manualshive.com logo in svg

Motorola WS5100 Series, Cli Reference Manual

The Motorola WS5100 Series Troubleshooting Manual is a comprehensive resource for users seeking to resolve any technical issues they may encounter. This invaluable manual is available for free download from our website, ensuring that users have easy access to the information they need to keep their WS5100 Series devices running smoothly.

Share
Download
background image

crypto-map

10-9

Usage Guidelines

WS5100(config-crypto-map)#set peer (name)

If no peer IP address is configured, the manual crypto map is not valid and not complete. 
A peer IP address is required for manual crypto maps. To change the peer IP address, the 
no set peer command must be issued first; then the new peer IP address can be configured.

WS5100(config-crypto-map)#set pfs

If left at the default setting, no perfect forward secrecy (PFS) is used during IPSec SA key 
generation. If PFS is specified, the specified Diffie-Hellman Group exchange is used for the 
initial (and all subsequent) key generation. This means no data linkage between prior keys 
and future keys.

WS5100(config-crypto-map)#set security-association lifetime 

(kilobytes|seconds)

Values can be entered in both kilobytes and seconds. Whichever limit is reached first, ends 
the security association.

WS5100(config-crypto-map)#set session-key 

(inbound|outbound)(ah|esp)

WS5100(config-crypto-map)#set session-key (inbound|outbound) ah 

<hexkey data>

WS5100(config-crypto-map)#set session-key (inbound|outbound) esp 

<SPI> cipher <hexdata key> authenticator <hexkey data>

inbound/outbound 
(ah|esp)

Defines encryption keys for inbound/outbound traffic 

ah – 

Authentication header protocol 

• <256-4294967295> – 

Security Parameter 

Index

 (SPI) for the security association

esp – 

Encapsulating security payload protocol 

• <256-4294967295> – Derfines the security 

parameter Index 

• cipher – Specify encryption/decryption 

key

authenticator <hex key data> – 

Specify 

an authentication key 

transformset <name>

Use the set transform-set command to assign a transform-
set to a crypto map.

Summary of Contents for WS5100 Series

Page 1: ...M WS5100 Series Switch CLI Reference Guide ...

Page 2: ... reserved MOTOROLA and the Stylized M Logo are registered in the US Patent Trademark Office Symbol is a registered trademark of Symbol Technologies Inc All other product or service names are the property of their respective owners ...

Page 3: ...ent Who Should Use this Guide The WS5100 Series CLI Reference Guide is intended for system administrators responsible for the implementing configuring and maintaining the WS5100 switch using the switch s command line interface CLI It also serves as a reference for configuring and modifying most common system settings The administrator should be familiar with wireless technologies network concepts ...

Page 4: ...xec Commands Summarizes the Priv Exec commands within the WS5100 switch command line interface Chapter 5 Global Configuration Commands Summarizes the Global Config commands within the WS5100 switch command line interface Chapter 6 crypto isakmp Summarizes the crypto isakmp commands within the WS5100 switch command line interface Chapter 7 crypto group Summarizes the crypto group commands within th...

Page 5: ... line Chapter 16 Extended MAC ACL Instance Summarizes the config ext macl commands within the WS5100 switch command line Chapter 17 DHCP Server Instance Summarizes the config dhcp pool commands within the WS5100 switch command line Chapter 18 DHCP Class Instance Summarizes the config dhcp class instance commands within the WS5100 switch command line interface Chapter 19 Radius Server Instance Summ...

Page 6: ...ts of required steps that are not necessarily sequential Sequential lists those describing step by step procedures appear as numbered lists NOTE Indicate tips or special requirements CAUTION Indicates conditions that can cause equipment damage or data loss WARNING Indicates a condition or procedure that could result in personal injury or equipment damage Convention Example Token Description Valid ...

Page 7: ... motorola com When contacting Motorola Support Center please provide the following information Serial number of the unit Model number or product name Software type and version number key1 key2 key 3 Selective recursive multiple tokens allowed but each can only be used once key1 key3 key1 key2 key 3 Infinite recursive multiple tokens allowed each can be used multiple times key1 key1 key2 key3 key2 ...

Page 8: ...and Product Information General Information For general information contact Motorola at Telephone North America 1 800 722 6234 Telephone International 1 631 738 5200 Website http www motorola com North America International Motorola Inc One Symbol Plaza Holtsville New York 11742 1300 Tel 1 631 738 2400 or 1 800 722 6234 Fax 1 631 738 5990 Motorola Inc Symbol Place Winnersh Triangle Berkshire RG41 ...

Page 9: ...umentation Licensee may download install and use the Software only on a single computer Licensee may make one copy of the Software excluding any documentation for backup purposes provided that copyright and other restricted rights notices of Licensor and its suppliers are reproduced exactly 2 LICENSE RESTRICTIONS Except as expressly permitted by this Agreement Licensee shall not nor permit anyone ...

Page 10: ...Licensor remains solely responsible for all Content that Licensee uploads posts e mails transmits or otherwise disseminates using or in connection with the Software 4 FEES SUPPORT AND UPGRADES Licensor may at Licensor s sole option provide support services related to the Software Support Services Nothing in this Agreement grants Licensee any right to receive any Support Services Use of any Support...

Page 11: ... INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION FOR BUSINESS INTERRUPTION FOR PERSONAL INJURY FOR LOSS OF PRIVACY FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE FOR NEGLIGENCE AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE THE PROVISIO...

Page 12: ...52 227 14 JUNE 1987 or DFAR 48 CFR 252 227 7013 OCT 1988 as applicable The Manufacturer for purposes of these regulations is Motorola Inc One Symbol Plaza Holtsville NY 11742 12 EXPORT RESTRICTIONS Licensee shall comply with all export laws and restrictions and regulations of the Department of Commerce the United States Department of Treasury Office of Foreign Assets Control OFAC or other United S...

Page 13: ...nstance any action or proceeding arising out of this Agreement must be brought exclusively in the state or federal courts of New York and Licensee hereby consents to the jurisdiction of such courts for any such action or proceeding This Agreement supersedes all prior discussions and writings and constitutes the entire agreement between the parties with respect to the subject matter hereof The prev...

Page 14: ...WS5100 Series Switch CLI Reference Guide xviii ...

Page 15: ...mand Line 1 7 1 4 2 Completing a Partial Command Name 1 9 1 4 3 Deleting Entries 1 10 1 4 4 Re displaying the Current Command Line 1 10 1 4 5 Command Output pagination 1 10 1 4 6 Transposing Mistyped Characters 1 10 1 4 7 Controlling Capitalization 1 11 Chapter 2 Common Commands 2 1 Common Commands 2 1 2 1 1 clrscr 2 2 2 1 2 exit 2 2 2 1 3 help 2 2 2 1 4 no 2 4 2 1 5 service 2 5 2 2 show 2 23 2 2 ...

Page 16: ...7 2 2 18 privilege 2 47 2 2 19 radius 2 48 2 2 20 redundancy group 2 49 2 2 21 redundancy history 2 51 2 2 22 redundancy members 2 52 2 2 23 snmp 2 52 2 2 24 snmp server 2 53 2 2 25 sole 2 55 2 2 26 spanning tree 2 57 2 2 27 static channel group 2 58 2 2 28 terminal 2 59 2 2 29 timezone 2 59 2 2 30 users 2 60 2 2 31 version 2 60 2 2 32 wireless 2 62 2 2 33 wlan acl 2 70 2 2 34 access list 2 71 2 2...

Page 17: ...uster cli 3 4 3 1 3 debug 3 4 3 1 4 disable 3 6 3 1 5 enable 3 6 3 1 6 logout 3 7 3 1 7 page 3 7 3 1 8 ping 3 7 3 1 9 quit 3 8 3 1 10 telnet 3 8 3 1 11 terminal 3 9 3 1 12 traceroute 3 9 Chapter 4 Privileged Exec Commands 4 1 Priv Exec Command 4 1 4 1 1 acknowledge 4 4 4 1 2 archive 4 4 4 1 3 cd 4 6 4 1 4 change passwd 4 6 4 1 5 clear 4 7 4 1 6 clock 4 10 4 1 7 cluster cli 4 10 4 1 8 configure 4 1...

Page 18: ... 26 quit 4 24 4 1 27 reload 4 24 4 1 28 rename 4 25 4 1 29 rmdir 4 26 4 1 30 telnet 4 26 4 1 31 terminal 4 27 4 1 32 traceroute 4 28 4 1 33 upgrade 4 28 4 1 34 upgradeabort 4 30 4 1 35 write 4 30 Chapter 5 Global Configuration Commands 5 1 Global Configuration Commands 5 2 5 1 1 aaa 5 4 5 1 2 access list 5 5 5 1 3 autoinstall 5 11 5 1 4 banner 5 12 5 1 5 boot 5 13 5 1 6 bridge 5 13 5 1 7 country c...

Page 19: ... 1 25 prompt 5 41 5 1 26 radius server 5 41 5 1 27 redundancy 5 42 5 1 28 service 5 44 5 1 29 snmp server 5 45 5 1 30 sole 5 55 5 1 31 spanning tree 5 56 5 1 32 timezone 5 60 5 1 33 username 5 60 5 1 34 vpn 5 61 5 1 35 wireless 5 61 5 1 36 wlan acl 5 62 Chapter 6 crypto isakmp 6 1 Crypto ISAKMP Config Commands 6 1 6 1 1 authentication 6 2 6 1 2 clrscr 6 2 6 1 3 encryption 6 3 6 1 4 end 6 3 6 1 5 e...

Page 20: ... 4 7 1 6 service 7 5 7 1 7 show 7 6 7 1 8 wins 7 8 Chapter 8 crypto peer 8 1 Crypto Peer Config Commands 8 1 8 1 1 clrscr 8 2 8 1 2 end 8 2 8 1 3 exit 8 2 8 1 4 help 8 3 8 1 5 no 8 3 8 1 6 service 8 4 8 1 7 set 8 5 8 1 8 show 8 5 Chapter 9 crypto ipsec 9 1 Crypto IPsec Config Commands 9 1 9 1 1 mode 9 2 9 1 2 show 9 2 Chapter 10 crypto map 10 1 Crypto Map Config Commands 10 1 10 1 1 clrscr 10 2 10...

Page 21: ...11 3 11 1 5 exit 11 4 11 1 6 fqdn 11 4 11 1 7 help 11 5 11 1 8 ip address 11 5 11 1 9 no 11 6 11 1 10 password 11 6 11 1 11 rsakeypair 11 7 11 1 12 service 11 7 11 1 13 show 11 9 11 1 14 subject name 11 11 Chapter 12 interface Instance 12 1 Interface Config Commands 12 1 12 1 1 clrscr 12 2 12 1 2 crypto 12 3 12 1 3 description 12 3 12 1 4 duplex 12 4 12 1 5 end 12 5 12 1 6 exit 12 5 12 1 7 help 12...

Page 22: ... 13 1 mst Config Commands 13 1 13 1 1 clrscr 13 2 13 1 2 end 13 2 13 1 3 exit 13 3 13 1 4 help 13 3 13 1 5 instance 13 4 13 1 6 name 13 4 13 1 7 no 13 5 13 1 8 revision 13 5 13 1 9 service 13 6 13 1 10 show 13 7 Chapter 14 Extended ACL Instance 14 1 Extended ACL Config Commands 14 1 14 1 1 clrscr 14 2 14 1 2 deny 14 2 14 1 3 end 14 7 14 1 4 exit 14 7 14 1 5 help 14 8 14 1 6 mark 14 8 14 1 7 no 14 ...

Page 23: ... Extended MAC ACL Instance 16 1 MAC Extended ACL Config Commands 16 1 16 1 1 clrscr 16 2 16 1 2 deny 16 2 16 1 3 end 16 5 16 1 4 exit 16 5 16 1 5 help 16 5 16 1 6 mark 16 6 16 1 7 no 16 8 16 1 8 permit 16 9 16 1 9 service 16 11 16 1 10 show 16 13 16 1 11 terminal 16 14 Chapter 17 DHCP Server Instance 17 1 DHCP Config Commands 17 1 17 1 1 address 17 3 17 1 2 bootfile 17 3 17 1 3 class 17 4 17 1 3 1...

Page 24: ... server 17 16 17 1 21 no 17 17 17 1 22 option 17 17 17 1 23 service 17 18 17 1 24 show 17 20 17 1 25 update 17 22 17 2 Configuring the DHCP Server using Switch CLI 17 23 17 2 1 Creating network pool 17 23 17 2 2 Creating a Host Pool 17 24 17 2 3 Troubleshooting DHCP Configuration 17 24 17 2 4 Creating a DHCP Option 17 26 Chapter 18 DHCP Class Instance 18 1 DHCP Server Class Config Commands 18 1 18...

Page 25: ...est group 19 8 19 1 7 6 help 19 9 19 1 7 7 no 19 9 19 1 7 8 policy 19 11 19 1 7 9 rad user 19 12 19 1 7 10 service 19 13 19 1 7 11 show 19 13 19 1 7 12 Example Creating a Group 19 15 19 1 8 help 19 16 19 1 9 ldap server 19 17 19 1 10 nas 19 19 19 1 11 no 19 20 19 1 12 proxy 19 21 19 1 13 rad user 19 22 19 1 14 server 19 23 19 1 15 service 19 24 19 1 16 show 19 25 Chapter 20 Wireless Instance 20 1 ...

Page 26: ...ared key auth 20 18 20 1 16 end 20 18 20 1 17 exit 20 19 20 1 18 fix broadcast dhcp rsp 20 19 20 1 19 help 20 19 20 1 20 ids 20 20 20 1 21 mac auth local 20 23 20 1 22 manual wlan mapping 20 24 20 1 23 mobile unit 20 24 20 1 24 mobility 20 25 20 1 25 multicast packet limit 20 26 20 1 26 multicast throttle watermark 20 26 20 1 27 no 20 27 20 1 28 proxy arp 20 28 20 1 29 qos mapping 20 28 20 1 30 ra...

Page 27: ...ents TOC Chapter 21 SOLE Instance 21 1 SOLE Config Commands 21 1 21 1 1 adapter 21 2 21 1 2 clrscr 21 2 21 1 3 end 21 3 21 1 4 exit 21 3 21 1 5 help 21 3 21 1 6 no 21 4 21 1 7 service 21 5 21 1 8 show 21 6 ...

Page 28: ...WS5100 Series Switch CLI Reference Guide TOC 14 ...

Page 29: ...llows you to execute commands whether using a serial console or using a remote access method This chapter describes the basic features of the CLI Topics covered include an introduction to command modes navigation and editing features help features and command history features The CLI is segregated into different command modes Each mode has its own set of commands for configuration maintenance and ...

Page 30: ...s the GLOBAL CONFIG mode from the PRIV EXEC mode In the GLOBAL CONFIG mode enter commands that set general system characteristics Configuration modes allow you to change the running configuration If you save the configuration later these commands are stored across switch reboots Access a variety of protocol specific or feature specific modes from the global configuration mode The CLI hierarchy req...

Page 31: ...diff ip service dir line show disable local telnet edit logging terminal enable mac traceroute erase mac address table exit management halt ntp help prompt kill radius server logout redundancy mkdir service more snmp server no spanning tree page timezone ping username pwd vpn User Exec Mode Priv Exec Mode Global Configuration Mode ...

Page 32: ...xt sensitive help Use the following commands to obtain help specific to a command mode command name keyword or argument quit wlan acl reload rename rmdir service show telnet terminal traceroute upgrade upgrade abort write Command Description prompt help Displays a brief description of the help system prompt abbreviated command entry Lists commands in the current mode that begin with a particular c...

Page 33: ...elp is called command syntax help It shows keywords or arguments are available based on the command keyword and argument already entered WS5100 service diag Diagnostics encrypt Encrypt password or key with secret save cli Save CLI tree for all modes in html format show Show running system information WS5100 service prompt abbreviated command entry Tab Completes a partial command name prompt Lists ...

Page 34: ...d when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 1 3 Using the no and default Forms of Commands Almost every command has a no form Use the no form to disable a feature or function Use the command without the no keyword to re enable a disabled feature or enable a feature disabled by default 1 3 1 Basic Conventions Keep the following co...

Page 35: ... 4 1 Moving the Cursor on the Command Line Table 1 2 shows the key combinations or sequences you can use to move the cursor around on the command line Ctrl defines the Control key which must be pressed simultaneously with its associated letter key Esc supports the Escape key which must be pressed first followed by its associated letter key Keys are not case sensitive Specific letters were chosen t...

Page 36: ...ward character Moves the cursor one character to the right Esc B Back word Moves the cursor back one word Esc F Forward word Moves the cursor forward one word Ctrl A Beginning of line Moves the cursor to the beginning of the line Ctrl E End of line Moves the cursor to the end of the command line Ctrl d Deletes the current character Ctrl U Deletes text up to cursor Ctrl K Deletes from cursor to end...

Page 37: ...le conf Tab WLAN Module configure When you use the command completion feature the CLI displays the full command name The command is not executed until you use the Return or Enter key This way you can modify the command if the full command was not what you intended in the abbreviation If entering a set of characters indicating more than one command the system lists all commands that begin with that...

Page 38: ...rompt displays at the bottom of the screen To resume the output press the Return key to scroll down one line or press the Spacebar to display the next full screen of output 1 4 6 Transposing Mistyped Characters If you have mistyped a command entry you can transpose the mistyped characters To transpose characters use the following key combination Keystrokes Purpose Backspace Deletes the character t...

Page 39: ...ey sequences The switch s CLI commands are generally case insensitive and all in lowercase To change the capitalization of commands use one of the following k sequences Keystrokes Purpose Esc C Capitalizes the letters to the right of cursor Esc L Changes the letters at the right of cursor to lowercase ...

Page 40: ...WS5100 Series Switch CLI Reference Guide 1 12 ...

Page 41: ... If a user or privilege is not specified the referenced command can be entered in either mode 2 1 Common Commands Table 2 1 summarizes available common commands Table 2 1 Common Commands in WS5100 Command Description Ref clrscr Clears the display screen page 2 2 exit Ends the current mode and moves to the previous mode page 2 2 help Displays the interactive help system page 2 2 no Negates a comman...

Page 42: ...evious mode Syntax exit Parameters None Example WS5100 config exit 2 1 3 help Common Commands Use this command to access the advanced help feature Use anytime at the command prompt to access the help topic Two kinds of help are provided 1 Full help is available when ready to enter a command argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what argume...

Page 43: ...ment management Display L3 Managment Interface name mobility Display Mobility Parameters ntp Network time protocol privilege Show current privilege level radius RADIUS configuration commands redundancy group Display redundancy group parameters redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail snmp Display SNMP engine par...

Page 44: ...of the patch to remove WS5100 no Example Global Config WS5100 config no aaa VPN AAA authentication settings access list Configure access lists autoinstall autoinstall configuration command banner Reset login banner to nothing bridge Bridge group commands country code Clear the currently configured country code All existing configurations will be erased crypto encryption module errdisable errdisabl...

Page 45: ... wlan acl Remove an ACL from WLAN WS5100 config no 2 1 5 service Common Commands Services or debugs the switch Syntax User Exec service diag encrypt save cli show wireless service diag enable fanduty 40 100 identify limit period service diag limit buffer fan filesys inodes load maxFDs pkbuffers procRAM ram routecache temperature service diag limit buffer 128 128k 16k 1k 256 2k 32 32k 4k 512 64 64k...

Page 46: ... Exec diag Diagnostics enable Enables in service diagnostics fanduty 40 100 Sets the CPU fan PWM duty cycle Define a value between 40 100 Setting a value below 60 is considered unreliable identify Identifies a switch by flashing its LEDs limit Sets the diagnostic limit command buffer Configures the buffer usage warning limit Thewarninglimitcanbesetto a buffer limit size 128 128k 16k 1k 256 2k 32 3...

Page 47: ...y a process Set he percentage of RAM space used by the processor between 0 0 and 100 0 percent ram Configures free space for the RAM Configures the free space to anything between 0 0 to 100 0 percent routecache 0 65535 Configures IP route cache usage Set with a value between 0 and 65553 tempreature 1 8 Sets the temperature sensor for the switch Set as many as 8 temperature sensors period 100 30000...

Page 48: ...ey with a secret passphrase secret Encrypts passwords keys with a secret phrase 2 Type of encryption SHA256 AES256 PASSPHRASE Defines the passphrase used for encryption ENCRYPT_KEY Defines the plain text password or key to encrypt save cli Saves the CLI tree for all modes inHTML ...

Page 49: ...ardware configuration led status Show LED state variables and current state limits Show limit values period Shows the period ms for in service diagnostics stats Shows curent diagnostics statistics top Shows the top processes sorted by memory usage info Shows a snapshot of available support information memory Shows memory statistics process Shows processes sorted by memory usage reboot history Show...

Page 50: ...ridge filter capwap LINE and ctrl data or service pktcap on bridge filter dst A B C D net service pktcap on bridge filter ether broadcast dst host multicast proto src service pktcap on bridge filter host IP address service pktcap on bridge filter icmp LINE and or service pktcap on bridge filter ip LINE and multicast or proto service pktcap on bridge filter ip6 LINE and or service pktcap on bridge ...

Page 51: ...p log upgrade history watchdog wireless service show securitymgr flows details source A B C D any destination A B C D any protocol any icmp tcp udp service start shell service test service watchdog service wireless ap history buffer counters clear ap log dump core enhanced beacon table enhanced probe table idle radio send multicast legacy load balance radio misc cfg rate scale request ap log save ...

Page 52: ...ump files panics Removes all kernel panic files securitymgr Securitymgr parameters flows Sessions established 0 349 Flow Index WORD Interface name all All established sessions eth Ethernet interface vlan VLAN copy Copies from one file to another tech support Copies extensive system information useful to technical support for troubleshooting URL Target URLfrom which to copy tftp hostname port or IP...

Page 53: ...hewarninglimitcanbesetto the buffer limit size of 128 128k 16k 1k 256 2k 32 32k 4k 512 64 6 4k 8k fan 1 2 low Sets the fan speed limit Configure the fan speed limit for both Fan 1 and Fan 2 filesys etc2 flash ram Sets the file system freespace limit inodes etc2 flash ram Sets the file system inode limit load 1 15 5 Aggregate processor load maxFDs 0 32767 Configures the maximum number of file descr...

