nov 24 20 54 24 KERNEL AP39 10 6 1 21 wifi1 Base BSSID 00 1a 1e 25 97 c0 16 available BSSID s Nov 24 20 54 24 KERNEL AP39 10 6 1 21 edev dev_addr 00 1a 1e ca 59 7c Nov 24 20 54 24 KERNEL AP39 10 6 1 21 H 6 Ethernet Channel Bonding Driver v3 0 1 January 9 2006 Nov 24 20 54 24 KERNEL AP39 10 6 1 21 secure_jack_link_...

Page 1136: ...Broadband Router This command shows the controller s BSSID debug logs Syntax Parameter Description number Start displaying the log output from the specified number of lines from the end of the log all Shows all the BSSID debug logs for the controller Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Av...

Page 1137: ...10 3 49 253 sapd AM 00 0b 86 a2 e7 40 Rogue AP detected with SSID cto dnh blah BSSID 00 0b 86 b5 86 c0 Wired MAC 00 0b 86 02 ee 00 and IP 10 3 49 254 Mar 5 10 40 32 localdb 133019 ERRS localdb User admin was not found in the database Mar 5 10 40 32 localdb 133006 ERRS localdb User admin Failed Authentication Mar 5 10 41 10 sapd 106007 ERRS AP 1 1 1 10 3 49 253 sapd AM 00 0b 86 a2 e7 40 Rogue AP de...

Page 1138: ...1138 show log errorlog DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Available in Enable and Config modes ...

Page 1139: ...in the WLAN must use the same ESSID Syntax Parameter Description number Start displaying the log output from the specified number of lines from the end of the log all Shows all the ESSID debug logs for the controller Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Available in Enable and Config modes...

Page 1140: ... from the end of the log all Shows all the network logs for the controller Example This example shows the controller s recent network log errors host show log network all Feb 17 14 47 14 209801 WARN fpapps Physical link down port 1 1 Feb 17 14 48 04 209801 WARN fpapps Physical link down port 1 1 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Comma...

Page 1141: ...ver Internal user 10 100 100 66 Mar 5 11 53 43 124004 DBUG authmgr Auth server Internal response 1 Mar 5 11 53 43 125027 DBUG aaa mgmt auth admin failure 0 Mar 5 11 53 43 125024 NOTI aaa Authentication Succeeded for User admin Logged in from 10 100 100 66 port 1778 Connecting to 10 3 49 100 port 22 connection type SSH Mar 5 11 53 58 103060 DBUG ike ipc c ipc_get_cfgm_role 2826 Sending REQUEST for ...

Page 1142: ...ending message to Probe IP 10 3 49 253 Msg Type PROBE_RAP_TYPE AP 00 0b 86 b5 87 c2 Type 1 Mar 5 11 55 59 316036 DBUG wms Received New STA Message MAC 00 0b 86 b5 87 c2 Status 0 Mar 5 11 55 59 316032 DBUG wms STA Probe ADD Probe 00 0b 86 a2 e7 40 for STA 00 0b 86 b5 87 c2 Mar 5 11 56 00 399814 DBUG fpapps PoE RAN THRU ITERATION 2 Mar 5 11 56 00 326001 DBUG AP 1 1 1 10 3 49 253 sapd AM am_read_bss_...

Page 1143: ...40 1 1 1 Mar 5 13 40 41 501083 WARN stm Probe request 00 0b 86 cd 1a 00 Invalid Station MAC address from AP 10 3 49 253 00 0b 86 a2 e7 40 1 1 1 Mar 5 13 42 51 501083 WARN stm Probe request 00 0b 86 cd 1a 00 Invalid Station MAC address from AP 10 3 49 253 00 0b 86 a2 e7 40 1 1 1 Mar 5 13 47 03 501083 WARN stm Probe request 00 0b 86 cd 1a 00 Invalid Station MAC address from AP 10 3 49 253 00 0b 86 a...

Page 1144: ...0 0b 86 a2 e7 40 1 1 1 Mar 5 13 58 26 501085 DBUG stm Probe request 00 18 f8 ab 77 a4 AP 10 3 49 253 00 0b 86 a2 e7 40 1 1 1 SSID Mar 5 13 58 26 501090 DBUG stm Probe response 00 18 f8 ab 77 a4 AP 10 3 49 253 00 0b 86 a2 e7 40 1 1 1 SSID Mar 5 13 58 26 501090 DBUG stm Probe response 00 18 f8 ab 77 a4 AP 10 3 49 253 00 0b 86 a2 e7 41 1 1 1 SSID Mar 5 13 58 27 501082 DBUG stm Probe request 00 18 f8 ...

Page 1145: ...4003 WARN AP 1 1 1 10 3 49 253 sapd AM 00 0b 86 a2 e7 40 Interfering AP detected with SSID QA SANJAY OSUWIRELESS and BSSID 00 0b 86 89 f9 40 Mar 5 13 59 44 404003 WARN AP 1 1 1 10 3 49 253 sapd AM 00 0b 86 a2 e7 40 Interfering AP detected with SSID QA SANJAY OSUVOICE and BSSID 00 0b 86 8c fb c0 Mar 5 13 59 44 404003 WARN AP 1 1 1 10 3 49 253 sapd AM 00 0b 86 a2 e7 40 Interfering AP detected with S...

Page 1146: ...dditional data for logging subcategories and processes Usage Guidelines The ArubaOS logging levels follow syslog convention l level 7 Emergency l level 6 Alert l level 5 Critical l level 4 Errors l level 3 Warning l level 2 Notices l level 1 Informational l level 0 Debug The default logging level is leve1 1 You can change this setting via the logging command Example This example below displays def...

Page 1147: ...ddress of the remote logging server as well as facility log types and their associated facility levels Config mode on master and local controllers Command History This command was introduced in ArubaOS 2 5 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Gui...

Page 1148: ...root 10 100 102 43 00 00 00 00 27 59 The output includes the following parameters Parameter Description ID Sessions identification number User Name Administrator s user name User Role Administrator s role Connection From The IP address from which the administrator is connecting Idle Time Amount of time the user has been idle Session Time Total time the session has been open Command History This co...

Page 1149: ... Mgmt 4095 vlan 4095 00 0b 86 f0 05 60 Mgmt 4095 vlan 4095 The output includes the following parameters Parameter Description Dynamic Address Count Count of dynamic addresses currently associated with the controller Static Address User defined Count Count of static user defined addresses associated with the controller System Self Address Count Number of self system addresses Total MAC Addresses To...

Page 1150: ...rConnect W Series ArubaOS 6 2 Reference Guide Command History This command was introduced in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master controllers ...

Page 1151: ...ogon user role logon captive portal default voice rtp analysis config voice rtp analysis config rtp analysis voice rtp analysis config rtp analysis voice rtp analysis config no rtp analysis voice rtp analysis config rtp analysis Related Commands Command Description master redundancy This command associates a VRRP instance with master controller redundancy master local This command displays the sta...

Page 1152: ...e This example below shows statistics for all communications between the master and local controller host show master local stats Missed HB Resp from Master IP Address HB Req HB Resp Total Missed Last Sent Missed Peer Reset Cfg Terminate Last Synced 10 6 2 252 194721 194208 926 0 105 1 Thu Feb 26 21 12 04 2009 The output of this command includes the following data columns Parameter Description IP ...

Page 1153: ...ed Timestamp showing the last time the local controller synched its configuration from the master controller Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show master localstats 1153 ...

Page 1154: ...f the peer controller for master redundancy host show master redundancy Master redundancy configuration VRRP Id 2 current state is MASTER Peer s IP Address is 2 1 1 4 Related Commands Command Description master redundancy master vrrp This command associates a VRRP instance with master controller redundancy vrrp This command configures the Virtual Router Redundancy Protocol VRRP Command History Thi...

Page 1155: ...auth Display memory information for the auth process on the controller cfgm Display memory information for the cfgm process on the controller debug verbose Display detailed memory information to debug memory errors the controller This command should only be used under the supervision of Dell Technical Support dbsync Display memory information for the dbsync process on the controller fpapps Display...

Page 1156: ...mple The command show memory displays in Kilobytes the total memory on the controller the amount of memory currently being used and the amount of free memory host show memory Memory Kb total 256128 used 162757 free 93371 Include the name of a process to show memory statistics for that process The example below shows memory statistics for mobileip host show memory mobileip Type Num Allocs Size Allo...

Page 1157: ...f allocations used throughout in the life of the process in bytes PC Program counter the address of a memory allocation For internal use only Allocs Number of memory allocations at that program counter For internal use only Size Size of all memory allocations at that program counter For internal use only Command History This command was available in ArubaOS 3 0 Command Information Platforms Licens...

Page 1158: ...ommands network operations network operations guest provisioning guest provisioning location api mgmt location api mgmt no access Default role no commands are accessible for this role location api mgmt location api mgmt The output includes the following parameters Parameter Description ROLE Name of the management user role DESCRIPTION Description of the management user role Command History This co...

Page 1159: ...ertificates Example The output of this command shows the client certificate name username user role and revocation checkpoint for management users using the ssh pubkey in the controller host show mgmt user ssh pubkey SSH Public Key Management User Table CLIENT CERT USER ROLE STATUS client1 rg test1 root ACTIVE client2 rg test2 root ACTIVE client3 rg test3 root ACTIVE client1 rg test4 root ACTIVE C...

Page 1160: ...hows the tunneled node configuration details host show tunneled node config Tunneled Node Enabled Tunneled Node Server 4 4 4 1 Tunnel Loop Prevention Disabled Tunnel Node MTU 5000 Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 The command name was changed to show tunneled node config Command Information Platforms Licensing Command Mode All platforms Base operating ...

Page 1161: ...ame white list Position Type IP addr Mask Len Range Name localnetwork Position Type IP addr Mask Len Range 1 network 0 0 0 2 0 0 0 0 The output includes the following parameters Parameter Description Name Network destination name Position Network destination position Type Network destination type IP addr IP address of the network destination Mask Range Network destination subnet mask and range Com...

Page 1162: ...on Default alias name Specify the EH alias name default Usage Guidelines Example The following command displays the denied extended header types in the default EH host show netexthdr default Extended Header type s Denied 51 Command History Release Modification ArubaOS 6 1 Command introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or Config mo...

Page 1163: ...ample The following example shows the protocol type ports and application level gateway ALG for the DHCP service host show netservice svc dhcp Services Name Protocol Ports ALG svc dhcp udp 67 68 Related Commands To configure an alias for network protocols use the command netservice Command History This command was available in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All pl...

Page 1164: ...12095 total packets received 2 with invalid headers 3 forwarded 426940 incoming packets discarded 932097114 incoming packets delivered 1004595164 requests sent out 52847 fragments dropped after timeout 201323411 reassemblies required 50179757 packets reassembled ok 53204 packet reassembles failed 136827034 fragments created Icmp 1969625 ICMP messages received 5 input ICMP message failed ICMP input...

Page 1165: ...eceived 426937 packet receive errors 910267627 packets sent Related Commands To configure an alias for network protocols use the command netservice Command History This command was available in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on local and master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ne...

Page 1166: ...ue in all printers connected to the controller status Displays the status of all printers connected to the controller Example The output of this command shows the status of all printers connected to the controller host show network printer status Networked Printer Status Printer Name Printer Alias Status Comment usblp_Hewlett Packard_HP_Color_LaserJet_CP3505_CNBJ8B1003 HPLJ_P3005 idle enabled usbl...

Page 1167: ...der associated with the share l the access mode status Displays the status of the storage service on the controller users Displays the list of users by IP address connected share name and connection time Example The output of this command shows the status of all printers connected to the controller host show network storage users NAS Users Share Name Machine Connected at Documents 192 168 1 4 Fri ...

Page 1168: ...NTP server troubleshooting and should only be used under the supervision of Dell technical support Issue the show ntp servers command to view basic settings for currently configured NTP servers Related Commands To configure an NTP server use the command ntp server Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base opera...

Page 1169: ...lock sources or strata and assigns each layer a number starting with zero at the root The st column in the output of this command represents the number of servers between the configured NTP server and the root reference clock poll Interval in seconds between the local NTP server s attempt to poll the remote NTP server reach An index that measures whether or not the remote NTP server could be reach...

Page 1170: ...ow ntp servers brief server 1 1 1 1 key 1234 server 10 1 1 245 iburst key 12345 Related Commands To configure an NTP server use the command ntp server Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 The key id parameter output displays when the ntp servers brief command is used Command Information Platforms Licensing Command Mode All platforms Base operating system ...

Page 1171: ...eference ID 10 1 1 250 reference time cd45b701 bcbc05d5 Tue Feb 17 2009 14 21 53 737 system flags auth monitor ntp kernel stats jitter 0 005020 s stability 0 866 ppm broadcastdelay 0 003998 s authdelay 0 000000 s The output of this command includes the following parameters Parameter Description system uptime The number of seconds the local NTP server has been associated with the switch time since ...

Page 1172: ...ing l 01 1 second following minute has 61 seconds l 10 1 second following minute has 59 seconds stratum The stratum level of the peer precision The advertised precision of the switch This value can range from 4 and 20 inclusive root distance Total round trip delay to the stratum 1 reference clock root dispersion Total dispersion to the stratum 1 reference clock This value is a cumulative measure o...

Page 1173: ...lable in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on local and master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ntp status 1173 ...

Page 1174: ... Packet filtering UDP with 1 port s enabled 5 Packet filtering for internal messaging opcodes disabled Packet filtering for all other packets enabled Packet Capture Defaults across switches and reboots if saved Packet filtering TCP with 1 port s enabled 2 Packet filtering UDP with 1 port s enabled 5 Packet filtering for internal messaging opcodes disabled Packet filtering for all other packets ena...

Page 1175: ...ssaging opcodes disabled Packet filtering for all other packets disabled Packet Capture Defaults across switches and reboots if saved Packet filtering for TCP ports disabled Packet filtering for UDP ports disabled Packet filtering for internal messaging opcodes disabled Packet filtering for all other packets disabled Command History This command was available in ArubaOS 3 3 2 Command Information P...

Page 1176: ...s used to enforce advanced security options and provides an enhanced level of security The Parameter column displays the PAPI Key and Enhanced security mode parameters The Value column displays a Papi key value encrypted and indicates whether the Enhanced security mode is enabled or disabled If an AP cannot be authenticated because it has the wrong key the show ap database command displays a Bad k...

Page 1177: ...led the controller sends Dell support weekly reports about the controller s configuration licenses software and hardware versions and any software malfunctions via a secure email This feature requires that your network has a local SMTP server capable of relaying email When the controller generates the report email with the phonehome data file attachment it forwards the email to the SMTP server con...

Page 1178: ...is feature host show phonehome global PhoneHome information PhoneHome Service Disabled PhoneHome Auto Report Disabled Local SMTP server 172 21 18 170 25 SMTP From Email admin mycorp com Max Attachment Size 10 MB Command History This command was introduced in ArubaOS 6 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local...

Page 1179: ...r mW FE 1 10 Off N A N A N A Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers show policer profile deprecated show policer profile profile name Description Displays the policer profile configuration Command History This command was deprecated in Aru...

Page 1180: ... 8 0 0 2 9 0 0 2 10 10 9 2 11 2 1 2 12 1 0 2 13 0 0 2 14 1 0 2 15 6 5 2 16 5 4 2 17 9 8 2 18 1 0 2 19 5 4 2 20 0 0 2 21 4 4 2 22 2 2 2 23 9 9 2 24 0 0 2 25 0 0 3 0 24 23 3 1 0 0 3 2 0 0 3 3 0 0 3 4 1 0 3 5 1 0 3 6 0 0 3 7 0 0 3 8 94 94 3 9 0 0 3 10 0 0 3 11 5886 5886 3 12 49751 49750 3 13 50 49 3 14 2589 2588 3 15 228 227 3 16 2 1 3 17 2423 2423 3 18 8245 8244 3 19 5098 5098 3 20 74 73 3 21 2 2 3 ...