Page 54: ...e Set between 0 and 65553 tempreature 1 8 Sets the temperature sensor for the switch Set as many as 8 temperature sensors period 100 30000 Configures the diagnostics period Set a value between 100 30000 milli seconds The default value is 1000 milliseconds diag shell Provides diag shell access encrypt Encrypt password or key with secret secret Encrypt passwords keys with secret phrase 2 Type of enc...

Page 55: ...es at an interface WORD Interface name ge GigabitEthernet interface me1 FastEthernet interface sa StaticAggregate interface vlan VLAN router Capture at the router count Limits capture packet count filter Captures filter verbose Displays the full packet body write Captures to a file vpn Capture at the VPN count Limits capture packet count filter Captures the filter inbound Captures ingress directio...

Page 56: ...l daemons save cli Saves the CLI tree for all modes in HTML securitymgr Securitymgr parameterss disable Disables securitymgr disable flow rate limit Disables flow rate limitings dump core Creates a core file of the securitymgr processs enable http stats Enables the securitymgr HTTP statistics interface ...

Page 57: ...information last passwd Displays the last password used to enter shell memory Shows memory statistics pm Process Monitor history State changes for a process the time they happened and events WORD Process name all All processes process Shows processes sorted by memory usage reboot history Shows a reboot history securitymgr Security manager information displays startup log Shows the startup log upgr...

Page 58: ...ddress protocol Protocol type any icmp tcp udp Flows having any or icmp or tcp or udp protocol start shell Provides shell access test Provides test parameters watchdog Enables the switch watchdog wireless Wireless parameters ap history Access port history buffer counters Allocation counts for various buffers clear ap log Clears the AP logs dump core Creates a core file of the ccsrvr process enhanc...

Page 59: ...ss rate scaling default request ap log Requests an AP log save ap log Saves debug error logs sent by the access port snmp trap throttle Limits the number of SNMP traps generated from the wireless module vlan cache VLAN cache mode advanced vty Enables advanced mode vty interface dhcp Enables the DHCP server diag enable Enables in service diagnostics limit Diagnostic limit command period Sets the di...

Page 60: ...info prompt radius Enable radius server restart Restarts the radius server with updated configuration set Set service parameters command history 10 300 Sets the size of the command history default is 200 reboot history 10 300 Sets the size of the reboot history default is 50 upgrade history 10 300 Sets the size of upgrade history default is 50 show Shows running system information cli Shows the CL...

Page 61: ... limit fan Fan speed limit filesys file system freespace limit load agregate processor load maxFDs maximum number of file descriptors pkbuffers packet buffer head cache procRAM percent RAM used by a process ram percent free RAM routecache IP route cache usage temperature temperature limit WS5100 service diag limit buffer 128 128 byte buffer limit 128k 128k byte buffer limit 16k 16k byte buffer lim...

Page 62: ...29 15 23 36 2007 admin con 0 ip address 10 10 10 2 24 May 29 15 23 19 2007 admin con 0 exit May 29 15 23 19 2007 admin con 0 exit May 29 15 23 03 2007 admin con 0 interface vlan 1 May 29 15 22 48 2007 admin con 0 configure terminal May 29 15 22 45 2007 admin con 0 enable May 25 21 32 27 2007 admin vty 131 configure terminal May 25 21 32 21 2007 admin vty 131 enable May 24 18 34 36 2007 admin vty 1...

Page 63: ...4 20 09 2007 startup shutdown ungraceful unexpected cold restart May 23 14 07 21 2007 startup shutdown ungraceful unexpected cold 2 2 show Common Commands Displays the settings for the specified system component There are a number of ways to invoke the show command When invoked without any arguments it displays information about the current context If the current context contains instances the sho...

Page 64: ...nd configuration Common page 32 ip Displays the internet protocol Common page 34 ldap Displays LDAP server configuration parameters Common page 40 licenses Displays the installed licenses if any Common page 41 logging Displays the logging configuration and buffer Common page 41 mac Displays the media access control IP configuration Common page 42 mac address table Displays the MAC address table Co...

Page 65: ...he Smart Opportunistic Location Engine SOLE configuration Common page 55 spanning tree Displays the spanning tree information Common page 57 static channel group Displays static channel group membership information Common page 58 terminal Displays terminal configuration parameters Common page 59 timezone Displays the timezone Common page 59 users Displays information about terminal lines Common pa...

Page 66: ...iguration Privilege Global Config page 73 clock Displays the system clock Privilege Global Config page 73 debugging Displays the current debugging settings Privilege Global Config page 74 dhcp Displays DHCP server configurations Privilege Global Config page 74 file Displays filesystem information Privilege Global Config page 75 ftp Displays the FTP server configuration Privilege Global Config page...

Page 67: ...ion Privilege Global Config page 76 securitymgr Displays debug information for ACL VPN and NAT Privilege Global Config page 80 sessions Displays currently open and active connections Privilege Global Config page 80 startup config Displays the content of the startup configuration Privilege Global Config page 80 upgrade status Displays the status of the last image upgrade Privilege Global Config pag...

Page 68: ...ve tar table FILE URL archive tar table FILE URL archive tar xtract FILE URL DIR archive tar xtract FILE URL DIR cd DIR cd DIR change passwd clear aclstats clear alarm log new all acknowledged 1 65535 clear alarm log new all acknowledged 1 65535 clear alarm log new all acknowledged 1 65535 clear alarm log new all acknowledged 1 65535 clear arp cache clear crypto ipsec sa A B C D clear crypto ipsec...

Page 69: ...all modes Syntax show crypto ipsec isakmp key map pki show crypto ipsec sa security association lifetime transformset show crypto isakmp policy 1 10000 sa show crypto key mypubkey show crypto map interface tag show crypto pki request trustpoints ...

Page 70: ...s isakmp policy 1 10000 sa Displays ISAKMP policies policy 1 10000 Displays the priority allthe isakmp policies sa All crypto ISAKMP security associations key mypubkey rsa Displays authentication key management mypubkey Shows the public keys assoicated with the switch rsa Displays the RSA public keys map interface tag name Displays crypto maps interface name Sets crypto maps for an interface tag n...

Page 71: ...OwxHvc3TbA9WjbKkFWIDyqU7X0d c8f9KogwxDwWHll2IBiTCtBAq6hpgKOv Um9GFvMFps9XVkKtYttN3fer9tA 6xY9CKlr12mNGOYFHyVjMc3Pic0ODFiPHAU END CERTIFICATE REQUEST WS5100 config show crypto pki trustpoints Trustpoint default trustpoint Server certificate configured Subject Name Common Name Symbol Technologies Issuer Name Common Name Symbol Technologies Valid From Sep 13 16 14 49 2006 GMT Valid Until Sep 13 16 14...

Page 72: ...perature 33 0 C system temperature 33 0 C CPU fan 4354 rpm case fan 8766 rpm WS5100 2 2 6 history Common to all modes Syntax show history Parameters None Example WS5100 show history 1 show 2 clrscr 3 enable 4 clrscr 5 configure terminal 6 exit 7 clrscr 8 show history WS5100 2 2 7 interfaces Common to all modes Syntax show interfaces IFNAME eth 1 2 switchport vlan ...

Page 73: ...ngs Mode Access Access Vlan 2100 input packets 0 bytes 0 dropped 0 multicast packets 0 input errors 0 length 0 overrun 0 CRC 0 frame 0 fifo 0 missed 0 output packets 0 bytes 0 dropped 0 output errors 0 aborted 0 carrier 0 fifo 0 heartbeat 0 window 0 WS5100 WS5100 config show interfaces switchport eth1 Interface eth1 Switchport Settings Mode Access Access Vlan 2100 WS5100 config show interfaces swi...

Page 74: ...rief vlan name server route A B C D A B C D M detail routing ssh telnet show ip access group IFNAME eth 1 2 vlan 1 4094 Show ip access group interface name show ip arp show ip ddns binding show ip dhcp binding class pool sharednetwork show ip dhcp vendor options show ip domain name show ip http secure server server show ip interface IFNAME brief eth vlan show ip name server show ip route A B C D I...

Page 75: ...interface to which the ACL is associated arp Displays existing entries in the Address Resolution Protocol ARP table ddns Displays the DDNS configuration binding DNS address bindings dhcp Displays the DHCP server configuration binding DNS address bindings class Configures the DHCP Server class pool DHCP Pool designation sharednetwork Shared network information dhcp vendor options DHCP Option 43 par...

Page 76: ...WS5100 config if show ip interface vlan 3 brief Interface IP Address Status Protocol interface Use the show ip interface command to display the administrative and operational status of all Layer 3 interfaces or a specified Layer 3 interface IF NAME Interface name brief Brief summary of the IP status and its configuration eth Ethernet interface vlan VLAN Interface name server Displays static and dy...

Page 77: ...s back up it will restart the dDHCP client on any virtual interfaces SVIs of which the physical interface is a member port This ensures if the interface was disconnected and reconnected to a different interface it will obtain a new IP address route name server domain name etc corresponding to the new DHCP server configuration Example WS5100 config show ip access group eth 1 Interface eth1 Inbound ...

Page 78: ...ress range 10 10 10 2 10 10 10 30 ip dhcp pool poo110 next server 1 1 1 1 netbios node type b node WS5100 show ip dhcp vendor options Server Info Firmware Image File Config File Cluster Config File WS5100 show ip domain name IP domain lookup Enable Domain Name symbol com WS5100 show ip http server HTTP server Running Config status Enabled WS5100 show ip http secure server HTTP secure server Runnin...

Page 79: ...er 157 235 3 195 dynamic 157 235 3 196 dynamic WS5100 show ip routing IP routing is on WS5100 config show ip route detail Codes K kernel icmp C connected S static D DHCP Active route Next hop in FIB p stale info S 1 1 0 0 16 1 0 via 1 1 1 1 inactive S 1 1 1 0 24 1 0 via 1 1 1 2 inactive S 10 0 0 0 8 1 0 via 10 10 10 10 inactive S 157 235 208 0 24 1 0 via 157 235 208 246 inactive WS5100 show ip ssh...

Page 80: ...r Name User Name Bind DN cn kumar ou symbol dc activedirectory dc com Base DN ou symbol dc activedirectory dc com Password 0 symbol 123 Password Attribute UserPassword Group Name cn Group Membership Filter objectClass group member Ldap UserDn Group Member Attr radiusGroupName Net timeout 1 second s Secondary LDAP IP Address 10 10 10 5 Port 369 Login sAMAccountName Stripped User Name User Name ldap...

Page 81: ...econd s 2 2 10 licenses Common to all modes Syntax show licenses Parameters None Example WS5100 config show licenses feature usage license string license value usage AP 2FFD7fE9 CD016155 14A92C70 48 1 2 2 11 logging Common to all modes Syntax show logging Parameters None Example WS5100 config show logging Logging module enabled Aggregation time disabled Console logging level debugging Buffered log...

Page 82: ...ADIOADOPTED 11a radio on AP 00 A0 F8 BF 8A A2 adopted Sep 14 18 51 14 2006 CC 5 RADIOADOPTED 11bg radio on AP 00 A0 F8 BF 8A A2 adopted 2 2 12 mac Common to all modes Syntax show mac access list Parameters Example WS5100 config show mac access list WS5100 config 2 2 13 mac address table Common to all modes Syntax show mac address table Parameters None Example WS5100 config show mac address table W...

Page 83: ...ss permitted via any vlan interface WS5100 2 2 15 mobility Common to all modes Syntax show mobility event log forwarding global mobile unit peer statistics show mobility event log mobile unit peer show mobility forwarding AA BB CC DD EE FF show mobility mobile unit AA BB CC DD EE FF detail show mobility peer A B C D detail show mobility statistics AA BB CC DD EE FF ...

Page 84: ...09 14 19 17 51 ADD MU n a 00 0f 3d e9 a6 54 0 0 0 0 157 235 208 16 157 235 208 16 09 14 19 17 51 DEL MU n a 00 0f 3d e9 a6 54 0 0 0 0 event log Displays the mobility event logs mobile unit MU event logs peer Peer event logs forwarding Displays and defines Mobile units in the forwarding plane AA BB CC DD EE FF MAC address of the mobile unit global Displays and defines global mobility parameters mob...

Page 85: ...gmt vlan Port Number 58788 Max Roam Period 5 sec Number of Peers 0 established 0 Number of MUs 0 Home 0 Foreign 0 Delete pend 0 L3 Mobility enabled WLANs NONE WS5100 WS5100 config show mobility mobile unit detail HOME MU Database Total 1 MU MAC Address 00 0f 3d e9 a6 54 IP Address 157 235 208 134 SSID wios_rad_test1 Home Switch 157 235 208 16 Current Switch 157 235 208 16 HS VLAN 1 Foreign MU Data...

Page 86: ...s ref clock st when poll reach delay offset disp master synced master unsynced selected candidate configured WS5100 WS5100 show ntp status Clock is synchronized stratum 0 actual frequency is 0 0000 Hz precision is 2 0 reference time is 00000000 00000000 Feb 07 06 28 16 UTC 2036 clock offset is 0 000 msec root delay is 0 000 msec root dispersion is 0 000 msec WS5100 ntp Displays the Network Time Pr...

Page 87: ...6 28 16 UTC 2036 xmt time c8b42a7e 6eb04252 Sep 14 19 22 38 UTC 2006 filtdelay 0 00 0 00 0 00 0 00 0 00 0 00 0 00 0 00 WS5100 show ntp status Clock is synchronized stratum 0 actual frequency is 0 0000 Hz precision is 2 0 reference time is 00000000 00000000 Feb 07 06 28 16 UTC 2036 clock offset is 0 000 msec root delay is 0 000 msec root dispersion is 0 000 msec WS5100 2 2 17 port channel Common to...

Page 88: ...y delay 6 seconds Proxy retry count 4 Proxy Realm Details ___________________ Realm symbol com IP Address 10 10 10 5 Port 1812 Shared secret 0 secret123 radius Displays RADIUS configuration commands configuration RADIUS server configuration parameters eap configuration Displays and defines the EAP configuration group Displays the RADIUS group configuration nas A B C D M Defines a client IP address...

Page 89: ...ncy group Redundancy Group Configuration Detail Redundancy Feature Disabled Redundancy group ID 1 Redundancy Mode Primary Redundancy Interface IP 0 0 0 0 Number of configured peer s 0 Heartbeat period 5 Seconds Hold period 15 Seconds Discovery period 30 Seconds Handle STP Disabled Switch Installed License 48 Switch running image version 3 1 0 0 008D Auto revert period 5 mins Auto revert Feature Di...

Page 90: ...config Redundancy Group Configuration Detail Redundancy Feature Disabled Redundancy group ID 1 Redundancy Mode Primary Redundancy Interface IP 0 0 0 0 Number of configured peer s 0 Heartbeat period 5 Seconds Hold period 15 Seconds Discovery period 30 Seconds Handle STP Disabled Switch Installed License 48 Switch running image version 3 1 0 0 008D Auto revert period 5 mins Auto revert Feature Disab...

Page 91: ...able Redundancy Group Connectivity status Not Applicable DHCP Server in group Not Applicable WS5100 config 2 2 21 redundancy history Common to all modes Displays the switch state transition history Syntax show redundancy history Parameters None Example WS5100 show redundancy history State Transition History Time Event Triggered state Sat Oct 06 12 07 55 Redundancy Enabled Startup Sat Oct 06 12 07 ...

Page 92: ...meters Example WS5100 config show redundancy members brief Member ID Self 10 10 10 10 Member State Not Applicable Member ID 10 10 10 1 Member State Peer Configured 2 2 23 snmp Common to all modes Syntax show snmp user snmpmanager snmpoperator snmptrap Parameters A B C D Displays the IP addresses of member switches user Displays SNMP user information snmpmanager Shows SNMP manager information snmpo...

Page 93: ...ptrap userName access engineId Authentication Encryption snmptrap rw 800001848067458b6bd7157745 MD5 DES WS5100 2 2 24 snmp server Common to all modes Syntax show snmp server traps wireless statistics mobile unit radio wireless switch wlan Parameters traps Displays trap enabled flags wireless statistics Displays existing wireless stats rate traps mobile unit Displays existing mobile unit rate traps...

Page 94: ...ss station deniedAssociationOnSpectrum N wireless station deniedAssociationOnErr N wireless station deniedAssociationOnSSID N wireless station deniedAssociationOnRates N wireless station deniedAssociationOnInvalidWPAWPA2IE N wireless station deniedAssociationAsPortCapacityReached N wireless station tkipCounterMeasures N wireless station deniedAuthentication N wireless station radiusAuthFailed N wi...

Page 95: ...greater than disabled WS5100 WS5100 show snmp server traps wireless statistics wireless switch pktsps greater than disabled tput greater than disabled num stations greater than disabled WS5100 WS5100 show snmp server traps wireless statistics wlan pktsps greater than disabled tput greater than disabled avg bit speed less than disabled avg signal less than disabled nu percent greater than disabled ...

Page 96: ...s sent to engine 0 Number of tag reports sent to engine 0 Time at which last message was received from engine Time at which last message was sent to engine WS5100 WS5100 show sole status engine Type Engine State AeroScout 0 0 0 0 Idle WS5100 config adapter ADAPTER NAME Shows the switch SOLE adapter configuration adapter Show the existing configuration of the SOLE adapters stats adapter ADAPTER NAM...

Page 97: ...d CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 Forward Delay 15 Hello Time 2 Max Age 20 Max hops 20 1 CIST Root Id 8000000000000000 1 CIST Reg Root Id 8000000000000000 1 CST Bridge Id 800000a0f865ea8e portfast bpdu filter disabled config Displays MSTP configuration information detail interface IF Name eth 1 2 vlan 1 4094 Displays detailed interface information IF Name Displays...

Page 98: ...0a0f865ea8e eth1 Designated Bridge 000000a0f865ea8e eth1 Message Age 0 Max Age 0 eth1 CIST Hello Time 0 Forward Delay 0 eth1 CIST Forward Timer 0 Msg Age Timer 0 Hello Timer 0 eth1 Version Multiple Spanning Tree Protocol Received None Send STP eth1 No portfast configured Current portfast off eth1 portfast bpdu guard default Current portfast bpdu guard off eth1 portfast bpdu filter default Current ...

Page 99: ...ll modes Syntax show terminal Parameters None Example WS5100 show terminal Terminal Type vt102 Length 44 Width 125 WS5100 2 2 29 timezone Common to all modes Syntax show timezone Parameters None Example WS5100 show timezone Timezone is Etc UTC WS5100 ...

Page 100: ... verbose Parameters Example WS5100 show version WS5100 version 3 0 2 0 003B Copyright c 2006 Symbol Technologies Inc Booted from primary Switch uptime is 0 days 6 hours 10 minutes CPU is Intel R Pentium R 4 CPU 2 00GHz 256208 kB of on board RAM ide device hda disk model Kouwell DOM capacity 501760 blocks cache 0 WS5100 WS5100 show version verbose WS5100 version 3 0 2 0 003B Copyright c 2006 Symbol...

Page 101: ...oration 82546EB Gigabit Ethernet Controller Copper PCI bus 1 device 3 function 0 PIC VIA Technologies Inc VPX VPX2 I O APIC Interrupt Controller PCI bus 0 device 17 function 0 ISA bridge VIA Technologies Inc VT8237 ISA bridge KT600 K8T800 K8T890 South PCI bus 0 device 15 function 0 IDE interface VIA Technologies Inc VT82C586A B VT82C686 A B VT823x A C PIPC Bus Master IDE 256208 kB of on board RAM ...

Page 102: ...ids filter list known ap statistics 1 256 mac auth local 1 1000 mesh statistics 32 detail mobile unit 1 4096 AA BB CC DD EE FF association history probe history radio statistics wlan multicast packet limit phrase to key wep128 wep64 qos mapping wired to wireless wireless to wired radio 1 1000 beacon table config 1 1000 default 11a default 11b default 11bg monitor table statistics 1 1000 regulatory...

Page 103: ...ans channel power Lists the channels and power levels available for a radio 11a Defines the radio as 802 11a 11b Defines the radio as 802 11b 11bg Defines the radio as 802 11bg indoor Radio is placed indoor outdoor Radio is placed outdoor client exclude list include list Wireless client configuration exclude list Sets the exclude list configuration include list Sets the include list configuration ...

Page 104: ...splays mac auth local entries mesh statistics 1 32 detail Displays mesh related parameters statistics Dispalys mesh statistics 1 32 Defines the mesh index detail Detailed mesh statistics mobile unit Displays the paramters of associated mobile units 1 4096 Index of mobile unit AA BB CC DD EE FF MAC address of mobile unit association history Displays the mobile unit history probe history Displays th...

Page 105: ...g 1 1000 Numerical index for the radio s configuration default 11a Default 11a configuration template default 11b Default 11b configuration template default 11bg Default 11bg configuration template monitor table Displays the radio to radio monitoring table statistics Radio statistics regulatory Regulatory allowed channel power information for a particular country self heal config 1 1000 all Sets s...

Page 106: ...5100 show wireless ap images Idx ap type Image Name Size bytes Version 1 ap300 WISP AP300 293516 00 02 29 2 ap300 WIAP 300 244076 01 00 1635b 3 ap300 AP300 IDS Sensor 295064 00 00 04 4 ap100 AP100 31034 02 05 00 5 ap4131 AP4131 191440 07 00 01 unapproved aps Defines unapproved APs seen by an access port or a mobile unit s scan wireless switch statistics Wireless switch statistics detail Displays d...

Page 107: ...wlan mapping disabled dhcp sniff state disabled dhcp fix windows disabled broadcast tx speed optimize for throughput smart scan 11a channels smart scan 11bg channels WS5100 WS5100 show wireless hotspot config WLAN 1 status disabled description WLAN1 ssid 101 Page Location simple Internal Pages Page type login Title Login Page Header Network Login Description Please enter your username and password...

Page 108: ...AN 2 status disabled description WLAN2 ssid 102 Page Location simple Internal Pages Page type login Title Login Page MORE next page Space next line Enter quit Control C WS5100 show wireless ids detect window 10 seconds Excessive Operations Threshold mu radio switch Filter Ageout probe requests 0 0 0 60 Sec association requests 0 0 0 60 Sec disassociations 0 0 0 60 Sec authentication fails 0 0 0 60...

Page 109: ... address radio type wlan vlan tunnel ready IP address last active Posture Status 2 00 0E 9B 98 F9 34 1 11g 1 vlan 1 Y 192 168 2 45 0 Sec Number of mobile units associated 1 WS5100 config WS5100 config show wireless mobile unit association history MU MAC Radio WLAN Timestamp Event 00 0E 9B 98 F9 34 1 1 1116316 Association 00 0E 9B 98 F9 34 1 1 12248923 Unassociation 00 0E 9B 98 F9 34 1 1 12250053 A...

Page 110: ...ormal wmm mapping 8021p L3 mobility disabled Client Bridge Backhaul is disabled on this WLAN NAC Mode bypass nac except include list Exclude list s NotMe WS5100 config 2 2 33 wlan acl Common to all modes Syntax show wlan acl 1 32 all Parameters Example WS5100 show wlan acl 20 WLAN port 20 Inbound IP Access List Inbound MAC Access List Outbound IP Access List Outbound MAC Access List WS5100 WS5100 ...

Page 111: ...92 168 1 0 24 192 168 100 0 24 rule precedence 5 permit ip 192 168 63 0 24 192 168 100 0 24 rule precedence 63 permit ip 192 168 157 0 24 192 168 100 0 24 rule precedence 157 WS5100 config WS5100 config show access list 110 Extended IP access list 110 permit ip 192 168 1 0 24 192 168 100 0 24 rule precedence 5 permit ip 192 168 63 0 24 192 168 100 0 24 rule precedence 63 permit ip 192 168 157 0 24...

Page 112: ...ledged all count new severity to limit critical informational major normal warning Parameters IFNAME Displays the interface name vlan 1 4092 Defines the VLAN interface Select from an index value between 1 4092 1 65535 Displays the details of a specific alarm ID acknowledged Displays information for acknowledged alarms currently in the system all Displays all the alarms currently in the system coun...

Page 113: ...Primary Software Fallback Enabled WS5100 2 2 38 clock Priviledge Global Config Syntax show clock Parameters None severity to limit Displays the alarms having specified a severity as well as those alarms with a severity higher than the specified value critical Displays all critical alarms informational Displays all informational or higher severity alarms major Displays all major or higher severity ...

Page 114: ... MSTP debugging status WS5100 config 2 2 40 dhcp Privilege Global Config Displays existing DHCP server configurations Syntax show dhcp config status Parameters Example WS5100 show dhcp config service dhcp ip dhcp pool vlan6 default router xxx xxx xxx 2 network xxx xxx xx 0 24 mstp Displays the current MSTP configuration config Displays the current DHCP server configuration status Displays whether ...

Page 115: ...le systems File Systems Size b Free b Type Prefix opaque system 13704192 11904000 flash nvram 19524608 16866304 flash flash network sftp network http network ftp network tftp WS5100 2 2 42 ftp Privilege Global Config Syntax show ftp Parameters None Example WS5100 show ftp information Displays file information FILE Displays the information on file systems Lists existing filesystems ...

Page 116: ...w password encryption status Password encryption is disabled WS5100 2 2 44 running config Privilege Global Config Displays the contents of those configuration files wherein all configured MAC and IP access lists are applied to an interface Syntax show running config full include factory Parameters status Displays the existing password encryption status full Displays the file s full complpete confi...

Page 117: ...ap v3 encrypted auth md5 0x7be2cb56f6060226f15974c936e2739b snmp server user snmpmanager v3 encrypted auth md5 0x7be2cb56f6060226f15974c936e2739b snmp server user snmpoperator v3 encrypted auth md5 0x49c451c7c6893ffcede0491bbd0a12c4 crypto isakmp keepalive 10 crypto ipsec security association lifetime kilobytes 4608000 fallback enable ip http server ip http secure trustpoint default trustpoint ip ...

Page 118: ...iguration of WS5100 version 3 1 0 0 008D version 1 0 service prompt crash info no service set command history no service set reboot history no service set upgrade history hostname WS5100 banner motd Welcome to CLI username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin access console web ssh telnet username admin privilege superuser username operator password 1 fe96dd3975...

Page 119: ... 30 no redundancy handle stp enable no redundancy dhcp server enable no redundancy enable no radio default 11b enhanced beacon table no radio default 11b enhanced probe table no radio 1 neighbor smart scan no radio 2 neighbor smart scan no ap detection enable ip address 123 111 2 1 24 no ip helper address sole no adapter AeroScout enable radius server retransmit 3 radius server timeout 5 radius se...

Page 120: ... Privilege Global Config Syntax show sessions Parameters None Example WS5100 show sessions SESSION USER LOCATION IDLE START TIME 1 cli Console 06 24m May 31 18 31 36 2007 2 cli 10 10 10 1 00 00m Jun 1 00 04 30 2007 WS5100 2 2 47 startup config Privilege Global Config Syntax show startup config Parameters None event logs Display securitymgr event logs ...

Page 121: ...er snmptrap v3 encrypted auth md5 0x7be2cb56f6060226f15974c936e2739b snmp server user snmpmanager v3 encrypted auth md5 0x7be2cb56f6060226f15974c936e2739b snmp server user snmpoperator v3 encrypted auth md5 0x49c451c7c6893ffcede0491bbd0a12c4 crypto isakmp keepalive 10 crypto ipsec security association lifetime kilobytes 4608000 fallback enable ip http server ip http secure trustpoint default trust...

Page 122: ...interface eth2 switchport access vlan 1 interface vlan1 ip address 192 168 2 1 24 sole aaa authentication login default local none line con 0 line vty 0 24 end WS5100 2 2 48 upgrade status Privilege Global Config Syntax show upgrade status detail Parameters Example WS5100 show upgrade status Last Image Upgrade Status Successful Last Image Upgrade Time Mon May 21 16 27 40 2007 WS5100 detail Display...

Page 123: ...o list available USER EXEC commands use at the command prompt The USER EXEC prompt consists of the device host name followed by an angle bracket The default host name is generally WLAN Module Use the GLOBAL CONFIG command to change the hostname 3 1 User Exec Commands Table 3 1 summarizes USER EXEC commands Table 3 1 User Exec Mode Command Summary Command Description Ref clear Resets the command to...

Page 124: ...eractive help system page 2 2 logout Exits the EXEC mode page 3 7 no Negates a command or sets its defaults page 2 4 page Toggles the paging functionality page 3 7 ping Sends ICMP echo messages page 3 7 quit Exits the current mode and moves to the previous mode page 3 8 service Displays service commands page 2 5 show Shows the running system information Refer to Common Commands on page 2 23 page 2...

Page 125: ...butes event log Clears event log mobile unit Clears MU event logs peer Clears peer event logs mobile unit Clears MUs MU MAC address Clears the MAC address of a MU all Clears the MU MAC address including the foreign and home database foreign database Clears MUs present in the foreign MU database home database Clears MUs present in the home MU database peer statistics Clears Mobility Peer Statistics...

Page 126: ...ecuted under this context are executed to all members of the cluster Syntax cluster cli enable Parameters Example WS5100 cluster cli enable WS5100 3 1 3 debug User Exec Commands Use this command to debug the switch Syntax debug certmgr all err info ip https ssh mobility cc error forwarding mu packet peer system Parameters enable Enables the cluster context certmgr Certificate Manager Debugging Mes...

Page 127: ...ility error WS5100 WS5100 debug mobility forwarding WS5100 WS5100 debug mobility mu WS5100 WS5100 debug mobility packet WS5100 ip Internet Protocol IP https Secure HTTP HTTPS server ssh Secured Shell SSH server mobility L3 mobility cc ccserver events error Error events forwarding Dataplane forwarding mu MU events and state changes packet Control packets events peer Peer establishments system Syste...

Page 128: ... disable User Exec Commands Enables the PRIV mode in order to use the disable command Use the disable command to exit the PRIV mode Syntax disable Parameters None Example WS5100 disable WS5100 3 1 5 enable User Exec Commands Use the enable command to enter the PRIV mode Syntax enable Parameters None Example WS5100 enable ...

Page 129: ... command to toggle the switch paging function Enabling this command displays the CLI command output page by page instead of running the entire output at once Syntax page Parameters None 3 1 8 ping User Exec Commands Sends ICMP echo messages to a user specified location Syntax ping IP address hostname Parameters Example WS5100 ping 192 168 2 100 PING 192 168 2 100 192 168 2 100 100 data bytes IP ad...

Page 130: ...2 38 4 ms WS5100 3 1 9 quit User Exec Commands Use this command to exit the current mode and move to the previous mode Syntax quit Parameters None Example The switch logs off upon execution of the command 3 1 10 telnet User Exec Commands Opens a telnet session Syntax telnet IP address hostname Parameters Example WS5100 telnet 157 111 222 33 Entering character mode Escape character is Red Hat Linux...

Page 131: ...xec Commands Traces the route to its defined destination Syntax traceroute WORD ip WORD Parameters Example WS5100 traceroute 157 222 333 33 traceroute to 157 235 208 39 157 235 208 39 30 hops max 38 byte packets 1 157 235 208 39 157 235 208 39 0 466 ms 0 363 ms 0 226 ms WS5100 length Sets the number of lines on a screen no Negates a command or sets its defaults width Sets the width number of chara...

Page 132: ...WS5100 Series Switch CLI Reference Guide 3 10 ...

Page 133: ...e following at the prompt WS5100 enable The PRIV EXEC mode is often referred to as the enable mode because the enable command is used to enter the mode If a password has been configured you are prompted to enter it before you can access the PRIV EXEC mode The password is not displayed and is case sensitive If an enable password has not been set the PRIV EXEC mode can be accessed only from the rout...

Page 134: ...gging functions page 4 12 delete Deletes a specified file from the system page 4 14 diff Displays differences between two files page 4 15 dir Lists the files on a filesystem page 4 16 disable Turns off privileged mode command page 4 17 edit Edits a text file page 4 17 enable Turns on the privileged mode command page 4 18 erase Erases a filesystem page 4 18 exit Ends the current mode and moves to t...

Page 135: ...orms a warm reboot page 4 24 rename Renames a file page 4 25 rmdir Deletes a directory page 4 26 service Displays service commands page 2 5 show Shows running system information Refer to Common Commands on page 2 23 page 2 23 telnet Opens a telnet session page 4 26 terminal Sets terminal line parameters page 4 27 traceroute Traces a route to a destination page 4 28 upgrade Upgrades the switch soft...

Page 136: ...orresponding record found in the Alarm Log WS5100 4 1 2 archive Priv Exec Command Manages file archive operations Syntax archive tar table FILE URL archive tar create FILE URL FILE archive tar xtract FILE URL DIR Parameters alarm log Acknowledges alarms 1 65535 Acknowledges the specific alarm ID all Acknowledges all alarms tar Manipulates creates lists or extracts a tar file table Lists the files ...

Page 137: ...u Apr 7 16 23 34 2007 crashinfo drwx 1024 Wed May 23 15 30 19 2007 backup rw 173056 Fri May 8 14 39 48 2007 out tar Which files are tared WS5100 archive tar table flash out tar drwxrwxrwt 0 600 0 2007 05 08 12 27 20 flash log rw r r 0 0 381 2007 05 08 12 27 28 flash log snmpd log rw r r 0 0 151327 2007 05 08 14 37 26 flash log messages log rw r r 0 0 17318 2007 05 08 12 27 29 flash log startup log...

Page 138: ... hotspot flash log flash out WS5100 cd flash log DIR Change current directory to DIR WS5100 cd flash log WS5100 pwd flash log WS5100 4 1 4 change passwd Changes the password of a logged in user Priv Exec Command Syntax change passwd Parameters None Usage Guidelines A password must be between 8 to 32 characters in length For security the console does not display user entered key words or the old pa...

Page 139: ... interface NAME all eth 1 2 vlan 1 4094 router thread clear crypto ike ipsec sa remote peer clear ip dhcp binding A B C D nat translation clear mac address table dynamic multicast static address bridge interface vlan clear mobility mu mu log peer log peer statistics clear mobility mu MAC Address all foreign database home database clear spanning tree detected protocols interface INTF Name NOTE The ...

Page 140: ...face INTF name all eth 1 2 vlan 1 4094 Clears interface counters router Clears router counters thread Clear sper thread counters crypto crypto ike Clears the IKE ipsec Clears ipsec sa Displays the security association remote peer Remote Peer IP address ip Clears Internet Protocol IP DHCP NAT dhcp DHCP server configuration binding DHCP address bindings For more details see DHCP Server Instance on p...

Page 141: ...nterface Clears all MAC addresses for the specified interface vlan 1 4094 Clears all MAD addresses for the specified VLAN mobility Clears Mobility Attributes mu Clears the MU MAC Address MAC address of the MU all All MUs Home and Foreign foreign database Displays MUs present in the foreign MU database home database Displays MUs present in the home MU database mu log Clears the mobility MU event lo...

Page 142: ... show clock May 25 15 10 31 UTC 2007 4 1 7 cluster cli Priv Exec Command Use this command to access the cluster cli context The cluster cli context provides centralized management to configure all members of cluster from one member Any command executed under this context is executed to all switches in the cluster A new context redundancy is available to support the cluster cli Any commands execute...

Page 143: ...rsa Syntax copy FILE URL FILE URL enable Enables the switch cluster context terminal Configure from the terminal NOTE Copying a new config file onto an existing running config file merges it with the existing running config on the switch Both the existing running config and the new config file are applied as the current running config Copying a new config file onto a start up config files replaces...

Page 144: ...radius self heal snmp system wips wisp wlan debug ccstats CCStats Module debug certmgr all error info debug dhcpsvr all error info debug imi all cli client cli server errors init ntp debug ip https ssh debug logging all errors monitor subagent debug mgmt all cgi err sys debug mobility all cc error forwarding mu packet peer system debug mstp all cli packet protocol timer debug nsm all events kernel...

Page 145: ...ificate manager debugging messages dhcpsvr DHCP Conf Server debugging messages imi Integrated management interface debugging messages ip Internet protocol debugging messages logging Modify message logging facilities debugging messages mgmt Management daemon debugging messages mobility L3 mobility debugging messages mstp Multiple Spanning Tree Protocol MSTP debugging message nsm Network Service Mod...

Page 146: ...ebugging Messages sole Location engine debugging messages WS5100 debug 4 1 11 delete Priv Exec Command Deletes a specified file from the system Syntax delete force recursive FILE Parameters Example WS5100 delete flash out tar flash out tar gz Delete flash out tar y n y Delete flash out tar gz y n y WS5100 delete force flash tmp txt WS5100 WS5100 delete recursive flash backup Delete flash backup fi...

Page 147: ... 1 ssid wlan123 wlan 1 encryption type wep128 wlan 1 encryption type tkip wlan 1 authentication type eap wlan 1 mobility enable wlan 1 radius server primary 127 0 0 1 184 10 184 12 rad user adam password 0 mypassword rad user eve password 0 mypassword123 rad user sumi password 0 mypassword rad user test password 0 mypassword123 rad user vasavi password 0 mypassword123 group kumar2 rad user sumi po...

Page 148: ... Tue Jul 25 15 16 41 2006 Radius config rw 14271 Wed Jul 26 15 42 08 2006 flash drwx 1024 Wed Aug 9 17 35 08 2006 radius rw 3426 Wed Jul 26 16 08 02 2006 running config new rw 13163 Wed Jul 26 16 08 42 2006 radius config rw 80898 Thu Aug 17 14 59 39 2006 cli_commands txt rw 65015 Fri Aug 11 19 57 37 2006 cli_commands txtli_commands txt rw 65154 Thu Aug 17 15 11 23 2006 cli_commands_180B txt WS5100...

Page 149: ...mmand Edits a text file Syntax edit FILE Parameters Example WS5100 edit startup config GNU nano 1 2 4 File startup config configuration of WS5100 version 3 1 0 0 038R version 1 1 aaa authentication login default local none service prompt crash info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser FILE Name of the file to be modified ...

Page 150: ... tree enable bridge forward 4 1 16 enable Priv Exec Command Turns on the privileged mode command Syntax enable Parameters None Example WS5100 enable WS5100 4 1 17 erase Priv Exec Command Erases a target filesystem Syntax erase nvram flash startup config Parameters nvram Erases everything in nvram flash Erases everything in flash startup config Resets the configuration to factory default ...

Page 151: ...rase startup config WS5100 4 1 18 halt Priv Exec Command Stops halts the switch Syntax halt Parameters None Example WS5100 halt Wireless switch will be halted do you want to continue y n y 4 1 19 kill Priv Exec Command Kills terminates a specified session Syntax kill session 1 16 Parameters session Active session There are 16 active sessions which can be terminated ...

Page 152: ... access CLI WS5100 login root WS5100 show sessions SESSION USER LOCATION IDLE START TIME 1 root Console 00 00m Jan 1 00 00 00 1970 2 root 157 235 208 105 00 38m Jan 1 00 00 00 1970 3 root 157 235 208 105 00 00m Jan 1 00 00 00 1970 WS5100 kill session 9 Error Invalid session number WS5100 kill session 3 Connection closed by foreign host xyz xyz xyz 4 1 20 logout Priv Exec Command Exits from the EXE...

Page 153: ...in the filesystem Syntax mkdir DIR Parameters Example WS5100 mkdir TestDIR WS5100 4 1 22 more Priv Exec Command View the contents of a file Syntax more FILE Parameters Example WS5100 more flash log messages log Sep 08 12 27 30 2006 PM 5 PROCSTOP Process radiusd has been stopped Sep 08 12 27 31 2006 LICMGR 6 NEWLICENSE DIR Directory name FILE Displays the contents of the file ...

Page 154: ...ed in with role of superuser from auth source local Sep 08 12 28 01 2006 NSM 6 DHCPDEFRT Default route with gateway 157 235 208 246 learnt via DHCP Sep 08 12 28 01 2006 NSM 6 DHCPIP Interface vlan1 acquired IP address 157 235 208 93 24 via DHCP Sep 08 12 29 07 2006 CC 5 RADIOADOPTED 11bg radio on AP 00 A0 F8 BF 8A A2 adopted Sep 08 12 29 07 2006 CC 5 RADIOADOPTED 11a radio on AP 00 A0 F8 BF 8A A2 ...

Page 155: ...S5100 ping 157 235 208 39 PING 157 235 208 39 157 235 208 39 100 data bytes 128 bytes from 157 235 208 39 icmp_seq 0 ttl 64 time 2 3 ms 128 bytes from 157 235 208 39 icmp_seq 1 ttl 64 time 0 2 ms 128 bytes from 157 235 208 39 icmp_seq 2 ttl 64 time 0 3 ms 128 bytes from 157 235 208 39 icmp_seq 3 ttl 64 time 0 2 ms 128 bytes from 157 235 208 39 icmp_seq 4 ttl 64 time 0 1 ms 157 235 208 39 ping stat...

Page 156: ...None Example WS5100 pwd flash WS5100 4 1 26 quit Priv Exec Command Exits the current mode and moves to the previous mode Syntax quit Parameters None Example WS5100 quit WS5100 release 3 0 0 0 200B Login as cli to access CLI WS5100 login 4 1 27 reload Priv Exec Command Halts the switch and performs a warm reboot Syntax reload Parameters None ...

Page 157: ...2006 crashinfo rw 14271 Tue Jul 25 15 16 41 2006 Radius config rw 14271 Wed Jul 26 15 42 08 2006 flash drwx 1024 Wed Aug 9 17 35 08 2006 radius rw 3426 Wed Jul 26 16 08 02 2006 running config new rw 13163 Wed Jul 26 16 08 42 2006 radius config rw 80898 Thu Aug 17 14 59 39 2006 cli_commands txt rw 65015 Fri Aug 11 19 57 37 2006 cli_commands txtli_commands txt rw 65154 Thu Aug 17 15 11 23 2006 cli_c...

Page 158: ...s config rw 14271 Wed Jul 26 15 42 08 2006 flash drwx 1024 Wed Aug 9 17 35 08 2006 radius rw 3426 Wed Jul 26 16 08 02 2006 running config new rw 13163 Wed Jul 26 16 08 42 2006 radius config rw 80898 Thu Aug 17 14 59 39 2006 cli_commands txt rw 65015 Fri Aug 11 19 57 37 2006 cli_commands txtli_commands txt rw 65154 Thu Aug 17 15 11 23 2006 cli_commands_180B txt rw 32 Sat Sep 2 00 15 38 2006 cli_com...

Page 159: ...word 4 1 31 terminal Priv Exec Command Sets the length number of lines displayed on the terminal Syntax terminal length 0 512 no length 0 512 width width 0 512 Parameters Example WS5100 terminal length 100 WS5100 WS5100 terminal width 200 WS5100 length Sets the number of lines on a screen no Negates a command or sets its defaults width Sets the width number of characters on a screen line ...

Page 160: ...9 0 466 ms 0 363 ms 0 226 ms WS5100 4 1 33 upgrade Priv Exec Command Upgrades the software image Syntax upgrade URL background Parameters Example WS5100 upgrade tftp 157 235 208 105 img var2 is 10 percent full tmp is 2 percent full Free Memory 161896 kB FWU invoked via Linux shell Running from partition dev hda5 partition to update is dev hda6 Reading image file header WORD Traces a route to a des...

Page 161: ...CPULOAD One minute average load limit exceeded value is 100 00 limit is 99 90 top process kernel ISR 100 00 Sep 08 15 58 44 2006 PM 4 PROCNORESP Process logd is not responding Sep 08 15 58 44 2006 PM 4 PROCNORESP Process logd is not responding Sep 08 15 58 44 2006 PM 4 PROCNORESP Process logd is not responding Sep 08 15 58 44 2006 PM 4 PROCNORESP Process logd is not responding Version of firmware ...

Page 162: ...memory terminal Parameters Example WS5100 write terminal configuration of WS5100 version 3 0 0 0 200B version 1 0 service prompt crash info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f username manager password 1 45b27d6483fc630981ad5096ff26a7956ce0c038 username manager pr...

Page 163: ...assword 1 810a25d76c31e495cc070bdf42e076f7c9b0a1cd ip http server ip http secure trustpoint local ip http secure server ip ssh ip telnet snmp server manager v2 snmp server manager v3 crypto isakmp identity address crypto isakmp keepalive 10 crypto ipsec security association lifetime kilobytes 4608000 ...