Page 1181: ...tus on all ports in the controller host show port monitor Monitor Port Port being Monitored FE 1 10 FE 1 20 Command History This command was available in ArubaOS 3 3 2 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show port monitor 1181 ...

Page 1182: ...0 0 0 FE1 6 0 0 0 0 0 0 0 FE1 7 0 0 0 0 0 0 0 FE1 8 0 0 0 0 0 0 0 FE1 9 0 0 0 0 0 0 0 FE1 10 0 2041530 0 296644355 0 0 0 FE1 11 0 0 0 0 0 0 0 FE1 12 0 0 0 0 0 0 0 FE1 13 0 0 0 0 0 0 0 FE1 14 0 3 0 138 0 0 0 FE1 15 0 0 0 0 0 0 0 FE1 16 2937495 1861880 582814945 244607030 32 0 2 FE1 17 0 0 0 0 0 0 0 FE1 18 591066 1220117 67049881 143261677 0 0 0 FE1 19 0 0 0 0 0 0 0 FE1 20 1205264 836266 211330696 8...

Page 1183: ...Enabled Down Enabled Yes Disabled Access 1 7 FE Enabled Down Enabled Yes Disabled Access 1 8 FE Enabled Down Enabled Yes Disabled Access 1 9 FE Enabled Down Enabled Yes Disabled Access 1 10 FE Enabled Down Enabled Yes Disabled Access 1 11 FE Enabled Down Enabled Yes Disabled Access 1 12 FE Enabled Down Enabled Yes Disabled Access 1 13 FE Enabled Down Enabled Yes Disabled Access 1 14 FE Enabled Dow...

Page 1184: ...st of ports with trusted profile host show port trusted FE 1 0 FE 1 1 FE 1 2 FE 1 3 FE 1 4 FE 1 5 FE 1 6 FE 1 7 FE 1 8 FE 1 9 FE 1 10 FE 1 11 FE 1 12 FE 1 13 FE 1 14 FE 1 15 FE 1 16 FE 1 17 FE 1 18 FE 1 19 FE 1 20 FE 1 21 FE 1 22 FE 1 23 GE 1 24 GE 1 25 Command History This command was available in ArubaOS 3 3 2 Command Information Platforms Licensing Command Mode All platforms Base operating syst...

Page 1185: ...of xSec enabled ports host show port xsec Xsec Ports Interface xsec vlan state Command History This command was available in ArubaOS 3 3 2 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show port xsec 1185 ...

Page 1186: ...o parameters Example The output of this command shows the priority maps configured on all interfaces host show priority map Priority Map ID Name DSCP TOS DOT1P COS 1 my map 4 20 60 4 7 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1187: ...S 57 1 0 0 040 0 Apr24 00 00 00 00000000 kjournald 0 0 S 67 1 1036 424 000 0 Apr24 00 00 00 30087fa8 bin sh mswitch bin syslogd_ start 0 0 S 1 0 1028 384 100 0 Apr24 00 00 12 30087fa8 init 0 0 S 397 1 1732 804 100 0 Apr24 00 00 00 30152fa8 mswitch bin nanny mswitch bin nanny_list 0 0 0 S 399 397 14140 10172 100 0 Apr24 00 00 16 303c8fa8 mswitch bin arci cli helper 0 0 S 402 1 768 268 040 0 Apr24 0...

Page 1188: ...ow processes DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platformss Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1189: ...rver group is invalid This error is displayed if an AAA profile is configured an invalid server group User derivation rule is invalid This error is displayed if a user role in an AAA profile is invalid User role is invalid Controller country code is undefined These errors are displayed if your controller is not set to the correct country code or if the country code specified in a WLAN profile does...

Page 1190: ... profile errors DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1191: ... level profiles reference other lower level profiles The output of this command will vary depending upon controller configuration and licenses Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide sho...

Page 1192: ...uthentication server List of aaa authentication servers ldap List of servers using LDAP for AAA authentication radius List of servers using RADIUS for AAA authentication tacacs List of servers using TACACS for AAA authentication windows List of Windows servers used for AAA authentication profile Displays the AAA profile details rfc 3576 server Displays IP address of RADIUS servers that use RFC 357...

Page 1193: ...ble in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show profile list aaa 1193 ...

Page 1194: ...radio profile Display a list of mesh radio profiles used by mesh nodes regulatory domain profile Display a list of AP regulatory profiles snmp profile Display a list of SNMP profiles snmp user profile Display a list of SNMPv3 user profiles system profile Display a list of AP system profiles wired ap profile Display a list of wired AP profiles Example The output of this command shows list of profil...

Page 1195: ...AP group profiles in the controller host show profile list ap group AP group List Name Profile Status default Total 1 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show profile list ap group 1...

Page 1196: ...the controller Syntax No parameters Example The output of this command shows status of AP profiles in the controller host show profile list ap name AP name List Name Profile Status Total 0 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1197: ... Display a list of IDS rate threshold profiles signature matching profile Display a list of IDS signature matching profiles signature profile Display a list of IDS signature profiles unauthorized device profile Display a list of IDS unauthorized device profiles Example The output of this command shows a list of all IDS DoS profiles host show profile list ids dos profile IDS Denial Of Service Profi...

Page 1198: ...profile list ids DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1199: ...and including the ARM profile and the high throughput 802 11n radio profile event thresholds profile Details of events thresholds profile ht radio profile Details of high throughput AP radio settings optimization profile Details of the RF optimization profile Example The output of this command shows status of ARM profile host show profile list rf arm profile Adaptive Radio Management ARM profile L...

Page 1200: ...ow a list of all high throughput SSID profile s traffic management profile Show a list of all traffic management profiles virtual ap Show a list of all the virtual AP profiles voip cac profile Show a list of all voice over IP VoIP call admission control CAC profiles wmm traffic management profile Show a list of all WMM traffic management profiles Example The output of this command shows that the c...

Page 1201: ...ioned by the admin Syntax No parameters Command History This command was available in ArubaOS 3 4 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show provisioning ap list 1201 ...

Page 1202: ...A Master N A Gateway N A Netmask N A IP Addr N A DNS IP N A Domain Name N A Server Name N A Server IP N A Antenna gain for 802 11a N A Antenna gain for 802 11g N A Use external antenna No Antenna for 802 11a both Antenna for 802 11g both IKE PSK N A PAP User Name N A PAP Password N A PPPOE User Name N A PPPOE Password N A PPPOE Service Name N A PPPOE CHAP Secret N A USB User Name N A USB Password ...

Page 1203: ...tforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers show qos profile deprecated show qos profile profile name Description Displays the QoS profile configuration Command History This command was deprecated in ArubaOS 6 2 DellPowerConnect W Series ArubaOS 6 2 Reference Guide show qos profile deprecated 1203 ...

Page 1204: ...te wired mac Displays the wired MAC discovered on traffic through the AP Example The output of this command shows status of all database servers host show rap wml servers WML DB Servers name ip type user password db name cache ageout sec in service WML DB Tables server db table column timestamp column lookup time sec delimiter query count Mesh SAE sae default Command History This command was avail...

Page 1205: ...tication profile vpn Show the number of references to VPN authentication wired Show the number of references to wired authentication wired Show the number of references to a wispr authentication wispr profile name Show the number of references to the specified WISPr authentication profile page number Include this optional parameter to limit output of this command to the specified number of items s...

Page 1206: ... Guide Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 3 4 1 The stateful ntlm and wispr parameters were introduced Command Information Platforms Licensing Command Mode Available on all platforms Base operating system Config mode on master and local controllers ...

Page 1207: ...mmand to the specified number of items start number Include this optional parameter to start displaying the output of this command at the specified index number Example Issue this command to show the AAA server groups that include references to the specified server The example below shows that two server groups default and rad each include a single reference to the radius server rad01 host show re...

Page 1208: ...fferent virtual AP profiles include a single reference to the AAA profile default host References to AAA Profile default Referrer Count wlan virtual ap 1 0 0_corporateHQ wpa2 aaa profile 1 wlan virtual ap 110 0 corporateHQ wpa2 aaa profile 1 wlan virtual ap default aaa profile 1 wlan virtual ap corporateHQ vocera aaa profile 1 wlan virtual ap corporateHQ voip wpa2 aaa profile 1 wlan virtual ap Tes...

Page 1209: ...rp office ssid mac server group 1 aaa profile amigopod guest mac server group 1 aaa profile default mac server group 1 aaa profile default airwave office mac server group 1 aaa profile defaultcorporate mac server group 1 aaa profile defaultcorporate no okc mac server group 1 aaa profile defaultcorporate okc mac server group 1 aaa profile default dot1x mac server group 1 aaa profile default India m...

Page 1210: ...es aaa server group DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode Available on all platforms Base operating system Config mode on master and local controllers ...

Page 1211: ...sh radio profile regulatory domain profile profile name Show AP groups that include a references to this regulatory domain profile system profile profile name Show AP groups that include a references to this system profile wired ap profile profile name Show AP groups that include a references to this wired AP profile page number Include this optional parameter to limit output of this command to th...

Page 1212: ...rpTest enet1 profile 1 ap group default enet0 profile 1 ap group default enet1 profile 1 ap group India_Local enet0 profile 1 ap group India_Local enet1 profile 1 ap group ops enet0 profile 1 ap group ops enet1 profile 1 ap group voip test enet0 profile 1 ap group voip test enet1 profile 1 ap group voip test nokia enet0 profile 1 ap group voip test nokia enet1 profile 1 Total References 20 Command...

Page 1213: ...Include this optional parameter to start displaying the output of this command at the specified index number Example host show references guest access email References to Guest access Email Profile Referrer Count Total References 0 Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode Available on all platforms Base operating system Config ...

Page 1214: ...s to an IDS Denial Of Service Profile general profile Show references to an IDS General Profile impersonation profile profile rate thresholds profile Show references to an IDS Rate Thresholds Profile signature matching profile Show references to an IDS Signature Matching Profile signature profile Show references to an IDS Signature Profile unauthorized device profile Show references to an IDS Sign...

Page 1215: ...de this optional parameter to start displaying the output of this command at the specified index number Example host show references papi security References to PAPI Security Profile Referrer Count Total References 0 Command History This command was introduced in ArubaOS 3 4 Command Information Platforms Licensing Command Mode Available on all platforms Base operating system Config mode on master ...

Page 1216: ... Description dot11a radio profile Show references to a 802 11a radio profile dot11g radio profile Show references to a 802 11g radio profile event thresholds prof Show references to an RF Event Thresholds Profile ht radio profile Show references to a High throughput radio profile optimization profile Show references to an RF Optimization Profile Command History This command was introduced in Aruba...

Page 1217: ...efault role aaa profile default corp1344 mac default role aaa profile default corp1344 no okc mac default role aaa profile default corp1344 okc mac default role aaa profile default dot1x mac default role aaa profile default dot1x psk mac default role aaa profile default dot1x psk dot1x default role aaa profile default India mac default role aaa profile default india hotel mac default role Command ...

Page 1218: ...er to limit output of this command to the specified number of items start number Include this optional parameter to start displaying the output of this command at the specified index number Example host show references web server References to Web Server Configuration Referrer Count Total References 0 Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensin...

Page 1219: ... high throughput SSID profile ssid profile profile name Shows references to an SSID management profile traffic management pr profile name Shows references to a traffic management profile virtual ap profile name Shows references to a virtual AP profile voip cac profile profile name Shows references to a VOIP Call Admission Control profile Example host show references web server References to Web Se...

Page 1220: ...e AM Scanning profile List Name References Profile Status default 9 north 0 Total 2 Example In the example above their are two profile names default and north The Reference column indicates the number of references to this profile name The Profile Status column is blank unless the profile is predefined Optionally you can enter a profile name to view the parameters for that profile For example host...

Page 1221: ...activity Dwell time Regulatory Domain channels Dwell time in ms for AP s Regulatory domain channels Dwell time non Regulatory Domain channels Dwell time in ms for channels not in the APs regulatory domain Dwell time Rare channels Dwell time in ms for rare channels Command History Release Modification ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode All Platforms ...

Page 1222: ... column lists the number of other profiles with references to the ARM profile and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show rf arm profile Adaptive Radio Management ARM profile List Name References Profile Status airwave 2 default 4 default AP85 2 no scanning 1 Wireless rf profile 1 Tota...

Page 1223: ...ments Note that power settings will not change if the Assignment option is set to disabled or maintain Multi Band Scan If enabled single radio APs will try to scan across bands for rogue AP detection Rogue AP Aware If enabled Dell APs may change channels to contain off channel rogue APs with active clients This security features allows APs to change channels even if the Client Aware setting is dis...

Page 1224: ...this value for the AP to move to a new channel The higher this value the lower the chance an AP will move to the new channel Backoff Time Time in seconds an AP backs off after requesting a new channel or power level Error Rate Threshold The percentage of errors in the channel that triggers a channel change Error Rate Wait Time Time in seconds that the error rate has to maintain or surpass the erro...

Page 1225: ...formation Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on local and master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show rf arm profile 1225 ...

Page 1226: ...ces to the 802 11a Radio profile and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show rf dot11a radio profile 802 11a radio profile List Name References Profile Status default 18 default AP85 1 test 1 Total 3 This example displays the configuration settings for the profile default host show rf ...

Page 1227: ... profile will stop using the 40 MHz channels surrounding APs or stations advertise 40 Mhz intolerance This option is enabled by default Channel Channel number for the AP 802 11a 802 11n physical layer Beacon Period Time in milliseconds between successive beacon transmissions The beacon advertises the AP s presence identity and radio characteristics to wireless clients Beacon Regulate If enabled th...

Page 1228: ...um load balancing is enabled in a 802 11a radio profile but the spectrum load balancing domain is not defined ArubaOS uses the ARM feature to calculate RF neighborhoods l If spectrum load balancing is enabled in a 802 11a radio profile and a spectrum load balancing domain isalso defined AP radios belonging to the same spectrum load balancing domain will be considered part of the same RF neighborho...

Page 1229: ...he possible range of values for this feature is 0 55 dB The default 0 dB reduction allows the radio to retain its current default Rx sensitivity value Adaptive Radio Management ARM Profile Name of an Adaptive Radio Management profile associated with this 802 11a profile High throughput Radio Profile Name of a High Throughput Radio profile associated with this 802 11a profile Maximum Distance Maxim...

Page 1230: ...s l AM Scanning Profile l Advertised regulatory max EIRP l Spectrum Load balancing mode l Spectrum load balancing update interval sec ArubaOS 6 1 Support for the following parameters l Spectrum Monitoring l Spectrum load balancing threshold ArubaOS 6 2 1 0 The Reduce Cell Size Rx Sensitivity parameter was introduced Command Information Platforms Licensing Command Mode All platforms Base operating ...

Page 1231: ...e is predefined User defined profiles will not have an entry in the Profile Status column host show rf arm profile Adaptive Radio Management ARM profile List Name References Profile Status airwave 4 default 4 no scanning 1 nokia rf profile 1 Total 4 This example displays the configuration settings for the profile airwave host show rf dot11g radio profile default Parameter Value Radio enable Enable...

Page 1232: ...g 40 MHz operation A high throughput profile also determines whether an AP radio using the profile will stop using the 40 MHz channels surrounding APs or stations advertise 40 Mhz intolerance This option is enabled by default Channel Channel number for the AP 802 11a 802 11n physical layer Beacon Period Time in milliseconds between successive beacon transmissions The beacon advertises the AP s pre...