Page 164: ...WS5100 Series Switch CLI Reference Guide 4 32 ...

Page 165: ... example below describes the process of entering global configuration mode from privileged EXEC mode WS5100 configure terminal WS5100 config Commands entered in the global configuration mode update the running configuration file as soon as they are entered However these changes are not saved in the startup configuration file until a copy running config startup config EXEC command is issued NOTE Th...

Page 166: ...dge group commands page 5 13 clrscr Clears the display screen page 2 2 country code Configures the country of operation All existing radio configuration will be erased page 5 14 crypto Defines encryption parameters page 5 16 do Runs commands from the EXEC mode page 5 23 end Ends the current mode and moves to the EXEC mode page 5 23 errdisable errdisable page 5 24 exit Ends the current mode and mov...

Page 167: ... no Negates a command or set its defaults page 2 4 ntp Configures NTP parameters page 5 37 prompt Sets the system prompt page 5 41 radius server Enters the RADIUS server mode page 5 41 redundancy Configures redundancy group parameters page 5 42 service Service commands page 5 44 snmp server Modifies SNMP engine parameters page 5 45 sole Configures location engine parameters page 5 55 spanning tree...

Page 168: ...RT_RANGE Parameters wireless Configures wireless parameters page 5 61 wlan acl Apply an ACL on WLAN page 5 62 authentication Authentication configuration parameters login Sets the authentication lists for login default Defines the default authentication list local Sets the local user database none No authentication radius Defines an external RADIUS server nas NAS identifier This parameter accepts ...

Page 169: ...le precedence 1 5000 For Extended IP ACL s access list 100 199 2000 2699 deny permit mark dot1p 0 7 tos 0 255 ip source source mask host source any destination destination mask host destination any log rule precedence access list entry precedence access list 100 199 2000 2699 deny permit mark dot1p 0 7 tos 0 255 icmp source source mask host source any destination destination mask host destination ...

Page 170: ...l instance For additional information see Extended ACL Instance on page 14 1 Using access list 1 99 1300 1999 moves you to the config std nacl instance For additional information see Standard ACL Instance on page 15 1 To create a named ACL use ip access lsit Standard Extended For more information check ip on page 5 27 ...

Page 171: ...to specify type of service tos values A B C D M host A B C D any Source is the source address of the network or host in dotted decimal Source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching The keyword any is an abbreviation for a source IP of 0 0 0 0 and source mask bits equal to 0 The keyword host is an abbreviation for exact s...

Page 172: ... service tos values ip Specif an IP to match any protocol source source mask host source any The source is the address of the network or host in dotted decimal Source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching The keyword any is an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 The keyword host is an a...

Page 173: ...cimal Source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching The keyword any is an abbreviation for source an IP of 0 0 0 0 and source mask bits equal to 0 The keyword host is an abbreviation for exact source A B C D and source mask bits equal to 32 destination destination mask host destination any Sets the destination host IP ad...

Page 174: ...xample The example below creates a standard access list ACL to permit any traffic coming to the interface WS5100 config access list 1 permit any WS5100 config The example below creates a extended IP access list to permit IP traffic between two networks WS5100 config access list 101 permit ip 192 168 1 0 24 192 168 2 0 24 WS5100 config The example below creates a extended access list to permit tcp ...

Page 175: ...ple WS5100 config autoinstall clear config history WS5100 config clear config history Autoinstalls a clear configuration history resulting in a reversion cluster config Autoinstalls a cluster config setup config Autoinstalls a config setup image version number Autoinstalls the image setup Version number The version number cannot be the same as the currently installed version number Attempting to i...

Page 176: ...WS5100 CLI WS5100 config WS5100 release 3 0 2 0 003B Login as cli to access CLI WS5100 login cli Welcome to my WS5100 CLI Welcome to my WS5100 CLI WS5100 WS5100 config banner motd default WS5100 config WS5100 release 3 0 2 0 003B Login as cli to access CLI WS5100 login cli Welcome to CLI Welcome to CLI WS5100 motd Sets the message of the day banner LINE Defrine a custom MOTD string default Sets a ...

Page 177: ...to continue y n y Do you want to save the configuration y n y The system is going down NOW Connection is closed by administrator Please stand by while rebooting the system 5 1 6 bridge Global Configuration Commands Configures bridge specific commands Syntax bridge multiple spanning tree enable Parameters system Specifies the boot image used after reboot primary Specifies the primary image secondar...

Page 178: ...fig 5 1 7 country code Global Configuration Commands Sets the country of operation Syntax country code Parameters None Usage Guidelines Erases all existing radio configuration Example WS5100 config country code ae United Arab Emirates ar Argentina at Austria au Australia ba Bosnia Herzegovina be Belgium bg Bulgaria bh Bahrain bm Bermuda br Brazil bs Bahamas by Belarus ca Canada ch Switzerland cl C...

Page 179: ...uras hr Croatia ht Haiti hu Hungary id Indonesia ie Ireland il Israel in India is Iceland it Italy jo Jordan jp Japan kr South Korea kw Kuwait kz Kazakhstan li Liechtenstein lk Sri Lanka lt Lithuania lu Luxembourg lv Latvia ma Morocco mt Malta mx Mexico my Malaysia nl Netherlands no Norway nz New Zealand om Oman pe Peru ph Philippines pk Pakistan pl Poland pt Portugal qa Qatar ro Romania ru Russia...

Page 180: ...moves you to the config crypto group instance For more details see crypto group on page 7 1 crypto isakmp peer IP Address moves you to the config crypto peer instance For more details see crypto peer on page 8 1 crypto ipsec transformset name value leads you to config crypto ipsec Use the crypto ipsec transform set command to define the transform configuration for securing data for example esp 3de...

Page 181: ...ve key peer policy crypto isakmp client configuration group default crypto isakmp identity keepalive key peer policy crypto key export generate import zeroize crypto key export import rsa indentifier URL password crypto key generate rsa indentifier key pair key pair crypto key zeroize rsa identifier crypto map map name sequence number isakmp manual dynamic crypto pki authenticate enroll export imp...

Page 182: ... kilobytes Volume based key duration Minimum is 500 KB and maximum is 2147483646 KB seconds Time based key duration Minimum is 90 seconds and maximum is 2147483646 seconds transform set set name Uses the crypto ipsec transform set command to define the transform configuration for securing data ah md5 hmac ah sha hmac esp 3des esp aes esp aes 192 esp aes 256 esp des esp md5 hmac esp sha hmac The tr...

Page 183: ...etween DPD messages key 0 2 word address hostname Sets a pre shared key for remote peer 0 Password is specified UNENCRYPTED 2 Password is encrypted with password encryption secret WORD User provided password address Defines a shared key with an IP address hostname Defines the shared key with a hostname peer address dn hostname Sets the remote peer address The IP address acts as an identity of the ...

Page 184: ...r rsa identifier RSA keypair identifier associated with keypair URL URL for sending the key to It can be one of the following tftp IP path file or ftp user passwd IP path file map name sequence ipsec isakmp ipsec manual dynamic Enter a crypto map For more details see crypto map on page 10 1 name name Names the crypto map entry not to exceed 32 characters 1 1000 Sequence to insert into crypto map e...

Page 185: ...thenticate enroll export import trustpoint Configures certificate parameters The public key infrastructure is a protocol that creates encrypted public keys using digital certificates from certificate authorities PKI ensures each online party is who they claim to be authenticate name terminal tftp ftp Defines the authenticate and import CA certificate enroll name request self signed Generates a cer...

Page 186: ...ypto pki trustpoint WORD Trustpoint Name WS5100 config crypto pki trustpoint Test WS5100 config trustpoint Trustpoint Config commands clrscr Clears the display screen company name Company Name Applicable only for request email email end End current mode and change to EXEC mode exit End current mode and down to previous mode fqdn Domain Name Configuration help Description of the interactive help sy...

Page 187: ...208 69 icmp_seq 1 ttl 64 time 0 0 ms 128 bytes from 157 235 208 69 icmp_seq 2 ttl 64 time 0 0 ms 128 bytes from 157 235 208 69 icmp_seq 3 ttl 64 time 0 0 ms 128 bytes from 157 235 208 69 icmp_seq 4 ttl 64 time 0 0 ms 157 235 208 69 ping statistics 5 packets transmitted 5 packets received 0 packet loss round trip min avg max 0 0 0 0 0 1 ms WS5100 config 5 1 10 end Global Configuration Commands Ends...

Page 188: ...delines Use no command with errdisable parameter to the disable bridge timeout mechanism for the port Example WS5100 config errdisable recovery interval 100 WS5100 config WS5100 config errdisable recovery cause bpduguard WS5100 config WS5100 config no errdisable recovery cause bpduguard WS5100 config recovery Enables the timeout mechanism for the port to be enabled back cause bpduguard Reason for ...

Page 189: ...l Configuration Commands Configures the switch as an FTP server Syntax ftp enable ftp password 0 1 LINE ftp rootdir DIR Parameters enable Enables the software fallback feature enable Enables FTP server password Configures the FTP password Set the password using one of the following options 0 Password is specified UNENCRYPTED 1 Password is encrypted with SHA1 algorithm LINE Password rootdir Configu...

Page 190: ... This command is used to enter the interface configuration mode for the specified physical Switch Virtual Interface SVI interface If the VLANx SVI interface does not exist it is automatically created Syntax interface IFNAME eth 1 2 vlan 1 4094 Parameters WORD Provide the name for the systems network NOTE The interface mode leads to the config if instance For more details see interface Instance on ...

Page 191: ...e routing ssh telnet ip access list extended 100 199 2000 2699 WORD standard 1 99 1300 1999 WORD ip default gateway A B C D ip dhcp bootp class excluded address option ping pool restart ip dhcp bootp ignore vlan 1 4094 Defines the VLAN interface NOTE Using access list extended moves you to the config ext nacl instance For more information see Extended ACL Instance on page 14 1 Using access list ex...

Page 192: ...ce static A B C D 1 65535 tcp udp A B C D ip route A B C D A B C D M next hop ip routing ip ssh port rsa ip ssh port 0 65536 ip ssh rsa keypair name WORD ip telnet port 0 65535 Parameters access list Using the access list parameter options to enter the ext nacl context and the std nacl context The prompt changes to the context entered For more information see Extended ACL Instance on page 14 1 For...

Page 193: ...eout in seconds pool name Configures the DHCP server s address pool For more information see DHCP Server Instance on page 17 1 domain lookup Enables the DNS based name to address translation on the switch domain name Sets the domain name for the switch http Hyper Text Transfer Protocol HTTP secure server Sets the Secure HTTP Server HTTPS secure trustpoint Enter the name of the trustpoint used for ...

Page 194: ...dress translation static A B C D Specifies the static local global mapping for the inside local IP address 1 65535 tcp udp Inside local Port Select tcp or udp route A B C D A B C D M next hop Adds a static route entry in the routing table A B C D IP destination prefix A B C D M IP destination prefix next hop IP address of the next hop used to reach the destination routing Turns on IP routing ssh S...

Page 195: ...DHCP User Class instance For more information see DHCP Class Instance on page 18 1 Clear the ip dhcp binding using the clear command Usage Guidelines 2 Follow the steps below to create a DHCP User Class 1 Create a DHCP class named WS5100DHCPclass WS5100 supports a maximum of 32 DHCP classes WS5100 config ip dhcp class WS5100DHCPclass WS5100 config dhcpclass 2 Create a USER class named MC800 The pr...

Page 196: ...onfig dhcp class address range 11 22 33 44 Example WS5100 config ip access list extended TestACL WS5100 config ext nacl WS5100 config ip access list standard TestStdACL WS5100 config std nacl WS5100 config ip dhcp pool TestPool WS5100 config dhcp WS5100 config ip dhcp class TestDHCPclass WS5100 config dhcpclass 5 1 17 license Global Configuration Commands Display the details of the license Syntax ...

Page 197: ...local user authentication Syntax local username password Parameters Example WS5100 config local username Noble Man password Noble Soul console Primary terminal line Configure a value between 0 0 vty Virtual terminal Set a value between 0 871 username Define the local user name The username can be a string of upto 64 characters password Define the local user password The password can be a string of...

Page 198: ...sages The value can be configured between 1 60 seconds buffered Sets the buffered logging level console Sets the console logging level monitor Sets the terminal lines logging level syslog Sets the syslog servers logging level 0 7 Enter the Logging severity level Can be between 0 7 alerts Immediate action needed severity 1 critical Critical conditions severity 2 debugging Debugging messages severit...

Page 199: ...al0 Syslog facility local0 local1 Syslog facility local1 local2 Syslog facility local2 local3 Syslog facility local3 local4 Syslog facility local4 local5 Syslog facility local5 local6 Syslog facility local6 local7 Syslog facility local7 host Configure remote host to receive log messages A B C D Remote host s IP address on Enables the logging of system messages access list Defrines the ACL config f...

Page 200: ...n Commands Configures the MAC address table Syntax mac address table aging time 0 10 1000000 Parameters Example WS5100 config mac address table aging time 100 WS5100 config NOTE By using the ip access list parameter enter the following contexts ext macl extended MAC ACL For more details see Extended MAC ACL Instance on page 16 1 aging time 0 10 1000000 The duration for which a learned mac address ...

Page 201: ...eer server trusted key ntp access group peer query only serve serve only ntp access group peer 1 99 1300 1999 ntp access group query only 1 99 1300 1999 ntp access group serve 1 99 1300 1999 ntp access group serve only 1 99 1300 1999 ntp authenticate ntp authentication key md5 WORD ntp autokey client only host ntp broadcast client destination ntp broadcast destination WORD key version ntp broadcas...

Page 202: ...rsion 1 4 ntp server TestPeer version 1 4 ntp trusted key 1 65534 Parameters access group Controls NTP access peer Provides full access query only Allows only control queries serve Provides server and query access serve only Provides only server access 1 99 Defines the standard IP access list 1300 1999 Standard IP access list expanded range authenticate Authenticates time sources authentication ke...

Page 203: ...dcastdelay Defines the estimated round trip delay 1 999999 Sets the round trip delay in microseconds master Acts as a NTP master clock 1 15 Sets teh stratum number for the NTP master clock peer Configures the NTP peer server Configures the NTP server Peer IP Sets the IP address of the peer only autokey Configures an autokey peer authentication scheme key Configures the peer authentication key 1 65...

Page 204: ...n Configure NTP version cr WS5100 config ntp peer TestPeer autokey prefer version 1 4 NTP version number WS5100 config ntp peer TestPeer autokey prefer version 3 WS5100 config WS5100 config ntp peer TestPeer key 1 65534 Peer key number WS5100 config ntp peer TestPeer key 20 prefer Prefer this peer when possible version Configure NTP version cr WS5100 config ntp peer TestPeer key 20 prefer version ...

Page 205: ...ault config mode to RADIUS server mode Syntax radius server host key local retransmit timeout radius server host A B C D radius server key 0 2 LINE radius server local radius server retransmit 0 100 radius server timeout 1 1000 Parameters LINE Enter the new prompt displayed by the system NOTE radius server local mode moves you to the RADIUS server context For more details see host Specifies a RADI...

Page 206: ...enable group id 1 65535 handle stp enable heartbeat period 1 255 hold period 10 255 interface ip IP Address manual revert member ip IP address mode primary standby Parameters 0 Password is specified UNENCRYPTED 2 Password is encrypted with password encryption secret LINE Text of shared key upto 127 characters local Configures local RADIUS server parameters This takes you to a new config radius ser...

Page 207: ...e DHCP Redundancy protocol discovery period 10 60 Sets the redundancy discovery interval in seconds The default is 30 seconds enable Enables the redundancy protocol group id 1 65535 Sets the cluster ID The default cluster ID is 1 handle stp enable Delays the redundancy protocol state machine exec considering STP heartbeat period 1 255 Sets the redundancy heartbeat interval hold period 10 255 Sets ...

Page 208: ...Enables advanced mode vty interface dhcp Enables the DHCP server service diag Services diag password encryption Encrypts passwords in configuration pm max sys restarts sys restart Process Monitor max sys restarts Maximum number of times PM will restart the system because of a failed processes sys restart Enable PM to restart the system when a processes fails Note The process restart is one count l...

Page 209: ...server enable traps all snmp server enable traps dhcp server snmp server enable traps disgnostics snmp server enable traps miscellaneous caCertExpired lowFsSpace processMaxRestartsReached savedConfigModi fied serverCertExpired snmp server enable traps mobility snmp server enable traps nsm dhcpIPChanged snmp server enable traps radius server snmp server enable traps redundancy adoptionExceeded grpA...

Page 210: ... than tput greater than undecrypt percent greater than snmp server enable traps wireless statistics min packets 1 65535 snmp server enable traps wireless statistics mobile unit avg bit speed less than avg retry greater than avg signal less than gave up percent greater than nu percent greater than pktsps greater than tput greater than undecrypt percent greater than snmp server enable traps wireless...

Page 211: ...les SNMP traps all Enables all traps dhcp server Enables dhcp server traps diagnostics Enables diagnostics traps miscellaneous Enables miscellaneous traps mobility Enables mobility traps nsm Enables nsm traps radius server Enables radius server traps redundancy Enables redundancy traps snmp Enables SNMP traps wireless Enables wireless traps wireless statistics Modifies wireless stats rate traps en...

Page 212: ...aneous Enables miscellaneous traps caCertExpired CA certificate has expired lowFsSpace Available file system space is lower than the limit processMaxRestartsReached Process has reached max restart savedConfigModified Saved configuration has been modified serverCertExpired Server certificate has expired enable traps mobility Enable mobility traps operationallyDown Mobility down operationallyUp Mobi...

Page 213: ...eeded Redundancy port adoption exceeded grpAuthLevelChanged Redundancy group Authorization Level changed memberDown Redundancy member down memberMisConfigured Redundancy member mis configuration memberUp Defrines redundancy member as up enable traps snmp Enables SNMP traps authenticationFail Enables authentication failure trap coldstart Enables coldStart trap linkdown Enables linkDown trap linkup ...

Page 214: ...io events switchExcessiveEvents Excessive switch events radio Enables wireless radio traps adopted Radio adopted detectedRadar Radio detected radar unadopted Radio detected radar self healing Enables self healing traps activated Self healing activated station Enables wireless station traps associated Wireless station associated deniedAssociationAsPortCapacityRea ched Wireless station denied associ...

Page 215: ...ssociationOnSSID Wireless station denied association due to invalid SSID deniedAssociationOnShortPream Wireless station denied association due to lack of short preamble support deniedAssociationOnSpectrum Wireless station denied association due to lack of spectrum management capability deniedAuthentication Wireless station denied 802 11 authentication disassociated Wireless station disassociated t...

Page 216: ... 00 gave up percent greater than Percentage of pkts dropped is greater than 0 00 and less than or equal to 100 00 nu percent greater than Percentage of non unicast pkts is greater than 0 00 and less than or equal to 100 00 num mobile units greater than Number of associated mobile unit is 1 4096 pktsps greater than Packets persec is greather than 0 00 and less than or equal to 100000 00 tput greate...

Page 217: ... 00 avg signal less than Average signal in dBm is less than 0 00 and greater than or equal to 120 00 gave up percent greater than Percentage of pkts dropped is greater than 0 00 and less than or equal to 100 00 nu percent greater than Percentage ofnon unicastpktsisgreaterthan 0 00 and less than or equal to 100 00 pktsps greater than Packets per sec is greather than 0 00 and less than or equal to 1...

Page 218: ... tput greater than Throughput in Mbps is greather than 0 00 and less than or equal to 100000 00 undecrypt percent greater than Percentage of undecryptable pkts is geater than 0 00 and less than or equal to 100 00 host SNMP server host A B C D SNMP server host IP address location Text for mib object sysLocation manager Enables the SNMP manager all Enables SNMP version v2 and v3 v2 Enables SNMP vers...

Page 219: ...traps wireless self healing activated WS5100 config WS5100 config snmp server enable traps wireless station tkipCounterMeasures WS5100 config WS5100 config snmp server enable traps wireless statistics min packets 120 WS5100 config WS5100 config snmp server location Located at thh 5th FLoor WS5100 config WS5100 config snmp server sysname Gold Mine WS5100 config 5 1 30 sole Global Configuration Comm...

Page 220: ...onfig wireless Example WS5100 config sole WS5100 config sole 5 1 31 spanning tree Global Configuration Commands Configures spanning tree commands Syntax spanning tree mst portfast spanning tree mst 0 15 priority 0 61440 cisco interoperability enale disable configuration forward time 4 30 hello time 1 10 max age 6 40 max hops 7 127 spanning tree portfast bpdufilter bpduguard default ...

Page 221: ...ble Enables disables interoperability with Cisco s version of MSTP incompatible with standard MSTP enable Enables CISCO Interoperability disable Disables CISCO Interoperability configuration Multiple spanning tree configuration This command moves to the spanning tree mst Instance on page 13 1 forward time 4 30 Sets the time in seconds after which if this bridge is the root bridge each port changes...

Page 222: ...s one The allowable range for max age is 6 40 seconds Configure this value sufficiently high so a frame generated by root can be propagated to the leaf nodes without exceeding the max age Use this command to set the max age for a bridge This value is used by all instances The default value of bridge max age is 20 seconds max hops 7 127 Specifies the maximum allowed hops for a BPDU in an MST region...

Page 223: ...tfast feature on a bridge It has the following options bpdufilter default Use the bpdu filter command to set the portfast BPDU filter for the port Use the no parameter with this command to revert the port BPDU filter value to default The Spanning Tree Protocol sends BPDUs from all ports Enabling the BPDU Filter feature ensures PortFastenabled ports do not transmit or receive BPDUs bpduguard defaul...

Page 224: ...Denver America Los_Angeles America Mexico_City America Montreal America New_York America Phoenix America Santiago America Sao_Paulo America St_Johns America Tegucigalpa America Thule America Winnipeg America Indianapolis WS5100 config timezone America Chicago WS5100 config 5 1 33 username Global Configuration Commands Establishes user name authentication Syntax username Parameters TIMEZONE Press t...