Page 1233: ...is not defined ArubaOS uses the ARM feature to calculate RF neighborhoods l If spectrum load balancing is enabled in a 802 11g radio profile and a spectrum load balancing domain isalso defined AP radios belonging to the same spectrum load balancing domain will be considered part of the same RF neighborhood for load balancing and will not recognize RF neighborhoods defined by the ARM feature RX Sen...

Page 1234: ...bled this option disables Adaptive Radio Management ARM and Wireless IDS functions and slightly increases packet processing performance If a radio is configured to operate in Air Monitor mode then the ARM WIDS override functions are always enabled regardless of whether or not this check box is selected Reduce Cell Size Rx Sensitivity The cell size reduction feature allows you manage dense deployme...

Page 1235: ... Threshold l ARM WIDS Override ArubaOS 3 4 2 Support for the Beacon Regulate parameter ArubaOS 6 0 Support for the following parameters l AM Scanning Profile l Advertised regulatory max EIRP l Spectrum Load balancing mode l Spectrum load balancing update interval sec ArubaOS 6 1 Support for the following parameters l Spectrum Monitoring l Spectrum load balancing threshold ArubaOS 6 2 1 0 The Reduc...

Page 1236: ...olds profile and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show rf event thresholds profile RF Event Thresholds Profile List Name References Profile Status default 6 event1 2 Total 2 This example displays the configuration settings for the profile default host show rf event thresholds profile...

Page 1237: ...ow Speed Rate High Watermark If the rate of low speed frames as a percentage of total frames in an AP exceeds this value it triggers a low speed rate exceeded condition Frame Low Speed Rate Low Watermark After a low speed rate exceeded condition exists the condition persists until the percentage of low speed frames drops below this value Frame Non Unicast Rate High Watermark If the non unicast rat...

Page 1238: ...t thresholds profile DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on local and master controllers ...

Page 1239: ...le Status column indicates whether the profile is predefined and editable and if that predefined profile has been changed from its default settings User defined profiles will not have an entry in the Profile Status column host show rf ht radio profile High throughput radio profile List Name References Profile Status default 0 default a 8 Predefined editable default g 3 Predefined changed legacysta...

Page 1240: ...is enabled all legacy transmissions will be sent using a single antenna This enables interoperability for legacy or high throughput stations that cannot decode 802 11n cyclic shift diversity CSD data This feature is disabled by default and should be kept disabled unless necessary Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 3 3 2 Support for the dsss cck 40mhz parame...

Page 1241: ... predefined User defined profiles will not have an entry in the Profile Status column host show rf optimization profile RF Optimization Profile List Name References Profile Status default 6 profile2 1 Total 2 This example displays the configuration settings for the profile profile2 host show rf optimization profile profile2 RF Optimization Profile profile2 Parameter Value Station Handoff Assist Di...

Page 1242: ...ameter requires the RF Protect license Hole Poor RSSI Threshold Stations with signal strength below this value will trigger detection of a coverage hole This parameter requires the RF Protect license Detect interference Enables or disables interference detection Interference Threshold Percentage increase in the frame retry rate FRR or frame receive error rate FRER before interference monitoring be...

Page 1243: ...S 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on local and master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show rf optimization profile 1243 ...

Page 1244: ... spectrum profile and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show rf spectrum profile Spectrum profile List Name References Profile Status spectrum1 1 default a 2 Predefined editable default g 2 Predefined editable This example displays the configuration settings for the profile spectrum1 ...

Page 1245: ...at device no longer active on the network The default value is 10 seconds Age Out Cordless Phone Fixed Frequency The number of seconds for which a fixed frequency cordless phone must stop sending a signal before the spectrum monitor considers that device no longer active on the network The default value is 10 seconds Age Out Generic Fixed Frequency The number of seconds for which a generic fixed f...

Page 1246: ...rum profile Command History Release Modification ArubaOS 6 0 Command introduced ArubaOS 6 2 The spectrum band parameter was deprecated The following default ageout times were changed l cordless fh base default timeout is 240 seconds was 25 seconds in previous releases l cordless fh network default timeout is 60 seconds was 10 seconds in previous releases l generic interferer default timeout is 30 ...

Page 1247: ...leshooting and should only be used under the supervision of Dell technical support Issue the show rft profile command to view the profiles used for these RF tests Example The following example shows the testing parameters for the predefined link quality RF test profile host show rft profile link quality Profile LinkQuality Built in profile Parameter Value Antenna 1 and or 2 Frame Type Null Data Nu...

Page 1248: ... rft profile DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on local and master controllers ...

Page 1249: ...ecific transaction ID Usage guidelines The rft command is used for RF troubleshooting and should only be used under the supervision of Dell technical support Related Commands To view a list of the most recent transaction IDs for each test type use the command show rft transactions Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All pla...

Page 1250: ...he most recent test of each test type Example The following example shows the transaction IDs for the latest RAW link quality and antenna connectivity tests host show rft transactions RF troubleshooting transactions Profile Transaction ID RAW 2001 LinkQuality 2101 AntennaConnectivity 1801 Related Commands Use transaction IDs with the command show rft result to view results for individual RF tests ...

Page 1251: ... No Limit Dn No Limit allowall v6 allowall User default vpn role 37 Up No Limit Dn No Limit allowall v6 allowall User guest 3 Up No Limit Dn No Limit http acl https acl dhcp acl User guest logon 6 Up No Limit Dn No Limit logon control captiveportal User logon 1 Up No Limit Dn No Limit logon control captiveportal User stateful dot1x 5 Up No Limit Dn No Limit System voice 38 Up No Limit Dn No Limit ...

Page 1252: ...e controller Syntax No parameters Example The output of this command shows the role of the controller host show roleinfo switchrole master Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1253: ...apacity for Voice Flags B Bandwidth based CAC C Call count based CAC D CAC Disabled E CAC Enabled AP Name IP Address Freq Band Chan Total Available Flags r wing 94 10 16 12 247 5 GHz 40 31250 0 EC r wing 94 10 16 12 247 2 4 GHz 11 31250 0 EC Num APs 2 Command History This command was available in ArubaOS 3 4 Command Information Platforms Licensing Command Mode All platforms Base operating system C...

Page 1254: ...ntax Parameter Description ap name Enter the name of the AP bssid Enter the BSSID address of the AP ip addr Enter the IP address of the AP Example The output of this command shows the channel information for r wing 94 94 host show rrm dot11k ap channel report ap name r wing 94 802 11K AP Channel Report Details Freq Band Channel List 2 4 GHz 11 5 GHz 36 40 157 161 165 Num Entries 2 Command History ...

Page 1255: ...m dot11k beacon report station mac 00 1f 6c 7a d4 fd 802 11K Beacon Report Details Channel BSSID Reg Class Antenna ID Meas Mode 1 00 0b 86 6d 3e 40 0 1 Bcn Table Num Elements 1 Command History This command was available in ArubaOS 3 4 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Seri...

Page 1256: ...ation name of an ap Name of an AP essid ESSID of the AP If the ESSID includes spaces you must enclose it in quotation marks bssid Enter the BSSID address of the AP ip addr Enter the IP address of the AP Example The output of this command shows the neighbor information for r wing 94 host show rrm dot11k neighbor report ap name r wing 94 802 11K Neighbor Report Details Flags S Spectrum Management Q ...

Page 1257: ...tion Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show rrm dot11k neighbor report 1257 ...

Page 1258: ... a diagnostic option for quick verification of received transmit stream measurement reports Displays the contents of the transmit stream measurement reports received from a client Syntax Parameter Description mac addr MAC address of the client Command History This command is introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or...

Page 1259: ...serethacl permit any netservice svc netbios dgm udp 138 netservice svc snmp trap udp 162 netservice svc https tcp 443 netservice svc dhcp udp 67 68 alg dhcp netservice svc smb tcp tcp 445 netservice svc ike udp 500 netservice svc l2tp udp 1701 netservice svc bootp udp 67 69 netservice svc snmp udp 161 netservice svc v6 dhcp udp 546 547 netservice svc icmp 1 More q quit u pageup search n repeat Com...

Page 1260: ...er host show session access list v6 icmp acl allow diskservices control validuser v6 https acl vocera acl icmp acl v6 dhcp acl captiveportal v6 dns acl allowall test sip acl https acl v6 http acl dhcp acl http acl stateful dot1x ap acl svp acl noe acl stateful kerberos v6 logon control h323 acl Command History This command was available in ArubaOS 3 4 Command Information Platforms Licensing Comman...

Page 1261: ...nd shows slot details on the controller host show slots Slots Slot Status Card Type 1 Present A2400 Command History This command was available in ArubaOS 3 4 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show slots 1261 ...

Page 1262: ...ax No parameters Example The output of this command shows slot details on the controller host show snmp community SNMP COMMUNITIES COMMUNITY ACCESS VERSION public READ_ONLY V1 V2c Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1263: ...ow snmp inform stats Inform queue size is 100 SNMP INFORM STATS HOST PORT INFORMS INQUEUE OVERFLOW TOTAL INFORMS Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show snmp inform 1263 ...

Page 1264: ...le The output of this command shows details of a SNMP trap host host show snmp trap hosts SNMP TRAP HOSTS HOST VERSION SECURITY NAME PORT TYPE TIMEOUT RETRY 10 16 14 1 SNMPv2c public 162 Trap N A N A Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1265: ...enceCleared Yes Enabled wlsxAPInterferenceDetected Yes Enabled wlsxAPRadioAttributesChanged Yes Enabled wlsxAPRadioEntryChanged Yes Enabled wlsxAccessPointIsDown Yes Enabled wlsxAccessPointIsUp Yes Enabled wlsxAdhocNetwork Yes Enabled wlsxAdhocNetworkBridgeDetected Yes Enabled wlsxAdhocNetworkBridgeDetectedAP Yes Enabled wlsxFanOK Yes Enabled wlsxFanTrayInserted Yes Enabled More q quit u pageup se...

Page 1266: ... cc 14 and channel 1 detected an interfering access point BSSID 00 e0 fc 18 b5 35 SSID WA1003A More information can be obtained from http 10 16 15 1 screens wmsi reports html mode ap bssid 00 e0 fc 18 b5 35 2009 04 29 00 49 20 An AP AM 00 0b 86 cd cc 14 radio 2 at Location 00 0b 86 cd cc 14 and channel 1 detected an interfering access point BSSID 00 0b 86 5c d8 e0 SSID r wing 94 More information c...

Page 1267: ...formation Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show snmp trap queue 1267 ...

Page 1268: ...Protocol SHA and the password for use with the designated protocol priv prot Privacy protocol for the user either Advanced Encryption Standard AES or CBC DES Symmetric Encryption Protocol DES and the password for use with the designated protocol Example The output of this command shows the list of SNMP traps sent to host host show snmp user table SNMP USER TABLE USER AUTHPROTOCOL PRIVACYPROTOCOL F...

Page 1269: ...not set detected flag not set changes 1 Times hold 1 topology change 35 hello 2 max age 20 forward delay 15 Timers hello 0 notification 0 Last topology change 2 days 0 hours 31 mins 21 secs Spanning tree instance for vlan 20 Spanning Tree is executing the IEEE compatible Rapid Spanning Tree protocol Bridge Identifier has priority 32768 address 00 0b 86 f0 20 00 Configured hello time 2 max age 20 f...

Page 1270: ...ogy change 2 days 0 hours 31 mins 21 secs Command History Release Modification ArubaOS 6 0 PVST added ArubaOS 3 4 Upgraded STP to RSTP with full backward compatibility Command Information Platform Licensing Command Mode All platforms Base operating system Enable mode and Configuration mode config on master controllers ...

Page 1271: ...y 15 sec Bridge MAC 00 0b 86 f0 20 00 Bridge Priority 32768 Configured Max Age 20 sec Hello Time 2 sec Forward Delay 15 Interface Role State Cost Prio Nbr Type eth1 3 Root Forwarding 2 128 131 P2p Peer eth1 1 Designated Forwarding 2 128 129 Edge P2p Rapid Spanning Tree port configuration Port State Cost Prio PortFast P to P Role FE 1 3 Discarding 0 128 Disable Enable Disabled FE 1 1 Forwarding 4 1...

Page 1272: ...le Enable Disabled FE 1 1 Forwarding 4 128 Disable Enable Designated Command History Release Modification ArubaOS 6 0 PVST added ArubaOS 3 4 Upgraded STP to RSTP with full backward compatibility Command Information Platform Licensing Command Mode All platforms Base operating system Enable mode and Configuration mode config on master controllers ...

Page 1273: ... host show ssh SSH Settings DSA Enabled Mgmt User Authentication Method username password Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show ssh 1273 ...

Page 1274: ...le secret 608265290155fb924578f15b12670a75a37045cbdf62fb0d3a telnet cli telnet soe loginsession timeout 30 hostname FirstFloor2400 clock timezone PST 8 location Building1 floor1 mms config 0 controller config 22 ip access list eth validuserethacl permit any netservice svc snmp trap udp 162 netservice svc dhcp udp 67 68 netservice svc smb tcp tcp 445 netservice svc https tcp 443 netservice svc ike ...

Page 1275: ...nformation Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show startup config 1275 ...

Page 1276: ... No parameters Example The output of this command shows details of an entry in the station table host show station table mac 00 1f 6c 7a d4 fd Association Table BSSID IP Essid AP name Phy Age 00 0b 86 6d 3e 30 10 15 20 252 sam a 01 03 41 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enabl...

Page 1277: ...k 2 3 5G 71 4M 3 2G 2 mnt usbdisk 2 dev usbdisk 1 3 9G 131 0M 3 8G 3 mnt usbdisk 1 The number at the end of the USB device s name is the partition Unlike the controller s flash the USB device has more than two partitions not just 0 and 1 When copying a file from a USB device you must know which partition the target file is on Command History This command was available in ArubaOS 3 0 Command Inform...

Page 1278: ... parameters Example The output of this command shows the IP address and VLAN ID of the controller host show switch ip Switch IP Address 10 16 15 1 Switch IP is from Vlan Interface 1 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1279: ...ommand shows the details of software running in the controller host show switch software Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show switch software 1279 ...

Page 1280: ...er connected to the master controller host show switches all All Switches IP Address Name Location Type Version Status Configuration State Config Sync Time sec 10 16 12 1 r wing 94 Building1 floor1 master 6 0 0 0_13782 up UPDATE SUCCESSFUL 0192 0 2 12 CorpA2400 Building1 floor1 master 6 0 0 0_13782 up UPDATE SUCCESSFUL 0 Command History Version Description ArubaOS 3 0 Command introduced ArubaOS 6 ...

Page 1281: ...lient_35873 Switch uptime is 9 hours 34 minutes 3 seconds Reboot Cause User reboot Built 2012 10 24 13 51 0 Built by p4build re_client_35873 Internet address is 172 16 0 254 255 255 255 0 Routing interface is enable Forwarding mode is enable Directed broadcast is disabled Encapsulation 802 loopback not set Last clearing of show interface counters 0 day 9 hr 34 min 3 sec link status last changed 0 ...

Page 1282: ... support Syntax No parameters Example The output of this command shows the contact information for technical support host show syscontact admin mycompany com Command History This command was available in ArubaOS 3 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1283: ...and location of the controller host show syslocation Building 1 Floor 1 Command History This command was available in ArubaOS 3 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show syslocation 1283 ...

Page 1284: ...scription Displays all information about the controller required for technical support purposes Syntax No parameters Command History This command was available in ArubaOS 3 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers ...

Page 1285: ...this command shows the status of CLI and SOE access to the controller host show telnet telnet cli is enabled telnet soe is enabled Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show telnet 128...