Page 225: ...P IP network by encrypting all traffic from one network to another A VPN uses tunneling to encrypt all information at the IP level Example 5 1 35 wireless Global Configuration Commands Configures switch wireless parameters This command moves you to the config wireless instance For more information see Wireless Instance on page 20 1 Syntax wireless Parameters None authentication method Selects the ...

Page 226: ... 36 wlan acl Global Configuration Commands Use this command to apply an ACL on a WLAN index Syntax wlan acl 1 32 1 99 100 199 1300 1999 2000 2699 word in out Parameters Usage Guidelines 1 Every WLAN created is mapped to an index When an ACL is applied on a WLAN index it becomes a WLAN ACL The following type of ACL s can be applied on a WLAN IP Standard ACL IP Extended ACL MAC Extended ACL 1 32 WLA...

Page 227: ...gurable in WS5100 3 0 3 0 1 In WS5100 3 0 2 WLAN is treated as a virtual port and the user has to create ACL rules without WLAN index and attach ACLs to WLAN port While upgrading from WS5100 3 0 3 0 1 to 3 0 2 the ACLs having WLAN index as selectors are replaced with ACLs without having any WLAN index selectors After the completion of the upgrade user has to apply those ACLs to WLAN port manually ...

Page 228: ...y rule precedence 33 Extended MAC access list macacl permit any host 00 01 02 03 04 05 type ip rule precedence 11 permit host 00 01 03 04 07 08 any rule precedence 21 permit any any rule precedence 31 Standard IP access list stdacl permit any rule precedence 34 permit host 10 0 0 10 rule precedence 44 deny host 30 0 0 14 rule precedence 54 Follow the procedure mentioned below to manually upgrade t...

Page 229: ...acl 6 stdacl2 in The stdacl must be detached from the interface to which it was associated and stdacl3 must be attached to that interface When the user explicitly creates ACL rules with WLAN index as selector the switch consumes that ACL without WLAN index selector During this process a warning is raised to the user as mentioned in the example below WS5100 config access list 14 permit any wlan 19 ...

Page 230: ...WS5100 Series Switch CLI Reference Guide 5 66 The example below applies an ACL to WLAN index 200 in outbound direction from the global config mode WS5100 config wlan acl 2 150 out WS5100 config ...

Page 231: ...2 clrscr Clears the display screen page 6 2 encryption Sets the encryption algorithm page 6 3 end Ends the current mode and moves to the EXEC mode page 6 3 exit Ends the current mode and moves to the previous mode page 6 4 group Sets the Diffie Hellman group page 6 4 hash Sets the hash algorithm page 6 5 help Provides a desription of the interactive help system page 6 5 lifetime Sets the lifetime ...

Page 232: ...to isakmp WS5100 config crypto isakmp authentication rsa sig WS5100 config crypto isakmp 6 1 2 clrscr Crypto ISAKMP Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config crypto isakmp clr WS5100 config crypto isakmp service Defines the switch s service commands page 6 6 show Shows running system information page 6 7 pre share pre shared key rsa sig rsa signa...

Page 233: ...100 config crypto isakmp encryption aes 256 WS5100 config crypto isakmp 6 1 4 end Crypto ISAKMP Config Commands Ends and exits the current mode and changes to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config crypto isakmp end WS5100 3des 3des Triple data encryption standard aes aes advanced data encryption standard aes 192 aes 192 advanced data encry...

Page 234: ...fig 6 1 6 group Crypto ISAKMP Config Commands Specifies the Diffie Hellman group 1 or 2 used by this IKE policy to generate keys which are then used to create the IPSec SA Syntax group 1 2 5 Parameters Usage Guidelines The local IKE policy and the peer IKE policy must have matching group settings in order for negotiation to be successful Example WS5100 config crypto isakmp group 5 WS5100 config cr...

Page 235: ...akmp help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when a...

Page 236: ...mands Negates a command or sets its defaults Syntax no authentication encryption group hash lifetime Parameters None Example WS5100 config crypto isakmp no lifetime WS5100 config crypto isakmp 6 1 11 service Crypto ISAKMP Config Commands Invokes service commands to trobuleshoot or debug config crypto isakmp instance configurations Syntax service show cli seconds Specifies how many seconds an IKE S...

Page 237: ...56 aes 192 encryption des 3des aes aes 192 aes 256 aes 256 encryption des 3des aes aes 192 aes 256 des encryption des 3des aes aes 192 aes 256 end end exit exit group 1 group 1 2 5 2 group 1 2 5 5 group 1 2 5 hash md5 hash sha md5 WS5100 config crypto isakmp 6 1 12 show Crypto ISAKMP Config Commands Use this command to view current system information running on the switch Syntax show paramater Par...

Page 238: ... address table Display MAC address table management Display L3 Managment Interface name mobility Display Mobility parameters ntp Network time protocol password encryption password encryption port channel Portchannel commands privilege Show current privilege level radius RADIUS configuration commands redundancy group Display redundancy group parameters redundancy history Display state transition hi...

Page 239: ...isakmp 6 9 users Display information about currently logged in users version Display software hardware version wireless Wireless configuration commands wlan acl wlan based acl WS5100 config crypto isakmp show ...

Page 240: ...WS5100 Series Switch CLI Reference Guide 6 10 ...

Page 241: ... the display screen page 7 2 dns Defines a primary and secondary Domain Name Server DNS page 7 2 end Ends the current mode and moves to the EXEC mode page 7 3 exit Ends the current mode and moves to the previous mode page 7 3 help Describe the interactive help system page 7 4 service Invokes service commands to trobuleshoot or debug the config crypto isakmp instance configuration page 7 5 show Sho...

Page 242: ...roup clr WS5100 config crypto group 7 1 2 dns Crypto Group Config Commands Specifies the DNS server address es to assign to a client Syntax dns IP Address Parameters Example WS5100 config crypto group dns server 172 1 17 1 172 1 17 3 WS5100 config crypto group IP Address The first DNS server address to assign IP Address optional Assign a second optional DNS server address ...

Page 243: ...he prompt changes to WS5100 Syntax end Parameters None Example WS5100 config crypto group end WS5100 7 1 4 exit Crypto Group Config Commands Ends the current mode and moves to theprevious mode GLOBAL CONFIG The prompt changes to WS5100 config Syntax exit Parameters None Example WS5100 config crypto group exit WS5100 config ...

Page 244: ...time at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what argumen...

Page 245: ...t Config mode clrscr clrscr dns A B C D dns A B C D do LINE do LINE end end exit exit help help quit quit s commands show commands WORD show commands WORD running config show running config full show running config full include factory show running config include factory service show cli service show cli show access list show access list 1 99 show access list 1 99 100 199 1300 1999 2000 2699 WORD ...

Page 246: ...erver Configuration environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol IP ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol IP mac address table Display MAC address table...

Page 247: ...ine parameters sole Smart Opportunistic Location Engine Configuration spanning tree Display spanning tree information startup config Contents of startup configuration static channel group static channel group membership terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about currently logged in us...

Page 248: ...Internet Naming Service WINS servers to assign to a client Syntax wins IP Address IP Address Parameters Example WS5100 config crypto group wins 128 2 11 1 128 2 19 23 WS5100 config crypto group IP Address The first WINS server address to assign IP Address optional Assign a second optional WINS server address ...

Page 249: ...scr Clears the display screen page 8 2 end Ends the current mode and moves to the EXEC mode page 8 2 exit Ends the current mode and moves to the previous mode page 8 2 help Descrbes the interactive help system page 8 3 no Negates a command or sets its defaults page 8 3 service Invokes service commands to trobuleshoot or debug the config crypto peer instance configuration page 8 4 set Sets configur...

Page 250: ...nfig crypto peer 8 1 2 end Crypto Peer Config Commands Ends and exits the current mode and change to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config crypto peer end WS5100 8 1 3 exit Crypto Peer Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to WS5100 config Syntax exit Parameters None ...

Page 251: ...entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config crypto peer 8 1 5 no Crypto Peer Config Commands Negates a command...

Page 252: ...ice show cli Crypto Peer Config mode clrscr clrscr do LINE do LINE end end exit exit help help no set aggressive mode password no set aggressive mode password quit quit s commands show commands WORD show commands WORD running config show running config full show running config full include factory show running config include factory service show cli service show cli set aggressive mode password WS...

Page 253: ...mple WS5100 config crypto peer show access list Internet Protocol IP aclstats Show ACL Statistics information alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto encryption module debugging Debugging information outputs ...

Page 254: ... redundancy group Display redundancy group parameters redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters sole Sma...

Page 255: ...ands Table 9 1 Crypto IPsec Command Summary Command Description Ref clrscr Clears the display screen page 6 2 end Ends the current mode and moves to the EXEC mode page 6 3 exit Ends the current mode and moves to the previous mode page 6 4 help Describes the interactive help system page 6 5 mode Configures the IP Sec transportation mode page 9 2 no Negates a command or set its defaults page 6 6 ser...

Page 256: ... show access list Internet Protocol IP alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto crypto debugging Display debugging setting environment show environmental information file Display filesystem information ftp Dis...

Page 257: ...dancy group parameters redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Current Operating configuration securitymgr Display debug info for ACL VPN and NAT sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters startup config Contents...

Page 258: ...WS5100 Series Switch CLI Reference Guide 9 4 ...

Page 259: ...he display screen page 10 2 end Ends the current mode and moves to the EXEC mode page 10 2 exit Ends the current mode and moves to the previous mode page 10 2 help Describes the interactive help system page 10 3 match Assigns an IP access list to a crypto map definition page 10 3 no Negates a command or set its defaults page 10 5 service Invoke the service commands to trobuleshoot or debug the ins...

Page 260: ...o map 10 1 2 end Crypto Map Config Commands Use this command to end and exit the current mode and move to the to PRIV EXEC mode The prompt now changes to WS5100 Syntax end Parameters None Example WS5100 config crypto map end WS5100 10 1 3 exit Crypto Map Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to WS5100 config Syntax exit Parameters Non...

Page 261: ...sible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config crypto map 10 1 5 match Crypto Map Config Commands Use this command to assign an IP access list to a crypto map definition The access list designates the IP packets to be encrypted by this crypto map A crypto map entry is a single policy th...

Page 262: ...which data to secure Instead the crypto map entry refers to an access control list An access control list ACL is assigned to the crypto map using the match address command If no ACL is configured for a crypto map the entry is incomplete and will have no effect on the system The entries of the ACL used in a crypto map should be created with respect to traffic sent by the OS The source information m...

Page 263: ...pto Map Config Commands Negates a command or sets its defaults Syntax no previous command used Parameters Use the commands configured under this instance Example WS5100 config crypto map no aggrerssive mode WS5100 config crypto map ...

Page 264: ...t password used to enter shell reboot history Show reboot history startup log Show startup log upgrade history Show upgrade history WS5100 config crypto map service show WS5100 config crypto map service show info 4 0M out of 4 0M available for logs 9 7M out of 11 4M available for history 16 4M out of 18 6M available for crashinfo List of Files messages log 0 Oct 9 13 01 snmpd log 316 Oct 9 13 01 s...

Page 265: ... esp set session key inbound outbound ah hexkey data set session key inbound outbound esp SPI cipher hexdata key authenticator hexkey data Parameters local id Sets the local identity dn Defines the distinguished name hostname Sets the hostname mode Sets the mode of the tunnels for this Crypto Map aggressive Initiates aggressive mode main Initiates main mode peer Sets the IP address of the peer dev...

Page 266: ... is required to use Diffie Hellman Group 5 remote type Sets the remote VPN client type ipsec l2tp Specify the remote VPN client as using IPSEC L2TP xauth Specify the remote VPN client as using XAUTH with mode config security association Defines the lifetime in kilobytes and or seconds of the IPSec SAs created by this crypto map level perhost Specify a security association granularity level for ide...

Page 267: ...security association lifetime kilobytes seconds Values can be entered in both kilobytes and seconds Whichever limit is reached first ends the security association WS5100 config crypto map set session key inbound outbound ah esp WS5100 config crypto map set session key inbound outbound ah hexkey data WS5100 config crypto map set session key inbound outbound esp SPI cipher hexdata key authenticator ...

Page 268: ...ain the transform configuration for securing data Instead the crypto map is associated with transform sets which contain specific security algorithms If a transform set is not configured for a crypto map the entry is incomplete and has no effect For manual key crypto maps only one transform set can be specified Example WS5100 config crypto map set localid hostname TestMapHost WS5100 config crypto ...

Page 269: ...nagment Interface name mobility Display Mobility Parameters ntp Network time protocol password encryption password encryption privilege Show current privilege level radius Radius configuration commands redundancy group Display redundancy group parameters redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Cu...

Page 270: ...WS5100 Series Switch CLI Reference Guide 10 12 ...

Page 271: ...Summary Command Description Ref clrscr Clears the display screen page 11 2 company name Defines a company name for the trustpoint page 11 2 email Sets an e mail ID for the trustpoint page 11 3 end Ends the current mode and moves to the EXEC mode page 11 3 exit Ends the current mode and moves to the previous mode page 11 4 fqdn Sets the domain name of the trustpoint page 11 4 help Displays the inte...

Page 272: ...d Sets the challenge password applicable only for requests to access the trustpoint page 11 6 rsakeypair Defines a RSA Keypair to associate with the trustpoint page 11 7 service Invokes service commands to troubleshoot or debug the crypto pki trustpoint instance configuration page 11 7 show Displays running system information page 11 9 subject name The subject name is a collection of required para...

Page 273: ... for the trustpoint Syntax email Parameters Example WS5100 config trustpoint email abcTestemailID symbol com WS5100 config trustpoint 11 1 4 end Trustpoint PKI Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config trustpoint end WS5100 WORD email address 2 to 64 characters ...

Page 274: ... changes to WS5100 config Syntax exit Parameters None Example WS5100 config trustpoint exit WS5100 config 11 1 6 fqdn Trustpoint PKI Config Commands Configures the domain name of the trustpoint Syntax fqdn Parameters None Example WS5100 config trustpoint fqdn RetailKing com WS5100 config trustpoint NOTE The length of domain name should be between 9 and 64 characters ...

Page 275: ...he available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config trustpoint 11 1 8 ip address Trustpoint PKI Config Commands Sets an IP address for t...

Page 276: ...PKI Config Commands Sets the challenge password applicable only for requests to acces trustpoint Syntax password 0 2 WORD Parameters Example WS5100 config trustpoint password 0 TestPassword WS5100 config trustpoint 0 Password is specified as UNENCRYPTED The password should be between 4 to 20 characters 2 Password is encrypted with password encryption secret The string length of encrypted password ...

Page 277: ...trustpoint rsakeypair were WS5100 config trustpoint The rsakeypair name were in this example is an exisitng keypair value 11 1 12 service Trustpoint PKI Config Commands Invokes service commands to trobuleshoot or debug the crypto pki trustpoint instance configuration Syntax service clear diag shell save cli show start shell tethereal Parameters WORD RSA Keypair Identifier clear Removes specified s...

Page 278: ...ml This tree can be viewed via web at http ipaddr cli clitree html WS5100 config trustpoint WS5100 config trustpoint service show cli Show CLI tree of current mode command history Display command except show commands history crash info Display information about core panic and AP dump files info Show snapshot of available support information last passwd Display last password used to enter shell reb...

Page 279: ...trustpoint show access list Internet Protocol IP alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto crypto debugging Display debugging setting environment show environmental information file Display filesystem informati...

Page 280: ...ameters snmp server Display SNMP engine parameters startup config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about terminal lines version Display software hardware version wireless Wireless configuration commands WS5100 config show crypto pki trustpoints Tr...

Page 281: ...m State mm Country mm Issuer Name Common Name mm Organizational Unit mm Organization mm Location mm State mm Country mm Valid From Jun 8 19 24 38 2007 GMT Valid Until Jun 7 19 24 38 2008 GMT WS5100 config 11 1 14 subject name Trustpoint PKI Config Commands Creates a subject name to configure a trustpoint The subject name is a collection of required parameters to configure a trustpoint Syntax subje...

Page 282: ...g trustpoint subject name TestPool US OH WORD City 2 to 128 characters WS5100 config trustpoint subject name TestPool US OH PB WORD Organization 2 to 64 characters WS5100 config trustpoint subject name TestPool US OH PB SYMBOL WORD Organization Unit 2 to 64 characters WS5100 config trustpoint subject name TestPool US OH PB SYMBOL WID cr WS5100 config trustpoint subject name TestPool US OH PB SYMBO...

Page 283: ...ge 12 2 crypto Defines the encryption module page 12 3 description Creates an interface specific description page 12 3 duplex Sets the duplex mode used by the interface page 12 4 end Ends the current mode and moves to the EXEC mode page 12 5 exit Ends the current mode and moves to the previous mode page 12 5 help Displays the interactive help system page 12 5 ip Sets the IP address for the assigne...

Page 284: ...bug the config if instance configurations page 12 11 show Displays running system information page 12 12 shutdown Shuts down a selected interface page 12 15 spanning tree Disables the selected interface The interface is administratively enabled unless explicitly disabled using this command page 12 15 speed Specifies the speed of a fast ethernet 10 100 or a gigabit ethernet port 10 100 1000 page 12...

Page 285: ...mapset to a single interface The switch does not allow the same cryptomap set to be attached to multiple interfaces 12 1 3 description Interface Config Commands Creates an interface specific desciption Syntax description Parameters Example WS5100 config if description interface for RetailKing WS5100 config if map tag Assigns a Crypto Map tag Crypto Map tag LINE Define the characters describing thi...

Page 286: ...set in the auto duplexmode In auto mode the duplex is selected based on connected network hardware NOTE Duplexity can only be set for an Ethernet Interface Enter the config if instance using the eth parameter of the interface mode The duplex can not be set until the speed is set to a non auto value auto The port automatically detects whether it should run in full or half duplex mode full Sets the ...

Page 287: ...arameters None Example WS5100 config if end WS5100 12 1 6 exit Interface Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to WS5100 config Syntax exit Parameters None Example WS5100 config if exit WS5100 config 12 1 7 help Interface Config Commands Displays the system s interactive help Syntax help Parameters None ...

Page 288: ... help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config if 12 1 8 ip Interface Config Commands Sets the IP address for the assigned ethernet VLAN or tunnel Syntax ip access group address helper address nat ip access group 1 99 100 199 1300 1999 2000 2699 in ip address A B C D M dhcp secondary ip helper address A B C D ...

Page 289: ...ate a helper address on VLAN 2000 for using a DHCP server on VLAN 1000 WS5100 config interface vlan 1000 WS5100 config if ip address 172 168 100 1 24 WS5100 config if interface vlan 2000 WS5100 config if ip address 172 168 200 1 24 address Sets a static IP address and network mask for a Layer 3 SVI Switch Virtual Interface A B C D M Sets the IP address 10 0 0 1 8 secondary Defines an optional seco...

Page 290: ...5100 config if ip nat outside WS5100 config ip nat inside source static 172 168 200 10 157 235 205 57 WS5100 config 12 1 9 mac Interface Config Commands Applies a MAC access list to a gigabit ethernet interface Syntax mac access group acl_name in Parameters Example WS5100 config if mac access group Ark200 in WS5100 config if NOTE The access list cannot be applied on a management interface me1 acce...

Page 291: ...onfig management secure in the config mode This ensure management access is restricted to the management VLAN only Refer management on page 5 37 for config management secure configuration Example WS5100 config interface vlan 1000 WS5100 config if management WS5100 config if 12 1 11 no Interface Config Commands Negates a command or sets its defaults Syntax no crypto description duplex ip mac port c...

Page 292: ...oup 1 with interface ge1 and ge 2 WS5100 config interface ge1 WS5100 config if static channel group 1 WS5100 config interface ge2 WS5100 config if static channel group 1 The example below defines the load balance based on the IP or MAC address WS5100 config interface sa1 WS5100 config if port channel load balance src dst ip WS5100 config if load balance src dst ip src dst mac Sets load balancing f...

Page 293: ...config if service show cli Interface Config mode clrscr clrscr crypto map WORD crypto map WORD description LINE description LINE do LINE do LINE duplex auto duplex half full auto full duplex half full auto half duplex half full auto end end exit exit help help ip access group 1 99 in ip access group 1 99 100 199 1300 1999 2000 2699 WORD in 100 199 WS5100 config if cli Shows the CLI tree of current...

Page 294: ...Configuration environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol IP ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol IP mac address table Display MAC address table manag...

Page 295: ... last image upgrade status users Display information about currently logged in users version Display software hardware version wireless Wireless configuration commands wlan acl wlan based acl WS5100 config if show WS5100 config if show access list Standard IP access list 1 deny any rule precedence 1 WS5100 config if WS5100 config if show boot Image Build Date Install Date Version Primary Aug 28 14...

Page 296: ...tory allowed channel power information for a particular country self heal config Self Healing Configuration Parameters sensor Wireless Intrusion Protection System parameters unapproved aps Unapproved APs seen by access port or mobile unit scans wireless switch statistics wireless switch statistics wlan Wireless LAN related parameters WS5100 config if WS5100 config if show wireless config country c...

Page 297: ...ilter enable disable bpduguard enable disable edgeport force version 0 3 guard root link type point topoint shared mst 0 15 port cisco interoperability portfast spanning tree mst 0 15 cost 1 200000000 port priority 0 240 port cisco interoperability disable enable Parameters bpdufilter disable enable Use this command to set a portfast BPDU filter for the port Use the no parameter with this command ...

Page 298: ...eport Enables an interface as an edgeport force version 0 3 Specifies the spanning tree force version A version identifier of less than 2 enforces the spanning tree protocol Select from the following versions 0 STP 1 Not supported 2 RSTP 3 MSTP The default value for forcing the version is MSTP guard root Enables the Root Guard feature for the port The root guard disables the reception of superior ...

Page 299: ... 100 1000 Syntax speed 10 100 1000 auto mst 0 15 cost 1 200000000 port priority 0 240 port cisco interoperability disable enable Configures MST values on a spanning tree 0 15 Defines the Instance ID cost 1 200000000 Defines the path cost for a port port priority 0 240 Defines the port priority for a bridge port cisco interoperability disable enable Enables or disables interoperability with Cisco s...

Page 300: ...gates individual giga port s into a single aggregate link to provide a larger bandwidth The static channel group is used to provide additional bandwidth in multiples of 1Gbps on the switch All MAC layer and higher protocols see only the static channel group aggregate link rather than the individual ports that comprise it Example WS5100 config if static channel group 2 WS5100 config if 10 Forces 10...

Page 301: ...n 1 4094 Sets the VLAN when interface is in access mode mode Sets the mode of the interface to access or trunk mode Can only be used on physical layer2 interfaces access If access mode is selected the access VLAN is automatically set to VLAN1 In this mode only untagged packets in the access VLAN vlan1 are accepted on this port All tagged packets are discarded trunk If trunk modeisselected taggedVL...

Page 302: ... mode access WS5100 config if trunk Sets the trunking mode characteristics allowed Configures trunk characteristics when the port is in trunk mode vlan Sets allowed VLANs add Adds VLANs to the current list none Allows no VLANs to Xmit Rx through the Layer2 interface remove Removes VLANs from the current lis VLAN_ID VLAN_IDs added or removed Can be either a range of VLANs 55 60 or a list of comma s...

Page 303: ... the current mode and moves to the EXEC mode page 13 2 exit Ends the current mode and moves to the previous mode page 13 3 help Displays the system s interactive help system page 13 3 instance Assigns a VLAN to the bridge instance page 13 4 name Sets a name for the MST region page 13 4 no Negates a command or sets defaults page 13 5 revision Configures the revision number of the MST bridge page 13...

Page 304: ... config mst clrscr WS5100 config mst 13 1 2 end mst Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config mst end WS5100 show Shows running system information page 13 7 Table 13 1 MSTP Config Command Summary Continued Command Description Ref ...

Page 305: ... None Example WS5100 config mst help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Part...

Page 306: ...egion names define a unique region Switches in the same region exchange bridge protocol data units BPDUs with instance record information within it Example The example below sets an instance named 10 and maps VLAN 20 to it WS5100 config mst instance 10 vlan 20 WS5100 config mst 13 1 6 name mst Config Commands Sets the name for the MST region Syntax name region name Parameters Example WS5100 config...

Page 307: ...ing negated Example WS5100 config mst no instance 10 vlan 20 WS5100 config mst WS5100 config mst no name MyRegion WS5100 config mst WS5100 config mst no revision WS5100 config mst 13 1 8 revision mst Config Commands Sets the revision number of the MST bridge Syntax revision 0 255 Parameters instance Sets the MST Instance name Assigns a name to the MST region revision Defines the revision number fo...

Page 308: ...ce show cli MSTI configuration mode clrscr clrscr end end exit exit help help instance 1 15 instance 1 15 vlan VLAN_ID instance 1 15 vlan VLAN_ID name LINE name LINE no instance 1 15 no instance 1 15 vlan VLAN_ID no instance 1 15 vlan VLAN_ID name no name revision no revision quit quit revision REVISION_NUM revision REVISION_NUM s commands show commands WORD show commands WORD running config show ...

Page 309: ... aclstats vlan 1 4094 show aclstats vlan 1 4094 WS5100 config mst 13 1 10 show mst Config Commands Displays current system information Syntax show parameter Parameters Example WS5100 config mst show access list Internet Protocol IP aclstats Show ACL Statistics information alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Lo...

Page 310: ...ds redundancy group Display redundancy group parameters redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters sole S...

Page 311: ...and Summary Command Description Ref clrscr Clears the display screen page 14 2 deny Specifies packets to reject page 14 2 end Ends the current mode and moves to the EXEC mode page 14 7 exit Ends the current mode and moves to the previous mode page 14 7 help Displays the interactive help system page 14 8 mark Specifies packets to mark page 14 8 no Negates a command or sets its defaults page 14 12 p...

Page 312: ...tion destination mask host destination any log rule precedence access list entry precedence deny icmp source source mask host source any destination destination mask host destination any icmp type icmp type icmp code log rule precedence access list entry precedence service Invokes the service commands to troubleshoot or debug config if instance configurations page 14 18 show Displays running syste...

Page 313: ...the source IP address of the network or host in dotted decimal format The source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP is used for matching any is an abbreviation for a source IP of 0 0 0 0 and source mask bits equal to 0 host is an abbreviation for the exact source A B C D and source mask bits equal to 32 destination destination mask host d...

Page 314: ...urce IP is used for matching any is an abbreviation for a source IP of 0 0 0 0 and source mask bits equal to 0 host isan abbreviation forexact source A B C D and source mask bits equal to 32 destination destination mask host destination any Defines the destination host IP address or destination network address icmp type icmp type icmp code Sets the ICMP type value from 0 to 255 and is valid only f...

Page 315: ... is an abbreviation for a source IP of 0 0 0 0 and the source mask bits are equal to 0 host isan abbreviation forexact source A B C D and the source mask bits equal to 32 operator source port Valid only for TCP or UDP protocols Valid values are eq and range range Specifies the protocol range starting and ending protocol numbers port Sets the valid port number destination destination mask host dest...

Page 316: ...ample The following example denies traffic between two subnets WS5100 config ext nacl deny ip 192 168 2 0 24 192 168 1 0 24 WS5100 config ext nacl permit ip any any WS5100 config ext nacl The following example denies TCP traffic with a source port range between 20 23 from the source subnet to destination subnet WS5100 config ext nacl deny tcp 192 168 1 0 24 192 168 2 0 24 range 20 23 WS5100 config...

Page 317: ...y any WS5100 config ext nacl 14 1 3 end Extended ACL Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config ext nacl end WS5100 14 1 4 exit Extended ACL Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to WS5100 config Syntax exit Parameters No...

Page 318: ...vided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config ext nacl 14 1 6 mark Extended ACL Config Commands Specifies packets to mark Syntax mark dot1p 0 7 tos 0 255 ip source source mask host source any destination destination mask host destination any log rule precedence access list entry precedence mark dot1p 0 7 tos 0 255 icmp s...

Page 319: ...host source any The source is the source IP address of the network or host in dotted decimal format Source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching any is an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 host is an abbreviation for the exact source A B C D and source mask bits equal to 32 destinatio...

Page 320: ...ask For example 10 1 1 10 24 indicates the first 24 bits of the source IP is used for matching any is an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 host isan abbreviation forexact source A B C D and source mask bits equal to 32 destination destination mask host destination any Sets the destination host IP address or destination network address icmp type icmp type icmp co...

Page 321: ...s TCP UDP allows the user to specify port numbers as filtering criteria Select ICMP to allow deny ICMP packets Selecting ICMP allows you to filter packets based on the ICMP type and code Example The example below marks the dot1p priority value in the ethernet header to 5 on all TCP traffic coming from the source subnet WS5100 config ext nacl mark 8021p 5 tcp 192 168 2 0 24 any WS5100 config ext na...

Page 322: ...elines Removes an access list control entry Provide the rule precedence value when using the no command Example WS5100 config ext nacl no mark 8021p 5 tcp 192 168 2 0 24 any rule precedence 10 WS5100 config ext nacl WS5100 config ext nacl no permit ip any any rule precedence 10 WS5100 config ext nacl WS5100 config ext nacl no deny icmp any any rule precedence 10 WS5100 config ext nacl deny Specifi...

Page 323: ... type icmp type icmp code log rule precedence access list entry precedence permit tcp udp source source mask host source any operator source port destination destination mask host destination any operator destination port log rule precedence access list entry precedence NOTE ACLs do not allow DHCP messages to flow by default Configure an Access Control Entry ACE to allow DHCP messages to flow thro...

Page 324: ...he network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching any is an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 host is an abbreviation for exact source A B C D and source mask bits equal to 32 destination destination mask host destination any Sets the destination host IP address or destination network address log Generate...

Page 325: ... 24 bits of the source IP are used for matching any is an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 host isan abbreviation forexact source A B C D and source mask bits equal to 32 destination destination mask host destination any Defines the destination host IP address or destination network address icmp type icmp type icmp code Sets the ICMP type value from 0 to 255 va...

Page 326: ...tching any is an abbreviation for a source IP of 0 0 0 0 with the source mask bits being equal to 0 host isan abbreviation forexact source A B C D with the source mask bits being equal to 32 operator source port Valid only for TCP or UDP protocols Valid values are eq and range range Specifies the protocol range starting and ending protocol numbers port Sets the valid port number destination destin...

Page 327: ...he example below allows IP traffic from the source subnet to the destination subnet and denies all other traffic over an interface WS5100 config ext nacl permit ip 192 168 1 10 24 192 168 2 0 24 rule precedence 40 WS5100 config ext nacl The example below permits Telnet traffic from the source subnet and the destination subnet and denies all other traffic over an interface WS5100 config ext nacl pe...

Page 328: ...ystem exit Exit from the CLI fallback Configures firmware fallback feature help Description of the interactive help system logout Exit from the CLI no Negate a command or set its defaults reload Halt and perform a warm reboot service Service Commands show Show running system information upgrade Upgrade firmware image clear Removes the specified support information diag shell Provides diagnostic sh...

Page 329: ...artup log Show startup log upgrade history Show upgrade history WS5100 config ext nacl service show WS5100 config ext nacl service start shell Last password used password with MAC 00 a0 f8 65 ea 8e Password WS5100 config ext nacl service tethereal LINE tethereal options in the format V print detailed packet x hex dump of packet p no promiscuous mode for interface n disable name resolution c count ...

Page 330: ...uration history Display the session command history interfaces Interface status and configuration ip Internet Protocol IP ldap ldap server licenses Show any installed licenses logging Show logging configuration and buffer mac Media Access Control management Display L3 Managment Interface name mobility Display Mobility Parameters ntp Network time protocol password encryption password encryption pri...

Page 331: ...n commands WS5100 config ext nacl show 14 1 11 terminal Extended ACL Config Commands Sets the length number of lines displayed on the terminal window Syntax terminal monitor no terminal no monitor Parameters Usage Guidelines By default log messages are generally not displayed using a Telnet session Use the terminal monitor command to view Telnet log messages Example WS5100 config ext nacl terminal...

Page 332: ...WS5100 Series Switch CLI Reference Guide 14 22 ...

Page 333: ...fies packets to reject page 15 2 end Ends the current mode and moves to the EXEC mode page 15 3 exit Ends the current mode and moves to the previous mode page 15 4 help Displays the interactive help system page 15 4 mark Specifies packets to mark page 15 5 no Negates a command or sets its defaults page 15 6 permit Specifies packets to forward page 15 6 service Invokes service commands to troublesh...

Page 334: ...ct Syntax deny A B C D M any host deny any log rule precedence deny any log rule precedence 1 5000 deny any rule precedence 1 5000 deny host A B C D Parameters terminal Sets terminal line parameters page 15 11 A B C D M Sets the source IP address range to match any Any source IP address log The log matches against this entry rule precedence 1 5000 Determines the access list entry precedence Table ...

Page 335: ... rule precedence 50 WS5100 config std nacl The example below denies traffic from the source network xxx xxx 1 0 24 and allows all other traffic to flow through the interface WS5100 config std nacl deny xxx xxx 1 0 24 rule precedence 60 WS5100 config std nacl permit any 15 1 3 end Standard ACL Config Commands Ends and exits from the current mode and moves to the PRIV EXEC mode The prompt changes to...

Page 336: ...help Parameters None Example WS5100 config std nacl help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each poss...

Page 337: ... is marked based on the ACL configuration 8021 1p 0 7 tos 0 255 Specifies 1p priority value between 0 and 7 Specifies a Type of Service tos value between 0 and 255 A B C D M any host source is the source IP address of the network or host in dotted decimal format Source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching any any is an...

Page 338: ...mit designations Parameters Example WS5100 config std nacl no permit any rule precedence 10 WS5100 config std nacl WS5100 config std nacl no deny any rule precedence 20 WS5100 config std nacl WS5100 config std nacl no mark tos 4 192 168 2 0 24 rule precedence 30 WS5100 config std nacl 15 1 8 permit Standard ACL Config Commands permit A B C D M any host permit any log rule precedence wlan permit an...

Page 339: ...acl permit any rule precedence 50 WS5100 config std nacl The example below permits traffic from the source network and provides a log message WS5100 config std nacl permit xxx xxx 1 0 24 log rule precedence 60 WS5100 config std nacl A B C D M Defines the source IP address range to match any Any source IP address log The log matches against this entry rule precedence 1 500 Defines the access list e...

Page 340: ...nfig std nacl service show cli Show CLI tree of current mode command history Display command except show commands history crash info Display information about core panic and AP dump files info Show snapshot of available support information last passwd Display last password used to enter shell reboot history Show reboot history startup log Show startup log upgrade history Show upgrade history WS510...

Page 341: ... h detailed help E to capture ESPD e capture nonEspd packets f capture filter expression in format xx xx xx i interface on which to capture packets W wisp packet only s snaplen r filename read contents of specified file w savefile save capture in specified file X for examples on tethereal capture filter WS5100 config std nacl 15 1 10 show Standard ACL Config Commands Displays current system inform...

Page 342: ...t Display L3 Managment Interface name mobility Display Mobility Parameters ntp Network time protocol password encryption password encryption privilege Show current privilege level radius Radius configuration commands redundancy group Display redundancy group parameters redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail ru...

Page 343: ...sages are generally not displayed over a Telnet session Use the terminal monitor command to view the log messages over a Telnet session Example WS5100 config std nacl terminal monitor WS5100 config std nacl WS5100 config std nacl terminal no monitor WS5100 config std nacl monitor Copies debug output to the current terminal line no Negates a command or set its defaults monitor Copies debug output t...

Page 344: ...WS5100 Series Switch CLI Reference Guide 15 12 ...

Page 345: ...ies packets to reject page 16 2 end Ends the current mode and moves to the EXEC mode page 16 5 exit Ends the current mode and moves to the previous mode page 16 5 help Displays the interactive help system page 16 5 mark Specifies packets to mark page 16 6 no Negates a command or sets its defaults page 16 8 permit Specifies packets to forward page 16 9 service Invokes the service commands to troubl...

Page 346: ...destination MAC address mask vlan vlan id dot1p dot1p value type value ip ipv6 arp vlan wisp 0 65535 log rule precedence access list entry precedence terminal Sets terminal line parameters page 16 14 NOTE Use a decimal value representation of ethertypes to implement a permit deny mark designation for a packet The command set for Extended MAC ACLs provide the hexadecimal values for each listed ethe...

Page 347: ...lowing xx xx xx xx xx xx xx xx xx xx xx xx SourceMAC address and mask any Any source host host Exact source MAC address to match Destination Mask Define a destination mask specifying the bits to match The destination wildcard can be any one of the following xx xx xx xx xx xx xx xx xx xx xx xx Destination MAC address and mask any Any destination host host Exact destination MAC address to match dot1...

Page 348: ...nfiguration Example The MAC AC in the example below denies traffic from any source MAC address to a particular host MAC address WS5100 config ext macl deny any host 00 01 ae 00 22 11 WS5100 config ext macl The MAC ACL in the example below denies dot1q tagged traffic from VLAN interface 5 WS5100 config ext macl deny any any vlan 5 type 8021q WS5100 config ext macl The example below denies traffic b...

Page 349: ...one Example WS5100 config ext macl end WS5100 16 1 4 exit MAC Extended ACL Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to WS5100 config Syntax exit Parameters None Example WS5100 config ext macl exit WS5100 config 16 1 5 help MAC Extended ACL Config Commands Displays the system s interactive help in HTML format Syntax help Parameters None ...

Page 350: ...l 16 1 6 mark MAC Extended ACL Config Commands Specifies the packet to mark Syntax mark dot1p 0 7 tos 0 255 any host source MAC address source MAC source MAC address mask any host destination MAC address destination MAC destination MAC address mask vlan vlan id dot1p dot1p value type value ip ipv6 arp vlan wisp 0 65535 log rule precedence access list entry precedence Parameters NOTE Use a decimal ...

Page 351: ... source wildcard can be any one of the following xx xx xx xx xx xx xx xx xx xx xx xx Source MAC address and mask any Any source host host Exact source MAC address to match Destination MAC Address Specifies the bits to match The destination wildcard can be any one of the following xx xx xx xx xx xx xx xx xx xx xx xx Destination MAC address and mask any Any destination host host Exact destination MA...

Page 352: ...ets its defaults Syntax no deny mark permit Negates all the syntax combinations used in deny mark and permit designations to configure the Extended ACL Parameters Example WS5100 config ext macl no mark tos 254 host 00 33 44 55 66 77 any type ip rule precedence 50 WS5100 config ext macl WS5100 config ext macl no deny any any vlan 5 type 8021q rule precedence 10 WS5100 config ext macl WS5100 config ...

Page 353: ...e hexadecimal values for each listed ethertype The switch supports all ethertypes Use the decimal equvilant of the ethertype listed in the CLI or any other type of ethertype Source MAC Address Specifies the bits to match The source wildcard can be any one of the following xx xx xx xx xx xx xx xx xx xx xx xx SourceMACaddress and mask any Uses any source host host Defines the exact source MAC addres...

Page 354: ...e MAC access list can be configured to allow traffic based on VLAN information ethernet type Common types include arp wisp ip 802 1q The switch by default does not allow layer 2 traffic to pass through the interface To adopt an access port through an interface configure an access control list to allow an ethernet wisp rule precedence 1 5000 Defines an access list entry precedence type 1 65535 arp ...

Page 355: ...acl The example below permits arp based traffic from any source MAC address to any destination MAC address WS5100 config ext macl permit any any type arp WS5100 config ext macl The example below permits IP based traffic from a source MAC address to any destination MAC address WS5100 config ext macl permit host 11 22 33 44 55 66 any type ip WS5100 config ext macl 16 1 9 service MAC Extended ACL Con...

Page 356: ...aarp appletalk ipx rule precedence 1 5000 dot1p 0 7 deny permit mark 8021p 0 7 tos 0 255 XX XX XX XX XX X X XX XX XX XX XX XX host XX XX XX XX XX XX any XX XX XX XX XX XX XX XX XX X X XX XX host XX XX XX XX XX XX any vlan 1 4095 dot1p 0 7 type 1 65535 ip ipv6 arp wisp 8021q rarp aarp appletalk ip x rule precedence 1 5000 rule precedence 1 5000 deny permit mark 8021p 0 7 tos 0 255 XX XX XX XX XX XX...

Page 357: ... crypto crypto debugging Display debugging setting environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status and configuration ip Internet Protocol IP ldap ldap server licenses Show any installed licenses logging Show logging configuration and buffer mac Media Access Co...

Page 358: ...minal lines version Display software hardware version wireless Wireless configuration commands WS5100 config ext macl show 16 1 11 terminal MAC Extended ACL Config Commands Sets the length number of lines displayed on the terminal window Syntax terminal monitor no terminal no monitor Parameters Usage Guidelines By default log messages are generally not displayed over a telnet session Use the termi...

Page 359: ...ary Command Description Ref address Defines the DHCP server include range page 17 3 bootfile Assigns a boot file name The bootfile name can contain letters numbers dots and hyphens Consecutive dots and hyphens are not permitted page 17 3 class Associates a class with a pool and moves to the DHCP pool class configuration mode page 17 4 client identifier Uses an ASCII string as a client identifier p...

Page 360: ...ddress for the host page 17 13 lease Assigns the lease time for a DHCP leased IP address page 17 13 netbios name server Configures NetBIOS WINS name servers page 17 15 netbios node type Defines the NetBIOS node type page 17 15 network Sets a network number and mask for the DHCP Server page 17 16 next server Configures the next server in boot process page 17 16 no Negates a command or sets its defa...

Page 361: ...imit for providing the IP address and a low IP address is the lower limit for providing the IP address Use the no address range command to remove the DHCP address range Example WS5100 config dhcp address range 2 2 2 2 2 2 2 50 WS5100 config dhcp 17 1 2 bootfile DHCP Config Commands Assigns a bootfile name for the DHCP configuration on the network pool Syntax bootfile filename range low IP address ...

Page 362: ...ootfile bootexample txt WS5100 config dhcp 17 1 3 class DHCP Config Commands Associates a DHCP class with a pool This command is used in Step 4 in the usage guidelines that follow The CLI prompt moves to a sub instance config dhcp class The configuration mode changes from config dhcp class to config dhcp class Refer to config dhcp class on page 17 5 for config dhcp class a command summary Syntax c...

Page 363: ... created in Step 1 with the pool created in Step 3 The switch supports the association of only 8 DHCP classes with a pool WS5100 config dhcp class WS5100DHCPclass WS5100 config dhcp class 5 The switch moves to a new mode config dhcp class Use this mode to add an address range used for the DHCP class associated with the pool WS5100 config dhcp class address range 11 22 33 44 Example WS5100 config d...

Page 364: ... screen end Ends the current mode and moves to the EXEC mode exit Ends the current mode and moves to the previous mode help Displays the interactive help system in HTML format no Negates a command or sets its defaults service Assists in troubleshooting or debugging issues show Displays running system information range low IP Address High IP Address Assigns an address range for the DHCP class A B C...

Page 365: ...mple WS5100 config dhcp client identifier testid WS5100 config dhcp 17 1 5 client name DHCP Config Commands Adds name for DHCP clients Syntax client name name Parameters Example WS5100 config dhcp client name testpc WS5100 config dhcp client identifier ascii string Prepends a null character Use 0 at beginning A single in the input is ignored client name name Use client name to add a client name Th...

Page 366: ...Syntax ddns domainname name multiple user class server IP address IP address ttl 1 864000 Parameters domainname name Sets the domain name used for DDNS updates multiple user class Enables the multiple user class option server IP address IP address Specifies the server to which DDNS updates have been sent ip address Defines an IP address in dotted decimal format ttl 1 864000 Sets a Time To Live TTL...

Page 367: ...hcp WS5100 config dhcp ddns multiple user class WS5100 config dhcp WS5100 config dhcp ddns ttl 1000 WS5100 config dhcp WS5100 config dhcp ddns update all WS5100 config dhcp 17 1 8 default router DHCP Config Commands Configures the default router or gateway IP address for the network pool To remove the default router list use the no default router command default router Router IP address Parameters...

Page 368: ...nts use the DNS server s IP address based on the order sequence it is configured Example WS5100 config dhcp dns server 2 2 2 222 WS5100 config dhcp 17 1 10 domain name DHCP Config Commands Sets the domain name for the network pool Use the no domain name command to remove the domain name Syntax domain name name Parameters Usage Guidelines The domain name cannot be more than 256 characters Example W...