Page 1286: ...t threshold for this parameter is 30 no of APs The maximum number of APs that can be connected to a controller is determined by that controller s model type and installed licenses This threshold triggers an alert when the number of APs currently connected to the controller exceeds a specific percentage of its total AP capacity The default threshold for this parameter is 80 no of locals Display the...

Page 1287: ... The following command shows the current alert thresholds for controlpath memory resources host config show threshold limits controlpath memory Threshold Values For Controlpath Memory Default Current Total Memory MB Available Memory MB 85 77 679 225 Command History The command was introduced in ArubaOS 6 2 Command Information Platforms Licensing Command Mode All platforms Base operating system Ena...

Page 1288: ... con trollers which when exceeded will trigger an alert and the current configured threshold The output also displays the maximum number of local controllers that can be connected to this master controller and the number of local controllers currently connected total tunnel capacity The output of this command displays the default tunnel capacity threshold which when exceeded will trigger an alert ...

Page 1289: ...er Capacity 80 No of APs 80 No of locals 80 Command History The command was introduced in ArubaOS 6 2 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show threshold limits 1289 ...

Page 1290: ...In the example below the TPM and certificates are installed host show tpm cert info subject CN AF0000168 00 0b 86 f0 33 e0 issuer DC com DC arubanetworks DC ca CN DEVICE CA2 serial 1F023F05000000015087 notBefore Jan 30 01 38 57 2009 GMT notAfter Jan 25 01 38 57 2029 GMT In the example below the controller is not able to verify the TPM or Factory Certificate information host show tpm cert info Cann...

Page 1291: ...le Port Vlans Allowed Vlans Active Native Vlan FE2 12 1 613 615 617 632 633 636 640 667 668 1 613 615 617 632 633 636 640 667 668 1 Command History This command was available in ArubaOS 3 0 Command Information Pslatforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show trunk 12...

Page 1292: ...led node state Tunneled Node State IP MAC s p state vlan tunnel inactive time 192 168 123 14 00 0b 86 40 32 40 1 23 complete 10 9 1 192 168 123 14 00 0b 86 40 32 40 1 22 complete 10 10 1 192 168 123 14 00 0b 86 40 32 40 1 20 complete 10 11 1 Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 The command name was changed to tunneled node The database parameter was added...

Page 1293: ...ink signal strength stats Enter the keyword stats followed by the uplink ID number to display the statistical information on the designated uplink Example The output of this command displays the controller uplink status host show uplink Uplink Manager Enabled Uplink Management Table Id Uplink Type Properties Priority State Status 1 Wired vlan 1 200 Initializing Waiting for link 2 Cellular Novatel_...

Page 1294: ...al number and USB type Examples The USB Device table in the example below displays the USB port is in the Device Ready state meaning that the port has passed the diagnostic test and is ready to send and receive data host config cellular new_modem show usb USB Device Table Address Product Vendor ProdID Serial Type Profile State 18 Novatel Wireless CDMA 1410 4100 091087843891000 Cellular new_modem D...

Page 1295: ...ation Platforms Licensing Command Mode W 600 series and W 7200 series controllers Base operating system Config mode on master and local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show usb 1295 ...

Page 1296: ...ame user role derivation method datapath session flow entries and 802 11 association state and statistics The show user command allows you to filter specific information by parameter Syntax Parameter Description ap group ap group Filter the output of this command by showing users connected to APs that belong to the specified AP group ap name ap name Filter the output of this command by the name of...

Page 1297: ...sitors Show data for mobility users that are visiting the network name STRING User s name phy type 801 11 type a Matches PHY type a g Matches PHY type b or g role STRING User role such as employee visitor and so on rows NUMBER NUMBER Filter the output of the show user role command by specifying the number of rows from the end of the output and the total number of rows to display rows NUMBER NUMBER...

Page 1298: ...andwidth No Limit Bandwidth No Limit Role Derivation default for authentication type MAC VLAN Derivation unknown Idle timeouts 0 Valid ARP 0 Mobility state Wireless HA Yes Proxy ARP No Roaming No Tunnel ID 0 L3 Mob 0 Flags internal 0 trusted_ap 0 l3auth 0 mba 1 vpnflags 0 u_stm_ageout 1 Flags innerip 0 outerip 0 vpn_outer_ind 0 guest 0 download 1 wispr 0 Auth fails 0 phy_type g HT reauth 0 BW Cont...

Page 1299: ... specific attribute VSA 8 RFC 3576 Change of Authorization role 9 Role derived from external captive portal 10 Default role from AAA profile 11 Role assigned by an Extended Service Interface ESI server group VLAN Derivation Code Description 1 VLAN derived from user rule 2 VLAN derived from user role 3 VLAN derived from server rule 4 VLAN derived from Dell vendor specific attribute VSA 5 VLAN deriv...

Page 1300: ...anded to include the Type column ArubaOS 6 1 The devtype parameter was introduced and the output of this command expanded to include the Type column ArubaOS 6 2 Output for IP address show if it is from DHCP This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Available in Enable and Config modes ...

Page 1301: ...the number of users using an ESSID for different time intervals Syntax No parameters Command History Version Modification ArubaOS 3 0 Command introduced ArubaOS 6 0 Command deprecated DellPowerConnect W Series ArubaOS 6 2 Reference Guide show user_session_count deprecated 1301 ...

Page 1302: ...ends email from the Guest Provisioning page or when a user creates a guest account Example The output of this command shows the numbers of guest emails received sent and dropped since the controller was last reset host show util_proc guest email counters Guest Email Counters Name Value Email Received 14 Email Sent 3 Email Dropped 0 Related Commands To configure SMTP servers and server ports for gu...

Page 1303: ...valid network oui profile command to see a list of current OUIs Example Host config show valid network oui profile Valid Equipment OUI profile Parameter Value OUI 00 1A 1E Command History Release Modification ArubaOS 5 0 Command introduced Command Information Platforms Licensing Command Mode Available on all platforms Base operating system Config mode on master controllers DellPowerConnect W Serie...

Page 1304: ... p4build re_client_23274 Switch uptime is 1 days 6 hours 2 minutes 4 seconds Reboot Cause User reboot Supervisor Card Processor XLS 408 revision B1 with 890M bytes of memory 32K bytes of non volatile configuration memory 256M bytes of Supervisor Card System flash model NAND 256MB The output of this command includes the following information Parameter Description Model Controller model type Version...

Page 1305: ... Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on local and master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show version 1305 ...

Page 1306: ... connected to the VIA controller using the VIA client Example The following example displays the version of VIA client available on the controller host show via version host VIA Client WLAN Profile example show via version Default VIA Installer aruba via platform win32 platform version 1 0 0 23373 version via aruba Command History This command was available in ArubaOS 5 0 Command Information Platf...

Page 1307: ...following command displays the MAC addresses in the internal MAC exception list host config show vlan bwcontract explist internal VLAN BW Contracts Internal MAC Exception List MAC address 01 80 C2 00 00 00 01 00 0C CC CC CD 01 80 C2 00 00 02 01 00 5E 00 82 11 Command History Command introduced in ArubaOS 6 0 Command Information Platforms Licensing Command Mode All platforms Base operating system E...

Page 1308: ... VLAN s associated ports The AAA Profile column shows if a wired AAA profile has been assigned to a VLAN enabling role based access for wired clients connected to an untrusted VLAN or port on the controller host show vlan VLAN CONFIGURATION VLAN Description Ports AAA Profile 1 Default GE0 3 7 GE0 9 XG0 10 11 Pc0 7 N A 10 VLAN0010 GE0 8 N A 20 RAP_VLAN N A 25 VLAN0025 GE0 0 mac auth aaa prof 30 VLA...

Page 1309: ...and Information Platforms Licensing Command Mode All platforms Base operating system Enable or config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show vlan 1309 ...

Page 1310: ...ol The Pool Status column indicates if the pool is enabled or disabled The VLAN IDs column lists the VLANs that are part of the pool host show vlan mapping Vlan Mapping Table VLAN Name Pool Status Assignment Type VLAN IDs mygroup Enabled Hash 62 94 newpoolgroup Enabled Even vlannametest Enabled Even 62 1511 yourvlan Disabled N A 62 Related Commands host config vlan host config vlan name Command Hi...

Page 1311: ...h this VLAN interface is the source natted to the outgoing interface s IP address host show vlan status Vlan Status VlanId IPAddress Adminstate Operstate PortCount Nat Inside 1 10 168 254 221 255 255 255 252 Enabled Up 5 Disabled 2 unassigned unassigned Enabled Down 2 Disabled 4 unassigned unassigned Enabled Down 1 Disabled 25 unassigned unassigned Enabled Down 1 Disabled 212 10 168 212 2 255 255 ...

Page 1312: ...er of existing VLANs on the controller Usage Guidelines Issue this command to show the number of existing VLANs on the controller host show vlan summary Number of existing VLANs 13 Related Commands host config vlan host config vlan name Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable or confi...

Page 1313: ...ed records for a particular extension number ip View detailed records of voice client using its IP address proto View detailed records filtered on protocol rtpa Include this parameter to view the voice call quality reports based on the call quality analysis from the RTP media streams NOTE This parameter is applicable only if Real Time Call Quality Analysis is enabled on the voice calls sta View th...

Page 1314: ...9 YELLOW 0 0 00 1a 1e a8 2d 80 legap AP 65 2 55 10 15 20 75 6203 sip OG 6202 SUCC 390 Aug 19 13 20 03 61 Terminated G729 YELLOW 3 0 00 1a 1e a8 2d 80 legap AP 65 2 54 10 15 20 75 6203 sip OG 6203 FAIL 0 Aug 19 13 19 57 NA NA NA 0 0 00 1a 1e a8 2d 80 legap AP 65 2 Num CDRS 5 Command History Version Description ArubaOS 3 3 1 Command introduced ArubaOS 6 0 The cid and rtpa parameters were introduced ...

Page 1315: ...f this command shows call counter statitics host show voice call counters System Wide Voice Call Counters Total Call Originated Call Terminated Active Success Failed Blocked Aborted Forwarded 31 16 15 0 29 0 0 2 0 Command History Version Description ArubaOS 3 3 1 Command introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or ...

Page 1316: ...pported values are l SIP l SVP l NOE l SCCP l VOCERA l H323 Example The output of this command shows call density report for extension 3015 host show voice call density extn 3015 VoIP Call Density Report for Client 3015 Sample Time Orig Term Active Succ Fail Blocked Aborted Forwarded R Value Jan 31 16 01 42 0 0 0 0 0 0 0 0 NA Jan 31 16 00 00 0 0 0 0 0 0 0 0 NA Jan 31 15 50 00 0 0 0 0 0 0 0 0 NA Ja...

Page 1317: ...d introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show voice call density 1317 ...

Page 1318: ...tocol Filter records based on a VOIP protocol Supported values are l SIP l NOE l SCCP l VOCERA l H323 Example The output of this command shows call performance report for extension 3015 host show voice call perf extn 3015 VoIP Call Performance Report for Client 3015 Sample Time Delay ms AP Switch Delay ms Jitter Packet Loss R Value MOS Band Jan 31 15 54 46 0 00 0 00 0 000 0 00 0 00 NA NA Jan 31 15...

Page 1319: ...mand introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show voice call perf 1319 ...

Page 1320: ... based on the call quality analysis from the RTP media streams NOTE This parameter is applicable only if Real Time Call Quality Analysis is enabled on the voice calls sta Filter records based on the MAC address of a voice client Example The output of this command shows call quality report for calls made by extension 3015 host show voice call quality extn 3015 Voice Client s Call Quality Reports Cl...

Page 1321: ...istory Version Description ArubaOS 3 3 1 Command introduced ArubaOS 6 0 The rtpa and sta parameters were introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show voice call quality 1321 ...

Page 1322: ...based on the IP address of an AP proto protocol Filter records based on a VOIP protocol Supported values are l SIP l NOE l SCCP l VOCERA l H323 sta Filter records based on the MAC address of a voice client Example The output of this command shows call quality report for calls made by extension 6210 host show voice call stats Voice Client s Call Statistics Client IP Client MAC Client Name ALG Origi...

Page 1323: ... Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show voice call stats 1323 ...

Page 1324: ...lient ip ip address Filter records based on the IP address of a voice client proto protocol Filter records based on a VOIP protocol Supported values are l SIP l SVP l NOE l SCCP l VOCERA l H323 sta Filter records based on the MAC address of a voice client Example The output of this command shows details about all the voice clients on a controller host show voice client status Voice Client s Status...

Page 1325: ...latforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show voice client status 1325 ...

Page 1326: ... Enabled Broadcast filter ARP Disabled SSID Profiles Profile Name WMM WMM UAPSD TSPEC Min Inactivity msec EDCA STA prof EDCA AP prof Strict SVP default Enabled Enabled 100000 default default Disabled qa ma vocera Enabled Enabled 0 default default Disabled AP Group Profiles Profile Name VoIP CAC Profile default default local default Virtual AP Group Profiles Profile Name 802 11K Profile HA Discover...

Page 1327: ...oice sip midcall req timeout disable Command History Version Description ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show voice configurations 1327 ...

Page 1328: ...e configuration of long distance dialplan host config show voice dialplan profile Dialplan Profile List Name References Profile Status default 1 extenstion 0 local 0 longDistance 0 Total 4 host config show voice dialplan profile longDistance Dialplan Profile longDistance Parameter Value dialplan 102 1XXXXXXXXXX 9 e Command History Version Description ArubaOS 5 0 Command introduced Command Informat...

Page 1329: ...s logging enabled host show voice logging VoIP Logging Parameter Value Client s MAC Address for Logging 11 22 33 44 55 67 Command History Version Description ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Gui...

Page 1330: ... address of a voice client Example The output of the command in the example below shows voice message statistics for essid sam filtered on SCCP protocol In this example the output has been divided into multiple sections to better fit on the pages of this document In the actual command line interface it will appear in a single long table host show voice msg stats sccp essid sam SCCP Voice Client s ...

Page 1331: ...mand introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show voice msg stats 1331 ...

Page 1332: ...nd shows the detailed call quality parameters based on the RTP media stream for a specific voice client show voice real time analysis sta 00 1f 6c 7a d5 30 Real Time Analysis detail report Time Jitter U msec Pkt loss U Delay U usec rvalue U Jitter D msec Pkt loss D Delay D usec rvalue D Aug 17 11 55 18 71 000 0 000 0 000 93 360 0 000 0 000 0 000 NA Aug 17 11 55 13 76 000 0 000 0 000 93 360 0 000 0...

Page 1333: ...iguration on a controller host show voice real time config Configure Real Time Analysis Parameter Value Real Time Analysis of voice calls Enabled Command History Version Description ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series A...

Page 1334: ...ocol Syntax No parameters Example The output of this command shows the status of RTCP protocol host show voice rtcp inactivity Voice rtcp inactivity disable Command History Version Description ArubaOS 3 3 1 Command introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers ...

Page 1335: ...ip SIP settings s Parameter Value Session Timer Enabled Session Expiry 300 sec Dialplan Profile N A Command History Version Description ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show voice sip 1335...

Page 1336: ...controller Syntax No parameters Example The output of this command shows the status of the SIP mid call request timeout configuration on a controller host show voice sip midcall req timeouts Voice sip midcall req timeout disable Command History Version Description ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG licen...

Page 1337: ...number of TSPEC requests accepted rejected or denied Example The output of this command shows statistics for TSPEC enforced calls host show voice statistics tspec enforcement TSPEC Enforcement statistics Name Value TSPEC ADDTS Request 16 TSPEC accepted 16 TSPEC denied due to CAC 0 TSPEC enforcement timer events 2 Calls established within enforcement period 0 TSPEC deleted after enforcement period ...

Page 1338: ...oice client messages Example The output of this command shows signaling message trace host show voice trace sip count 4 SIP Voice Client s Message Trace ALG Client Name Client MAC Client IP Event Time Direction Msg BSSID SIP 6201 00 24 7d 99 49 01 10 15 20 59 Aug 17 10 21 22 Server To Client 200_OK 00 1a 1e a8 2d 80 SIP 6201 00 24 7d 99 49 01 10 15 20 59 Aug 17 10 21 22 Client To Server REGISTER 0...

Page 1339: ...on Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config or Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show voice trace 1339 ...

Page 1340: ...figuration host show vpdn l2tp configuration Enabled Hello timeout 30 seconds DNS primary server 10 16 15 1 DNS secondary server 10 16 14 1 WINS primary server 0 0 0 0 WINS secondary server 0 0 0 0 PPP client authentication methods PAP IP LOCAL POOLS vpnpool 10 16 15 150 10 16 15 160 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All ...

Page 1341: ...10 15 1 1 DNS secondary server 10 15 1 200 WINS primary server 0 0 0 0 WINS secondary server 0 0 0 0 PPP client authentication methods MSCHAP MSCHAPv2 MPPE Configuration 128 bit encryption enabled IP LOCAL POOLS Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on master or local ...

Page 1342: ...nneling Protocol Syntax No parameters Example The output of this command shows the all IP address pools for VPN users host show vpdn pptp local pool IP addresses used in pool localgroup 0 IPs used 11 IPs free 11 IPs configured Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on m...

Page 1343: ...FI disabled PAP enabled CHAP enabled MSCHAP enabled MSCHAPV2 enabled CACHE SECURID disabled IKESECS 4000 IKEENC 3DES IKEGROUP ONE IKEHASH MD5 IKEAUTH PRE SHARE IKEPASSWD IPSECSECS 4000 IPSECGROUP GROUP1 IPSECENC ESP 3DES IPSECAUTH ESP MD5 HMAC SECURID_NEWPINMODE disabled Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Bas...

Page 1344: ...ity 2 Advertisement 10 sec Preemption Enable Delay 10 Auth type PASSWORD Auth data 123456 tracking type is master up time duration 500 minutes value 3 tracking type is vrrp master state vrid 10 value 1 tracking type is vlan vlanid 1 subtract value 3 tracking type is interface fastethernet 1 1 subtract value 3 tracked priority 2 Command History Version Modification ArubaOS 1 0 Command introduced Ar...

Page 1345: ... Config sslv3 tlsv1 Switch Certificate default Captive Portal Certificate default Management user s WebUI access method username password User session timeout 30 3600 seconds 900 Maximum supported concurrent clients 25 400 25 Command History This command was available in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config or Enable mode on ma...

Page 1346: ...trollers then the campus AP whitelist on every controller contains an entry for every secure AP on the network regardless of the controller to which it is connected Example The output of the following command shows the campus AP whitelist entry for an AP with the MAC address 00 16 CF AF 3E E1 host show whitelist db cpsec mac address 00 16 CF AF 3E E1 Control Plane Security Whitelist entry Details ...

Page 1347: ...until a network administrator manually changes the status of the AP to verify that it is not compromised Cert Type Type of certificate used by the AP l switch cert AP received a certificate from the controller l factory cert AP has a factory installed certificate Description If you included an optional description when you added the AP to the campus AP whitelist that description will appear here R...

Page 1348: ...o move between local controllers and still stay connected to the secure network To view information for a single local controller use the command show whitelist db cpsec local list mac address mac address To view a list of all local controllers use the command show whitelist db cpsec local switch list Example The following command shows information for all local controllers in the local controller...

Page 1349: ...against whitelists on other controllers every minute If the null update count reaches 5 the controller will send an empty sync heartbeat to the remote controller to ensure the sequence numbers on both controllers are the same then reset the null update count to zero Related Commands Command Description Mode whitelist db cpsec local switch list Configure the local controller whitelist for the contr...

Page 1350: ... command show whitelist db cpsec master switch list mac address mac address To view a list of all master controllers use the command show whitelist db cpsec master switch list Example The following command shows that the local controllers have a single master controller with the IP address 10 3 53 3 host show whitelist db cpsec master list Registered Master Switch Details MAC Address IP Address Se...

Page 1351: ...hes 5 the controller will send an empty sync heartbeat to the remote controller to ensure the sequence numbers on both controllers are the same then reset the null update count to zero Related Commands Command Description Mode whitelist db cpsec master switch list Configure the master controller whitelist for the control plane security feature Config mode Command History Version Modification Aruba...

Page 1352: ...n in the controller whitelist will have the same value as the number displayed in the Sequence Number Details table If a controller in the master or local controller whitelist has a lower sequence number that controller may still be waiting to complete its update or its update acknowledgement may not have yet been received Example The output of the first command below shows that the campus AP whit...

Page 1353: ...r the control plane security feature Config mode Command History This command was introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show whitelist db cpsec seq 1353 ...

Page 1354: ...es in the campus AP whitelist Approved entries Number of APs that are valid but is waiting to receive a certificate Unapproved entries Number of APs that have certificate that was not not approved Certified entries Number of APs that have an approved certificate Certified hold entries Number of APs in the certified hold state An AP is put in this state when the controller thinks the AP a certified...

Page 1355: ... control plane security feature Config mode Command History This command was introduced in ArubaOS 5 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show whitelist db cpsec status 1355 ...

Page 1356: ...Include a profile name to display detailed configuration information for that profile For this profile to take effect the 802 11K feature needs to be enabled Examples host show wlan bcn rpt req profile Beacon Report Request Profile List Name References Profile Status default 1 test 0 Total 2 host host show wlan bcn rpt req profile default Beacon Report Request Profile default Parameter Value Inter...

Page 1357: ...ive Reporting Condition Specifies the value for the Reporting Condition field in the Beacon Reporting Information sub element present in the Beacon Report Request frame ESSID Name Specifies the value for the SSID field in the Beacon Report Request frame Reporting Detail Indicates the value for the Detail field in the Reporting Detail sub element present in the Beacon Report Request frame Measureme...

Page 1358: ...he Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show wlan dot11k profile 802 11K Profile List Name References Profile Status default 8 11kprofile2 1 Total 2 The following example shows configuration settings defined for the profile default host show wlan dot11k profile default 802 11K Profile defaul...

Page 1359: ...quested SSID and BSSID into a measurement report l beacon table In this mode the client measures beacons and returns a report with stored beacon information for any supported channel with the requested SSID and BSSID The client does not perform any additional measurements This is the default beacon measurement mode l passive In this mode the client sets a measurement duration timer and at the end ...

Page 1360: ...le Examples The example below shows that the controller has three EDCA Parameters profiles configured for stations The References column lists the number of other profiles with references to the EDCA Parameters profile and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show wlan edca parameters pr...

Page 1361: ...license in order to configure EDCA Parameter Profiles Enable and Config mode on master or local controllers show wlan handover trigger profile show wlan handover trigger profile profile name Description Displays the current configuration settings for a handover trigger profile Usage Guidelines Issue this command without the profile parameter to display a handover trigger profile profile list inclu...

Page 1362: ...er or connection The handover trigger is initiated if the Wi Fi signal strength reported by the voice client received from all APs is equal to or less than the threshold value Threshold signal strength value at which Handover Trigger should be sent to the client Shows the threshold RSSI value below which a handover trigger message will be sent to an associated client by the AP Command History This...

Page 1363: ...mn indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show wlan ht ssid profile High throughput SSID profile List Name References Profile Status HT profile1 16default2 1 Total 2 The following example shows configuration settings defined for the profile default2 host show wlan ht ssid profile default High throughput SSID profil...

Page 1364: ...e configured value will be adjusted based on AP capabilities Maximum number of spatial streams usable for STBC transmission Shows the maximum number of spatial streams usable for STBC transmission 0 disables STBC transmission 1 uses STBC for MCS 0 7 Higher MCS values are not supported Supported on W AP90 series W AP175 series W AP130 series and W AP105 only The configured value will be adjusted ba...

Page 1365: ...d interval in 20 MHz mode l Low density Parity Check l Maximum number of spatial streams usable for STBC reception l Maximum number of spatial streams usable for STBC transmission The allow weak encryption parameter was deprecated Command Information Platforms Licensing Command Mode All platforms but operates with IEEE 802 11n compliant devices only Config mode on master controllers DellPowerConne...

Page 1366: ...ferences column lists the number of other profiles with references to the SSIDs profile and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show wlan ssid profile SSID Profile List Name References Profile Status coltrane ssid profile 1 corp1 ssid profile 3 Remote 1 Secure Profile2 0 test ssid profi...

Page 1367: ...Passphrase N A Maximum Transmit Failures 0 EDCA Parameters Station profile N A EDCA Parameters AP profile N A BC MC Rate Optimization Disabled Rate Optimization for delivering EAPOL frames Disabled Strict Spectralink Voice Protocol SVP Disabled High throughput SSID Profile default 802 11g Beacon Rate default 802 11a Beacon Rate default Advertise QBSS Load IE Disabled Advertise Location Info Enable...

Page 1368: ...save Shows if the profile enables or disables Wireless Multimedia WMM UAPSD powersave WMM TSPEC Min Inactivity Interval Specifies the minimum inactivity time out threshold of WMM traffic DSCP mapping for WMM voice AC DSCP value used to map WMM voice traffic DSCP mapping for WMM video AC DSCP value used to map WMM video traffic DSCP mapping for WMM best effort AC DSCP value used to map WMM best eff...

Page 1369: ... that applies to this SSID EDCA Parameters AP profile Name of the enhanced distributed channel access EDCA AP profile that applies to this SSID BC MC Rate Optimization Shows if the profile enables or disables scanning of all active stations currently associated to an AP to select the lowest transmission rate for broadcast and multicast frames This option only applies to broadcast and multicast dat...

Page 1370: ...lan ssid profile DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master or local controllers ...

Page 1371: ...Management profile and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show wlan traffic management profile Traffic management profile List Name References Profile Status mgmt1 3 mgmt2 2 Total 2 The following example shows configuration settings defined for the profile mgmt1 host show wlan traffic ...

Page 1372: ...s to use this bandwidth allocation value for an individual virtual AP l preferred access High throughput 802 11n clients do not get penalized because of slower 802 11a g or 802 11b transmissions that take more air time due to lower rates Similarly faster 802 11a g clients get more access than 802 11b clients Command History This command was introduced in ArubaOS 3 0 Command Information Platforms L...

Page 1373: ...ation Mandatory bit of the Measurement Request Mode field of the Transmit Stream Category Measurement Request frame Randomization Inter val Shows the Randomization Interval field in the Transmit Stream Category Measurement Request frame Measurement Duration Shows the Measurement Duration field in the Transmit Stream Category Measurement Request frame Traffic ID Shows the Traffic Identifier field i...

Page 1374: ...ual AP profiles The References column lists the number of other profiles with references to the Virtual AP profile and the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show wlan virtual ap Virtual AP profile List Name References Profile Status coltrane vap profile 1 default MegTest Remote 1 test vap...

Page 1375: ... l bridge mode l split tunnel mode l decrypt tunnel mode The forwarding mode controls whether data is tunneled to the controller using generic routing encapsulation GRE bridged into the local Ethernet LAN for remote APs or a combination thereof depending on the destination corporate traffic goes to the controller and Internet access remains local When an AP is configured to use the decrypt tunnel ...

Page 1376: ...smit video data Dynamic Multicast Optimization DMO Threshold Maximum number of high throughput stations in a multicast group beyond which dynamic multicast optimization stops Drop Broadcast and Multicast If enabled the virtual AP will filter out broadcast and multicast traffic in the air Convert Broadcast ARP requests to unicast If enabled all broadcast ARP requests are converted to unicast and se...

Page 1377: ...tent Permanently enables the virtual AP after the remote AP initially connects to the controller l standard Enables the virtual AP when the remote AP connects to the controller Station Blacklisting Shows if the profile has enabled or disabled detection of denial of service DoS attacks such as ping or SYN floods that are not spoofed deauth attacks Strict Compliance If enabled the AP denies client a...

Page 1378: ...wlan virtual ap DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config mode on master or local controllers ...

Page 1379: ...nd the Profile Status column indicates whether the profile is predefined User defined profiles will not have an entry in the Profile Status column host show wlan voip cac profile VoIP Call Admission Control profile List Name References Profile Status corp voip 6 kgtest 0 QAlab voip 1 Total 3 The following example shows configuration settings defined for the profile QAlab voip host show wlan voip c...

Page 1380: ...a Call If enabled the controller disconnects calls that exceed the high capacity threshold by sending a deauthentication frame VOIP TSPEC Enforcement Shows if the profile enables or disables validation of TSPEC requests for CAC VOIP TSPEC Enforcement Period Maximum time for the station to start the call after the TSPEC request VoIP Drop SIP Invite and send status code client Display the status cod...

Page 1381: ...n AM it will save the event information along with the BSSID of the AP that generated the event in the WMS database When WMS receives statistics from the AM it updates its state and the database Examples The command show wms ap bssid displays a list of AP MAC addresses and the BSSIDs seen by each AP host show wms ap 00 1a 1e 88 01 e0 AP Info BSSID SSID Channel Type RAP_Type Status Match MAC Ageout...

Page 1382: ...before it is eliminated from the database If this column displays a 1 the client has not yet aged out Any other number indicates the number of minutes since the client has passed its ageout interval HT type The type of high throughput traffic sent by the AP l HT 20mhz The AP radio uses a single 20 mHz channel l HT 40mhz The AP radio uses a 40 MHz channel pair comprised of two adjacent 20 MHz chann...

Page 1383: ... 82 00 1a 1e 88 88 20 18 1092023 114722 242006054 2442917 10 00 1a 1e c0 88 88 00 1a 1e 88 88 90 36 1783226 485620 460219125 27781583 16 The output of this command includes the following information Column Description Monitor MAC MAC address of an AP BSSID Basic Service Set Identifier of a station RSSI Received Signal Strength Indicator for the station as seen by the AP txPkt Number of transmitted...

Page 1384: ...0 149 1 0 27094 557579 0 00 0b 86 c1 af 20 153 3 0 4648662 544817261 99 00 0b 86 c1 af 20 165 1 0 1655 200349 0 00 0b 86 c1 be 56 1 43 4 14446324 1959058619 0 00 0b 86 c1 be 56 6 8 1 14168505 1955474600 96 00 0b 86 c1 be 56 11 72 1 180553 23987119 0 00 0b 86 c1 be 56 36 53 0 14716 1022825 0 00 0b 86 c1 be 56 40 8 0 3033 501568 0 00 0b 86 c1 be 56 44 3 0 1453 217596 0 00 0b 86 c1 be 56 48 4 0 5330 ...

Page 1385: ...ackets TotalByte Number of received bytes Noise Current noise level The output of this command includes the following information Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show wms channel 1385 ...

Page 1386: ...ta for all clients seen by each monitoring AP mon mac mon mac mac mac Enter a monitoring AP s MAC address mon mac and the MAC address of a client mac to show data for traffic received from and sent to a specific client as seen by a specific AP Example The AP Info table in the example below shows that the client is associated to an AP with the BSSID 00 0b 86 cd 86 a0 The Probe info table shows the ...

Page 1387: ... MAC MAC address of a wired device that helped identify the AP as a rogue If the AP has not been identified as a rogue this column will display the MAC address 00 00 00 00 00 00 Ageout An ageout time is the time in minutes that the client must remain unseen by any probes before it is eliminated from the database If this column displays a 1 the client has not yet aged out Any other number indicates...