Page 369: ...current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to WS5100 config Syntax exit Parameters None Example WS5100 config ip dhcp pool TestPool WS5100 config dhcp exit WS5100 config 17 1 13 hardware address DHCP Config Commands Reserves an IP address manually based on a DHCP client s hardware address Use the no hardware address command to remove this from the DHCP pool Syntax...

Page 370: ... please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g s...

Page 371: ...hardware address client identifier The host IP address must belong to a subnet on the switch There must be a DHCP network pool corresponding to that host IP address There is no limit to the number of manual bindings However you can configure only one manual binding per host pool Example WS5100 config dhcp host 2 2 2 111 WS5100 config dhcp 17 1 16 lease DHCP Config Commands Sets a valid lease time ...

Page 372: ... 30 WS5100 config dhcp lease 0 365 0 23 0 59 infinite Sets the lease time for an IP address 0 365 Sets the lease period in days Days can be made as 0 only when hours and or mins are greater than 0 0 23 Sets the hours for the lease period Hours can be 0 only when days and or minutes are configured with a value greater than 0 0 59 Sets the minutes for the lease period Minutes can be 0 only when days...

Page 373: ...CP Config Commands Defines the netbios node type Syntax netbios node type b node h node m node p node Parameters Example WS5100 config dhcp netbios node type p node WS5100 config dhcp netbios name server IP address Defines the NetBIOS WINS name server IP address Sets the NetBIOS name server s IP address netbios node type b node h node m node p node Defines the NetBIOS WINS name servers b node Broa...

Page 374: ...he switch before mapping a DHCP pool to a particular network Example WS5100 config dhcp network 2 2 2 0 24 WS5100 config dhcp 17 1 20 next server DHCP Config Commands Sets the IP address of the next server in the boot process Syntax next server IP address Parameters network A B C D A B C D M Sets the network number and mask A B C D Network number in dotted decimal format A B C D M Network number a...

Page 375: ... lease netbios name server netbios node type network next server option update Parameters The no command negates any command associated with it Wherever required use the same parameters associated with the command getting negated Example WS5100 config no ip dhcp pool hotpool WS5100 config WS5100 config no ip dhcp pool test WS5100 config WS5100 config dhcp no update dns WS5100 config dhcp 17 1 22 o...

Page 376: ...23 service DHCP Config Commands Invoke service commands to troubleshoot or debug config dhcp instance configurations Syntax service show cli Parameters option name Sets raw DHCP options name Sets the name of the DHCP option IP Value Sets the IP Value of the DHCP option ASCII Value Sets the ASCII Value of the DHCP option show Shows running system information cli Shows the CLI tree of current mode ...

Page 377: ...ddns update all default router A B C D default router A B C D dns server A B C D dns server A B C D do LINE do LINE domain name WORD domain name WORD end end exit exit hardware address XX XX XX XX XX XX hardware address XX XX XX XX XX XX XX XX XX XX XX XX ethernet token ring ethernet hardware address XX XX XX XX XX XX XX XX XX XX XX XX ethernet token ring token ring hardware address XX XX XX XX XX...

Page 378: ...on environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol IP ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol IP mac address table Display MAC address table management Displ...

Page 379: ...bership terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about currently logged in users version Display software hardware version wireless Wireless configuration commands wlan acl wlan based acl WS5100 config dhcp show WS5100 config show dhcp config service dhcp ip dhcp option option189 189 asci...

Page 380: ...ble the internal DHCP Server to send DDNS updates for resource records RR s A TXT and PTR The DHCP Server can override the client even if the client is configured to perform the updates In the network pool of DHCP Server FQDN is configured as the DDNS domain name This is used internally in DHCP packets between the switch s DHCP Server and the DNS server Example WS5100 config dhcp update dns overri...

Page 381: ...LI 1 Create a DHCP server dynamic address pool WS5100 config ip dhcp pool test 2 Map the DHCP pool to the network pool WS5100 config dhcp network 192 168 0 0 24 3 Add the address range for the dynamic pool WS5100 config dhcp address range 192 168 0 30 192 168 0 60 4 Assign a domain name as appropriate to this dynamic pool WS5100 config dhcp domain name test com 5 Configure the DNS server s IP addr...

Page 382: ...Configuration 1 The DHCP Server is disabled by default Use the following command to enable the DHCP Server WS5100 config service dhcp This command administratively enables the DHCP server If the DHCP configuration is incomplete it is possible the DHCP server will be disabled even after the execution of this command 2 Use the network command to map the network pool to interface network 192 168 0 0 ...

Page 383: ...to be used in the DHCP server option for example the Client identifier option 5 A host pool should have its corresponding network pool configured otherwise the host pool is useless The fixed IP address configured in the host pool must be in the subnet of the corresponding network pool 6 If you create a pool and map it to interface it automatically gets enabled provided DHCP is enabled at a global ...

Page 384: ...are first defined at the global level using ip dhcp option name code type The value for these options are defined using the option under the DHCP pool context 17 2 4 Creating a DHCP Option To create a DHCP option 1 To create a non standard option named tftp server WS5100 config ip dhcp option tftp server 183 ip 2 Enter the DHCP pool test WS5100 config ip dhcp pool test 3 Assign a value to the DHCP...

Page 385: ...1 DHCP Server Class Config Commands Table 18 1 summarizes config std nacl commands Table 18 1 DHCP Server Class Command Summary Command Description Ref clrscr Clears the display screen page 18 2 end Ends the current mode and moves to the EXEC mode page 18 2 exit Ends the current mode and moves to the previous mode page 18 3 help Displays the interactive help system in HTML format page 18 3 multipl...

Page 386: ...onfig Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config dhcpclass end WS5100 option Defines DHCP Server options page 18 5 service Invokes service commands to troubleshoot or debug config if instance configurations page 18 6 show Displays running system information page 18 7 Table 18 1 DHCP Server C...

Page 387: ...help Parameters None Example WS5100 config dhcpclass help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each pos...

Page 388: ...eters None Example WS5100 config dhcpclass multiple user class WS5100 config dhcpclass 18 1 6 no DHCP Server Class Config Commands Negates a command or sets its defaults Syntax no multiple user class option Parameters Example WS5100 config dhcpclass no multiple user class WS5100 config dhcpclass multiple user class Disables the multiple user class option option Modifies the parameters of existing ...

Page 389: ...itch supports a maximum of 8 user classes per DHCP class WS5100 config dhcpclass option user class MC800 WS5100 config dhcpclass 3 Create a Pool named WID using config mode WS5100 config ip dhcp pool WID WS5100 config dhcp 4 Associate the DHCP class created in Step 1 with the pool created in Step 3 The switch supports the association of 8 DHCP classes with a pool WS5100 config dhcp class WS5100DHC...

Page 390: ... config dhcpclass service show cli DHCP Server Class Config mode clrscr clrscr do LINE do LINE end end exit exit help help multiple user class multiple user class_cmd no multiple user class no multiple user class_cmd option user class WORD no option user class WORD option user class WORD option user class WORD quit quit s commands show commands WORD show commands WORD running config show running c...

Page 391: ...information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol IP ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol IP management D...

Page 392: ...atic channel group static channel group membership terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about currently logged in users version Display software hardware version wireless Wireless configuration commands wlan acl wlan based acl WS5100 config dhcpclass show WS5100 config dhcpclass show ...

Page 393: ...Summary Command Description Ref authentication Configure the authentication scheme used with the RADIUS server page 19 2 ca Defines CA parameters page 19 3 clrscr Clears the display screen page 19 4 crl check Enables a Certificate Revocation List CRL check page 19 4 end Ends the current mode and moves to the EXEC mode page 19 5 exit Ends the current mode and moves to the previous mode page 19 5 gr...

Page 394: ...s a command or sets its defaults page 19 20 proxy Defines the RADIUS proxy server configuration page 19 21 rad user Sets the RADIUS user configuration page 19 22 server Configures server certificate parameters page 19 23 service Invokes service commands to troubleshoot or debug config radsrv instance configurations page 19 24 show Displays running system information page 19 25 data source Sets the...

Page 395: ...config radsrv WS5100 config radsrv authentication data source ldap WS5100 config radsrv 19 1 2 ca Radius Configuration Commands Configures CA Certificate Authority parameters Syntax ca trust point WORD Parameters peap mschapv2 Sets the EAP PEAP type used with mschapv2 tls Defines an EAP TLS configuration scheme ttls md5 Sets the EAP TTLS configuration used with the default md5 authentication schem...

Page 396: ...l WS5100 config radsrv ca trust point tp1 WS5100 config radsrv 19 1 3 clrscr Radius Configuration Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config radsrv clrscr WS5100 config radsrv 19 1 4 crl check Radius Configuration Commands Enables a Certificate Revocation List CRL check To enable the certificate revocation list ensure the crl list is loaded using a crypt...

Page 397: ...rv crl check enable WS5100 config radsrv 19 1 5 end Radius Configuration Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config radsrv end WS5100 19 1 6 exit Radius Configuration Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to WS5100 config Syntax exit P...

Page 398: ... Clears the display screen page 19 7 end Ends the current mode and moves to the EXEC mode page 19 7 exit Ends the current mode and moves to the previous mode page 19 7 group Sets RADIUS user group parameters page 19 8 guest group Defines guest group permissions page 19 8 help Displays the interactive help system in HTML format page 19 9 no Negates a command or sets its defaults page 19 9 policy De...

Page 399: ...v group 19 1 7 2 end Radius Configuration Commands Ends and exits the current mode and changes to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config radsrv group end WS5100 19 1 7 3 exit Radius Configuration Commands Ends the current mode and moves to the previous mode config radsrv The prompt changes to WS5100 config Syntax exit Parameters None ...

Page 400: ...roup 19 1 7 5 guest group Radius Configuration Commands Manages a guest user linked with a hotspot Create a guest user and associate it with the guest group The guest user and the policies of the guest group are used for hotspot authentication authorization Syntax guest group Parameters Usage Guidelines Creates a guest group The guest user created using rad user can only be part of the guest group...

Page 401: ...s available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config radsrv group 19 1 7 7 no Radius Configuration Commands Use this command to negate a command or set its defaults Syntax no policy rad user service no p...

Page 402: ...no rad user all WS5100 config radsrv group WS5100 config radsrv group no service radius Info Radius service stopped WS5100 config radsrv group vlan Sets the VLAN ID for the group wlan Configures WLAN access policy for this group 1 32 Sets the WLAN range for the access policy all Removes all the WLAN allowed rad user Removes a user from this group WORD Defines an existing user name in this group al...

Page 403: ...OTE A user based VLAN is effective only if dynamic VLAN authorization is enabled for the WLAN as defined within the WLAN Configuration screen day Day of access policy configuration all All days from Sunday to Saturday fr Friday mo Monday sa Saturday su Sunday th Thursday tu Tuesday we Wednesday weekdays Allows access only during weekdays M F time Sets the access policy time for this group start Se...

Page 404: ...ADIUS user to this group If the RADIUS user is not available in the Onboard RADIUS server s database create a new RADIUS user using the rad user command from within the config radsrv mode For more information see rad user on page 19 22 Syntax rad user Parameters Example WS5100 config radsrv rad user user1 password user1 WS5100 config radsrv group group1 WS5100 config radsrv group rad user user1 WS...

Page 405: ...group service radius restart WS5100 config radsrv group 19 1 7 11 show Radius Configuration Commands Displays current system information running on the switch Syntax show paramater Parameters clear Removes the specified support information diag shell Provides diag shell access radius Enables a RADIUS server restart save cli Saves the CLI tree for all modes in HTML show Displays running system info...

Page 406: ... mobility Display Mobility Parameters ntp Network time protocol password encryption password encryption privilege Show current privilege level radius Radius configuration commands redundancy group Display redundancy group parameters redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Current Operating config...

Page 407: ... access policy configuration time Configure time of access policy for this group vlan VLAN id for this group wlan Configure wlan access policy for this group WS5100 config radsrv group policy day weekdays WS5100 config radsrv group policy time start 12 30 end 15 30 4 Use the policy vlan command to assign a VLAN ID of 10 to the Sales group WS5100 config radsrv group policy vlan 10 5 Use the policy ...

Page 408: ...8 Use config radsrv proxy to add a realm name for the group WS5100 config radsrv proxy realm mydomain com server 10 10 1 10 port 1812 secret 0 testing 9 Save the changes and restart the RADIUS server WS5100 config radsrv service radius restart Sep 08 17 48 04 2006 PM 5 PROCSTOP Process radiusd has been stopped Sep 08 17 48 05 2006 RADCONF radius config files generated successfully WS5100 config ra...

Page 409: ...00 config radsrv 19 1 9 ldap server Radius Configuration Commands Sets the LDAP server s configuration It uses the exisitng external database active directory with the onboard RADIUS server instead of the local database on the switch Syntax ldap server primary secondary host A B C D Parameters primary Sets the primary LDAP server s configuration secondary Defines the secondary LDAP server s config...

Page 410: ...ttr UserPassword group attr cn group filter objectClass group member Ldap UserDn objectClass GroupOfUniqueNames uniquemember L dap UserDn group membership radiusGroupName net timeout 1 WS5100 config base dn Specifies a distinguished name that establishes the base object for the search The base object is the point in the LDAP tree at which to start searching passwd Sets a valid password for the LDA...

Page 411: ...ret WS5100 config radsrv nas 10 10 10 0 24 key 0 Password is specified UNENCRYPTED 2 Password is encrypted with password encryption secret LINE The secret client shared secret upto 32 characters WS5100 config radsrv nas 10 10 10 0 24 key 0 very secret A B C D M Sets the RADIUS client s IP address key Sets the RADIUS client s shared key 0 Defines the Password as UNENCRYPTED 2 Password is encrypted ...

Page 412: ...o ca trust point WS5100 config radsrv authentication Defines the RADIUS authentication ca Configures Certificate Authority CA parameters crl check Enables a Certificate Revocation List CRL check group Sets the local RADIUS server s group configuration ldap server Defines LDAP server parameters nas Sets the RADIUS client configuration proxy Defines the RADIUS proxy server rad user Sets the RADIUS u...

Page 413: ...request before giving up The timeout value defines the duration for which the switch waits for a reply to a RADIUS request before retransmitting the request realm WORD The realm name is a string of up to 50 characters server A B C D Sets the proxy server IP address port 1024 65535 Sets the proxy server port number secret 0 2 WORD Sets the proxy server secret string 0 Password is specified UNENCRYP...

Page 414: ...s Sets RADIUS user parameters Syntax rad user WORD password 0 2 WORD Parameters Usage Guidelines Use group guest expiry time expiry date start time and start date parameters to create a RADIUS guest user The RADIUS user group specified while creating a guest user must be a guest group WORD Enter a user name up to 64 characters in length password 0 2 WORD Sets the RADIUS user password 0 Defines the...

Page 415: ...ands Configures server certificate parameters used by a RADIUS server The server certificate is a part of a trustpoint created using crypto on page 5 16 Syntax server trust point Parameters Usage Guidelines Create a trustpoint using crypto pki trustpoint The server certificate must be created under the trustpoint using crypto pki commands Refer to crypto on page 5 16 for more information Example W...

Page 416: ...rce local ldap local authentication data source local ldap eap auth type all authentication eap auth type ttls md5 ttls pap ttls mschapv2 peap gt c peap mschapv2 tls all peap gtc authentication eap auth type ttls md5 ttls pap ttls mschapv2 pe ap gtc peap mschapv2 tls all peap mschapv2 authentication eap auth type ttls md5 ttls pap ttls mschap v2 peap gtc peap mschapv2 tls all clear Removes the spe...

Page 417: ...s current system information running on the switch Syntax show paramater Parameters Example WS5100 config radsrv show access list Internet Protocol IP alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto crypto debugging ...

Page 418: ... detail running config Current Operating configuration securitymgr Display debug info for ACL VPN and NAT sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters startup config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrad...

Page 419: ...lated commands page 20 4 adopt unconf radio Adopts a radio even if its not yet configured The default templates can be used for configuration page 20 4 adoption pref id Used as a preference identifier for this switch All radios configured with this preference identifier are more likely to be adopted by this switch page 20 5 ap Displays access port related commands page 20 5 ap detection Defines th...

Page 420: ...eration page 20 14 country code Configures the country of operation All existing radio configurations are erased page 20 15 dhcp sniff state Records mobile unit DHCP state information page 20 17 dot11 shared key auth Enables support for 802 11 shared key authentication page 20 18 end Ends the current mode and moves to the EXEC mode page 20 18 exit Ends the current mode and moves to the previous mo...

Page 421: ... Respondsto ARPrequestsfromtheRONto a WLAN on behalf of MUs page 20 28 qos mapping Defines the QoS mapping between wired and wireless domains page 20 28 radio Defines the radio s configuration page 20 29 rate limit Sets the default rate limit per user page 20 38 self heal Sets the self healing configuration page 20 38 sensor Defines the Wireless Intrusion Protection System WIPS configuration page ...

Page 422: ...pts a radio even if not yet configured Default templates are used for configuration Syntax adopt unconf radio Parameters Example WS5100 config wireless adopt unconf radio enable WS5100 config wireless config apply def delay mesh delay 30 10000 Applies AAP configuration settings def delay Sets the default time to delay before applying AAP configuration mesh delay Defines the interval to delay befor...

Page 423: ... and location of the access port Syntax ap AP index MAC Address location name Parameters Example WS5100 config wireless ap 00 15 70 14 FE C4 location 5th Floor SalesUnit WS5100 config wireless WS5100 config wireless ap 1 location BLR RMZ Ecospace WS5100 config wireless 1 65535 Set a Pref ID 1 65535 AP Index Sets a single AP index Use the show wireless ap command to view the AP s index value locati...

Page 424: ... Adds an entry to the approved access port list MAC Address Select either MAC Define a MAC address in AA BB CC DD EE FF format any Assigns any MAC address SSID Select either LINE Enter a string up to 32 characters any Assigns any SSID enable Allows access ports to look for APs mu assisted scan Sets mobile unit assisted scanning configuration enable Enables mobile unit assisted scanning refresh 30 ...

Page 425: ...s ap detection mu assisted scan refresh 520 WS5100 config wireless 20 1 6 ap ip Wireless Configuration Commands Modifies the static IP address for an access port Syntax ap ip List of Indices MAC address default ap ap ip List of Indices static ip switch ip ap ip List of Indices static ip IP address mask gateway IP ap ip List of Indices switch ip add IP address delete IP address Index IP address set...

Page 426: ...MAC address Select the AP s index MAC Address to modify its static IP address static ip Sets the static IP address netmask and gateway address of the AP A B C D M Defines the static IP address and mask A B C D Sets the gateway IP address switch ip Defines the static switch IP address add Adds a static switch IP address delete Deletes a static switch IP address set default Default switch IP address...

Page 427: ... Configures the UDP port for layer 3 adoption of APs You also need to configure the DHCP server serving the APs with the same parameter Syntax ap udp port 1 65535 Parameters Example WS5100 config wireless ap udp port 20 WS5100 config wireless Index 40 180 Access ports identified by a single MAC address or by a list of indices Use show wireless ap to view the AP s index or MAC address 40 180 Sets t...

Page 428: ...n Commands Use this command to configure a wireless client This command creates an exclude list or include list Creating a list moves the user to a new mode config wireless client list Refer to config wireless client list on page 20 12 for a config wireless client list command summary Syntax client exclude list include list NAME Parameters range Uses a lowest basic rate Provides maximum range thro...

Page 429: ... wireless wlan 1 nac server primary 192 168 0 1 WS5100 config wireless wlan 1 nac server primary secret 0 testing WS5100 config wireless wlan 1 nac server secondary 192 168 1 1 WS5100 config wireless wlan 1 nac server secondary secret 0 testing123 Enable NAC for a WLAN WS5100 config wireless wlan 1 nac mode do nac except exclude list Undo a configuration WS5100 config wireless client exclude list ...

Page 430: ...t Use config wireless client to enter the config wireless client list instance Use this instance to create an exclude list or include list Table 20 2 summarizes config wireless client list commands Table 20 2 Exclude List Configuration Command Command Description clrscr Clears the display screen end Ends the current mode and moves to the EXEC mode exit Ends the current mode and moves to the previo...

Page 431: ...ireless client list Adds a client exclude list name into from the WLAN Syntax wlan 1 32 WLAN name Parameters host name MU mac address MU mac mask Defines an index for this host entry in the client list The host station name must be of size 1 21 MU mac address Sets the MU mac address in AA BB CC DD EE FF or AA BB CC DD EE FF or AABB CCDD EEFF format MU mac mask Sets the MU mac mask in AA BB CC DD E...

Page 432: ...onfiguration Commands Changes the mode of operation of an AP to either sensor or standalone Syntax convert ap 1 48 default sensor standalone Parameters 1 48 Sets the indices of the APs to be converted from the show wireless ap command default Does not force conversion Lets the AP negotiate its normal mode of operation with the switch sensor Converts an AP300 to operate as an IDS sensor Note The sw...

Page 433: ...t of supported countries Example WS5100 config wireless country code ae United Arab Emirates ar Argentina at Austria au Australia ba Bosnia Herzegovina be Belgium bg Bulgaria bh Bahrain bm Bermuda br Brazil bs Bahamas by Belarus ca Canada ch Switzerland cl Chile cn China standalone Converts a thin AP 4131 back to a stand alone AP Note The switch will not be able to adopt this AP again until the AP...

Page 434: ...ited Kingdom gr Greece gt Guatemala gu Guam hk Hong Kong hn Honduras hr Croatia ht Haiti hu Hungary id Indonesia ie Ireland il Israel in India is Iceland it Italy jo Jordan jp Japan kr South Korea kw Kuwait kz Kazakhstan li Liechtenstein lk Sri Lanka lt Lithuania lu Luxembourg lv Latvia ma Morocco mt Malta mx Mexico my Malaysia nl Netherlands no Norway nz New Zealand om Oman pe Peru ph Philippines...

Page 435: ...s United States uy Uruguay ve Venezuela vn Vietnam za South Africa WS5100 config wireless country code 20 1 14 dhcp sniff state Wireless Configuration Commands Records mobile unit DHCP state information Syntax dhcp sniff state Parameters Example WS5100 config wireless dhcp sniff state enable WS5100 config wireless enable Allows support for recording DHCP state information for mobile units ...