Page 1388: ...1388 show wms client DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 1389: ...ters displayed will vary for each controller if the controller does not have an entry for a particular counter type it will not appear in the output of this command Example This example shows part of the output of the command show wms counters host show wms counters Counters Name Value DB Reads 288268 DB Writes 350870 Probe Table DB Reads 2477 Probe Table DB Writes 952 AP Table DB Reads 143992 AP ...

Page 1390: ...1390 show wms counters DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 1391: ... wms general command non Dell APs connected on the same wired network as Dell APs are classified as valid APs If AP learning is disabled a non Dell AP is classified as an unsecure or suspect unsecure AP Example This example shows that the controller currently has 144 valid APs and 32 active valid clients and verifies that the controller currently aware of a single disabled rogue AP host show wms m...

Page 1392: ...e Release entries were removed from the show command output and the suspected rogue Manually Contained APs and Manually Contained Clients output entries were introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 1393: ... Rogue APs 3 3 3 Manually Contained APs 0 0 0 Unclassified APs 0 0 0 Neighbor APs 0 0 0 Suspected Rogue APs 138 138 139 Valid Clients 0 0 0 Interfering Clients 1 1 1 Manually Contained Clients 0 0 0 Column Description Monitor Eth MAC Ethernet MAC address of a probe BSSID Probe Radio BSSID PHY Type Radio PHY type l 802 11A l 802 11AHT 40Mbps l 802 11AHT 20Mbps l 802 11G l 802 11GHT 20Mbps IP IP add...

Page 1394: ...s Stats Total number of statistics updates sent to the database Type A WMS AP type can be one of the following l soft ap an Dell Access Point AP l air monitor An Dell Air Monitor AM The output of this command includes the following information Command History Release Release ArubaOS 3 0 Command Introduced ArubaOS 6 1 The output of this command was modified to show the number of failed database req...

Page 1395: ... 00 0b 86 89 c6 20 SSID aruba ap Channel 1 Type generic ap RAP Type suspected rogue Confidence Level 30 Status up Match Type AP Rule Match MAC 00 0b 86 61 8a d0 Match IP 0 0 0 0 Match Rule Name rule2 Match Method Exact Match Match Time Sun Sep 19 19 11 40 2010 Confidence Level Info Match Type Match Method Conf Level Eth Wired Mac OUI Match 20 AP Rule rule1 5 AP Rule rule2 5 The output of this comm...

Page 1396: ... pre defined MAC address manually defined in the rap wml table l Base BSSID Override If an Dell AP is detected as rogue then all virtual APs on the particular rogue are marked as rogue using Base BSSID Override match type l Manual An AP is manually defined as a rogue by via the command wms ap bssid mode rogue l EMS An AP is manually defined as a rogue by via the Element Management System Match MAC...

Page 1397: ...causing the confidence level to surpass their cap of 100 You can explicitly mark an AP as interfering to trigger all new rules to match against it Command History Release Modification ArubaOS 3 0 Command introduced ArubaOS 6 1 Confidence level information was added to the output of this command Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on ...

Page 1398: ...to be routers by the listed APs This output of this command will be blank if there is not any broadcast multicast activity in an AP s subnet Example In the example below a single WMS AP has learned MAC information for four different routers host show wms routers Router Mac 00 08 00 00 11 12 is Seen by APs AP Name AP32 Router Mac 00 08 00 00 11 29 is Seen by APs AP Name AP32 Router Mac 00 08 00 00 ...

Page 1399: ...Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show wms routers 1399 ...

Page 1400: ...able l Probe Count Table summary Display an AP classification rules summary Usage Guidelines Issue this command to view existing AP classification rules AP classification rule configuration is performed only on a master controller If AMP is enabled via the mobility manager command then processing of the AP classification rules is disabled on the master controller A rule is identified by its ASCII ...

Page 1401: ...to exclude 0 Num SNR bounds 0 Num Probe Count bounds 0 Command History This command was introduced in ArubaOS 6 1 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide show wms rules 1401 ...

Page 1402: ...Total AP Count 228 Total STA Count 5 MAX RB tree Count 50000 Total Tree Count 195 Poll Count Max 1 2 Learned OUIs for Deployed APs OUI 00 1a 1e 00 00 00 Column Description Max Threshold The maximum number of table entries allowed If this table displays a zero 0 there is no configured limit NOTE If a configured maximum limit has reached the controller will not create new WMS entries for monitored A...

Page 1403: ...ics tree If this limit has been reached the controller will not add entries with the RSSI information for APs monitored APs and monitored clients that are seen by them This can negatively affect the RF Plan application Poll Count Max Current and maximum poll counts The output of this command includes the following information Command History This command was introduced in ArubaOS 3 0 Command Infor...

Page 1404: ...n Collected from the APs If you include the optional mac MAC address parameter the output of this command will show information for that single MAC address only reg ap oui mac Show Registered AP OUI Information Collected from the APs including each registered OUI and the time that OUI was last seen If you include the optional mac MAC address parameter the output of this command will show informati...

Page 1405: ...ystem State Key Value Max Threshold 25000 Current Threshold 230 Total AP Count 228 Total STA Count 5 MAX RB tree Count 50000 Total Tree Count 195 Poll Count Max 1 2 Learned OUIs for Deployed APs OUI 00 1a 1e 00 00 00 Command History Version Modification ArubaOS 3 0 Command Introduced ArubaOS 6 1 The ap name ap name parameter was deprecated and the following parameters were introduced l gw mac l mo...

Page 1406: ...1406 show wms wired mac DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 1407: ... show command Column Description Interface List the interface and interface identification where applicable IP Address IP Netmask List the IP address and netmask for the interface if configured Admin States the administrative status of the interface Enabled up Disabled down Protocol Status of the IP on the interface Enabled up Disabled down Command History Release Modification ArubaOS 3 4 Command ...

Page 1408: ...ess to the controller so that you can continue to manage using the console port To shut down an individual interface tunnel or VLAN use the shutdown option within the interface command To restore the ports use the no shutdown command Example The following example shuts down all physical interfaces on the controller host config shutdown all Command History This command was introduced in ArubaOS 1 0...

Page 1409: ...receiver to receive and interpret the traps sent by the controller version Configures the SNMP version and security string for notification messages inform Sends SNMP inform messages to the configured host disabled inform Specifies the length for the SNMP inform queue 100 350 250 stats Allows file based statistics collection for MMS The controller generates a file that contains statistics data use...

Page 1410: ...ption Protocol DES and the password for use with the designated protocol AES DES DES Usage Guidelines This command configures SNMP on the controller only You configure SNMP related information for APs in an SNMP profile which you apply to an AP group or to a specific AP To configure SNMP hostname contact and location information for the controller use the hostname syscontact and syslocation comman...

Page 1411: ...efore changing the STP topology 6 40 20 seconds priority Set the priority of a bridge to make it more or less likely to become the root bridge The bridge with the lowest value has the highest priority When configuring the priority remember the following The highest priority bridge is the root bridge The highest priority value is 0 zero 0 65535 32768 vlan range WORD Enter the keywords vlan range fo...

Page 1412: ...ee max age 30 The following command sets the bridge priority to 10 making it more likely to become the root bridge spanning tree priority 10 The follow command sets a spanning tree VLAN range spanning tree vlan range 2 8 11 Command History Release Modification ArubaOS 6 0 Added support for PVST and VLAN and VLAN Range ArubaOS 3 4 Upgraded STP to RSTP with full backward compatibility ArubaOS 1 0 In...

Page 1413: ...spanning tree mode to PVST Per VLAN Spanning Tree protocol Usage Guidelines Once the spanning tree mode is set you can configure RSTP or PVST Command History Release Modification ArubaOS 6 0 PVST added ArubaOS 3 4 Upgraded STP to RSTP with full backward compatibility Command Information Platform Licensing Command Mode All platforms Base operating system Configuration mode config on master controll...

Page 1414: ...type l Fast Ethernet 10Mbs 100 l Fast Ethernet 100Mbs 19 l 1Gigabit Ethernet 4 l 10 Gigabit Ethernet 2 point to point Set the interface to a point to point n a Enabled port priority value Change the spanning tree priority 0 255 128 portfast Change from blocking to forwarding n a Disabled vlan vlan id Enter the keyword vlan followed by the VLAN ID n a cost value Enter th keyword cost followed by th...

Page 1415: ... RSTP default values are adequate for most implementation Use caution when making changes to the spanning tree values host config if spanning tree cost 345 host config if spanning tree point to point host config if spanning tree portfast host config if spanning tree vlan range 2 8 11 Related Commands spanning tree Global Configuration Command History Release Modification ArubaOS 6 0 Added support ...

Page 1416: ...the priority of a bridge to make it more or less likely to become the root bridge The bridge with the lowest value has the highest priority When configuring the priority remember the following The highest priority bridge is the root bridge The highest priority value is 0 zero 0 65535 32768 Example The following command sets the time the VLAN range 2 3 spends in the listening and learning state to ...

Page 1417: ...ommand Information Platforms Licensing Command Mode All Platforms Base operating system Configuration Mode config DellPowerConnect W Series ArubaOS 6 2 Reference Guide spanning tree vlan range PVST 1417 ...

Page 1418: ...Public key authentication is supported using a X 509 certificate issued to the management client If you specify public key authentication you need to load the client X 509 certificate into the controller and configure certificate authentication for the management user with the mgmt user ssh pubkey command Example The following commands configure SSH access using public key authentication only host...

Page 1419: ... Guidelines When you blacklist a client the client is not allowed to associate with any AP in the network If the client is connected to the network when you blacklist it a deauthentication message is sent to force the client to disconnect The blacklisted client is blacklisted for the duration specified in the virtual AP profile The client blacklist supports up to 4 000 individual client entries Th...

Page 1420: ...1420 stm DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master or local controllers ...

Page 1421: ...e this command without the guidance of Dell customer support Example The following command allows Dell customer support to debug the controller host support Command History Version Modification ArubaOS 2 4 Command introduced as the secret command ArubaOS 3 1 Command renamed to support Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master con...

Page 1422: ... characters and spaces to create the name To include a space in the name use quotation marks to enclose the alphanumeric string For example to create the system contact name Lab Technician 1 enter Lab Technician 1 at the prompt To change the existing name enter the command with a different string The new name takes affect immediately To unconfigure the name enter at the prompt Example The followin...

Page 1423: ...nclude a space in the name use quotation marks to enclose the text string To change the existing name enter the command with a different string To unconfigure the location enter at the prompt Example The following command defines SalesLab as the location for the controller host syslocation Building 10 second floor room 21E syscontact LabTechnician Command History This command was introduced in Aru...

Page 1424: ...irectory must exist flash Archives and compresses the flash directory to flash tar gz logs Archives the logs directory to log tar Optionally technical support information can be included Usage Guidelines This command creates archive files in Unix tar file format Example The following command creates the log tar file with technical support information tar logs tech support Command History The comma...

Page 1425: ...e controller Use the soe option to enable telnet using the SoE protocol This allows you to remotely manage an AP directly connected to the controller Example The following example enables telnet to the controller using the CLI host config telnet cli Command History The command was introduced in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Con...

Page 1426: ...The percentage parameter is the percentage of the total datapath CPU capacity that must be exceeded before the alert is sent The default threshold for this parameter is 30 no of APs percentage The maximum number of APs that can be connected to a controller is determined by that controller s model type and installed licenses Use this command to trigger an alert when the number of APs currently conn...

Page 1427: ...e threshold once again Example The following command configures a new alert threshold for controlpath memory consumption host config threshold datapath cpu 90 If this threshold is exceeded then subsequently drops below the 90 threshold the controller would send the following two syslog error messages Mar 10 13 13 58 nanny 1393 399816 ERRS nanny Resource Control Path Memory has gone above 90 thresh...

Page 1428: ...me in other commands absolute Specifies an absolute time range with a specific start and or end time and date periodic Specifies a recurring time range Specify the start and end time and Daily Weekday Weekend or the day of the week no Negates any configured parameter Usage Guidelines You can use time ranges when configuring session ACLs Once you configure a time range you can use it in multiple se...

Page 1429: ... failure in your IPv6 network Example The following command traces the path of the specified IPv6 host host tracepath 2005 d81f f9f0 1001 14 Command History The command was introduced in ArubaOS 6 1 Command Information Platforms Licensing Command Mode All platforms Base operating system User Enable and Config modes on local or master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guid...

Page 1430: ... Usage Guidelines Use this command to identify points of failure in your network Example The following command traces the route to the device identified by the IP address 10 1 2 3 host config traceroute 10 1 2 3 Command History The command was introduced in ArubaOS 2 0 Command Information Platforms Licensing Command Mode All platforms Base operating system User Enable and Config modes on local or ...

Page 1431: ... control When APs are attached directly to the controller set the connecting port to be trusted By default all ports on the controller are treated as trusted You can use the interface fastethernet or interface gigabitethernet commands to make individual ports trusted Example The following command makes all ports trusted host config trusted all Command History The command was introduced in ArubaOS ...

Page 1432: ...o prevent broadcast traffic being flooded on the tunneled nodes You need to enable broadcast filter arp if you want to allow a tunneled node connected machine communicate with another controller that is connected client on the same subnet Example The following command prevents tunneled node forwarding host config tunnel loop prevention Command History Release Modification ArubaOS 3 0 Command intro...

Page 1433: ...i Fi switching functions Instead it accepts traffic from ports designated as tunneled node ports packages this traffic inside a GRE tunnel and forwards the traffic back to a central controller for processing Example The following command configures the MTU of a controller for tunneled nodes host config tunnel node mtu 1030 Command History The command was introduced in ArubaOS 6 2 Command Informati...

Page 1434: ... tunneled node switches As a Wi Fi controller the controller does not perform full Wi Fi switching functions Instead it accepts traffic from ports designated as tunneled node ports packages this traffic inside a GRE tunnel and forwards the traffic back to a central controller for processing Example The following command configures the address of a controller for tunneled nodes host config tunneled...

Page 1435: ...priority of the wired uplink Each uplink type has an associated priority wired ports having the highest priority by default 1 255 wired vlan id Define the VLAN identification ID of the uplink VLAN A maxmim of four wired VLANs can be defined 1 4094 Usage Guidelines The W 600 seriescontrollers supports multiple 3G cellular uplinks in addition to its standard wired ports providing redundancy in the e...

Page 1436: ...ter a new alias name for the printer Example The following command creates an alias for a printer host usb printer printer usblp_HP_Officejet_Pro_L7500_MY872231FX alias HPOJ_L7500 host show network printer status Networked Printer Status Printer Name Printer Alias Status Comment usblp_Hewlett Packard_HP_Color_LaserJet_CP3505_CNBJ8B1003 HPLJ_P3005 idle enabled usblp_HP_Officejet_Pro_L7500_MY872231F...

Page 1437: ...the W 600 series controller but you can re initialize the device using the usb reclassify command This command removes the modem from the USB device list then detects it via the USB table Command History Introduced in ArubaOS 3 4 Command Information Platforms Licensing Command Mode W 600 series controllers Base operating system Config mode on master and local controllers DellPowerConnect W Series ...

Page 1438: ...ess list session command acl Name of the configured ACL ap group Optional AP group to which this ACL applies position Optional Position of this ACL relative to other ACLs that you can configure for the user role 1 is the top last bandwidth con tract Name of a bandwidth contract or rate limiting policy configured with the aaa bandwidth contract command The bandwidth contract must be applied to eith...

Page 1439: ...ip access list session command You can specify both IPv4 and IPv6 ACLs ap group Optional AP group to which this ACL applies position Optional Position of this ACL relative to other ACLs that you can configure for the user role 1 is the top last stateful ntlm Apply stateful NTLM authentication to the specified user role vlan Identifies the VLAN ID or VLAN name to which the user role is mapped This ...

Page 1440: ...uced ArubaOS 3 4 1 The stateful ntlm and wispr parameters were introduced ArubaOS 6 1 The ipv6 session acl parameter was removed The session acl parameter is common for both IPv4 and IPv6 ACLs Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config mode on master controllers ...

Page 1441: ... aa bb cc format Example The following command adds a new OUI to the controller host config valid network oui profile host Valid Equipment OUI profile host Valid Equipment OUI profile oui 00 11 22 This should only be used when adding equipment with a new OUI Are you sure you want to proceed y n y Command History Release Modification ArubaOS 5 0 Command introduced Command Information Platforms Lice...

Page 1442: ...des an internal exception list to allow broadcast and multicast traffic using the VRRP LACP OSPF PVST and STP protocols To remove per vlan bandwidth contract limits on an additional broadcast or multicast protocol add the MAC address for that broadcast multicast protocol to the Vlan Bandwidth Contracts MAC Exception List Example The following command adds the MAC address for CDP Cisco Discovery Pr...

Page 1443: ...uld not be used with static IP addresses The Even VLAN Pool assignment type maintains a dynamic latest usage level of each VLAN ID in the pool Therefore as users age out the number of available addresses increases This leads to a more even distribution of addresses The Even type is only supported in tunnel and dtunnel modes It is not supported in split or bridge modes and it is not allowed for VLA...

Page 1444: ...cation ArubaOS 3 0 Command introduced ArubaOS 3 4 The pool parameter was introduced ArubaOS 6 2 The assignment type parameter was introduced along with the even and hash options Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 1445: ...n an AAA profile to a VLAN to enable role based access for wired clients connected to an untrusted VLAN or port on the controller This parameter applies to wired clients only Note that this profile will only take effect if the VLAN and or the port on the controller is untrusted If both the port and the VLAN are trusted no AAA profile is assigned Usage Guidelines Use the interface vlan command to c...

Page 1446: ... 400 Related Commands Command Description show vlan This command shows a configured VLAN interface number description and associated ports aaa authentication wired This command configures authentication for a client device that is directly connected to a port on the controller Command History Release Modification ArubaOS 3 0 Command available ArubaOS 3 4 vlan ids parameter introduced ArubaOS 3 4 1...

Page 1447: ...s any character from 0 to 9 l Z is a wild card that represents any character from 1 to 9 l N is a wild card that represents any character from 2 to 9 l is a wild card that represents the number or the range specified in the brackets l period is a wild card that represents any length digit strings action A prefix code that is automatically prefixed to the dialed number This is specified as prefix c...

Page 1448: ...t W Series ArubaOS 6 2 Reference Guide Command History Version Description ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config mode on master controller ...

Page 1449: ... MAC address of the client to troubleshoot any voice issues Example The following command enables voice logging on the client with the MAC address 11 22 33 44 55 67 host config voice logging host VoIP Logging client mac 11 22 33 44 55 67 Command History Version Description ArubaOS 6 0 Command introduced Command Information Platforms Licensing Command Mode All platforms This command requires the PE...

Page 1450: ...troller to compute and display the call quality parameters such as Jitter delay packet loss and R value directly from the RTP media stream of the voice calls config enable enables the controller to analyze the call quality of the voice calls based on the RTP media streams Example The following command enables the controller to analyze the RTP media streams for call quality reports host config voic...

Page 1451: ...f the coverage area Example The following command enables the RTCP inactivity timer host config voice rtcp inactivity enable Command History Version Description ArubaOS 5 0 The rtcp inactivity parameter was introduced to the voip command ArubaOS 6 0 This was part of the voip command in the earlier version voip command is now deprecated Command Information Platforms Licensing Command Mode All platf...

Page 1452: ... session timer and associating a dial plan profile to the SIP ALG session timer acts as a keep alive mechanism for the SIP sessions using the periodic session refresh requests from the user agents The interval for the session refresh requests is determined through a negotiation mechanism If a session refresh request is not received within the negotiated interval the session is terminated session e...

Page 1453: ...mand Information Platforms Licensing Command Mode All platforms This command requires the PEFNG license Config mode on master controller DellPowerConnect W Series ArubaOS 6 2 Reference Guide voice sip 1453 ...

Page 1454: ...l request timer on the controller to clear the voip session if there is no response to a SIP mid call request Example The following command enables the SIP mid call request timer host config voice sip mid call req timeout enable Command History Version Description ArubaOS 5 0 The sip midcall req timeout parameter was introduced to the voip command ArubaOS 6 0 This was part of the voip command in t...

Page 1455: ...traffic streams multiple DELTS will be sent out to the station Usage Guidelines Issue this command to send DELTS for a live traffic stream even if the client is not a voice client Example The following command sends DELTS to a station with the MAC address 08 00 69 02 01 FA host config voice test force_send_delts sta 08 00 69 02 01 FA tid 6 Command History This command was introduced in ArubaOS 6 1...

Page 1456: ...ling hello timeout in seconds 10 1440 60 seconds no Negates any configured parameter ppp authentication Enables the protocols for PPP authentication This list should match the L2TP configuration configured with the vpn dialer command on the controller CACHE SECURID The controller caches Secure ID tokens so that the user does not need to reauthenticate each time a network connection is lost CHAP Us...

Page 1457: ...d with the ip local pool command Example The following command configures virtual private dial in networking host coinfig vpdn group l2tp ppp authentication PAP client configuration dns 10 1 1 2 client configuration wins 10 1 1 2 Command History The command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master c...

Page 1458: ...uthentication This list should match the PPTP configuration configured with the vpn dialer command on the controller MSCHAP Use MSCHAP with PPP authentication MSCHAPv2 Use MSCHAPv2 with PPP authentication This is the default for L2TP pptp echo Time in seconds that the controller waits for a PPTP echo response from the client before considering the client to be down The client is disconnected if it...

Page 1459: ... was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide vpdn group pptp 1459 ...

Page 1460: ...ns disabled l2tp Allows the dialer to negotiate a Layer 2 Tunneling Protocol L2TP IPsec tunnel with the controller enabled pptp Allows the dialer to negotiate a Point to Point Tunneling Protocol PPTP with the controller disabled securid_newpinmode Supports SecurID new and next pin mode disabled wirednowifi Allows the dialer to detect when a wired network connection is in use and shuts down the wir...

Page 1461: ...s Secure ID tokens so that the user does not need to reauthenticate each time a network connection is lost disabled chap Use CHAP with PPP authentication enabled mschap Use MSCHAP with PPP authentication enabled mschapv2 Use MSCHAPv2 with PPP authentication enabled pap Use PAP with PPP authentication enabled Usage Guidelines A VPN dialer is a Windows application that configures a Windows client fo...

Page 1462: ...1462 vpn dialer DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 1463: ...rs VRRP mode From here you can access the remaining VRRP commands 1 255 advertise Specifies the time in seconds between successive VRRP advertisements sent by the current master Best practices are to use the default value 1 60 seconds 1 second 1s 1000ms authentication Configure an optional password of up to eight characters to be used to authenticate VRRP peers in their advertisements The password...

Page 1464: ...ed When the timer is triggered it delays the router for a specified period of time before taking over the master router In the mean time if there is an advertisement from another VRRP master existing master the router stops the timer and does not transition to master 0 60 seconds 0 priority Defines the priority level of the VRRP instance for the controller This value is used in the election mechan...

Page 1465: ...revious priority level The combined priority and tracking values cannot exceed 255 If the priority value exceeds 255 the controller displays an error message 0 255 vrrp master state Specifies the VRID to use for tracking the state of the VRRP master controller 1 255 vrrp master state add Instructs the controller to add the specified value to the existing priority level The combined priority and tr...

Page 1466: ...ulting priority You can track a combined maximum of 16 interfaces NOTE You must enable preempt mode to allow a controller to take over the role of master if it detects a lower priority controller currently acting as master Example The following command configures a priority of 105 for VRRP ID VRID 30 host config vrrp 30 priority 105 The following commands configure VLAN interface tracking and assu...

Page 1467: ...story Version Modification ArubaOS 1 0 Command introduced ArubaOS 3 3 The tracking interface and tracking vlan parameters were introduced ArubaOS 3 3 2 The add option was removed from the tracking interface and tracking vlan parameters ArubaOS 6 1 The delay option is added to the preempt parameter Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode ...

Page 1468: ...128 bit encryption keys high low medium high mgmt auth Authentication method for the management user you can choose to use either username password or certificates or both username password and certificates username password certificate user name pass word no Negates any configured parameter session timeout session timeout Specifies the amount of time after which the WebUI session times out and re...

Page 1469: ...ticate management users If you specify certificate authentication you need to configure certificate authentication for the management user with the mgmt user webui cacert command Example The following commands configure WebUI access with client certificates only and specify the server certificate for the controller host config web server mgmt auth certificate switch cert ServerCert1 mgmt user webu...

Page 1470: ...bled cert type Identify the type of certificate to be used by the AP l switch cert AP is using a certificate signed by the controller l factory cert AP is using a factory installed certificate This option should only be used for AP model types W AP105 and W AP120 series description Optional Enter a brief description of the AP If the description includes spaces you must enclose the description in q...

Page 1471: ... 6 0 The controller cert parameter was modified to switch cert Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide whitelist db cpsec add 1471 ...

Page 1472: ...ne security feature is configured to send certificates to all APs or a range of addresses that include that AP then the controller will send the AP another certificate and the AP will reappear in the campus whitelist To permanently revoke a certificate from an invalid or suspected rogue AP use the command whitelist db cpsec revoke Example The following command removes an AP with the MAC address 10...

Page 1473: ...e a local controller from the network you must also remove the local controller from the local switch whitelist If the local switch whitelist contains entries for local controllers no longer on the network then a campus AP whitelist entry can be marked for deletion but will not be physically deleted as the controller will be waiting for an acknowledgement from another controller no longer on the n...

Page 1474: ...telist db cpsec local switch list DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 1475: ...elist rarely needs to be purged Although you can delete an entry from the master switch whitelist you should do so only if you have removed a master switch from the network Deleting a valid master controller from the master switch whitelist can cause errors in your network Example The following command removes a master controller from the master switch whitelist host config whitelist db cpsec mast...

Page 1476: ...telist db cpsec master switch list DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on local controllers ...

Page 1477: ... disable an AP s entry in the campus AP whitelist A disabled AP will not be able to contact the controller via a secure channel Select enable to reenable a disabled AP revoke text If you disable an AP entry the revoke text parameter allows you to enter a brief text string describing why the AP was revoked state Select one of the following AP states l approved ready for cert AP has been approved st...

Page 1478: ...ce Guide Command History Version Modification ArubaOS 5 0 Command introduced ArubaOS 6 0 The controller cert parameter was modified to switch cert Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master or local controllers ...

Page 1479: ... controller in the network To delete an individual entry in the campus AP whitelist use the command whitelist db cpsec delete Example The following command remove all APs from the campus AP whitelist host config whitelist db cpsec purge Related Commands Command Description Mode show whitelist db cpsec Show the campus AP whitelist for the control plane feature Enable mode Command History This comma...

Page 1480: ...enclose the comment in quotation marks Usage Guidelines Use this command to revoke a certificate from a invalid or suspected rogue AP Example The following command revokes a certificate from an AP This command does not delete a whitelist entry for a revoked AP but marks its entry with the revoked state host config whitelist db cpsec revoke mac address 00 1E 37 CA D4 51 revoke text revoking cert fr...

Page 1481: ...ms Base operating system Enable and Config modes on master and local controllers wlan bcn rpt req profile wlan bcn rpt req profile profile name channel channel clone source interface interface measure dur mandatory measure duration measure duration measure mode no random interval random interval reg class 1 12 request info request info rpt condition rpt condition rpt detail ssid ssid Description C...

Page 1482: ... 0 1 1 measure dur mandatory This value is used to set the Duration Mandatory bit of the Measurement Request Mode field of the Beacon Report Request frame Disabled measure duration measure duration This value is used to set the Measurement Duration field in the Beacon Report Request frame The Measurement Duration is set to the duration of the requested measurement It is expressed in units of TUs 0...

Page 1483: ...01 Usage Guidelines The Beacon Report Request profile is configured under the 802 11K profile Example The following commands configure the parameters under the bcn rpt req profile host config wlan bcn rpt req profile default host Beacon Report Request Profile default channel 9 host Beacon Report Request Profile default interface 1 host Beacon Report Request Profile default no measure dur mandatory...

Page 1484: ...they are automatically displayed as an ordered list in the preferred networks Syntax Parameter Description Default auth as computer Authenticate with domain credentials auth as guest Authenticate as a guest user clone Copy settings from another WLAN client profile eap cert If you select EAP type as certificate you can use one of the following options l mschapv2 use windows credentials l use smartc...

Page 1485: ... certificate Validate the server certificate l use different name Use a different user name for the connection and not the CN on the certificate no Negate and reset all configuration settings non broadcasting connection Connect even if WLAN is not broadcasting Disabled range connect Automatically connect to this WLAN if in range ssid profile Enter the name of the SSID profile Command History This ...

Page 1486: ...easurement mode Configures an active beacon table or passive beacon measurement mode for the profile beacon table active Enables active beacon measurement mode In this mode the client sends a probe request to the broadcast destination address on all supported channels sets a measurement duration timer and at the end of the measurement duration compiles all received beacons or probe response with t...

Page 1487: ...on hook voice clients clients that are not on a call after period of inactivity Without the forced disassociation feature if an AP has reached its call admission control limits and an on hook voice client wants to start a new call that client may be denied If forced disassociation is enabled those clients can associate to a neighboring AP that can fulfil their QoS requirements This feature is disa...

Page 1488: ...time interval for beacon link and transmit stream measurement requests host config wlan dot11k profile default host 802 11K Profile default dot11k enable host 802 11K Profile default bcn measurement mode beacon table host 802 11K Profile default bcn req time 60 host 802 11K Profile default lm req time 60 host 802 11K Profile default tsm req time 90 Related Commands Command Description wlan handove...

Page 1489: ...Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide wlan dot11k profile 1489 ...

Page 1490: ...egory through traffic specification TSPEC signaling Enter 1 to enable 0 to disable 0 1 0 disabled aifsn Arbitrary inter frame space number 1 15 0 ecw max The exponential n value of the maximum contention window size as expressed by 2n 1 A value of 4 computes to 24 1 15 1 15 0 ecw min The exponential n value of the minimum contention window size as expressed by 2n 1 A value of 4 computes to 24 1 15...

Page 1491: ... config wlan edca parameters profile ap edca1 best effort ecw min 15 ecw max 15 aifsn 15 txop 100 acm 1 Command History Version Description ArubaOS 3 1 Command introduced ArubaOS 3 4 1 License requirements changed in ArubaOS 3 4 1 so the command requires the PEF license instead of the Voice Services Module license required in earlier versions This command was introduced in ArubaOS 3 1 Command Info...

Page 1492: ...ndover trigger Issue this command to enable the handover trigger feature If enabled the controller will initiate the handover of a voice client for example dual mode handsets roaming at the edge of Wi Fi coverage to an alternate carrier or connection The handover trigger is initiated if the Wi Fi signal strength reported by the voice client received from all APs is equal to or less than the thresh...

Page 1493: ...mation Platforms Licensing Command Mode All platforms Base operating system Configuration mode on master or local controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide wlan handover trigger profile 1493 ...

Page 1494: ...file name Name of this instance of the profile The name must be 1 63 characters default 40MHz enable Enables or disables the use of this high throughput SSID in 40 MHz mode enabled ba amsdu enable Enable Disable Receive AMSDU in BA negotiation disabled clone Name of an existing high throughput SSID profile from which parameter values are copied high throughput enable Determines if this high throug...