Page 436: ...config wireless 20 1 16 end Wireless Configuration Commands Ends and exits the current mode and changes to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config wireless end WS5100 NOTE Shared key authentication has known weaknesses that can compromise your WEP key It should only be configured to accommodate wireless stations unable to carry out Open Syst...

Page 437: ...S5100 config 20 1 18 fix broadcast dhcp rsp Wireless Configuration Commands Converts broadcast DHCP server responses to unicast Syntax fix windows dhcp Parameters Example WS5100 config wireless fix broadcast dhcp rsp enable WS5100 config wireless 20 1 19 help Wireless Configuration Commands Displays the system s interactive help in HTML format Syntax help enable Enables support for converting broa...

Page 438: ...ch the input e g show ve WS5100 config wireless 20 1 20 ids Wireless Configuration Commands Defines the Wireless Intrusion Detection System WIPS configuration Syntax ids anomaly detection detect window ex ops ids anomaly detection all average noise level bad essid frame beacon broadcast essid invalid 8021x frame invalid frame length invalid frame type multicast source non changing wep iv null dest...

Page 439: ...ts invalid 802 1x frames invalid frame length Detects frames with an invalid length invalid frame type Detects frames with an invalid type multicast source Broadcast or multicast source non changing wep iv Detects frames wit h a non changing WEP IV null destination Sets all zeros for an address same source destination Identical source and destination addresses tkip countermeasures Filters mobile u...

Page 440: ...crypto replay fails TKIP CCMP IV replay check failure decryption fails Decryption failures disassociations Disassociation and Deauthentication frames eap naks Excessive EAP NAKs The threshold upper limit for this field is 65535 the default limit is 0 eap starts EAP 802 1x Start frames probe requests Probe Request frames unassoc frames Frames from unassociated stations filter ageout 0 86400 Sets th...

Page 441: ...es WORD Parameters Example WS5100 config wireless mac auth local 452 allow 12 11 11 120 12 11 11 150 3 7 TestString WS5100 config wireless 1 1000 Sets the mac auth local entry allow Allows mobile units that match this rule to associate deny Denies association to mobile units that match this rule Starting MAC Address Starting MAC address in AA BB CC DD EE FF format Ending MAC Address Ending MAC add...

Page 442: ...ameters Syntax mobile unit association history enable probe history mobile unit probe history add 1 200 MAC Address enable Parameters enable Enables support for manual WLAN mapping association history Enables a mobile unit s association history enable Enables a mobile unit s association history probe history Mobile unit probe logging configuration commands add 1 200 Adds a mobile unit to probe his...

Page 443: ...nable local address max roam period peer mobility local address IP Address mobility max roam period 1 15 mobililty peer IP Address Parameters Example WS5100 config wireless mobility enable WS5100 config wireless WS5100 config wireless mobility local address 12 12 12 1 WS5100 config wireless enable Enables mobility globally local address IP address Sets the local address for mobility A B C D IP add...

Page 444: ...per second Syntax multicast packet limit 1 128 1 4094 vlan range Parameters Example WS5100 config wireless multicast packet limit 120 50 WS5100 config wireless WS5100 config wireless multicast packet limit 120 1 10 25 WS5100 config wireless 20 1 26 multicast throttle watermark Wireless Configuration Commands Configures watermarks for supporting bursts of broadcast multicast frames Syntax multicast...

Page 445: ... mapping mobile unit mobility oversized frames proxy arp qos mapping radio self heal sensor service smart scan channels wlan Parameters Refer to Table 20 1 on page 1 for the parameters negated using the no command Example WS5100 config wireless no mobility enable WS5100 config wireless low 0 100 Sets the low water mark If the percentage of free packets in the system is lower than this threshold th...

Page 446: ...ss to wired qos mapping wired to wireless dot1p 0 7 dscp 0 63 background best effort video voice qos mapping wireless to wired background best effort video voice dot1p 0 7 Parameters enable Enables the support of proxy arp wired to wireless Mappings used while switching wired traffic over the air dot1p 0 7 Configures the mapping of 802 1p tags to access categories You can specify more than one 802...

Page 447: ...om description detector dtim period enforce spec mgmt enhanced beacon table enhanced probe table location led location message mac max mobile units mu power 0 20 neighbor smart scan on channel scan radio number reset reset ap rss rts threshold run acs self heal offset short preamble speed tag type timeout wmm radio 1 1000 bss 1 4 add wlans auto WLAN radio 1 1000 base bridge enable max clients 1 12...

Page 448: ...ic11 basic12 basic18 basic2 basic24 basic36 basic48 basic54 basic5p5 basic6 basic9 default range throughput radio 1 1000 wmm background best effort video voice aifsn 1 15 burst 0 65535 cw 0 15 radio 1 1000 wmm video voice acm enable max mus 1 64 radio add 1 4096 MAC Address 11a ap300 ap5131 11b ap100 ap4131 11bg ap300 ap5131 Parameters 1 1000 Defines a single radio index RADIO Creates a list 1 3 7...

Page 449: ...ure the radio is present and is a AP300 base bridge enable max clients 1 12 Sets base bridge values enable Allows the given radio to act as a base bridge and accept connections from client bridges max clients 1 12 Configures a base bridge Enter maximum client bridges allowed beacon interval 50 200 Sets the beacon interval in K uSec bridge fwd delay 4 30 Sets the STP bridge forward delay in seconds...

Page 450: ...oor outdoor 1 2000 acs random 4 20 Sets the location channel and transmit power level indoor Defines an indoor location outdoor Defines an outdoor location 1 2000 Sets the channel number acs Enables ACS auto channel selection A radio will scan for the least congested channel at startup or switch reconfiguration random Random channel selection 4 20 Sets the power in dBm client bridge enable mesh ti...

Page 451: ... 50 Sets the DTIM period bss 1 4 BSS index enforce spec mgmt enable Enforces spectrum management checks on specified radios Only mobile units that advertise spectrum management capabilities will be allowed to associate on this radio enhanced beacon table Enables the enhanced beacon table for AP locationing enhanced probe table Enables the enhanced probe table for MU locationing location led start ...

Page 452: ...io range Set a list 1 3 7 or range 3 7 of radio indices on channel scan Enables rogue scanning on this radio reset Resets a radio this will only reset the specified radio not the complete access port reset ap Resets the parent AP this will reset all radios on that access port rss enable Enables Remote Site Survivability RSS rts threshold 0 2347 Defines the RTS threshold in bytes run acs Runs an au...

Page 453: ... Mbps basic11 basic 11 Mbps basic12 basic 12 Mbps basic18 basic 18 Mbps basic2 basic 2 Mbps basic24 basic 24 Mbps basic36 basic 36 Mbps basic48 basic 48 Mbps basic54 basic 54 Mbps basic5p5 basic 5 5 Mbps basic6 basic 6 Mbps basic9 basic 9 Mbps default factory default rates based on radio type range all rates enabled the lowest one set to basic throughput all rates basic only 802 11g clients are al...

Page 454: ...oice acm enable max mus 1 64 Sets 802 11e Wireless Multi Media WMM parameters supported only on AP300 radio wmm background best effort video voice aifsn 1 15 burst 0 65535 cw 0 15 acm enable max mus 1 64 background Prioritizes Background category traffic best effort Prioritizes Best Effort category traffic video Prioritizes Video category traffic voice Prioritizes Voice category traffic acm enable...

Page 455: ...s the maximum contention window add 1 1000 MAC Address 11a ap300 ap5131 11b ap100 ap4131 11bg ap300 ap5131 Adds a new radio 1 1000 Defines the index where this radio is added MAC Sets a MAC address in AA BB CC DD EE FF format 11a 802 11a type radio 11b 802 11b type radio 11bg 802 11bg type radio ap300 AP300 access port default for 11a and 11bg ap5131 AP 5131 type access port ap4131 AP 4131 type ac...

Page 456: ... interference avoidance neighbor recovery self heal interference avoidance enable hold time 0 65535 retries 0 0 15 0 self heal neighbor recovery action enable neighbors run neighbor detect self heal neighbor recovery action both none open rates raise power radio 1 1000 RADIO self heal neighbor recovery neighbors 1 1000 1 1000 RADIO down 0 100000 Sets the up link direction from the wireless client ...

Page 457: ...r recovery configuration commands action both none open rates raise power radio 1 1000 RADIO Defines the radio s self healing action when neighbors are detected as down both Raises the power to max and open all rates none No action taken open rates Opens all rates raise power Raises the power to maximum radio Modifies the action for specified radio s 1 1000 Sets a single radio index RADIO Defines ...

Page 458: ...Wireless Intrusion Protection System WIPS parameters Syntax sensor 1 48 default config ping interval 2 60 vlan sensor 1 48 default config request config revert to ap sensor default config ip mode wips server ip sensor default config ip mode dhcp static A B C D M A B C D sensor default config wips server ip primary secondary A B C D Parameters 1 48 defaultconfig requestconfig revert to ap Select a ...

Page 459: ... the IP address of the sensors dhcp Sensors use DHCP to obtain an IP address static A B C D M A B C D Sensors use the specific static IP address A B C D M Sets the sensor IP address and network mask A B C D Specifies the gateway IP address for sensors wips server ip Specifies the IP addresses of the WIPS server primary A B C D Specifies the primary IP address of the WIPS server secondary A B C D S...

Page 460: ...e radio send multicast enable service wireless request ap log 1 48 Parameters ap history Displays the access port history ap list Listd AP configurations sorted by MAC address buffer counters Allocation counts for various buffers enhanced beacon table config report Displays details of the configuration and information gathered for AP locationing config Displays the configuration of AP locationing ...

Page 461: ...ap throttle Displays stats related to SNMP trap throttling vlan cache buckets Displays VLAN cache buckets vlan cache entry Displays mobile unit VLAN information service wireless ap history clear enable AP history clear Deletes the history of all APs enable Enables the tracking of the AP history buffer counters clear Allocation counts for various buffers clear Resets counters to zero clear ap log 1...

Page 462: ... Beacon Table for 802 11a bg A seperate channel set can be configured for a and bg radios 1 200 List of space separated channel number s between 1 and 200 enable Enables or disables the gathering of information for AP locationing erase report Erases AP beacon locationing reports captured by the switch max ap 0 512 Sets the maximum number of APs allowed in the AP locationing table scan interval 10 ...

Page 463: ...anned for Probe Table information preferred MAC Address Adds an entry to the preferred MU list This will list MU MAC addresses window time 10 60 Defines the time the probes are assimilated The probe with the highest signal strength dBm is reported for a given AP MU pair idle radio send multicast enable Enables the forwarding of multicast packets to radios without associated MUs legacy load balance...

Page 464: ...0 13 wlan 20 vlan_id 0 limit 0 users 0 log_sent 0 14 wlan 20 vlan_id 0 limit 0 users 0 log_sent 0 15 wlan 20 vlan_id 0 limit 0 users 0 log_sent 0 16 wlan 20 vlan_id 0 limit 0 users 0 log_sent 0 17 wlan 20 vlan_id 0 limit 0 users 0 log_sent 0 18 wlan 20 vlan_id 0 limit 0 users 0 log_sent 0 19 wlan 20 vlan_id 0 limit 0 users 0 log_sent 0 20 wlan 20 vlan_id 0 limit 0 users 0 log_sent 0 21 wlan 20 vla...

Page 465: ... Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto encryption module debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information ftp Displ...

Page 466: ...uration spanning tree Display spanning tree information startup config Contents of startup configuration static channel group static channel group membership terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about currently logged in users version Display software hardware version wireless Wireles...

Page 467: ...n 1 32 hotspot allow list Rule index IP address wlan 1 32 hotspot webpage external internal failure login welcome wlan 1 32 hotspot webpage location advanced external internal wlan 1 32 inactivity timeout 60 86400 wlan 1 32 kdc password 0 LINE realm LINE server primary secondary timeout wlan 1 32 kdc server primary secondary timeout auth port 1 65535 wlan 1 32 nac mode bypass nac except include li...

Page 468: ... server primary secondary ip address auth port 1024 65535 radius key 0 2 LINE wlan 1 32 radius server timeout 1 60 retransmit 1 10 wlan 1 32 secure beacon wlan 1 32 set vlan user limit 1 4094 VLAN 0 4096 wlan 1 32 syslog accounting server IP Address port Port Number wlan 1 32 tunnel 1 32 gateway IP Address and mask wlan 1 32 VLAN 1 4094 VLAN wlan 1 32 wep128 key 1 4 ascii hex 0 2 WORD phrase LINE ...

Page 469: ...nment for given WLAN this command adds a VLAN assignment to an existing VLAN assignment All prior VLAN settings are retained 1 4094 VLAN Sets the VLAN range list It can be either a single index or a list 1 3 7 or range 3 7 limit Sets user limits on VLANs for this WLAN NOTE The no form of add vlancommand deletes the specified VLAN mapping over the specified WLAN range list If the specified mapping ...

Page 470: ... none None client bridge backhaul enable Enables the client bridge backhaul capability on this wlan description Displays the description of this WLAN dot11i handshake key key rotation key rotationinterval opp pmk caching phrase pmk caching preauthentication secondkey tkip cntrmeas hold time Modifies tkip ccmp 802 11i related parameters handshake timeout 100 5000 retransmit 1 10 Sets a handshake fo...

Page 471: ...ming with eap 802 1X phrase 0 2 LINE Configures the passphrase 0 Password is specified UNENCRYPTED 2 Password is encrypted with password encryption secret LINE Set passphrase between 8 and 63 characters pmk caching Enables the use of cached pairwise master keys fast roaming with eap 802 1X preauthentication Enables support for 802 11i pre authentication second key enable key phrase 0 2 WORD Config...

Page 472: ...e Sets the encryption type for this WLAN Options include ccmp AES Counter Mode CBC MAC Protocol AES CCM CCMP keyguard Keyguard MCM Mobile Computing Mode none No encryption tkip Enables Temporal Key Integrity Protocol TKIP tkip ccmp Enables both TKIP and CCMP on this WLAN wep128 Enables Wired Equivalence Privacy WEP with 128 bit keys wep128 keyguard Enables WEP128 as well as Keyguard MCM on this WL...

Page 473: ...nternal Web page failure Users are redirected to this Web page if they fail authentication login Users are prompted for theirusername and password within this Web page welcome Users are redirected to this Web page after they authenticate successfully webpage location advanced external internal The location of the Web pages used for authentication These pages can either be hosted on the switch or a...

Page 474: ... with a password encryption secret LINE Defines a KDC server password up to 127 characters realm LINE Defines a KDC realm up to 127 characters LINE Defines KDC realm up to 127 characters server primary secondary IP address auth port 1 65535 Modifies KDC server parameters primary Defines the pPrimary KDC server secondary Defines the secondary KDC server IP address Sets the KDC server IP address aut...

Page 475: ...ac mode bypass nac except include list do nac except exclude list none Sets the Network Access Control NAC mode configuration bypass nac except include list No MU NAC check is done except for those in include list Devices in the include list have NAC checks do nac except exclude list A MU NAC check is done except for those in the exclude list Devices in the exclude list will not have any NAC check...

Page 476: ...reate a Radius server shared secret up to 127 characters 0 Password is specified as UNENCRYPTED 2 Password is encrypted with password encryption secret Shared Configures a NAC server shared secret timeout 1 300 Sets the time the switch waits for a response from the RADIUS server before retrying This is a global setting for boththe primary and secondary servers NOTE TheWS51000 config wireless nac s...

Page 477: ...WLAN is classified relative prioritization on the access port background Traffic on this WLAN is treated as background traffic best effort Traffic on this WLAN is treated as best effort video Traffic on this WLAN is treated as video voice Traffic on this WLAN is treated as voice wmm Use the WMM based classification using DSCP or 802 1p tags to classify traffic into different queues acm Admission C...

Page 478: ... in seconds the switch waits for a response from the RADIUS server before retrying retransmit 1 100 Number of retries before the switch gives up and disassociates the mobile unit NOTE The WS51000 config wireless radius server timeout retransmit should be less than what is defined for an MU s timeout and retries If the MU s time is less than the server s a fallback to the secondary server will not ...

Page 479: ...e index a list 1 3 7 or a range 3 7 limit Sets user limits on VLANs for this WLAN wep128 key 1 4 ascii hex 0 2 WORD phrase LINE wep default key 1 4 Configures WEP128 parameters key 1 4 Configures pre shared hex keys ascii Sets keys as ascii characters 5 characters for wep64 13 for wep128 hex Sets keys as hexadecimal characters 10 characters for wep64 26 for wep128 0 Password is specified UNENCRYPT...

Page 480: ...tation enable WS5100 config wireless WS5100 config wireless wlan 25 dot11i key rotation interval 2000 WS5100 config wireless WS5100 config wireless wlan 25 enable WS5100 config wireless WS5100 config wireless wlan 25 hotspot webpage external failure This feature is under development WS5100 config wireless WS5100 config wireless wlan 25 kdc server primary 1 2 3 4 auth port 50000 WS5100 config wirel...

Page 481: ...l extensions fast roaming enable WS5100 config wireless WS5100 config wireless wlan 25 syslog accounting server 12 13 14 125 port 5005 WS5100 config wireless WS5100 config wireless wlan 24 qos mcast with dot11i enable WS5100 config wireless 20 1 37 wlan bw allocation Wireless Configuration Commands Enables WLAN bandwidth allocation on all radios Syntax wlan bw allocation enable Parameters Example ...

Page 482: ...WS5100 Series Switch CLI Reference Guide 20 64 ...

Page 483: ...dapter page 21 2 clrscr Clears the display screen page 21 2 end Ends the current mode and moves to the EXEC mode page 21 3 exit Ends the current mode and moves to the previous mode page 21 3 help Displays the interactive help system in HTML format page 21 3 no Negated a command or sets defaults values page 21 4 service Invokes service commands to troubleshoot or debug config if instance configurat...

Page 484: ...out enable enable to disable aeroscout or all SOLE adapters The SOLE adapter is disabled by default Example WS5100 config sole adapter enable WS5100 config sole 21 1 2 clrscr SOLE Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config sole clrscr WS5100 config sole adapter aeroscout enable SOLE adapter name aeroscout Defines the name of the adapter enable Ena...

Page 485: ...e Example WS5100 config sole end WS5100 21 1 4 exit SOLE Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to WS5100 config Syntax exit Parameters None Example WS5100 config sole exit WS5100 config 21 1 5 help SOLE Config Commands Displays the system s interactive help system in HTML format Syntax help Parameters None ...

Page 486: ...gument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config sole 21 1 6 no SOLE Config Commands Defines the name of the adapter or disables the adapter s Syntax no adapter aeroscout enable Parameters Usage Guidelines Use no adapter aeroscout enable enable to disable specified or all SOLE adapters The SOLE a...

Page 487: ...i Parameters Example WS5100 config sole service show cli Location Engine Config mode adapter ADAPTER enable adapter ADAPTER enable enable adapter ADAPTER enable clrscr clrscr end end exit exit help help no adapter ADAPTER enable no adapter ADAPTER enable enable no adapter ADAPTER enable quit quit WS5100 config sole show cli Displays the CLI tree of current mode ...

Page 488: ...g information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol IP ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol IP management...

Page 489: ...ers timezone Display timezone upgrade status Display last image upgrade status users Display information about currently logged in users version Display software hardware version wireless Wireless configuration commands wlan acl wlan based acl WS5100 config sole show WS5100 config sole show sole config adapter SOLE Adapter Adapter Type AeroScout Adapter Version 2 01 Configured Status disabled Oper...

Page 490: ...I Reference Guide 21 8 WS5100 config sole show sole status adapter Type Status 1 AeroScout disabled WS5100 config sole WS5100 config sole show sole status engine Type Engine State AeroScout 0 0 0 0 Offline WS5100 config sole ...

Page 491: ......

Page 492: ...MOTOROLA INC 1303 E ALGONQUIN ROAD SCHAUMBURG IL 60196 http www motorola com 72E 103896 01 Revision A January 2008 ...

Reviews:

No comments

Related manuals for WS5100 Series

D-Link DAP-1650 Quick Install Manual preview
DAP-1650
Brand: D-Link Pages: 16
D-Link DCH-G020 How-To preview
DCH-G020
Brand: D-Link Pages: 2
D-Link DUB-1340 Datasheet preview
DUB-1340
Brand: D-Link Pages: 2
D-Link DKVM-4U Specifications preview
DKVM-4U
Brand: D-Link Pages: 2
D-Link DKVM-16 - KVM Switch Manual preview
DKVM-16 - KVM Switch
Brand: D-Link Pages: 24
D-Link Dis-200G Series Web Ui Reference Manual preview
Dis-200G Series
Brand: D-Link Pages: 161
D-Link Dis-200G Series Quick Installation Manual preview
Dis-200G Series
Brand: D-Link Pages: 16
D-Link Dis-200G Series Hw Installation Manual preview
Dis-200G Series
Brand: D-Link Pages: 47
D-Link DGS-3130-30PS Quick Installation Manual preview
DGS-3130-30PS
Brand: D-Link Pages: 25
D-Link DGS-3100 SERIES Hardware Installation Manual preview
DGS-3100 SERIES
Brand: D-Link Pages: 54
D-Link DGS-3100 SERIES Cli Manual preview
DGS-3100 SERIES
Brand: D-Link Pages: 220
D-Link DGS-3000-28SC Quick Installation Manual preview
DGS-3000-28SC
Brand: D-Link Pages: 24
D-Link DGS-1248T - Switch Manual preview
DGS-1248T - Switch
Brand: D-Link Pages: 52
D-Link DGS-1216T - Switch Getting Started Manual preview
DGS-1216T - Switch
Brand: D-Link Pages: 42
D-Link DGS-1216T - Switch Quick Installation Guid preview
DGS-1216T - Switch
Brand: D-Link Pages: 10
D-Link DGS-1010MP Installation Manual preview
DGS-1010MP
Brand: D-Link Pages: 8
D-Link DES-3350SR Command Line Interface Reference Manual preview
DES-3350SR
Brand: D-Link Pages: 379
D-Link DES-3326SR Manual preview
DES-3326SR
Brand: D-Link Pages: 240

Brands by name

Popular brands

Load more brands