Page 1495: ...ec 1 Minimum time of 1 µsec 2 Minimum time of 2 µsec 4 Minimum time of 4 µsec 8 Minimum time of 8 µsec 16 Minimum time of 16 µsec mpdu agg Enables or disables MAC protocol data unit MDPU aggregation High throughput APs are able to send aggregated MAC protocol data units MDPUs which allow an AP to receive a single block acknowledgment instead of multiple ACK signals This option which is enabled by ...

Page 1496: ...KIP or WEP You can also use this profile to configure explicit transmit beamforming for W AP130 series access points When this feature is enabled the AP coordinates the signals sent from each antenna so the signals focus on the receiver improving radio range and performance The W AP130 series AP can advertise transmit beamforming capabilities in beacon probe response and association responses in t...

Page 1497: ...duced ArubaOS 6 1 The short guard intvl 20Mhz ldpc stbc rx streams and stbc rx streams parameters were introduced The allow weak encryption parameter was deprecated Command Information Platforms Licensing Command Mode All platforms but operates with IEEE 802 11n compliant devices only Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide wlan ht ssid profile 1497 ...

Page 1498: ...onses support for radio measurements in a device no Disables the transmission of an IE in this profile pwr constraint ie The AP will advertise in beacon and probe responses the regulatory maximum transmit power for that current channel qbss load ie The AP will advertise in beacon and probe responses the QoS Basic Service Set QBSS Load IE which contains information on the current station count chan...

Page 1499: ...n dot11k profile profile dot11k enable Command History Version Description ArubaOS 6 2 Command introduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers DellPowerConnect W Series ArubaOS 6 2 Reference Guide wlan rrm ie profile 1499 ...

Page 1500: ...id ht ssid profile profile name local probe req thresh max clients number max retries number max tx fail number mcast rate opt no opmode bSec 128 dynamic wep opensystem static wep wpa aes wpa2 aes gcm 128 wpa2 aes gcm 256 wpa psk aes wpa psk tkip wpa tkip wpa2 aes wpa2 psk aes wpa2 psk tkip wpa2 tkip xSec qbss load enable rts threshold number short preamble ssid enable strict svp wepkey1 key wepke...

Page 1501: ...e time of association and on the current error loss rate of the client 6 9 12 18 24 36 48 54 Mbps 6 9 12 18 24 36 48 54 Mbps advertise ap name If enabled APs that are part of this VAP willbroadcast the AP Name information in the beacons frames advertise location If enabled APs that are part of this VAP will broadcast their GPS coordinates in the beacons and probe response frames as part of a vendo...

Page 1502: ...ributed channel access EDCA profile that applies to this SSID NOTE This parameter requires the PEFNG license Configure this parameter only under the guidance of your Dell representative ap sta Assigns the specified EDCA profile to AP or station client enforce user vlan Strict enforcement of data traffic only in user s assigned vlan Open stations only essid Name that uniquely identifies a wireless ...

Page 1503: ...d multicast frames This option only applies to broadcast and multicast data frames 802 11 management frames are transmitted at the lowest configured rate NOTE Do not enable this parameter unless instructed to do so by your Dell technical support representative disabled no Negates any configured parameter opmode The layer 2 authentication and encryption to be used on this ESSID to protect access an...

Page 1504: ...l an xSec license in each controller qbss load enable Enables the AP to advertise the QBSS load element The element includes the following parameters that provide information on the traffic situation l Station count The total number of stations associated to the QBSS l Channel utilization The percentage of time normalized to 255 the channel is sensed to be busy The access point uses either the phy...

Page 1505: ...twork disabled wmm be dscp DSCP value used to map WMM best effort traffic 0 63 wmm bk dscp DSCP used to map WMM background traffic 0 63 wmm override dscp mapping Overrides the default DSCP mappings in the SSID profile with the ToS value This setting is useful when you want to set a non default ToS value for a specific traffic disabled wmm ts min in act int Specifies the minimum inactivity time out...

Page 1506: ...mically selects the rate for sending broadcast multicast frames on any BSS This feature determines the optimal rate for sending broadcast and multicast frames based on the lowest of the unicast rates across all associated clients When the Multicast Rate Optimization option mcast rate opt is enabled the controller scans the list of all associated stations in that BSS and finds the lowest transmissi...

Page 1507: ...parameter was deprecated ArubaOS 3 4 1 License requirements changed in ArubaOS 3 4 1 so the command required the PEF license instead of the Voice Services Module license required in earlier versions ArubaOS 6 1 The opmode options wpa2 aes gcm 128 and wpa2 aes gcm 256 were introduced These parameters require the ACR license The qbss load enable option is included ArubaOS 6 1 4 1 The advertise ap na...

Page 1508: ...o this virtual AP 0 100 clone profile name Name of an existing traffic management profile from which parameter values are copied no Negates any configured parameter report interval minutes Number of minutes between bandwidth usage reports 1 999999 minutes 5 minutes shaping policy Define Station Shaping Policy This feature has the following three options l default access Traffic shaping is disabled...

Page 1509: ...ients in the last sampling period l Activity of the current client in the last sampling period The bw alloc parameter of a traffic management profile allows you to set a minimum bandwidth to be allocated to a virtual AP profile when there is congestion on the wireless network You must set traffic shaping to fair access to use this bandwidth allocation value for an individual virtual AP Example The...

Page 1510: ...duration of the requested measurement It is expressed in units of TUs When the request mode for the Transmit Stream Category Measurement Request frame is set to triggered the Measurement Duration field should be set to 0 0 65535 9776 no Negates any configured parameter num repeats num repeats This parameter is used to set the Number of Repetitions field in the Transmit Stream Category Measurement ...

Page 1511: ...802 11K profile It is used to configure the parameters for the Transmit Stream Category Measurement frames It takes effect only when the 802 11K feature is enabled Example host config wlan tsm req profile default host TSM Report Request Profile default bin0 range 1 host TSM Report Request Profile default dur mandatory host TSM Report Request Profile default measure duration 25 host TSM Report Requ...

Page 1512: ...sistent standard ssid profile profile name steering mode band balancing force 5ghz prefer 5ghz strict compliance vap enable vlan vlan vlan mobility wmm traffic management profile Description This command configures a virtual AP profile Syntax Parameter Description Range Default profile name Name of this instance of the profile The name must be 1 63 characters default aaa profile Name of the AAA pr...

Page 1513: ... mode those APs will gather information about 5G capable clients independently and will not exchange this information with other APs that also have bridge or split tunnel virtual APs only disabled blacklist Enables detection of denial of service DoS attacks such as ping or SYN floods that are not spoofed deauth attacks enabled blacklist time Number of seconds that a client is quarantined from the ...

Page 1514: ...s not able to convert that broadcast traffic disabled clone Name of an existing traffic management profile from which parameter values are copied deny inter user traffic Select this checkbox to deny traffic between the clients using this virtual AP profile The firewall comand includes an option to deny all inter user traffic regardless of the Virtual AP profile used by those clients If the global ...

Page 1515: ... adds the GRE headers decrypts or encrypts 802 11 frames and applies firewall rules to the user traffic as usual l Bridge When an AP is in bridge mode data is bridged onto the local Ethernet LAN When in bridge mode the AP handles all 802 11 association requests and responses encryption decryption processes and firewall enforcement 802 11e and 802 11k action frames are also processed by the AP whic...

Page 1516: ... observed in VoIP clients NOTE ha disc onassoc parameter works only when IP mobility is enabled and configured on the controller disabled mobile ip Enables or disables IP mobility for this virtual AP enabled multi association Enables or disables multi association for this virtual AP When enabled this feature allows a station to be associated to multiple APs If this feature is disabled when a stati...

Page 1517: ...the band steering feature has been enabled The band steering feature in ArubaOS versions 3 3 2 5 0 does not support multiple band steering modes The band steering feature in these versions of ArubaOS functions the same way as the default prefer 5GHz steering mode available in ArubaOS 6 0 and later Force 5GHz prefer 5ghz balance bands prefer 5ghz strict compli ance If enabled the AP denies client a...

Page 1518: ...erted broadcast ARP requests to unicast messages sent directly to the client Starting with ArubaOS 6 1 3 2 the broadcast filter arp setting includes the additional functionality of broadcast filter all parameter where DHCP response frames are sent as unicast to the corresponding client This can impact DHCP discover requested packets for clients behind a wireless bridge and virtual clients on VMwar...

Page 1519: ...was deprecated l The Multicast Optimization for Video and Multicast Optimization Threshold parameter were renamed to Dynamic Multicast Optimization DMO and Dynamic Multicast Optimization DMO Threshold ArubaOS 6 2 The outer vlan and fdb update on assoc parameters wereintroduced Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers...

Page 1520: ...ired call admission control CAC Mechanism l Disable CAC is based on Call Counts l Enable CAC should be based on Bandwidth disabled bandwidth capacity Define the maximum bandwidth that can be handled by one radio in kbps The default value is 2000 kbps 2 Mbps bandwidth capacity Maximum bandwidth that can be handled by one radio in kbps The default value is 2000 kbps 2 Mbps 1 600000 2000 call admissi...

Page 1521: ...spec_en forcement Enables validation of TSPEC requests for CAC disabled wmm_tspec_en forcement_ period Maximum time for the station to start the call after the TSPEC request 1 100 1 second Usage Guidelines The VoIP CAC profile prevents any single AP from becoming congested with voice calls Example The following command enables VoIP CAC host config wlan voip cac profile cac1 call admission control ...

Page 1522: ... in ArubaOS 3 4 1 so the command required the PEF license instead of the Voice Services Module license required in earlier versions ArubaOS 5 0 The supported range for the call capacity parameter changed from 0 8000 to 2 8000 Command Information Platforms Licensing Command Mode All platforms PEFNG license Config mode on master controllers ...

Page 1523: ...ring commands that are local not global This means in a master local system the configuration parameter is modifiable at each individual controller and the setting on one controller does not affect the setting on other controllers Increasing the max threshold limit will cause an increase in usage in the memory by WMS In general each entry will consume about 500 bytes of memory If the setting is bu...

Page 1524: ...1524 wms localsystem DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Config mode on master controllers ...

Page 1525: ...ue AP that is unauthorized and is plugged into the wired side of the network You can configure automatic shutdown of rogue APs in the IDS unauthorized device detection profile valid An AP that is part of the enterprise providing WLAN service Usage Guidelines If AP learning is enabled with the wms general learn ap enable command non Dell APs connected on the same wired network as Dell APs are class...

Page 1526: ...1526 wms ap DellPowerConnect W Series ArubaOS 6 2 Reference Guide Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers ...

Page 1527: ...nstructed to do so by an Dell representative Example The following command cleans the WMS database host wms clean db WMS Database will be deleted Do you want to proceed with this action y n Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master controllers DellPowerConnect W Series Ar...

Page 1528: ...an automatically determine client classification based on client behavior but this command allows you to explicitly classify a client The classification of a client is used in certain policy enforcement features For example if protect valid sta is enabled in the IDS Unauthorized Device Profile then clients that are classified as valid cannot connect to non valid APs Example The following command c...

Page 1529: ...DellPowerConnect W Series ArubaOS 6 2 Reference Guide wms client 1529 ...

Page 1530: ... This command writes classification data into comma separated values CSV files one for APs and one for clients You can import these files into the Dell Mobility Manager system Example The following command exports classification data into an AP and a client file host wms export class class Exported data to class_ap csv and class_sta csv Command History This command was introduced in ArubaOS 3 0 Co...

Page 1531: ...he file is exported as an ASCII text file If you have configured the controller for operation with DellMMS this command will fail and an error will be returned Example The following command exports the WMS database to a file host wms export db database Exported WMS DB to database Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All pla...

Page 1532: ...t be no longer than 32 characters and may contain only keyboard characters Usage Guidelines The imported file replaces the WMS database The imported file must be a valid WMS database file that you previously exported using the wms export db command Example The following command imports the WMS database from a file host wms import db database Command History This command was introduced in ArubaOS 3...

Page 1533: ...ility manager on page 444 this command will fail and return an error Example The following command reinitializes the WMS database host wms reinit db WMS Database will be re initialized Do you want to proceed with this action y n Command History This command was introduced in ArubaOS 3 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable mode on master c...

Page 1534: ...are lost if the system reboots before saving the changes To save your configuration changes use the write memory command If you use the write erase command the license key management database on the controller is not affected If you use the write erase all command all databases on the controller are deleted including the license key management database If you reset the controller to the factory de...

Page 1535: ...ng configuration and databases and returns the controller to the factory default settings host write erase Command History This command was introduced in ArubaOS 1 0 Command Information Platforms Licensing Command Mode All platforms Base operating system Enable and Config modes DellPowerConnect W Series ArubaOS 6 2 Reference Guide write 1535 ...

Page 1536: ...0510956 01 March 2013 1536 ...

Page 1537: ...er mode You always begin a CLI session in user mode the command mode with the lowest level of user access The command prompt for a user mode session is a greater than symbol host The following commands are available in user mode l enable l exit l help l logout l ping l traceroute Enable Mode To move from user mode to enable mode you must enter the command enable press Enter then enter config mode ...

Page 1538: ...t config aaa alias group Configure an Alias Group authentication Authentication authentication server Authentication Servers bandwidth contract Configure bandwidth contract 256 Kbps 2 Gbps derivation rules Configure rules to derive user role or vlan dns query interval Set DNS query interval password policy Password policy for locally configured management users profile Configure an AAA Profile rad...

Reviews:

No comments

Related manuals for PowerConnect W-7200 Series

CAME Z Series Manual preview
Z Series
Brand: CAME Pages: 4
CAME QBEMFSB2 User Manual preview
QBEMFSB2
Brand: CAME Pages: 19
SAF Phoenix G2 IDU Quick Start Manual preview
Phoenix G2 IDU
Brand: SAF Pages: 30
F5 i5000 Series Platform Manual preview
i5000 Series
Brand: F5 Pages: 72
Qlogic QLE7xxx Series Quick Start Manual preview
QLE7xxx Series
Brand: Qlogic Pages: 8
ZALMAN ZM-RF1 User Manual preview
ZM-RF1
Brand: ZALMAN Pages: 5
4gon RouterBOARD 411R Quick Start Manual preview
RouterBOARD 411R
Brand: 4gon Pages: 2
Lutron Electronics Smart Bridge Quick Start Manual preview
Smart Bridge
Brand: Lutron Electronics Pages: 4
Lanner FW-7551 User Manual preview
FW-7551
Brand: Lanner Pages: 38
PaloAlto Networks ION 1000 Hardware Reference Manual preview
ION 1000
Brand: PaloAlto Networks Pages: 28
Xyclop XC-16CH-NVR-4TB Quick Start Manual preview
XC-16CH-NVR-4TB
Brand: Xyclop Pages: 19
Patton electronics 593/45 User Manual preview
593/45
Brand: Patton electronics Pages: 8
LevelOne WBA-4000 User Manual preview
WBA-4000
Brand: LevelOne Pages: 49
Extreme Networks ExtremeCloud Appliance E1120 User Manual preview
ExtremeCloud Appliance E1120
Brand: Extreme Networks Pages: 219
VIA Technologies LPC-01 Quick Manual preview
LPC-01
Brand: VIA Technologies Pages: 2
Idis DR-8516 Installation Manual preview
DR-8516
Brand: Idis Pages: 28
MACHINIST X79-Z9-D7 User Manual preview
X79-Z9-D7
Brand: MACHINIST Pages: 15
peplink Balance 380 User Manual preview
Balance 380
Brand: peplink Pages: 111

Brands by name

Popular brands

Load more brands